Through no fault of your own, except the failure to protect your domain name, you could in fact, lose your domain name. Sure, we think that registering your domain name, pointing it to our website, and adding domain privacy to it is enough. Sadly, I used to think that was the case. But, unfortunately, that’s not the case.
And what if you lose your domain name? Well, think about it. Your website goes down. You no longer can send or receive emails. You can still log in to other websites using that email address, but what if you have to reset your password. Or what if someone else gets ahold of that domain name? They can then send/receive email with that domain name, and put up a website on that domain name. That’s just the beginning… you’ll lose sales, revenue, and your online reputation, company’s reputation, and brand reputation is at stake.
Below, I’ll detail the multiple ways that you could lose your domain name, and what you can do to protect it so you don’t lose it.
One of the many ways that people lose domain names is through domain theft. Unfortunately it happens a lot more often than you think, and is rarely, if ever, reported in the media. In fact, domain name registrars typically don’t want anyone to know if a domain name was stolen. If we knew, then customers would most likely move their domain names to more secure registrars. But I can tell you that I’m aware of a good number of domains that have been stolen from their owners. There are several ways domain names are stolen:
- Social Engineering – the thief social engineers the customer service department at the domain name registrar. They talk the multiple different customer service reps, getting each one to reveal a piece of information. Then, they use that information collectively to gain access to the account. Then, they change ownership on the domain name.
- They hack into the account at the domain name registrar and change the domain ownership details.
- The thief looks at domain name WHOIS records, looking for email addresses that contain domain names that have expired. Let’s say they want to steal DomainA. They find that the email address of the owner of DomainA is [email protected] But domainB.com is expired. They buy domainB.com, set up the old email address of [email protected], and then attempt to get ahold of DomainA. Perhaps they might use the “forgot password” at the domain name registrar to gain access to the account.
Those are just a few ways they might steal your domain name. There are other ways, but those are just a few examples. Domain name registrars have been using various methods to secure their customers’ accounts, and have methods of security accounts and passwords, such as by using 2-Factor Authentication. One of the more secure methods, however, is to use something like a Yubikey, which is a physical device that must be present (you have to plug it into your laptop, for example) before you log in. If you’re using Google Domains, for example, and a Google Account, then Google has their Advanced Protection, which uses keys like this to get into your account. Some other registrars also have this type of protection, so you may want to ask your registrar if they have offer it.
Why steal a domain name anyway? The value of a domain name has been going up, and will continue to appreciate in value. Typically, we’ve seen domain names get stolen and then immediately resold to someone else, who doesn’t know the domain name is stolen. The thief is looking to flip it quickly, and make a quick buck. If you’re looking to buy a domain name, then be aware of who you’re buying the domain name from, and use a domain name escrow service like Escrow.com or Epik’s domain escrow services. As a part of the escrow process, those firms typically will vet a domain name before it goes through their service. You can also buy domain names from domain marketplaces, such as Sedo.com, Epik’s domain marketplace, and Afternic.
Either way, if your domain name is stolen it can be days or even weeks before you get the domain name back. In the meantime, you’re losing website traffic and sales, and may not even have access to your emails.
Legal Issues and Disputes
Legal issues, especially domain name disputes, occur quite often with domain names. The most common form of legal dispute regarding domain names is when someone files a UDRP domain name dispute. The UDRP is a system put in place by ICANN, the organization which essentially regulates and controls domain names. If someone believes that they are the rightful owner of a domain name, they can file a UDRP domain name dispute. It’s a fairly lengthy process, and there is a filing fee involved. A panel then decides if it’s denied, if the domain name should be turned over to the complainant, or if it’s a case of reverse domain name hijacking. When a UDRP is filed against your domain name, I recommend that you respond to the complaint through a qualified domain name attorney who has the expertise in defending UDRPs. That can easily get expensive, causing you thousands of dollars. Without a prepaid legal plan or some sort of domain name warranty such as DNProtect’s domain name protection, you may end up losing your domain name.
Clerical or Administrative Errors
We’ve all had it happen to us. Domain name renewals and the emails to remind us to renew that domain name. We don’t get the email reminders. Or, maybe the emails on file with the registrar are going to another email address you haven’t checked in months or years. Or maybe you don’t have access to that email anymore, as it is going to a former employer’s domain and you just forgot. It happens. That’s why I recommend renewing your domain name for at least 5 years in advance. Especially for domain names that you really, really care about. Like your company name, your main website, the domain name of the email that you use every single day.
I’m reminded of a friend of mine who lost his wife’s domain name. It was bought (caught) by a domain name reselling service that buys domain names “on the drop”, which is when domain names expire. That’s 90 days after the domain name “expires” and it “drops”, which means that anyone can register the domain name the second it becomes available. Ninety days. If it’s your primary website for your business, there’s no reason why you should let it expire. But that does happen, especially if it’s your “side gig” or not your primary business. My friend’s wife’s business is a photography business, and the domain name, which has a very unique name, expired. A “drop catching” reseller bought the domain name, and put it up for sale for $2,500. That’s too much for a small business owner whose website and business is a “side gig” so to speak, to pay to “get their domain back”. But, we all need to realize that once it expires, it’s not YOUR domain name anymore. Someone else owns it.
So, clerical errors like this happen. It’s happened to me, on a domain name that I actually valued and was going to build a website on–and now I personally would like that domain name I didn’t renew. I don’t know what happened, maybe the domain was registered with another email address. But now, I do keep a spreadsheet of my domain names, and frankly, I do consult it at least once a month. And the domain names that I really don’t want to lose? They’re registered for 10 years, have a domain lock put on them, and I hopefully won’t lose them. I’ve also considered being the next customer of a service I helped build and launch: DNProtect.com, which protects your domain name, in case of domain name theft, legal issues, and administrative errors.