Take these extra precautions when buying a valuable domain name.
With news yesterday of more missing three letter domain names at a couple different domain registrars, now is a good time to remind people about due diligence when buying a domain name.
This is especially important for “liquid” domain names like three letter domains. Three letter domains have a floor value at which they can be quickly sold to a ready market of buyers. This makes them a favorite of thieves.
Here are some considerations if you’re buying a liquid domain name:
- Check the whois history for the domain for at least the past year to see if there are any ownership changes. Thieves usually try to unload domains in a hurry (hence their interest in liquid domain names). If ownership has changed, contact the prior owner to make sure the domain wasn’t stolen. You can check whois history on sites like DomainTools and DomainIQ. I personally narrowly avoided buying a stolen domain many years back by calling the previous owner.
- Consider how the seller sold the domain. Domains listed for quick sale on forums or emailed solicitations are worrisome, unless they come from a reputable broker you’ve worked with in the past.
- If it seems to good to be true, it probably is. If someone is offering a good combination of three letters for under $10,000, something is wrong. Even $20,000 is too low in many cases.
If you own valuable domain names, especially liquid ones, you need to take a few precautions as well. You are constantly a target.
- Use two-factor authentication at your domain name registrar. If your registrar doesn’t offer two-factor, switch to a registrar that does.
- Consider additional security services offered by your registrar. For example, whenever I transfer a domain to another party, GoDaddy calls me to get a verbal verification password. Yes, transfers are slower this way, but it’s worth it.
- Use a domain monitoring service to be alerted to domain changes in your portfolio.
- Don’t use the same password at more than one registrar. If one is compromised, then both are compromised.
Acro says
ICANN must be pressured – and I mean that to the full extent of the word – to redesign the domain ownership status and process. No domain should be able to leave an owner’s account without a digital “title” that involves a secure, authenticated process.
Andrew Allemann says
Are you willing to pay a lot more for your typical domain to have that as an added service?
Larry says
To that point the overwhelming amount of domain names aren’t valuable and nobody is trying to steal them.
By the way this is one of the reasons I always give the advice of “no whois privacy”. With no privacy you can easily pull a whois everyday and verify the ownership information. People will argue that having an email address in the record provides an attack vector but there are ways around that (for one whois history and another social engineering..)
Also not a fan of PO Boxes however I understand that some people need to use these.
Acro says
Absolutely not. The technology layers already exist and the methods won’t have to be devised from scratch. ICANN needs to justify its role and let’s not mention cash reserves to “improve the infrastructure” as they profess.
Max says
Word!
EM @KING.NET says
Security should be a standard feature in every domains, not another value adder service.
Larry says
Protected reg from godaddy is a must on valuable domains.
Frans says
interesting piece. Are there any statistics available of how many domains are getting actually stolen? This is really the first time i am ready about this….I’ve heard of accounts getting compromised but you give me the impressive that this is something that happens on a daily basis. Some statistics would help to quantify the actual risk, i can imagine that the registrars are on top of this
Andrew Allemann says
I don’t have hard stats, but it happens daily. It mostly depends on if you have any really good domain names in your account.
franck says
the 3 letters are like fine real estate in new york London or parís big money .com and .NET are worth in the 100000 dollars the next big thing could be the 3 letters country extensions uk france germany