StopScum

A flawed architecture

Domain name data is held in a huge database which is called Whois. Any criminal can view these records since they are essentially "public record". For example, click here to see the Whois records for Yahoo.com. A given domain name is registered/leased via an approved Registrar. Their are currently dozens of Accredited Registrars, all of whom are regulated by ICANN (Internet Corporation For Assigned Names and Numbers. All of this means that if you want a domain name which is not already taken, you start with an Accredited Registrar like godaddy.com or 000domains.com, create your account, and pay your annual fee.

Their are several major flaws in the ICANN rules which an Accredited Registrar must follow:

1. Only a single email address may be used for the Admin. If you loose control of this email address or a criminal gains control of it, your domain will be stolen.

2. None of the Whois data is verified by the Registrar. This permits fraudsters to hide behind false data.

3. If a domain name is not already registered, any one can registrar it, even if the domain name clearly encroaches on the Intellectual Property rights of others. For example, you could registrar a typo like gooogle.com (note the 3 0s)

4. Their is no provision to require a FAX and a signature to registrar and or change the Whois records for a given domain name.

5. Legal action against the criminals who steal domain names rarely occurs.

All of these shortcomings provide fertile ground for criminals.

Every day, criminals are looking at millions of Whois records for likely targets. They use automated tools to scan millions of records. In some cases, Whois records are sold on the "black market" to other criminals. What are they looking for? In some cases, they are looking for expired domain names which they can legally registrar. This hunt for expired domain names is perfectly legal. In other cases, they are looking for properly registered domain names which have not expired but use a free email providers like hotmail.com or gmail.com for the email address of record. The majority of theft occurs with these free email addresses. Next, they point their "hacker/crack" tools at your free email account and retrieve your user name and password. In other cases, they use these tools on the registrars site to break into your account. These criminals have a list of Registrars which are easier to break into and thus they target them.

After they break into your account, they change the DNS/Name Server records for your domain to their own hosting account along with the other Whois data. In a few hours your domain disappears and the criminal owns it on a new server. Sometimes they even transfer the stolen domain name to a new registrar to cover their tracks. You wake up, navigate to your site and see a different site. Then you check the Whois database and see what has happened.

What you must do to prevent theft

1. DO NOT use a free email provider for your email address of record for your domain name. Even if a Company like Yahoo offers a paid version, DO NOT use it. Companies which provide free email are not reliable, have slow support, thousands of times a day criminals are trying to break in with new tools, and many of these Companies can and have gone out of business.

2. ONLY use a POP email account hooked up to your domain for your Whois email address of record. Prepay this domain names registration for at least 5 years. Use a long alpha/numeric password for this email account. This password should be changed at least every 6 months and should never contain real words. An example: xVVs492nM177qrt27 We also suggest that you set up forwarding for this email address to at least 2 other email addresses to insure you don't miss a renewal notice. Insure that all your email addresses have adequate storage limits enabled. We suggest at least 100 megs and pick up your email on a regular basis.

3. When you create your account with your Registrar please follow the same rules for a password and email address from Item 2. Also, choose a hard to hack user name with your Registrar which is also Alpha/Numeric.

4. Lock all your domains with your Registrar. Prepay your domain name registration fee for at least 5 years.

5. Record this data on paper and leave this document in a secure place in case you die so that others can follow the trail.

6. Insure that your user name and password is NOT used anywhere else. For example, if you are using the same data for your PayPal account and your domain names Registrar, all I need to do is break into one account which then permits me to use the same data on your other accounts.

7. NEVER divulge your user name and or password in an email or by clicking a link in an email which appears to come from your Registrar. Type the domain name into your browser.

8. In some cases, you may wish to pay an extra fee for a private domain name record. This means that your data will not appear in the Whois database. Only the name and data of your Registrar will appear. This solution is not for everyone. If you sell a product or service, a "proxy/private" Whois record is always a red flag, indicating that the real owner is hiding and thus this may impact your sales. Also, a number of Affiliate Networks will either reject you or require extensive documentation to support your actual address and other data.

9. Insure that all your Whois data is 100% accurate and keep it current. A "fraudulent" Whois record is unlikely to fool most people and actually violates ICANN rules.

They stole my domain name. What do I do?

If you think the criminals hacked into your Registrars account, you need to contact your Registrar immediately and provide all the facts and work with them. We suggest you send them an email, FAX, and call them. All 3 just to make sure. Most Registrars are well equipped to handle these kinds of cases BUT it will take time and they will need proof. Click here to see the guidelines.

If you think that the criminals hacked into your email account of record in the Whois database and used this account to change your Whois data via your Registrar, you are going to indure more pain. It could take days or weeks for your free email provider to respond. We suggest you contact both your Registrar and your email provider.

ONLY your Registrar can return the stolen domain to you. Your current host and or the new host of the stolen domain name can not and will not return ownership of the domain name to you. We strongly suggest that you NOT contact the new host of the stolen domain. Their is nothing to gain and you run the risk that they are involved in the crime. Expect to wait at least 2 weeks or longer for the return of your domain. We also suggest that in this case you change ALL your other passwords and user names with other sites and or services.

Additional resources

Intellectual Property disputes for domain names (NOT stolen domain names) are resolved via WIPO (World Intellectual Property Organization). For example, view this case in a new window in which Google.com prevailed and the domain Registration for the four domain names was returned to Google. These procedures normally take about 4 months.