High-Profile Domain Expirations Highlight Need for Better Domain Name Management
How are you managing your company’s Internet domain names? Based on my informal survey of the domain names of the Fortune 100 largest public companies in the US, it seems apparent that domain name management is an area that needs some attention.
Though domain names are (obviously) crucial to a company’s Internet presence, many companies are lax in their procedures to ensure their domains are managed properly, and have allowed their domains to expire, disrupting service to their customers.
In July, RSA forgot to renew securesuite.co.uk, the domain name it uses to manage secure credit card authorizations for merchants in Europe. A few months earlier, Google forgot to renew grandcentral.com, the domain that hosts its GrandCentral voicemail service.
The list of organizations that have accidentally allowed domains to expire includes Microsoft, The Government of Greece, The Washington Post, Electronic Privacy Information Center (EPIC), and the Eureka, California Police Department, among many others.
A few relatively easy steps can go a long way toward reducing risks that can have a major impact on a corporate Internet presence:
Register or renew your domains for as many years as possible
Generally, domains can be registered or renewed for up 10 years, and Network Solutions will even allow registrants to pre-pay for 20 or 100 year terms. The easiest way to ensure your domain doesn’t expire is to make sure that it isn’t scheduled to expire for a long time. The expiration date should never be less than 1 year away.
Who isn’t doing this among the Fortune 100? At the time I’m writing this, Wells Fargo’s wf.com is scheduled to expire within 5 months, Humana.com expires in about 2 months, two of HCA Healthcare’s important domains expire in just over a month, and Tyson Foods’ corporate domain expires in only 3 weeks.
Register all of your domains with one registrar
Corporations often own hundreds or thousands of domain names, and it can be very difficult to manage domains spread among many registrars. By keeping all of your registrations in one place, it’s much easier to ensure your contact information is kept up-to-date with the registrar.
Seek out a registrar focused on serving businesses
The registrar business is often a mostly-automated endeavor, and most registrants need only basic domain-related services. As a result, the biggest focus among registrars is to reduce prices as much as possible to attract customers. Businesses have different needs than consumers, and a human account representative should ensure that domains aren’t allowed to expire accidentally. Seek out a registrar who can provide personal service.
List a generic role as the domain registrant
When registering a domain, the registrant is often asked to name an administrative contact, a technical contact, and a billing contact. If an individual person is named in these roles, that person is the only one who has complete control over the domain, and problems can arise if that person ever leaves the company. Potentially worse, that ultra-admin’s name and email address are made publicly available through whois, which could make social engineering attacks much easier.
The best practice would be to name a generic role, such as "Domain Admin", with an email account that forwards to multiple people or to a help-desk queue.
Unfortunately, 23% of Fortune 100 companies list an individual’s name or email address in their publicly available whois data. I’d be interested to know how many of those individuals no longer work for the company whose domains they control.
Use periodic audits to check the status of domains
If you already periodically audit the organization responsible for managing your corporate domains, add an audit step to verify the domains are not near their expiration date, are registered properly, and the passwords to the domain registrar account have been recently changed, and are kept secure.
If you don’t currently audit the organization responsible for your company’s domains, perhaps it’s time to consider adding them to the audit cycle.
If you enjoyed this post, please consider leaving a comment or subscribing to our RSS feed to get future articles delivered to your feed reader. You can also click "Buzz Up" or "ShareThis" above to share this post via email or social networking sites.
Comments
No comments yet.
Leave a comment