Dealing With Domains Part 2

idealware domain reg.pngLast week, we talked about domain registrar services and what to look for. In today's followup, we'll focus on how to transfer a domain and the accompanying security concerns, then talk a bit about registrars vis a vis hosting services.
 

 


Domain Transfers

Transferring domains is a somewhat complex process that has been designed to minimize the risk of domain hijacking. In order to insure that transfers are performed by the actual owner of the domain, a few important measures are in place:

  • Every domain has an authorization (a.k.a. EPP) code associated with it. Transfers can not occur without this code being submitted. If you don’t have this information, your current registrar does. Some registrars have automated functions that will deliver that information to the domain contact; others require that you ask for them via email to the registrar or their support ticket application. Registrars are required to provide you with these codes within five calendar days of your request. If they don’t, your best recourse is to determine who they get their domain authority from (there are only a handful of companies that resell registration services) and appeal to them for assistance.


  • Communication is strictly through the registered “whois” email address of the domain owner. You can determine what that is by doing a whois lookup on your domain.


    Tip: While most domains can be looked up at http://whois.net. However, whois.net has some trouble with .org domains, so the alternative http://www.pir.org/whois is a more reliable source for most non-profit domains.



    If the address that your domain is registered with is either non-functional or owned by someone other than you, then you need to update it, via your current registrar’s web interface, before you can successfully transfer the domain.



  • Domains can (and should) be locked to prohibit transfers before and after you switch registrars. Locking and unlocking your domains is usually done by you, from your registrar’s web site. If you don’t have options to do that when you log on to the web site, your registrar should do it for you upon request.



Transfer Procedures

To initiate the transfer, go to the web site of the registrar that you want to switch to and follow their instructions. They will have you submit a request and, upon receipt of your domain fees, issue an email to the email address associated with the domain containing a link to a form where you can confirm the request. That form will also ask for the authorization code. Subsequently - and this can take up to seven days - you’ll receive an email from your current registrar asking you to confirm the transfer request. Once that is submitted, the transfer should go through.

Detailed rules about how domains are transferred, as well as what the responsibilities of the registrars are in handling the transfers, are listed at http://www.icann.org/en/transfers/policy-en.htm.

Choosing Registrars

Registrars charge anywhere from $5.00 to $50 dollars for a year’s domain service. The two best known registrars are Network Solutions and GoDaddy. Many people go with Network Solutions because they're the longest standing of the registrars (for many years, they were the only registrar). GoDaddy has become very popular by dramatically undercutting the cost. Note, though, that both of these registrars have been accused of questionable business practices:

  • Network Solutions has engaged in "Front Running", a questionable practice of locking domains that a potential customer might search for in order to block competitors from making the sale. They will also use subdomains of your domain to advertise, a practice called subdomain hijacking. A decent registrar will not seek to make profits based on your intellectual property.


  • GoDaddy famously suspends accounts based on corporate requests. In 2007, they suspended seclists.org, a website that archives internet security mailing lists, per the request of MySpace, with no court order or valid complaint. MySpace was upset that content posted to one of the lists that Seclists archived was inappropriate. But, instead of contacting Seclists to deal with the content in question, GoDaddy closed the site and wouldn't respond to desperate emails or phone calls regarding the sudden closure. Worse, after the fiasco was resolved, they were unrepentant, and reserve the right to shut down any site for any spurious reason. If your NPO does work that is in the least bit controversial, keep this in mind when considering GoDaddy.



Web Hosting and Registrars

Many registrars supplement their business by providing web hosting services as well. Some will even offered discounted or free domain registration with a hosting plan. While this simplifies things, it can also be a bit risky in the “eggs in one basket” sense. Having a separate registrar and control over your DNS service allows you to be more flexible with switching hosts, should your current host prove themselves unreliable or go out of business. And the web hosting industry is pretty volatile, with companies coming and going pretty quickly. I would suggest a best practice is to keep your host and registrar separate.

Comments

Thanks for the great

Thanks for the great walk-through of domain registration considerations.

In case it's useful for nonprofits taking the next step, hosting a website, a few months ago I posted a couple of nonprofit-focused items: one on choosing a web host, and another on migrating your domain from one host to another.

For those who are hosting

For those who are hosting controversial or sensitive content, Gandi.net has a good, long record of resisting spurious legal requests from governments, investigative agencies and companies' copyright infringement lawyers to immediately shut down a site. They host, for instance, Riseup.net and many of the Indymedia sites. I've had good experiences with them in the past.

For ease of use and control over advanced features, I like NameCheap.com, but of course there are many registrars out there. Just make sure they're not nickel-and-diming you over things that cost them nothing and should be free -- full control over your DNS (including A, CNAME and MX/mail records), free and silent (i.e. not "framed") domain forwarding, arbitrary email forwarding (foo@newdomain.com to foo@olddomain.com). Peter mentioned several of these in his earlier post.

Additionally, one important issue to be aware of are the con artists who scour public domain registration information for nearly-expired domains, then contact you by email or postal mail with a phony notice about "renewal" -- and if you respond to that notice, you'll actually be authorizing a transfer to them. Always keep a record of what registrars control which of your domains, and ignore anything from any other registrar. Many registrars also offer "private" domain registration or registration masking as a free or add-on service, and that can be useful -- but even better is to simply be aware of who is and is not your registrar and resist manipulations to the contrary.