RANT: Who Owns Your Domain?

Rant

Yesterday, I was with the board of a regional company and we were discussing some migrations. Some of the steps needed were going to require some domain records to be updated, so I asked who had access to the company’s DNS. There were some blank stares, so I quickly did a Whois lookup on GoDaddy to identify where the domains were registered and who the contacts were that were listed.


When I saw the results, I was genuinely shocked. Some background first…


Domain Registration


When you register your domain, there are different contacts that you can apply to your account. If you do a lookup on my company, DK New Media, here’s what you’ll find:


Domain Name: dknewmedia.com 
Registry Domain ID: 1423596722_DOMAIN_COM-VRSN 
Registrar WHOIS Server: whois.godaddy.com 
Registrar URL: http://www.godaddy.com 
Updated Date: 2017-03-11T07:12:37Z 
Creation Date: 2008-03-15T13:41:31Z 
Registrar Registration Expiration Date: 2022-03-15T13:41:31Z 
Registrar: GoDaddy.com, LLC 
Registrar IANA ID: 146 
Registrar Abuse Contact Email: abuse@godaddy.com 
Registrar Abuse Contact Phone: +1.4806242505 
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited 
Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited 
Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited 
Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited 
Registry Registrant ID: Not Available From Registry 
Registrant Name: Douglas Karr 
Registrant Organization: DK New Media 
Registrant Street: 7915 S Emerson Ave 
Registrant Street: Suite B203 
Registrant City: Indianapolis 
Registrant State/Province: Indiana 
Registrant Postal Code: 46237 
Registrant Country: US 
Registrant Phone: +1.8443563963 
Registrant Phone Ext: 
Registrant Fax: +1.8443563963 
Registrant Fax Ext: 
Registrant Email: info@dknewmedia.com 
Registry Admin ID: Not Available From Registry 
Admin Name: Douglas Karr 
Admin Organization: DK New Media 
Admin Street: 7915 S Emerson Ave 
Admin Street: Suite B203 
Admin City: Indianapolis 
Admin State/Province: Indiana 
Admin Postal Code: 46237 
Admin Country: US 
Admin Phone: +1.8443563963 
Admin Phone Ext: 
Admin Fax: +1.8443563963 
Admin Fax Ext: 
Admin Email: info@dknewmedia.com 
Registry Tech ID: Not Available From Registry 
Tech Name: Douglas Karr 
Tech Organization: DK New Media 
Tech Street: 7915 S Emerson Ave 
Tech Street: Suite B203 
Tech City: Indianapolis 
Tech State/Province: Indiana 
Tech Postal Code: 46237 
Tech Country: US 
Tech Phone: +1.8443563963 
Tech Phone Ext: 
Tech Fax: +1.8443563963 
Tech Fax Ext: 
Tech Email: info@dknewmedia.com 
Name Server: NS33.DOMAINCONTROL.COM 
Name Server: NS34.DOMAINCONTROL.COM 
DNSSEC: unsigned 
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ 
>>> Last update of WHOIS database: 2019-02-26T14:00:00Z <<< 


What you should notice immediately is that there are different contacts associated with the domain:


  • Registrant – who owns the domain
  • Admin – typically, a billing contact for the domain
  • Tech – a technical contact who manages the domain (outside billing)


When I looked up my client’s domain, all of the contacts came back with an email address at their IT company’s domain. All of them… not just the admin and tech, but the registrant as well.


This is unacceptable.


What if?


Let’s play a little game of what if.


  • What if you have a billing dispute or legal argument with the company who is listed as your domain’s registrant?
  • What if the company that is listed as your registrant goes out of business or their assets are frozen?
  • What if the company that is listed as your registrant disables the email address or loses their domain listed as owner of your company’s domain?


That’s right… any of these issues could cause you to lose your domain! In this case, my client has invested millions of dollars in their business’ brand and their domain’s authority online over the last two decades. Losing that would severely impact their business – bringing everything down from their corporate email to their online presence.


That’s something that you can’t relinquish control over to a third party.


What Do You Do?


Do a whois lookup on your domain today… now. If you find that the email address of the registrant is a subcontractor, agency, or IT company that you’ve hired to manage your DNS, have them immediately change the registrant email address back to you and make sure you OWN the domain registration account where it’s set up at.


I’ve seen large companies lose their domains because they never even realized that they didn’t own them in the first place, their subcontractor did. One of my clients had to sue and go to court to get their domain back in their hands after letting an employee go. The employee bought the domains and registered them in his name, unbeknownst to the company’s owner.


I immediately crafted an email to the IT company and requested they transfer the domain to an account owned by the company’s owner. Their response wasn’t what you’d expect… they wrote directly to my client and hinted that I may be wanting to rip off the company by putting the domains in my name, something I never requested.


When I responded directly, they then told me that the reason they did it was to manage the domain at the request of the client.


Nonsense.


Had they kept the company’s owner as registrant and added their own email address for admin and tech contact, I would approve. However, they changed the actual registrant. Not cool. If they were billing and admin contact, they could have managed the DNS and also taken care of billing and renewals. They didn’t need to change the actual registrant.


Side note: We also identified that the company was charging about 300% more than a typical domain registration renewal, to which they said that was to cover their management of the domain. And they were charging that fee 6 months earlier than the renewal deadline.


To be clear, I’m not stating this IT company had a nefarious agenda. I’m certain that getting full control of my client’s domain registration made their lives much easier. In the long run, it may have even saved some time and energy. However, it’s simply unacceptable to change the registrant email on the account.


My Advice for Your Company’s Domain Registration


I advised my client to get a GoDaddy account, register their domain for the maximum… a decade… and then add the IT company as a manager where they could access the DNS information that they needed to. Since my client has a CFO, I recommended that they add that contact for billing and we notified her of the account to ensure the domains were paid for the long term.


The IT company will still be paid for their management of the DNS, but there’s no need to additionally pay them 3 times what the registration costs. And, there’s now no risk to the company that their domain is out of their control!


Please check your company’s domain name and ensure that the ownership is under your company’s account and control. This is something you should never relinquish control to a third-party.


Check Whois for Your Domain

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.