PSA: Lock Your Domains


The domain, operated by one of the oldest ISPs in the nation, was recently hijacked. The hijacking demonstrates that the system designed by ICANN is working exactly as designed.

ICANN's new domain transfer policy requires that a registrar must fulfill a transfer request unless rejected by the domain owner. This policy was introduced so that unscrupulous (and incompetent) registrars could not block domain owners from moving their domain elsewhere. Opponents feared the policy would make it easier to hijack a domain. Looks like that's been confirmed.

Fortunately, there is a fix. First, make sure your domain is with a registrar you trust. Then, lock it. If you log into the administration interface for your domain, you should see a setting called transfer lock or something similar. If you turn it on, your domain cannot be transferred away. If, later, you should choose to transfer it, just turn off the lock.

So, lock your domain. It's quick and easy, and it could prevent the theft of your domain.


Comments have been closed for this entry.

re: PSA: Lock Your Domains

Here is an article that discusses what happened to The article does not indicate if the domain was locked or if locking was bypassed.

re: PSA: Lock Your Domains

Thank you for posting this! I checked, and it turned out I'd only locked one of my domains. So I locked the other. It may not be a perfect system, but doing this provides a measure of security.