Which Email To Use?

[sashas]

We've all heard cases of names being stolen in which thieves broke into a guy's email and authorized a transfer request.

This has made me wary of using the right email address.

Now I currently have three email addresses:
1. A free gmail addresss (my name @gmail.com). This is the one I use currently
2. An email address at GoDaddy (xyz @ my name.com) set up at my own domain name
3. An email address set up at Gmail, using my own domain (xyz @ my domain.com)

Which of these do you think would be the most secure?
I'm partial to the one at Gmail with my own domain name (congerere.com) as I like the gmail interface and plan to move all communication to this address. But I'm not sure how secure this address is.

Any advice appreciated.

 

[-REECE-]

For names worth high xx,xxx+ (eg. names these guys would target), I'd park them at a place that doesn't allow transfers for 60 days after renewals and I'd renew (add another year to) the name every 30 days or so until I resold it. That way, no matter whether someone hacks into your account or not:

1) They won't be able to transfer it away from the registrar
2) You can rest assured that you'll have plenty of time to prove your case and get your name back before the hacker can transfer the name away from your registrar.

As for emails, I'd go with your own domain hosted at Godaddy (the less people knowing your information, the better) and maybe I'm a bit paranoid... But I'm looking into buying a computer exclusively for domain name transactions (hence no possible spyware, keyloggers, etc)

As long as you sell the name inside of 10 months, that should solve the problem nicely

edit: You can always have your emails forwarded to your gmail account courtesy of the Godaddy interface (I do that). I would just try and keep confidential information (like passwords) to as few as possible. No need to make these guy's job any easier.

 

[sashas]

For names worth high xx,xxx+ (eg. names these guys would target), I'd park them at a place that doesn't allow transfers for 60 days after renewals and I'd renew (add another year to) the name every 30 days or so until I resold it. That way, no matter whether someone hacks into your account or not:

1) They won't be able to transfer it away from the registrar
2) You can rest assured that you'll have plenty of time to prove your case and get your name back before the hacker can transfer the name away from your registrar.

As for emails, I'd go with your own domain hosted at Godaddy (the less people knowing your information, the better) and maybe I'm a bit paranoid... But I'm looking into buying a computer exclusively for domain name transactions (hence no possible spyware, keyloggers, etc)

As long as you sell the name inside of 10 months, that should solve the problem nicely

edit: You can always have your emails forwarded to your gmail account courtesy of the Godaddy interface (I do that). I would just try and keep confidential information (like passwords) to as few as possible. No need to make these guy's job any easier.

Thanks for the tips Reece. I tried to rep you, but it wouldn't let me.

The renewing tip is something I hadn't thought of, and it seems like a really foolproof method of securing a name. Any email address can be hacked into...

For now, I'll go with my email address at my own domain at Gmail. I might switch over to GD later on though.

Thanks again Reece. Much appreciated.

 

[Damion]

Doesn't changing the WHOIS details also lock up your domain for another 60 days at GD?

If so you can change your email address with an interval of approx 60 days so you don't have to spend renewal fees.

 

[-REECE-]

I believe it does.

The one thing I'd be worried about with the email changing is that it may be harder to prove someone hacked your domain if you're changing details frequently yourself.

Doesn't changing the WHOIS details also lock up your domain for another 60 days at GD?

If so you can change your email address with an interval of approx 60 days so you don't have to spend renewal fees.

 

[sashas]

I believe it does.

The one thing I'd be worried about with the email changing is that it may be harder to prove someone hacked your domain if you're changing details frequently yourself.

But the other contact details would remain the same (address, phone no. etc.), so I don't see why just changing the email should cause any problems.
I'll take this up with GD support tomorrow. See what they have to say about changing email

 

[-REECE-]

I'd love to hear the response I think Godaddy (and other registrars, of course) could make some sweet cash by allowing people to purchase some kind of "transfer protection" for XX days (I'm really not familiar with ICANN rules... No clue if that's even possible). Would sure be nice to know that your name was safe when away from your computer for extended periods of time.

But the other contact details would remain the same (address, phone no. etc.), so I don't see why just changing the email should cause any problems.
I'll take this up with GD support tomorrow. See what they have to say about changing email

 

[gazzip]

I just transfered a domain from Register.com - you have to phone them with all your details and answer a security question before you can get the transfer code.

Seems like a good idea if your domains are worth alot ..still a bit pricey at $35.00 per year reg fee.

.

 

[npcomplete]

First of all the best thing to do as a defense is not talk about what you do. So this is what I might do with my overall email problem:

To minimize spam, and maximize confusion on my end, I probably use (haven't counted) hundreds of email addresses at any one time. Every major contact (NP, registrars...) gets a separate email address. I then forward these hundreds of email addresses down to a smaller number of email addresses that I monitor. To add some reliability, I have most of the important contacts forwarded to several of the addresses I monitor. This allows me to move all the contacts around and change addresses at random without major problems. It *definitely* is a spam killer, and I don't really need to filter. It sort of gets back to the defensive tactic of multiple mobile targets, and the complexity it creates in an attack plan. You can do this in networks too... hint hint... and move these targets around the net to complicate attacks on a network or distributed system. Of course it is much easier with a few hundred mobile email addresses compared to the internet or large distributed system, and you don't really need fancy math to plan changes...

To further maximize my own confusion, I occasionally register common things like com/net/org/info/tv... at different registrars with different addresses (from above: each contact gets a different address). I guess I do that also as part of reliability, since the cost difference can be significant, so I am paying for that "portfolio reliability" and damage protection. Having different registrar emails adds to confusion and cost, but at least you have reduced risk of everything going poof all at once. Having different registrar email addresses hosted by different services should also be in that mix... and of course monitor.

Marc

 

[-REECE-]

Now that's a complex system! (sorry, pardon the pun :D ) Very interesting solution I could never remember all those passwords though...

First of all the best thing to do as a defense is not talk about what you do. So this is what I might do with my overall email problem:

To minimize spam, and maximize confusion on my end, I probably use (haven't counted) hundreds of email addresses at any one time. Every major contact (NP, registrars...) gets a separate email address. I then forward these hundreds of email addresses down to a smaller number of email addresses that I monitor. To add some reliability, I have most of the important contacts forwarded to several of the addresses I monitor. This allows me to move all the contacts around and change addresses at random without major problems. It *definitely* is a spam killer, and I don't really need to filter. It sort of gets back to the defensive tactic of multiple mobile targets, and the complexity it creates in an attack plan. You can do this in networks too... hint hint... and move these targets around the net to complicate attacks on a network or distributed system. Of course it is much easier with a few hundred mobile email addresses compared to the internet or large distributed system, and you don't really need fancy math to plan changes...

To further maximize my own confusion, I occasionally register common things like com/net/org/info/tv... at different registrars with different addresses (from above: each contact gets a different address). I guess I do that also as part of reliability, since the cost difference can be significant, so I am paying for that "portfolio reliability" and damage protection. Having different registrar emails adds to confusion and cost, but at least you have reduced risk of everything going poof all at once. Having different registrar email addresses hosted by different services should also be in that mix... and of course monitor.

Marc

 

[FX]

For domains with high value why not pay the extra fee for a private whois
no one sees your email or anything?

 

[-REECE-]

There are ways around privacy.

For domains with high value why not pay the extra fee for a private whois
no one sees your email or anything?

 

[FX]

........

 

[npcomplete]

...oops... was that one of those "did I say that out load?" moments?

Also, as a PS, I would say add a good mix of different countries and continents in that portfolio and email mix.

Marc :hehe:

 

[-REECE-]

And don't forget to make sure you become your own ICANN accredited registrar. Never know who might become the next Regfly

...oops... was that one of those "did I say that out load?" moments?

Also, as a PS, I would say add a good mix of different countries and continents in that portfolio and email mix.

Marc :hehe:

 

[sashas]

First of all the best thing to do as a defense is not talk about what you do. So this is what I might do with my overall email problem:

To minimize spam, and maximize confusion on my end, I probably use (haven't counted) hundreds of email addresses at any one time. Every major contact (NP, registrars...) gets a separate email address. I then forward these hundreds of email addresses down to a smaller number of email addresses that I monitor. To add some reliability, I have most of the important contacts forwarded to several of the addresses I monitor. This allows me to move all the contacts around and change addresses at random without major problems. It *definitely* is a spam killer, and I don't really need to filter. It sort of gets back to the defensive tactic of multiple mobile targets, and the complexity it creates in an attack plan. You can do this in networks too... hint hint... and move these targets around the net to complicate attacks on a network or distributed system. Of course it is much easier with a few hundred mobile email addresses compared to the internet or large distributed system, and you don't really need fancy math to plan changes...

To further maximize my own confusion, I occasionally register common things like com/net/org/info/tv... at different registrars with different addresses (from above: each contact gets a different address). I guess I do that also as part of reliability, since the cost difference can be significant, so I am paying for that "portfolio reliability" and damage protection. Having different registrar emails adds to confusion and cost, but at least you have reduced risk of everything going poof all at once. Having different registrar email addresses hosted by different services should also be in that mix... and of course monitor.

Marc

Man, that is one complicated system!
I could never keep track of all that.
This is one reason why I prefer gmail. I've never got any spam at my gmail address. Ever.