DomainTheft.org Update – What We’ve Learned So Far And Tips For Keeping Your Domains Safe

In July of this year I announced the relaunch of DomainTheft.org, a centralized Domain Theft database and recovery service. In less than six months we’ve really seen the reports ramp-up and we’re now getting 1-2 theft reports a day. I am excited to say that we have helped three different domain owners recover their domains so far, and are actively involved in two recoveries right now. The recovery process has been different in each case and we’ve spent hours of time on the phone helping victims reclaim their names, all without receiving a dime in compensation, and it feels great!

Domain TheftThis has been by far the most rewarding project I’ve worked on so far and my very first non-profit. It feels good to make a difference and since this is something I am very passionate about it’s be incredibly satisfying. Of course, as with any businesses we’re learning new things every day and I thought now would be a great time to share what we’ve learned with all of you. I’ll start with some data on the reports we are receiving and then share some real world tips for keeping your domains safe.

  • ~65% of the theft reports we have received were not actual thefts but instead the result of a domain name expiring. Most of the people submitting thefts to us are business owners that often know very little about domain names. They often don’t understand what a renewal is or even that a domain name can expire so the entire process is very confusing for them. We can usually spot these thefts when the report states, “My hosting company stole my domain name.” Luckily we have found that some of these domains aren’t of much interest to domain investors so if they have already expired some owners have been able to hand-register it and reclaim their name. It is these basics that we take for granted, in so many cases the domain owners we work don’t know the first thing about the domain renewal process, or even that they have to renew it each year. It’s been an incredible education process and we helping bring reason and process to an otherwise confusing and scary situation.
  • Of the other 35% that are actual thefts, 90% had their domain name stolen due to an email account at GMail, Yahoo, Hotmail or some other free email service. It’s almost the exact same story every time. The thief hacks-into their email account and then go to their registrar account, hits the “Forgot Password” button and then gain direct access to their domains. When the registrar looks at the transaction it appears that the domain owner legitimately logged-into their account and transferred the domain to the another person.
  • 5% of the thefts we’ve received have involved talking with both sides of the theft. That’s right, we’ve actually spoken on the phone with both the domain owner and the alleged thief. In all of these cases the alleged thief claims that they did not steal the domain and that it was legitimately transferred to them. These are all personal disputes with people who know each other so the details can be quite complex. We are working on a very interesting case right now and look forward to getting to the bottom of what really happened.
  • 80% of our reported thefts have been .COM domains. I don’t think this means that .COM domains are more likely to be stolen but instead that most people own .COM’s. For your average business owner .COM is king and it seems that most businesses would rather have their second or third choice .COM than a .NET, .ORG or any other TLD.
  • 2% of our reports have been from domain investors. A very very small percentage of people submitting thefts to us are domain investors, we’re really dealing with end-users often business owners that own one or two domains. It’s amazing to hear how people heard about DomainTheft.org, one person told us that they called someone at Yahoo who referred them to us!

How To Keep Your Domains Safe

Based on all the thefts we’ve seen here are a few good ways to keep your domains safe. There are of course many other precautions you can take but this is a good foundation for domain security.

  1. Don’t use a GMail, Yahoo, Hotmail or any other free email service as the admin contact for your domain. These services have lots of security holes and since your email address is all someone needs to access your domains it is critical that you keep your email secure.
  2. Don’t give your registrar account login/password to anyone unless you really trust them. We’ve heard some sad reports from people who gave their password to an outsourced employee they were paying $2/hour. Trusting someone you’ve never met and that you haven’t built-up trust with yet is a dangerous idea. Change your own nameservers, create your own email accounts, do all the registry-side changes yourself or with someone you know and trust.
  3. Keep your domains locked. This may seem like a basic one but it’s a small step that can make a big difference.
  4. Use a well-known registrar. If you’ve never heard of a registrar before, and they’re located somewhere you’ve also never heard of, and their site looks like it was designed by your six year-old cousin, don’t keep your domains there. There are so many well-known registrars that you know are 100% legitimate businesses – stick with these.
  5. Keep your WHOIS contact information up-to-date. It is so important to have all of this information current. In most cases the only way you will find-out a domain is expiring (outside of logging-into your registrar account) is via email. If your email address has changed and you don’t get the email your domain might expire without your knowledge.

Stay-tuned! This is still only the beginning and I will continue to update all of you on our progress, what we’re learning, and how you can keep your domain names safe.

{ 6 comments… add one }

  • john n December 15, 2011, 10:17 am

    Wow great service!

    “~65% of the theft reports we have received were not actual thefts but instead the result of a domain name expiring.”
    Do you monetize these people? 🙂

    When you speak to the domain owner and alleged thief, have you seen any where the domain name was stolen, and then sold and transferred to a third (innocent) party?

    Reply
    • Morgan December 15, 2011, 10:46 am

      Thanks @John!

      Yes – we have ran-into a few cases where the domain was transferred to a third party. In this case we usually work with both sides to come to an agreement on price. It’s a hard one since the person who bought the name didn’t know it was stolen so doesn’t want to lose the money they paid for it. Just another reason why everyone should check DomainTheft.org before buying a domain!

      Reply
  • dirtydomainer December 15, 2011, 11:56 am

    Morgan, DomainTheft is doing a good job but we need a super-policy to reduce these kind of thefts…

    Reply
  • AndyO December 15, 2011, 5:10 pm

    From what I understand, GMail uses a lot of the same infrastructure and background technology as Google Apps hosted email.

    With a lot of big name firms utilising Google Apps, I wonder how many of these also use Google Apps email accounts for their domain registration info, and if so, how many of these have been compromised?

    While they may indeed have other security holes, I have a sneaking suspicion that many people using free email services for their domain registrations have weak passwords, passwords that can be guessed from some good research/social engineering, or are compromised through targeted phishing attacks?

    I’d suggest that if the email service being used offers two-factor authentication (as GMail and Google Apps does) that people enable it as another front line barrier to entry…..

    Reply
  • Jeff Schneider December 16, 2011, 8:59 am

    Hello Morgan,

    You are at the front end of a huge wave coming at hyper warp speed! Ride it, and congratulations !

    Gratefully, Jeff Schneider (Contact Group) (Metal Tiger)

    Reply
  • Dave Zan December 16, 2011, 11:39 am

    but we need a super-policy to reduce these kind of thefts…

    It might help if one can suggest such, especially if others might not like the idea of trading more convenience for security.

    Not surprised with bullet points 1 and 2. I’d say that’s more or less similar (if not the same) to my experience with my ex-registrar life on how many occurred because of those.

    Pardon the shameless plug also, but I recently blogged an article on domain hijacking as well. Namely, how it can happen so you’d know which areas to secure.

    Thanks for sharing your stats, Morgan!

    Reply

Leave a Comment