Is domain privacy a good step to take

[mjbenterprises]

for security?

I've been thinking about trying privacy after seeing so many reports of stolen domains.. Do any of you use privacy, and do you think it is helpful in preventing theft?

 

[yenhoo]

Hey mjbenterprises,

I personally think private registration is somehow a measure to shield domain, and prevent theft just as you said.

But this is not allowed if registrant means to use fake info and get privacy protection. Once disputes happen, UDRP and ICANN will come to interface, and eventually, it's nearly impossible for you to keep this name.

Helen

 

[freedom30]

...I made the mistake of getting privacy from godaddy's domains by proxy at the checkout and instead dbp of emailing me to my address I have with godaddy, they emailed to an address I had five years ago. They will not delete the name and I must provide a state ID(which I refuse to do since godaddy has all my info)so my principles cost me a domain name and money.

I'll just let the name drop after a year and allow dbp and godaddy to win. It is all my fault because I trusted godaddy to forward info to email address I had instead of the obsolete one.

Lesson learned and caveat emptor to those thinking of using domains by proxy...there are better alternatives than the one that wants your sensitive information. No, I do not trust them with my info...

 

[yenhoo]

maybe this would be a NOOB question, but what u mean by "dbp", freedom30? - Helen

 

[freedom30]

maybe this would be a NOOB question, but what u mean by "dbp", freedom30? - Helen

...That would be godaddy's domains by proxy

 

[yenhoo]

ah got it, Domains By Proxy(dbp), interesting acronym, thank you for reply freedom30. - Helen

 

[DU]

for security?

I've been thinking about trying privacy after seeing so many reports of stolen domains.. Do any of you use privacy, and do you think it is helpful in preventing theft?

How do you believe it would be helpful in preventing theft?

 

[GoQuickly]

By protecting your admin email address.

In most cases of aged domain theft the owner had setup an email address with let's use for example [email protected]

They later upgraded to gmail.com or domain.com and their hotmail.com address is available again after not being used for a year or so.

Next thing you know, I could register [email protected] - reset their password and send myself an authorization code for transfer.

Shuffle it around a couple times and exchange hands and it's hard for that domain to get returned.

 

[Dave_Z]

And the thief wouldn't necessarily know what email address you use with the domain registration itself.

 

[DU]

By protecting your admin email address.

In most cases of aged domain theft the owner had setup an email address with let's use for example [email protected]

They later upgraded to gmail.com or domain.com and their hotmail.com address is available again after not being used for a year or so.

Perhaps the problem here is not one of theft but of management of ones own email address?

The solution to not making updates to whois in a timely manner is (to protect from theft)change your whois to some third party surrogate who has an underlying whois that's invalid? So add one level of indirection?

DomainByProxy states unequivocally about your whois:

"This is the only way your Registrar and Domains By Proxy can reach you with issues concerning either your domain name or private registration services."

If you forget your login information? They send you an email with an authorization code... perhaps you can see a problem here? You may be able to get by this with photo id and all manner of other things...

Great solution!

To avoid all of this - keep your email up to date in the whois. That sounds hard.

And the thief wouldn't necessarily know what email address you use with the domain registration itself.

If you're this concerned - you should be hiring a company that specializes in domain management for you. They will ensure that your domain is under full control. A better solution than privacy would be to choose a registrar that will lock domains and only unlock from specific IP addresses, or via direct contact. etc. Adding security measures is WAY better than adding one level of privacy indirection, imho

Privacy seems an obtuse way to solve a problem that doesn't really exist if you keep your email up to date in whois and secure.

 

[johname]

If you own domains with the desire to sell them to others, the last thing I would do is put them on privacy.

 

[Dave_Z]

If you're this concerned - you should be hiring a company that specializes in domain management for you. They will ensure that your domain is under full control. A better solution than privacy would be to choose a registrar that will lock domains and only unlock from specific IP addresses, or via direct contact. etc. Adding security measures is WAY better than adding one level of privacy indirection, imho

Privacy seems an obtuse way to solve a problem that doesn't really exist if you keep your email up to date in whois and secure.

Heh, I'm just offering an answer based on my ex-registrar life. Speaking of which, though not "scientifically" proven yet, compromising the email address on file (especially if it's the one listed in WHOIS) is often the most effective way of hijacking a domain name.
Anyway, using WHOIS privacy has always been an option, especially after one weighs its pros and cons to see if it'll indeed suit their intention. Some registrars just happen to push for it, and I remind people the decision always lies with them.

 

[DU]

Heh, I'm just offering an answer based on my ex-registrar life.

Understand.

Speaking of which, though not "scientifically" proven yet, compromising the email address on file (especially if it's the one listed in WHOIS) is often the most effective way of hijacking a domain name.

Some registrars can put additional lock controls in place.

I thought the most common compromise was the phishing emails sent by the fake GoDaddy company that asked you to verify your whois. (that's almost sickeningly ironic).

Once you get access to the account you can go crazy.. especially if the person uses the same password for their email (never happens, lol?)

I'm not going to say anymore before someone targets me to prove a point.

 

[SpareDomains]

If you own domains with the desire to sell them to others, the last thing I would do is put them on privacy.

agreed :wave:

Few precautions to reduce theft...

1)Never click links in emails to your domain registrar as they may be spoofed.

2)Don't use a free email account on whois, use an email on a domain you own preferably behind SSL and not the same email as your login email to registrar.

3)Strong Password/Don't Use Same Password Multiple Places

4)Good Virus Software

If you have hundreds of domains get a godaddy executive account. My rep has to call me at a phone number not listed in whois and I have to provide a pin number or phrase before anything moves out of my account so even if someone got in domains can't go anywhere unless someone guesses my unlisted phone number and can answer the phone and provide my secret password which is virtually impossible unless they mug me for phone and beat me for password.

 

[dnb8]

If you own domains with the desire to sell them to others, the last thing I would do is put them on privacy.

Yes, whois privacy is only good when you use this domain for website.

 

[SpareDomains]

Yes, whois privacy is only good when you use this domain for website.

Don't really think it's good at all as I always look at whois before pulling out credit card and if private figure they have something to hide. Think any business using private whois loses the trust factor which equals less sales.

 

[mjbenterprises]

agreed :wave:

Few precautions to reduce theft...

1)Never click links in emails to your domain registrar as they may be spoofed.

2)Don't use a free email account on whois, use an email on a domain you own preferably behind SSL and not the same email as your login email to registrar.

3)Strong Password/Don't Use Same Password Multiple Places

4)Good Virus Software

If you have hundreds of domains get a godaddy executive account. My rep has to call me at a phone number not listed in whois and I have to provide a pin number or phrase before anything moves out of my account so even if someone got in domains can't go anywhere unless someone guesses my unlisted phone number and can answer the phone and provide my secret password which is virtually impossible unless they mug me for phone and beat me for password.

Good info here... thanks for these tips..

 

[alien51]

Don't really think it's good at all as I always look at whois before pulling out credit card and if private figure they have something to hide. Think any business using private whois loses the trust factor which equals less sales.

That's of course a generalized "presumption".

I haven't seen any consumer survey or report that proves using statistical data, that people actually bother to check the WHOIS info before making credit card purchases.... Let alone having any clue what a WHOIS info is, and how to check for it.

 

[wwwweb]

Privacy is good, as once it is enabled no domain can be transferred to another register until it is removed.

Also privacy being enabled can help in having higher sales, due to the fact if an end user sees Joe Smith, From Apt 1B, From West Virginia owns the domain, they are going to try and low ball, as they can find out where, and in what sort of home he lives, maybe even find what he does for a living, etc... they will think if we offer this guy $3k, that is a lot of money where he would jump.

Whereas when you have privacy set you could be a million dollar corp. for all they know. Most end users find your site via direct navigation, and escrow type transactions take any risk out of the deal when pulling out their credit cards.

 

[SpareDomains]

That's of course a generalized "presumption".

I haven't seen any consumer survey or report that proves using statistical data, that people actually bother to check the WHOIS info before making credit card purchases.... Let alone having any clue what a WHOIS info is, and how to check for it.

Every web server I ever bought over the last 10+ years I have. Think more tech minded people will check things like domain registrars, hosting, ppc ad networks, etc... I know I spend 5-10k minimum online each year between domains, hosting and advertising and none of that goes to anyone with anonymous whois and I'm just 1 guy so no matter how small the percentage gotta think it hurts sales as I have personally aborted purchases after finding that, unless your info is posted on your site but most anonymous whois sites I have encountered don't list any address/phone on the site as well and an email isn't good enough for me.

In 2012 consumers are smarter and quite a few are looking for address, phone, email, reviews, BBB etc... before the plastic comes out. More information posted on the site better trust established.

I have added phone numbers to sites with no other changes made and seen substantial increases in conversions.

So yes a "generalized presumption" based on myself actually backing out of shopping carts after reviewing who I'm buying from and finding private whois as I see no reason for a business to do that. I could see if your photographing celebrities and want your location hidden but most businesses should have no reason to hide that unless running illegal pharmacy, adult or working from your mom's basement and pretending to be a big dog. :D

Years ago I had bought a domain and it came with free privacy. Forgot about it and when a guy finally got a hold of me after paying a registrar to contact me said he was trying to find me for months. End result was hand regged name sold for $7500 so as far as domain sales go definitely good to make it easier for buyers to contact you.

Better off with a PO Box for a few bucks a month and your own email address created just for your domains whois sent direct to you then an email like domainprivacyservice587654@ which may show up or might not since thousands of domains use the same email address or a variation of it.