Yesterday, I was with the board of a regional company and we were discussing some migrations. Some of the steps needed were going to require some domain records to be updated, so I asked who had access to the company's DNS. There were some blank stares, so I quickly did a Whois lookup on GoDaddy to identify where the domains were registered and who the contacts were that were listed.
When I saw the results, I was genuinely shocked. Some background first…
When you register your domain, there are different contacts that you can apply to your account. If you do a lookup on my company, DK New Media, here's what you'll find:
Domain Name: dknewmedia.com
Registry Domain ID: 1423596722_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2017-03-11T07:12:37Z
Creation Date: 2008-03-15T13:41:31Z
Registrar Registration Expiration Date: 2022-03-15T13:41:31Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: email@example.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Douglas Karr
Registrant Organization: DK New Media
Registrant Street: 7915 S Emerson Ave
Registrant Street: Suite B203
Registrant City: Indianapolis
Registrant State/Province: Indiana
Registrant Postal Code: 46237
Registrant Country: US
Registrant Phone: +1.8443563963
Registrant Phone Ext:
Registrant Fax: +1.8443563963
Registrant Fax Ext:
Registrant Email: firstname.lastname@example.org
Registry Admin ID: Not Available From Registry
Admin Name: Douglas Karr
Admin Organization: DK New Media
Admin Street: 7915 S Emerson Ave
Admin Street: Suite B203
Admin City: Indianapolis
Admin State/Province: Indiana
Admin Postal Code: 46237
Admin Country: US
Admin Phone: +1.8443563963
Admin Phone Ext:
Admin Fax: +1.8443563963
Admin Fax Ext:
Admin Email: email@example.com
Registry Tech ID: Not Available From Registry
Tech Name: Douglas Karr
Tech Organization: DK New Media
Tech Street: 7915 S Emerson Ave
Tech Street: Suite B203
Tech City: Indianapolis
Tech State/Province: Indiana
Tech Postal Code: 46237
Tech Country: US
Tech Phone: +1.8443563963
Tech Phone Ext:
Tech Fax: +1.8443563963
Tech Fax Ext:
Tech Email: firstname.lastname@example.org
Name Server: NS33.DOMAINCONTROL.COM
Name Server: NS34.DOMAINCONTROL.COM
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2019-02-26T14:00:00Z <<<
What you should notice immediately is that there are different contacts associated with the domain:
- Registrant – who owns the domain
- Admin – typically, a billing contact for the domain
- Tech – a technical contact who manages the domain (outside billing)
When I looked up my client's domain, all of the contacts came back with an email address at their IT company's domain. All of them… not just the admin and tech, but the registrant as well.
This is unacceptable.
Let's play a little game of what if.
- What if you have a billing dispute or legal argument with the company who is listed as your domain's registrant?
- What if the company that is listed as your registrant goes out of business or their assets are frozen?
- What if the company that is listed as your registrant disables the email address or loses their domain listed as owner of your company's domain?
That's right… any of these issues could cause you to lose your domain! In this case, my client has invested millions of dollars in their business' brand and their domain's authority online over the last two decades. Losing that would severely impact their business – bringing everything down from their corporate email to their online presence.
That's something that you can't relinquish control over to a third party.
What Do You Do?
Do a whois lookup on your domain today… now. If you find that the email address of the registrant is a subcontractor, agency, or IT company that you've hired to manage your DNS, have them immediately change the registrant email address back to you and make sure you OWN the domain registration account where it's set up at.
I've seen large companies lose their domains because they never even realized that they didn't own them in the first place, their subcontractor did. One of my clients had to sue and go to court to get their domain back in their hands after letting an employee go. The employee bought the domains and registered them in his name, unbeknownst to the company's owner.
I immediately crafted an email to the IT company and requested they transfer the domain to an account owned by the company's owner. Their response wasn't what you'd expect… they wrote directly to my client and hinted that I may be wanting to rip off the company by putting the domains in my name, something I never requested.
When I responded directly, they then told me that the reason they did it was to manage the domain at the request of the client.
Had they kept the company's owner as registrant and added their own email address for admin and tech contact, I would approve. However, they changed the actual registrant. Not cool. If they were billing and admin contact, they could have managed the DNS and also taken care of billing and renewals. They didn't need to change the actual registrant.
Side note: We also identified that the company was charging about 300% more than a typical domain registration renewal, to which they said that was to cover their management of the domain. And they were charging that fee 6 months earlier than the renewal deadline.
To be clear, I'm not stating this IT company had a nefarious agenda. I'm certain that getting full control of my client's domain registration made their lives much easier. In the long run, it may have even saved some time and energy. However, it's simply unacceptable to change the registrant email on the account.
My Advice for Your Company's Domain Registration
I advised my client to get a GoDaddy account, register their domain for the maximum… a decade… and then add the IT company as a manager where they could access the DNS information that they needed to. Since my client has a CFO, I recommended that they add that contact for billing and we notified her of the account to ensure the domains were paid for the long term.
The IT company will still be paid for their management of the DNS, but there's no need to additionally pay them 3 times what the registration costs. And, there's now no risk to the company that their domain is out of their control!
Please check your company's domain name and ensure that the ownership is under your company's account and control. This is something you should never relinquish control to a third-party.