Domain management

Yesterday one of the bigger ESPs had their domain registration lapse. This caused a whole host of problems for their customers. It was resolved when someone completely unrelated to the company paid the registration fee.
It happens. Most of us know about cases where email or domains were lost due to renewal failures. The canonical case is one person at the company handles renewals, and leaves or is off when renewal comes up. The payment is missed, the domain goes back to the registrar and everything falls apart.
This happens at big companies and it happens at small companies. This is the kind of public facing problem that should make all of us look at how our own domains are managed. A few questions to ask.

  1. What domains do we own and use? Is there a list somewhere?
  2. What department owns the domains / brand?
  3. Who maintains the registrations?
  4. When do your domains expire?
  5. Who is the backup maintainer?
  6. Who has passwords and access?
  7. Who can make changes?
  8. Are we using any domains that we don’t own?
    1. What are they?
    2. Why don’t we own them?
    3. Should we own them?
  9. Who gets emails and alerts from our registrar?
  10. Who should get emails and alerts from the registrar?

These are only some of the questions to ask. Of course, not every person inside the company needs to know all these details. But domains are critical and so some people should know. Personally? If I had “director” or higher in my title, I’d be asking these questions and more.
Domain information should be in the “hit by a bus” file. It’s too important an issue to drop if the person currently handling it is hit by a bus.

Related Posts

Domains need to be warmed, too

One thing that came out of the ISP session at M3AAWG is that domains need to be warmed up, too. I can’t remember exactly which ISP rep said it, but there was general nodding across the panel when this was said.
This isn’t just the domain in the reverse DNS of the sending IP, but also domains used in the Return Path (Envelope From) and visible from.
From the ISP’s perspective, this makes tons of sense. Some of the most prolific snowshoe spammers use new domains and new IPs for every send. They’re not trying to establish a reputation, rather they’re trying to avoid one. ISPs respond by distrusting any mail from a new IP with a new domain.

Read More

Confirmation Fails

Yesterday I talked about registration confirmations. Today I’m going to talk about a couple recent experiences with websites and their registration failures.
The first experience was with Yelp. One of my readers decided I needed a Yelp account and created one using my laura-questions email address. Yelp understands that people will be jerks and so sent me an email to confirm the account.

Read More

Private whois records hide spammers and help bring down a registrar

I’ve talked in the past about how many spam filters, ISPs and blocklists treat domains that are registered behind privacy protection. I’ve written about how many commercial domains behind privacy protection are used for fraud. I’ve written about multiple legal cases where the courts ruled against companies using privacy protected domains in email. I’ve even gone so far as to claim hiding domains behind privacy protection is what spammers do.
Legitimate email marketers do not hide their domains behind privacy protection services.
Spammers absolutely do hide behind privacy protection services. And because of how privacy protection works, we really don’t know which domains are used by one spammer versus another spammer. ICANN gave us a little bit of insight into just how many domains a spammer registers when they terminated Dynamic Dolphin (pdf link). This is a situation that has been brewing for most of 2013. I wrote about the notice of contract breach back in October. This morning Brian Krebs wrote a blog post saying that ICANN had terminated the agreement with Dynamic Dolphin for failing to cure the breach as noticed back in October.
If you read through the timeline, ICANN has some interesting information about privacy protected domains at Dynamic Dolphin. Data about privacy protected domains was requested from the very beginning.

Read More