Domain management

Yesterday one of the bigger ESPs had their domain registration lapse. This caused a whole host of problems for their customers. It was resolved when someone completely unrelated to the company paid the registration fee.
It happens. Most of us know about cases where email or domains were lost due to renewal failures. The canonical case is one person at the company handles renewals, and leaves or is off when renewal comes up. The payment is missed, the domain goes back to the registrar and everything falls apart.
This happens at big companies and it happens at small companies. This is the kind of public facing problem that should make all of us look at how our own domains are managed. A few questions to ask.

  1. What domains do we own and use? Is there a list somewhere?
  2. What department owns the domains / brand?
  3. Who maintains the registrations?
  4. When do your domains expire?
  5. Who is the backup maintainer?
  6. Who has passwords and access?
  7. Who can make changes?
  8. Are we using any domains that we don’t own?
    1. What are they?
    2. Why don’t we own them?
    3. Should we own them?
  9. Who gets emails and alerts from our registrar?
  10. Who should get emails and alerts from the registrar?

These are only some of the questions to ask. Of course, not every person inside the company needs to know all these details. But domains are critical and so some people should know. Personally? If I had “director” or higher in my title, I’d be asking these questions and more.
Domain information should be in the “hit by a bus” file. It’s too important an issue to drop if the person currently handling it is hit by a bus.

Related Posts

Proxy registrations and commercial email

Yesterday the law firm Venable, LLP published a document discussing the recent California appellate court decision in Balsam v. Trancos. Their take is that commercial email that contains a generic from line and is sent from a proxied domain is a violation of the California Business and Professions Code § 17529.5(a)(2).

Read More

Private whois records hide spammers and help bring down a registrar

I’ve talked in the past about how many spam filters, ISPs and blocklists treat domains that are registered behind privacy protection. I’ve written about how many commercial domains behind privacy protection are used for fraud. I’ve written about multiple legal cases where the courts ruled against companies using privacy protected domains in email. I’ve even gone so far as to claim hiding domains behind privacy protection is what spammers do.
Legitimate email marketers do not hide their domains behind privacy protection services.
Spammers absolutely do hide behind privacy protection services. And because of how privacy protection works, we really don’t know which domains are used by one spammer versus another spammer. ICANN gave us a little bit of insight into just how many domains a spammer registers when they terminated Dynamic Dolphin (pdf link). This is a situation that has been brewing for most of 2013. I wrote about the notice of contract breach back in October. This morning Brian Krebs wrote a blog post saying that ICANN had terminated the agreement with Dynamic Dolphin for failing to cure the breach as noticed back in October.
If you read through the timeline, ICANN has some interesting information about privacy protected domains at Dynamic Dolphin. Data about privacy protected domains was requested from the very beginning.

Read More

CA court requires sender identification on emails

Venkat analyzes the appeals court decision in Balsam v. Trancos, Inc.. In this case the appeals court decided that emails have to identify some actual person or entity they are sent by or from. Emails that do not identify the sender are in violation of the California anti-spam statute.
Venkat talks about all the reasons he thinks this is a problematic ruling, and the CA courts and anti-spam activists certainly have their share of bad rulings. I’m less convinced. The crux of the case seems to be that the advertiser used a number of random domains to hide the responsible party for an email. Rotating domains is a very, very common spammer tactic that is specifically a way to avoid domain based filters.
I understand Venkat’s concern but as someone who gets a lot of these spams I think the court is certainly ruling within the spirit of the CA statute. These mailers are using random domains to avoid filters and mislead recipients as to the source of the mail. Even if the domains are legitimately owned by the advertiser, they are usually hidden behind privacy protection and give the recipient no real information about who is sending the mail.
Another interesting point is the court speaking out against privacy registration. Personally, I don’t think any business should ever hide their domain registration behind privacy protection. If you’re a business, then you should stand up and give real contact information. I know it can be scary, particularly for people working out of their home, but if you’re a real business, you need to have an address registered with your state. Furthermore, if you’re a business sending email, all that email must contain a physical postal address. Your address already needs to be public, and including that in whois records isn’t actually going to change anything.

Read More