Categorized | Uncategorized

Two Quick Domaining Security Tips

Posted on 23 January 2012 by Andrei

As a domainer, you have several important accounts, from accounts at various registrars to PayPal accounts or email accounts and so on. Sure, it’s convenient to use the same password for all of them but if you’re serious about domaining… don’t. Just don’t.

Oh and speaking of email accounts, here’s the second tip. Your whois email address and your email address at the registrar should be different. Period. If DomainA.com is registered at RegistrarX.com, the whois email of DomainA.com should not be the email address associated with your RegistrarX.com account.

Why?

Because domain thieves might perform a whois search to extract the whois email of DomainA.com and use the password recovery system of RegistrarX.com to gain access to your account. So as a rule of thumb, the email address associated with RegistrarX.com should not be one of your common ones. If you want to take security to the next level, create a separate email address for each registrar. Sure, some registrars have security protocols in place which make using the password recovery system in a fraudulent manner more difficult but why take chances?

Most people don’t take security-related aspects seriously, don’t be one of them.

9 Comments For This Post

  1. Bernard Says:

    I get what you’re saying with tip #1. But tip #2, is a little bit hazy for me. Could you explain this a little more? It feels like something I should be doing…thanks!!!

  2. Andrei Says:

    @Bernard: let’s assume a thief wants to gain access to your account at RegistrarX.com by using the “recover password” function of that registrar.

    If your whois email is also the email associated with your account at RegistrarX.com, then all he or she has to do is gain access to your email account (… and in most cases, that would be easier than gaining access to your RegistrarX.com account through alternative methods) and use that email account to reset the password at your registrar.

    If you choose a different email address for your account, then the whois email address would be of no use to the thief in this case and since he has no way of knowing which email address you’re using for your RegistrarX.com account, the previously mentioned method wouldn’t work.

  3. Joe Says:

    As far as I know, the email address you use to setup an account at a registrar is automatically your whois email address for the domain names you register.

  4. Andrei Says:

    @Joe: if you sign up for an account at RegistrarX.com now and register your first domain then yes, it will use that email address for the whois info by default. Fortunately, you can change your whois details (name, email address and so on) at any given point and that’s the approach I’d recommend.

  5. Get Rid of Zits Fast Says:

    Thanks for all your efforts that you have put in this. very interesting information.
    I like this site very much so much wonderful info

  6. Healthiest Food Says:

    Outstanding post, I conceive blog owners should larn a lot from this web site its real user genial

  7. Vegan Diet weight loss Says:

    I really happy to find this website on bing, just what I was looking for : D too saved to my bookmarks

  8. Get Rid of Zits Fast Says:

    This web site is my aspiration , really great pattern and perfect written content

  9. click here Says:

    I think one of your current advertisements initiated my web browser to resize, you may well need to set that on your blacklist.

 
 
Domaining blog recommended by Domaining.comRecommended by DomainState.com  Recommended by NamePros.com

 
 
 
 
  • Top Commentators (Resets Weekly)