Protecting domain names by protecting email accounts
There have been a few stories popping up online recently talking about how a possible flaw in a commonly used free email service might allow malicious hackers to steal domain names. The flaw is not new — in fact, I blogged about it way back in January.
What this highlights again, is that the email address used as the administrative contact for domain names is a weak link. Lose control of the email address, and you risk losing control of the domain names listed under it. Whether the registrant uses a free webmail account, or the email provided with their domain name, that email address is the key to ownership of the domain name.
Protecting yourself from the threat of having a domain name stolen through email hacking is relatively easy — use WHOIS privacy. If the domain name can’t be associated with an email address, it’s less likely that a hacker will either a) target an email address in the first place or b) be able to tie a valuable domain name to a specific email account.
Granted, the chances of being hacked this way is minimal for the average registrant, but nevertheless, as a domain reseller, you may want to help educate your customers about the importance of having a secure password on their email account, and about the importance of WHOIS privacy. I’d even suggest that you might not want to have multiple domain names with the same administrative email account as it increases the chance that a hack could steal your entire portfolio of domain names at one time.
As you are probably already aware, OpenSRS offers Contact Privacy for free with every domain name that supports it — we think it’s that important.
Comments are closed.