IT.COM

registrars Which Registrar Is Most Secure?

Spaceship Spaceship
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
With valuable domains being stolen and tons of new, untested registrars popping up, I've started thinking about security.

I have names spread across about 12 registrars. I tend to like GD, but I like others too.

Any feedback about which registrars provide the highest level of security?
 
10
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
We have domains spread out across 20+ registrars and counting! Toooo much! We're dabbling with Epik. Great pricing aside, they're pretty innovative. But what I value most of all is that Epik's CEO is pretty responsive here (we've had some issues, but satisfied with @robepik's response / follow up) (y)
 
11
•••
This was one of the reasons I decided on Name Silo, they seem to have a few extra security features that I like.
 
9
•••
I like to keep my domains with Uniregistry.com.
 
7
•••
Interesting thread! I don't know which registrar is most secure!?
Two step authorisation is probably the minimum security feature. Is there any more?
 
6
•••
Interesting thread! I don't know which registrar is most secure!?
Two step authorisation is probably the minimum security feature. Is there any more?

Yes, 2 steps auth should be MUST for any domain owner especially for domainers who have hundreds and thousands of domains in their portfolio.
 
6
•••
We have domains spread out across 20+ registrars and counting! Toooo much! We're dabbling with Epik. Great pricing aside, they're pretty innovative. But what I value most of all is that Epik's CEO is pretty responsive here (we've had some issues, but satisfied with @robepik's response / follow up) (y)

Thanks for the kind words. The following security features are all free:

- 2 Factor Authentication
- IP Allow list
- MaxLock, i.e. account fully locked down for transfers unless agreed unlock protocol followed

We also just finished a native mobile application for iOS with end to end security for on the go account access and are releasing it to beta customers and soon generally.

Last but not least, I still get notified by the registries for any domains that leave. Since relatively few leave, it is easy to spot when a high value domain is moving. We have yet to lose a domain to an unauthorized transfer and like to keep it that way.
 
21
•••
Thanks for the kind words. The following security features are all free:

- 2 Factor Authentication
- IP Allow list
- MaxLock, i.e. account fully locked down for transfers unless agreed unlock protocol followed

We also just finished a native mobile application for iOS with end to end security for on the go account access and are releasing it to beta customers and soon generally.

Last but not least, I still get notified by the registries for any domains that leave. Since relatively few leave, it is easy to spot when a high value domain is moving. We have yet to lose a domain to an unauthorized transfer and like to keep it that way.
I do have some 4L .com domains at Epik. I do feel they are secure. I might have to take a look at moving a few hundred more over to Epik. I have heard nothing but good things.
 
9
•••
I do have some 4L .com domains at Epik. I do feel they are secure. I might have to take a look at moving a few hundred more over to Epik. I have heard nothing but good things.

Thanks @Silentptnr - We are running a tight ship over here with the help of some fantastic personnel. Although we have no aspirations to be the biggest, we do intend to be among the best. If your main income from domains is from selling or leasing, I believe Epik is the place to do it. It is frictionless, and commission-free and tax-free for anyone who is using domain proceeds to consolidate or grow their portfolio.
 
12
•••
Thanks @Silentptnr - We are running a tight ship over here with the help of some fantastic personnel. Although we have no aspirations to be the biggest, we do intend to be among the best. If your main income from domains is from selling or leasing, I believe Epik is the place to do it. It is frictionless, and commission-free and tax-free for anyone who is using domain proceeds to consolidate or grow their portfolio.
Can you company handle emoji domains?
 
3
•••
Can you company handle emoji domains?

That depends. If you're asking whether Emoji domains can be registered at Epik, then the answer is yes.

Emoji domains are essentially a subset of IDNs. Not all TLDs have enabled emoji registrations, though I know .WS offers them. These can be registered at Epik.

If you're asking about displaying emoji domains (or IDNs generally), that's a separate question. Most websites tend to show the punycode version. (That's the encoding that begins "xn--".)

As IDNs become more popular, websites everywhere may put more development resources into showing them in the native character set – Arabic, Cyrillic, Japanese, Chinese, etc. Displaying emojis would (I think) follow as a consequence of that broader trend.
 
7
•••
Right here, you've got Rob Monster (Epik's CEO) and me (the Director of Operations) listening. Since this thread is about registrar security, let's brainstorm.

What security features do you WISH a registrar would offer? I'm open to ideas.

In fact, if we implement your suggestion, I will personally put $50 in your Epik account.
 
9
•••
That depends. If you're asking whether Emoji domains can be registered at Epik, then the answer is yes.
Emoji domains are essentially a subset of IDNs. Not all TLDs have enabled emoji registrations, though I know .WS offers them. These can be registered at Epik.
How about .COM's?
If you're asking about displaying emoji domains (or IDNs generally), that's a separate question. Most websites tend to show the punycode version. (That's the encoding that begins "xn--".)
As IDNs become more popular, websites everywhere may put more development resources into showing them in the native character set – Arabic, Cyrillic, Japanese, Chinese, etc. Displaying emojis would (I think) follow as a consequence of that broader trend.
As IDNs become more popular...? Not likely, IMHO. Only very rarely do you come across an IDN address website. And it's been, like, almost 20 years since the first IDN "craze", following their introduction. I remember well. I lost a lot of money on Chinese IDN .COM's :xf.cry:

For one, few web designers, even those with rudimentary scripting skills, like PHP, have sysadmin skills and wouldn't know where to start properly setting up an IDN web address. And they are usually the experts called upon to set up a website. No motivation and not likely to push IDN's to their clients. IMHO.

As for emoji domains becoming mainstreem, well, like most domainers, I'm a bit more tech savvy than the general public, but have no idea whatsoever where to look for them emoji signs on my keyboard (and typing "xn--v4h.com to get there doesn't strike me as very catchy, it's a no-starter, at least for me) (n)
 
Last edited:
5
•••
Not likely, IMHO. Only very rarely do you come across an IDN address website.

That may be. However, the fate of Emoji domains is dependent on the fate of IDNs in general. After all, far more people write in Chinese, Japanese, Cyrillic, and Arabic than type out emojis. And those languages / scripts are far more likely to be permanent, since they've been around for centuries already.

If you hope that webmasters will write code to display emojis, then you'd better cross your fingers for IDNs. Emojis are just a tiny subset of IDNs, after all. Programmers are unlikely to lift a finger for emojis unless emojis are carried along in a bigger wave of IDNs.
 
3
•••
Sorry to offtopic just a lil'bit here again - but this is relevant to improving Epik:

You offer $8.09 pricing for regs / renewals / transfers funded from in-account funds, right? How about automating this? We've registered and transferred a few domains recently paying using in-account funds, but were still charged the $8.49 fee, same as when paying with PayPal or CC. Only a few domains, so no big deal. However, it would be nice for the many more future registrations/transfers to come :xf.smile:
 
2
•••
How about .COM's?

As IDNs become more popular...? Not likely, IMHO. Only very rarely do you come across an IDN address website. And it's been, like, almost 20 years since the first IDN "craze", following their introduction. I remember well. I lost a lot of money on Chinese IDN .COM's :xf.cry:

For one, few web designers, even those with rudimentary scripting skills, like PHP, have sysadmin skills and wouldn't know where to start properly setting up an IDN web address. And they are usually the experts called upon to set up a website. No motivation and not likely to push IDN's to their clients. IMHO.

As for emoji domains becoming mainstreem, well, like most domainers, I'm a bit more tech savvy than the general public, but have no idea whatsoever where to look for them emoji signs on my keyboard (and typing "xn--v4h.com to get there doesn't strike me as very catchy, it's a no-starter, at least for me) (n)

That's because you're OLD like me Domaniak! These emoji domains are perfect for mobile phones and aren't necessarily made for computer keyboards (yet) except via copy and paste or separate app. On a phone, they are more accessible and often easier to type in than text domains. For example, ☮.com are five taps on the phone versus how many in other dot coms? .Ws which I own a few single emoji domains, require even fewer taps. In addition, think about how a ☮.com link stands out much better, commands more attention, and easier to remember than text links. Hence the beauty (literally) of emoji domains.
 
Last edited:
3
•••
@Domaniak

Technically, it doesn't work the way you're assuming. At Epik, we distinguish between (A) payments made by wire transfer and (B) payments made by Paypal or credit cards. Case (B) involves higher fees for the merchant. Bypassing those credit-card / Paypal fees allows us to offer a cheaper rate to you guys, as the customers.

So we don't base the price on whether you're using in-account funds or not. After all, those funds might have arrived via Paypal or credit card. In that case, we've already paid merchant fees. What matters is whether those funds came via wire transfer or not. Customers who want the lower price can opt in, but then payments are limited to wire transfers and bitcoin – with Paypal and credit cards excluded. Hopefully that makes sense. If not, happy to explain again via PM.
 
2
•••
I think by point of view of secure registrar, Godaddy is the best at all.
Thanks
 
1
•••
@Domaniak

Technically, it doesn't work the way you're assuming. At Epik, we distinguish between (A) payments made by wire transfer and (B) payments made by Paypal or credit cards. Case (B) involves higher fees for the merchant. Bypassing those credit-card / Paypal fees allows us to offer a cheaper rate to you guys, as the customers.

So we don't base the price on whether you're using in-account funds or not. After all, those funds might have arrived via Paypal or credit card. In that case, we've already paid merchant fees. What matters is whether those funds came via wire transfer or not. Customers who want the lower price can opt in, but then payments are limited to wire transfers and bitcoin – with Paypal and credit cards excluded. Hopefully that makes sense. If not, happy to explain again via PM.
Fair enough. What about funds transferred in from MasterBucks?
 
2
•••
@Domainiak,

Each customer account is assigned to a pricing group. Then prices (defined for that pricing group) appear automatically during checkout. Hence it's a choice between (A) low prices and the ability to use credit cards / Paypal; and (B) even lower prices but no payments by credit cards / Paypal. As you can see, pricing is defined for the customer account as a whole.

Theoretically, it might be possible to look at a $500 account balance and divide it up into $113.17 left over from a past wire transfer, $189.42 from a past Paypal payment, $46.29 from a credit card, and $151.12 in the form of MasterBucks / in-store credit. In effect, each customer would have half a dozen smaller balances. Then when you go to buy something for $250, we could (again, theoretically) interpret that as using up a mixture of dollars from different payment sources – 60% at the low rate and 40% at the even lower rate. Then prices would be a weighted average of the 2. But this would look REALLY confusing to customers. And it would also require coding up a completely new database architecture to handle a very complicated system of account sub-balances, hybrid payment rates, weighted-average calculations, etc.
 
Last edited:
2
•••
I think by point of view of secure registrar, Godaddy is the best at all.
Thanks

Does GoDaddy allow you to restrict login based on a white list of allowed IP addresses?
 
8
•••
Eventually I will move all my domains to Epik, the level of personal attention is phenomenal, and the UI is among the better designs with managing hundreds of domains.

@Slanted - a security feature I like is account access notification - by email or text. I already use the IP Whitelisting you offer and I know that isn't ideal for some folks setup.

Here's what InternetBS sends me
For security reasons we inform you about each access to your account. If you got
this notification but you did not login to your account, please contact us as
soon as possible at [email protected] <mailto:[email protected]>.

Date: Fri, 30 Jun 2017 05:54:54 +0000
IP: xx.xxx.xx.xx
Host name: ipxx-xxx-xx-xx.zz.zz.zzz.com
Country: Bikini Bottom (BKB)
Browser: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Firefox/38.0

*Note:* if you don't want to receive such notifications please login to your
account and disable it in the email notification settings page.

One thing I could not figure out how to do was enable MaxLock from the control panel so if you can point me in the right direction that would be super
 
1
•••
@Domainiak,

Each customer account is assigned to a pricing group. Then prices (defined for that pricing group) appear automatically during checkout. Hence it's a choice between (A) low prices and the ability to use credit cards / Paypal; and (B) even lower prices but no payments by credit cards / Paypal. As you can see, pricing is defined for the customer account as a whole.

Theoretically, it might be possible to look at a $500 account balance and divide it up into $113.17 left over from a past wire transfer, $189.42 from a past Paypal payment, $46.29 from a credit card, and $151.12 in the form of MasterBucks / in-store credit. In effect, each customer would have half a dozen smaller balances. Then when you go to buy something for $250, we could (again, theoretically) interpret that as using up a mixture of dollars from different payment sources – 60% at the low rate and 40% at the even lower rate. Then prices would be a weighted average of the 2. But this would look REALLY confusing to customers. And it would also require coding up a completely new database architecture to handle a very complicated system of account sub-balances, hybrid payment rates, weighted-average calculations, etc.
Our account was 100% funded from MasterBucks only, hence my question. Who in their right mind would fund an account using PayPal or CC since there is no advantage whatsoever of doing so?

And why not keep things simple and go with a process of elimination - simply levy a charge on PayPal or CC funding of the account balance (like many other registrars do)? After that, all in-account funds, from whatever source, are of one kind only and free and clear of any ambiguity.

And this way, you can fully automate levying appropriate charges for each type of funding source, as you add new funding options.
 
Last edited:
2
•••
Does GoDaddy allow you to restrict login based on a white list of allowed IP addresses?
No,my ex acc was lost and created new and the new doesn't support customer I'd 159896688, no any domain transfer or accepted in my GD acc....,how can I solve this problem plz help me dear.
 
0
•••
No,my ex acc was lost and created new and the new doesn't support customer I'd 159896688, no any domain transfer or accepted in my GD acc....,how can I solve this problem plz help me dear.

Please start a new thread and then tag Joe Styler for help with a GoDaddy issue, this is off topic for this thread : smile :
 
3
•••
Back