Can your organization get blindsided and knocked offline by this trivial domain vulnerability?

Written by Mark Jeftovic on February 15, 2013 — 2 Comments

There's an article on BI about how a disgruntled freelancer took a gym's website offline over a billing dispute. Regardless of who's right and who's wrong in this particular case, it underscores the reality that too many businesses let their core domain holdings be registered on their behalf by freelancers or employees in their own names rather than in the name of the organization itself.

This is a huge vulnerability and one of the more common causes of why we see businesses going offline.

As we wrote in our "Definitive Guide To Never Losing Your Domain Name Again", (members can download it here)

Whoever or whatever entity is listed in the Organizational contact for a domain name for all intents and purposes owns the domain.

Who is listed here? It should be YOU. Your name, your company or other applicable entity. Too many times, what gets listed here instead if YOU are any of the following:

The personal name of an employee

An outside web designer, IT consultant or programmer

Your web hosting company

Your Internet Service Provider

Your Domain Registrar

Anybody else who isn't YOU or YOUR COMPANY

When this happens, you basically operate your entire web presence of your domain at the whim of whoever actually "owns" it: the person listed as the organizational contact.

In this case, the gym, fitnessSF.com made the cardinal error we're talking about, they let the web designer register the domain name:

In this case Frank Jonen is the web designer, not the gym. Whether the designer has a legitimate pay dispute or not is beside the point, there are ways to settle such matters.

We've seen enough cases here where disputes were not with merit but the domain was hijacked and held for ransom anyway. As your domain registrar, we have to follow the rules and rules are clear: whoever is listed as registrant, calls the shots on the domain.

So don't let this happen to you, always, always ALWAYS list your organization as the domain registrant for all of your domains. If you hire outside talent to develop your websites, you secure the domains within your own registrar accounts with the domains in your name. On our system you can then assign any permissions your hired guns need via a domain portfolio while you retain all operational and legal control over your domains.

This is just the first point in our "Never lose your domain" report. All easyDNS members can download this from the resources section in your accounts.

If you are not an easyDNS member you can download the same report for free here.

Don't let it happen to you.

2 Comments to “Can your organization get blindsided and knocked offline by this trivial domain vulnerability?”

You can follow all the replies to this entry through the comments feed.

Kevin Murphy

February 16, 2013 at 5:35 am | Permalink

Surely the big mistake here was not paying the dude's invoice.
Mark Jeftovic

February 16, 2013 at 12:15 pm | Permalink

Kevin, disagree. The big mistake was putting their domain asset under a third-party contractor's name and control.

There are two sides to every story, and perhaps the gym had a legitimate reason for withholding payment: you want the contractor to be able to arbitrarily decide your online fate? That's what courts are for.

Can your organization get blindsided and knocked offline by this trivial domain vulnerability?

2 Comments to “Can your organization get blindsided and knocked offline by this trivial domain vulnerability?”

Leave a Reply

Status Updates

Receive new posts via email

Sign up for Domain Insights From The easyDNS Guy

Categories

Top Posts

easyDNS Main Links

Staff Weblogs

easyDNS Member Blogs

Archives