Domain Hijacking

Your domain name is your "dot com" name, i.e. MadRiverConsulting.com. On the internet, your register a domain name with an approved registrar much the same as you register a trade name with the State of Vermont, paying for its use for a period of time, i.e. renting it.

A little history: Because it doesn't take a lot of resources to support a registration business of this type, many firms have jumped on the bandwagon when InterNic deregulated the industry. Prices range from $8.95 per year to $37.50, and $35.00 at the original registrar, Network Solutions. As in many deregulated industries, NS did all the groundwork, providing the infrastructure and safely thought out processes, and then all the new firms began undercutting their price.

Several companies have taken the approach to send domain renewal notices by postal mail to domain registrants 90 days prior to the renewal date. An example, Domain Registry of America, charges $20 per year and offers a "fabulous" $85 5-year renewal price. Not so fabulous, actually. However, some people think this is a legitimate renewal notice and pay it. I can't tell you how many inquiries I have had from clients asking if they should pay this "bill." If you review the offer you will see that it is a solicitation, not an invoice. The manner in which it is presented, however, is intended to cause alarm—"you could lose your domain, your internet identity"—and gain that quick sale.

What complicates things even further is that the transfer and renewal may or may not go through for two reasons, but the money has been paid. Historically any transfer of a domain to another registration service requires the approval of the admin contact by email acknowledgement and/or proactively approving the transfer by clicking on a link in the email to a web page. Each of these hundreds of organizations has their own policies, however, and I would not venture to say I know all the rules. Given the fraud in the previous topic, who knows what fraud may be attempted with respect to domain hijacking.

There is also a feature called domain locking that was instituted to prevent inadvertent transfer. When this first came out, I thought, how ridiculous can you get, locking what is already locked. This would only seem to pertain if the security of the admin contact approval process was doubted and it is possible that it may be with some services. I have consciously not used this feature. With the service I use, I have the highest confidence that my domains and my clients' domains are safe because I know their rules and processes. I have had people attempt to transfer domains and fail. Additionally, as an aside, my service emails 90, 60, 30 and 3 days notices (when needed) warning of renewal. Where the domain locking would be useful is if the admin contact accidentally approved a domain hijacking.

In some cases the domain owner is the admin contact, but in many cases one of the internet service providers is. Any time I can, I designate myself as the admin contact email address so that I can protect my clients' domains. There have been a few times when this policy has been questioned, but it is no less important to have your domain protected by your trusted professional than it is to have your accountant and your attorney involved in your business dealings as they are. I have had clients lose domains because they either didn't follow through on renewal or they changed email addresses and were unreachable for renewal.

In a two recent cases where a client paid the Domain Registry of America solicitation, I initiated correspondence to request that their money be refunded and to let them know in advance that the domain transfer would not be approved and was initiated in error. They refunded the money.

Although this topic is called domain hijacking, the intent of these services is not to take away your domain, only to get your registration business. I often wonder how this can be a profitable business or profitable approach with all the processing obstacles.

Please see related information, how MadRiverWeb manages your domain and the safety and security of this process.

 
For the Technically Inclined

You can review your registration at any Whois including the Intuitive ISP Whois.

Note who the admin contact is. This is the person responsible for renewal and any other updates. The admin email address will receive a renewal notification, depending on the policy of different registrars.