It seems like every week, news of yet another high-profile domain hijacking occurs. Whether itÛªs stolen credentials, SQL injection attacks, or even the work of disgruntled employees, the number of incidents has been on the rise.
At the beginning of last year, MarkMonitor participated in VeriSignÛªs beta program to test server-level protections which were designed to mitigate the potential for unintended domain name changes, deletions and transfers. When VeriSign finally released their Registry Locking Program to all registrars, I expected to see the owners of highly trafficked sites flocking to this new offering.
However, after a review of the top 300 most highly trafficked sites, I was shocked to uncover that less than 10% of these valuable domains were protected using these newly available security measures.
So why arenÛªt more companies protecting themselves?
Given the value of these highly trafficked domains, I cannot imagine that the additional fees associated with employing this level of service are the deterrent.
I can only imagine that either the offering hasnÛªt been made widely available, or that confusion as to whether a domain is locked it to blame.
When it comes to domain locking, there is often quite a bit of confusion as to how to determine whether a domain is 1) locked within a portal or 2) “locked at the Registrar or 3) “locked at the Registry.
Only domains that have the following statuses are considered to be “locked at the Registry and cannot be modified using standard protocols.
- client delete prohibited
- client transfer prohibited
- client update prohibited
- server delete prohibited
- server transfer prohibited
- server update prohibited
For the owners of highly trafficked domains I would strongly recommend adding this level of security to protect valuable domains. It is there for a reason so why not use it?”