Corporate Domain Name Management: 7 Steps for Uncovering and Remediating Risks
Elisa Cooper from GoDaddy explains that domain management is not simply about set-and-forget: more is needed to maintain the value & function of your domains.
Keeping corporate domain name portfolios in tip-top shape requires more than just managing the registration of domain names in support of new brands, TLDs, and market expansion. It also requires periodic review to ensure that names are both secure and resolving, and that website visitors can consistently reach their destination, regardless of whether they’ve added the www, or have misspelled or fat-fingered names.
Step 1: Take Inventory
A portfolio review starts with inventorying all domains owned by the company. In the past, domain professionals would use Reverse Whois tools to search through domain name ownership records using an email address, physical address, company name, or phone number to uncover lost or forgotten domains. With GDPR in full effect now, Reverse Whois lookups are no longer as accurate as they once were, as much of the data used to populate their databases is no longer available. That said, searching by name servers can still return some meaningful results, as this data is still readily available.
Today, inventorying domains means starting with known registrations from approved registrars, then searching for domains containing brands and referencing unique name servers, and finally, asking for employees to provide lists of domains that they may have registered. While this seems fairly straightforward, trying to uncover all domains which belong to the company can be a major undertaking, and given that employees often register domain names outside of company policy, it’s a never-ending task.
Step 2: Check Registrar
After all company-owned domains have been identified, checking to see that names are managed with an approved registrar who meets security, operational, technical, and support requirements is an important second step. Names that aren’t managed in this manner should be transferred as soon as possible. Domains registered through unauthorized registrars may indicate that a domain has lapsed, is no longer owned by the company, and has since been re-registered by a third-party.
Step 3: Confirm Nameserver and DNS Accessibility
Once domain names are under the company’s management, ensuring that name servers and DNS settings are under the company’s control is the next critical step. Surprisingly, it’s not uncommon to see domain names with approved registrars still referencing old, unauthorized name servers. How does this happen, you might ask? When domain names transfer from one registrar to another, they transfer with their existing name servers. If the gaining registrar fails to update name servers, domains could still be pointing to outdated, infringing, or fraudulent content.
Step 4: Verify Lock Status
Checking to see that all domain names are locked to protect against deletions, transfers, and updates is critical. Names with an EPP status of OK are available to transfer with just an authorization code. Mission critical names – those hosting content or used for email – should be registry-locked, if possible. Registry-locking provides an additional layer of security so that domains are protected against hacktivists from pointing domains to politically-motivated content, against disgruntled employees from embarrassing their employers, and against inadvertent mistakes which can happen at any time. Registry-locked domains are only editable when a unique offline security protocol is completed between the registry and the registrar.
Step 5: Ensure Domains Are Resolving Correctly and Consistently
Ensuring that all domains are pointing to relevant content is a best practice. This means pointing defensive typo-squats and misspellings to production sites – helping users to reach their intended destinations. Beyond that, checking to see that the root and www versions of domains are resolving to the same location also helps to ensure a consistent experience for website visitors.
Step 6: Track and Manage Certificates
For company-owned resolving domains, ensure that certificates exist and that there are no issues with them. This is more important than ever now that all major browsers are clearly identifying sites without certificates as not secure. Also, be aware and monitor for upcoming expiration dates.
Step 7: Review and Update DNS
Review DNS settings for all domains and known sub-domains. Ensure that domains and sub-domains with MX records are authorized to receive email. For those that are not, MX records should be removed. For those that are authorized, ensure that SPF and DMARC data exists. Also, check for instances of lame delegation which can introduce delays in reaching websites.
The information contained in this article is provided for informational purposes only.
Bringing 18 years of domain name industry experience with her, Elisa Cooper leads product and marketing strategy for GoDaddy Corporate Domains. Over the years, Elisa has worked closely with many Fortune 1000 companies in assisting with domain and brand protection policy development and has spoken and written extensively on these topics. She is also the former Chair of the ICANN Business Constituency.
Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.