Fabulous’ Executive Lock Would Have Saved CheckFree.com

Thursday, December 11th, 2008

Service prevents nameserver changes without multiple levels of confirmation.

In light of the CheckFree.com nameserver “theft” last week, I opined that registrars must offer added security for important domain names. Specifically, important domain names should require more than just a username and password in order to change the nameservers.

It turns out at least one registrar has an official product offering to do just that: Fabulous offers Executive Lock. The product’s official description reads:

An Executive Lock adds another level of protection to a domain name.

The Executive lock effectively freezes a domain’s registry settings, and can only be removed by Fabulous management after any special conditions specified by the client have been fulfilled.

A domain name under Executive lock cannot:

* Be transferred out to another Registrar
* Be pushed to another Fabulous account
* Have changes to its Nameserver settings
* Have the Registrar-Lock status removed

NOTE: Renewals and WHOIS contact updates will continue as normal.

If CheckFree.com used a service like this it would have been much more difficult for its nameserver settings to be hijacked.

Other registrars may offer similar services, but they aren’t promoted. I’ve heard that Register.com has a similar service but that it’s typically used in the case of a legal dispute.

Either way, any domain used for a major site, such as a Fortune 500 company or a transaction-processing site, should have a safeguard like this in place. Fabulous’ service is free, but owners of important domain names should be willing to pay hundreds of dollars for a service like this.

Further Reading:

  1. Fabulous Adds Physical Security and Whois Privacy
  2. Companies Have Fiduciary Responsibility to Lock Down Domain Names
  3. How to Lock Down Your Domains at Go Daddy

Tags: , ,

6 Comments » - Posted in Domain Registrars by

Comments

  1. sipbkk
    December 12th, 2008 | 2:53 am

    Moniker offers Portfolio MaxLock – Same kind of deal.

    http://www.moniker.com/services/services.jsp#portfolioMaxLock

  2. Andrew
    December 12th, 2008 | 3:03 am

    Thanks. Their previously announced MaxLock product didn’t handle nameserver changes.

  3. Reece
    December 12th, 2008 | 4:54 am

    Looks like it must be a recent change with MaxLock — I don’t recall them offering the additional nameserver protection when I last looked a couple weeks ago. Good to know though :)

  4. monte
    December 12th, 2008 | 6:57 pm

    The portfolio MaxLock does protect against DNS, Url Forwarding, Email Forwarding, email, admin, transfer, pushes, etc. It was just released and is available yesterday.

  5. Karan Goyal
    December 12th, 2008 | 7:57 pm

    Tucows/OpenSRS provides the free domain lock feature which locks domain transfers and nameserver change.

  6. Doug
    December 14th, 2008 | 8:46 pm

    Installing stronger authentication to preclude redirection is akin to putting a padlock on a house door when all the windows and remaining doors are missing. Sure, the stronger authentication would prevent this specific attack, but there are so many ways to cause a redirection that stronger authentication along would do nothing to stop the attacks.

Leave a reply


Your comment will be deleted if: you use an invalid email address, you use a URL shortener for your web site link, your website link goes to a parked domain name, or your "name" is an advertisement keyword.


TOP