NamePros is an industry leader when it comes to protecting your privacy and information. Our hope is that by setting a good example, we will encourage other businesses to follow in our footsteps. We offer various state-of-the-art security features, including:
- HTTPS: We enforce a secure web connection between you and our servers. Users who attempt to connect over insecure HTTP will be redirected to a secure URL.
- Insecure SSL versions are disabled: Typically, web browsers don't use SSL; they use its successor, TLS, instead. All versions of SSL are broken and insecure, so we only permit TLS connections. TLS works just like SSL, from the perspective of an end user so you shouldn't notice a difference. Web servers that support SSL at all—even if they also support TLS—are insecure and should not be trusted with personal information.
- External content is proxied if insecure: When users post insecure images on our site, we cache them and serve them to you via a secure connection. This way, your browser won't give you any warnings about insecure content, any attackers will have a much harder time causing trouble, and websites hosting linked images won't be able to gather information about your browsing habits on NamePros.
- HTTP Strict Transport Security (HSTS): Up-to-date versions of Chrome, Firefox, Opera, and Safari will remember that our website enforces security for about 180 days. If a government or Internet Service Provider tries to trick your browser into using an insecure connection, compatible browsers will refuse and give you a warning. Unfortunately, Internet Explorer does not yet support HSTS. Safari only has support from OS X Mavericks onward. As of 2015-02-04
- HSTS preloading: On January 20, 2015, namepros.com was added to Chromium's HSTS preload list. Once the changes make their way into the latest stable builds of Chrome, Firefox, and Safari, those browsers will know to use a secure connection when contacting NamePros out-of-the-box. They will refuse to connect to NamePros in an insecure fashion, even on the first visit. This significantly increases security when browsing NamePros from locations susceptible to man-in-the-middle attacks, such as public Wi-Fi networks.
- DMARC and DKIM: The e-mail protocol is largely anonymous: it is quite a simple matter to send an e-mail appearing to be from someone else. To mitigate this issue, we sign all of our e-mail messages per DKIM. On its own, this wouldn't prevent inauthentic messages; however, we combine it with strict DMARC policies understood by most major e-mail providers. When an e-mail appearing to be from
namepros.com is received by a participating provider, it is thoroughly inspected to ensure that it is authentic. If it fails to pass a variety of tests, the provider will send us a report notifying us of attempted impersonation, and the e-mail will be declined. Many hosting providers do not appear to implement DMARC. To ensure that the e-mails you are receiving are legitimate, please use an e-mail address hosted with a participating provider that values your security as much as we do. We've noted participation from Gmail/Google Apps, Outlook.com/Office 365/Hotmail, FastMail, NetEase/网易/163.com/126.com, Comcast, and Mail.Ru, along with a few smaller providers. We have also seen some participation from Yahoo, but it does not appear to cover all of their services.