Domain Security Guide

Why domain security matters

Domain theft is real. High-value domains get targeted by social engineering attacks, phishing, and registrar account compromises. Losing a domain you paid thousands for - or one that's generating income - is a serious financial hit.

Most domain theft is preventable with basic security hygiene. These steps take an hour to set up and protect you indefinitely.

Domain locking

Every domain should have the transfer lock enabled. This prevents unauthorized transfers to another registrar. It's usually a single toggle in your registrar's control panel.

• Registrar lock (basic): Prevents transfers. Enable this on every domain you own.
• Registry lock (premium): A higher-security lock that requires manual verification to remove. Available for high-value domains at most major registrars. Worth it for domains worth $10k+.
• When to unlock: Only when you're actively transferring a domain. Re-lock immediately after.

Two-factor authentication

Enable 2FA on every registrar account you use. This is the single most effective security measure. Even if someone gets your password, they can't access your account without the second factor.

Registrar account security

• Use a unique email address: Create a dedicated email for your registrar accounts. Don't use your main personal or business email.
• Strong, unique passwords: Use a password manager. Never reuse passwords across registrars.
• Keep contact info current: Outdated email addresses mean you miss security alerts and can't recover accounts.
• Review authorized users: If you've ever shared account access, audit who still has it.
• Watch for phishing: Registrars will never ask for your password via email. Fake renewal notices are common.

DNSSEC

DNSSEC prevents DNS spoofing - attacks where someone redirects your domain's traffic to a malicious server. It adds cryptographic signatures to your DNS records.

Enable it if your registrar and DNS provider both support it. Cloudflare makes DNSSEC one-click. For high-value domains, it's worth the minor added complexity.

Domain monitoring

Set up alerts so you know immediately if something changes on your domain - DNS records, WHOIS data, or expiration status.

• DomainTools: Monitors WHOIS changes and sends alerts. Good for high-value domains.
• Registrar alerts: Most registrars send email notifications for transfers and expiration. Make sure these go to an email you check.
• UptimeRobot: Monitors if your domain resolves correctly. Alerts you if DNS stops working.

What to do if a domain is stolen

Act fast. The sooner you respond, the better your chances of recovery.

• Contact your registrar immediately: Most have a fraud team. File a complaint and request a transfer hold.
• File a complaint with ICANN: ICANN has a transfer dispute resolution process. Document everything.
• Contact the gaining registrar: The registrar the domain was transferred to can freeze it pending investigation.
• Document everything: Screenshots, emails, timestamps. You'll need this for any dispute process.
• Consider legal action: For high-value domains, an attorney specializing in domain law may be worth it.