Service prevents nameserver changes without multiple levels of confirmation.
In light of the CheckFree.com nameserver “theft” last week, I opined that registrars must offer added security for important domain names. Specifically, important domain names should require more than just a username and password in order to change the nameservers.
It turns out at least one registrar has an official product offering to do just that: Fabulous offers Executive Lock. The product’s official description reads:
An Executive Lock adds another level of protection to a domain name.
The Executive lock effectively freezes a domain’s registry settings, and can only be removed by Fabulous management after any special conditions specified by the client have been fulfilled.
A domain name under Executive lock cannot:
* Be transferred out to another Registrar
* Be pushed to another Fabulous account
* Have changes to its Nameserver settings
* Have the Registrar-Lock status removedNOTE: Renewals and WHOIS contact updates will continue as normal.
If CheckFree.com used a service like this it would have been much more difficult for its nameserver settings to be hijacked.
Other registrars may offer similar services, but they aren’t promoted. I’ve heard that Register.com has a similar service but that it’s typically used in the case of a legal dispute.
Either way, any domain used for a major site, such as a Fortune 500 company or a transaction-processing site, should have a safeguard like this in place. Fabulous’ service is free, but owners of important domain names should be willing to pay hundreds of dollars for a service like this.
sipbkk says
Moniker offers Portfolio MaxLock – Same kind of deal.
http://www.moniker.com/services/services.jsp#portfolioMaxLock
Andrew says
Thanks. Their previously announced MaxLock product didn’t handle nameserver changes.
Reece says
Looks like it must be a recent change with MaxLock — I don’t recall them offering the additional nameserver protection when I last looked a couple weeks ago. Good to know though 🙂
monte says
The portfolio MaxLock does protect against DNS, Url Forwarding, Email Forwarding, email, admin, transfer, pushes, etc. It was just released and is available yesterday.
Karan Goyal says
Tucows/OpenSRS provides the free domain lock feature which locks domain transfers and nameserver change.
Doug says
Installing stronger authentication to preclude redirection is akin to putting a padlock on a house door when all the windows and remaining doors are missing. Sure, the stronger authentication would prevent this specific attack, but there are so many ways to cause a redirection that stronger authentication along would do nothing to stop the attacks.