Domain Hijacking

Your domain name is your "dot com" name, i.e. MadRiverConsulting.com. On the internet, your register a domain name with an approved registrar much the same as you register a trade name with the State of Vermont, paying for its use for a period of time, i.e. renting it.

A little history: Because it doesn't take a lot of resources to support a registration business of this type, many firms jumped on the bandwagon when InterNic deregulated the industry. Prices range from $8.95 per year to $37.50, and $35.00 at the original registrar, Network Solutions. As in many deregulated industries, NS did all the groundwork, providing the infrastructure and safely thought out processes, and then all the new firms began undercutting their price.

Several companies have taken the approach to send domain renewal notices by postal mail to domain registrants 90 days or more prior to the renewal date. An example, Domain Registry of America, charges $20 per year and offers a "fabulous" $85 5-year renewal price. Not so fabulous, actually. However, some people think this is a legitimate renewal notice and pay it. I can't tell you how many inquiries I have had from clients asking if they should pay this "bill." If you review the offer you will see that it is a solicitation, not an invoice. The manner in which it is presented, however, is intended to cause alarm—"you could lose your domain, your internet identity"—and gain that quick sale. Read carefully any correspondences from:

Domain Registry of America
Liberty Names of America
Register.com (a legitimate and recommended service, but one who also solicits)
ICLS.net

What complicates things even further is that the transfer and renewal may or may not go through for two reasons, but the money has been paid. Historically any transfer of a domain to another registration service requires the approval of the admin contact by email acknowledgement and/or proactively approving the transfer by clicking on a link in the email to a web page. Each of these hundreds of organizations has their own policies, however, and I would not venture to say I know all the rules. Given the fraud in the previous topic, who knows what fraud may be attempted with respect to domain hijacking.

There is also a feature called domain locking that was instituted to prevent inadvertent transfer. When this first came out, I thought, how ridiculous can you get, locking what is already locked. This would only seem to pertain if the security of the admin contact approval process was doubted and it is possible that it may be with some services. I had consciously not used this feature until observing the proliferation of the hijacking attempts. With the service I use, I have the highest confidence that my domains and my clients' domains are safe because I know their rules and processes. I have had people attempt to transfer domains and fail. Additionally, as an aside, my service emails 90, 60, 30 and 3 days notices (when needed) warning of renewal. The domain locking is useful in order to prevent the admin contact accidentally approving a domain transfer, but if your admin contact is me, that won't happen.

In some cases the domain owner is the admin contact, but in many cases one of the internet service providers is. Any time I can, I designate myself as the admin contact email address so that I can protect my clients' domains. There have been a few times when this policy has been questioned, but it is no less important to have your domain protected by your trusted professional than it is to have your accountant and your attorney involved in your business dealings as they are. I have had clients lose domains because they either didn't follow through on renewal or they changed email addresses and were unreachable for renewal.

In a two cases when a client paid the Domain Registry of America solicitation, I initiated correspondence to request that their money be refunded and to let them know in advance that the domain transfer would not be approved and was initiated in error. They refunded the money.

Although this topic is called domain hijacking, the intent of these services is not to take away your domain, only to get your registration business. I often wonder how this can be a profitable business or profitable approach with all the processing obstacles.

Please see related information, how MadRiverWeb manages your domain and the safety and security of this process.

Approximate date this page was written: 2002, minor updates 5/8/07

For the Technically Inclined

You can review your registration at any Whois including the Domain Tools Whois.

Note who the admin contact is. This is the person responsible for renewal and any other updates. The admin email address will receive a renewal notification, depending on the policy of different registrars.

Valley Web • Hosting • Email • Domains • TechSupport • Payment Terms • Starter Sites • Home

Internet Services • Website Hosting • Website Pricing • Promotion • Maintenance • Client References • Tech Support
Components of Presence • Elements of Success • About Domain Name & URL • Email Aliases & Tips • FAQ
About MRC • Valley Services • Real Estate Clients • Contact Us • Directions • Home

MadRiverWeddings • MadRiverStore • MadRiverArts • MadRiverRentals

Offering a Suite of Internet Services — Website Design • Promotion • Maintenance • Training
Available for consulting and development of any internet projects • Client References • Directions
A suite of internet sites & services • Website design, development, hosting, optimization, promotion, consulting, training

Based in the Mad River Valley • PO Box 877, Waitsfield, Vermont, 05673-0877 USA • Phone (802) 496-4940

Domain Hijacking

For the Technically Inclined

©1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 MadRiverWeb.com (a.k.a. MadRiverDesign.com, MadRiverConsulting.com). All rights reserved.