Domain names are precious commodities and they can be lost in a matter of days
By Matt Lake
How would you like to see the Web site you’ve been working on all year slip through your fingers? You may think it’s unlikely, but despite the enormous bureaucracy surrounding the Internet domain name system, dotcom names are falling out of the hands of registrants all the time.
The consequences can be embarrassing, costly, and time consuming. When you lose your domain to someone else, you must reprint your stationery with new Web addresses, send out releases to your customers confessing your mistake, and lose untold email messages when your email vanishes into the ether (or worse, goes to the domain’s new owner).
But in most cases, it’s easy to avoid problems like these. So learn a few lessons from four organizations that recently lost their domains. Take heart that two of them have got their domains back again—but don’t assume that you will have the same good fortune as they did. Prepare for the worst—and be happy when it doesn’t happen to you.
Fumbling the ball
In May 2002, two popular nonprofit sites lost control of their domains when they expired and speculators snapped them up. Their stories have some similarities, but have two different endings—one happy for the original owner, the other, not.
CASE 1: MacSlash the Knifed
Damien Barrett had built a very popular Macintosh help site called MacSlash at the obvious domain MacSlash.com. Suddenly in May, he found that instead of the forums, articles, and tips that belonged there, only an under construction page remained. The Future Home of macslash.com apparently now belonged to Vicente Peiro Crespo of Valencia, Spain, and any e-mail sent to Barrett’s former addresses or that of the MacSlash administrator Ben Stanfield vaporized in cyberspace.
The domain had expired, “dropped” back into the public domain, and been snapped up by a speculator. The previous owners of the domain “fixed” the problem by registering the .net version of the domain and hosting their site there. The MacSlash community rallied round the cause and registered the .org and .info versions of the domain too. And word spread quickly about the new location of the site.
The MacSlash story has happy ending: The issue became a cause celebre in the Mac community and pretty soon, things got too hot for the new registrant, who returned macslash.com to its original owner. But not everyone is so lucky.
CASE #2: User Group Gets Mugged
The Pasadena IBM User Group is a long-standing nonprofit organization, so it seemed natural for them to take the .org version of their domain name. There, they built a well trafficked site for their members. But in May of 2002, the domain expired without notice from the registrar, and was subsequently re-registered by a portal company based in Hong Kong. Ultimate Search redirected the user group’s former domain to a generic portal with links flashing online casino ads and links that generate revenues for the company on a pay-per-click basis.
As of this writing, the user group has not regained control of its domain. However, it continues to operate its site at pibmug.com.
Why Did the Notice go Unnoticed?
Registering domains is like leasing a car: You have the thing under contract for a specified length of time. Once the term of the lease is about to expire, you can extend it indefinitely. And unlike lease cars, a domain only gets more valuable the longer you have it. But the responsibility for renewing the lease is all up to you.
Naturally, domain registrars are all too keen to keep their customers—the competition among domain registrars is fierce. The governing body of the .com domain system, ICANN, has accredited more than 50 registrars, and hundreds more companies resell domain services. So most registrars send out not one but several reminders to their customers to re-register their domains early and often.
Both MacSlash and PIBMUG used the registrar Dotster, which sends out automatic reminders at T-minus 45 days, 30 days, and 15 days before the domain expires. In fact, Dotster is so vigilant, the company even sends out reminders to former clients who have transferred their domains to other registrars.
But MacSlash and PIBMUG did not get their reminders. The jury is still out as to what happened with PIBMUG, but MacSlash traced the problem to over-vigilant spam filtering. When the group registered macslash.com, they used Apple’s iTools email service, which provides free email at the mac.com domain. Unfortunately, the service’s spam filtering treated repeated requests to renew domains as unsolicited commercial messages, and threw them into the bit bucket.
The Domain Graveyard
Once a domain expires, it enters a no-man’s land for an unspecified length of time. During this time, the domain is on hold—it does not resolve to the previous registrant’s site, but it can’t be reregistered. Sometimes, the on-hold period lasts for only hours, sometimes for weeks. The .com registry, run by Verisign’s Network Solutions division, holds on to all the expired domains until it’s ready to “drop” them en masse back onto the market.
And once an expired domain drops, it’s up for grabs by anyone with $10 to $35 to spare. And an entire aftermarket has sprung up around expired domains. Companies like DomainsBot, The Unclaimed, and Daily Expired Domains compile lists of on-hold domains for subscribers, and domain registrars including Network Solutions and Dotster maintain services for their subscribers to snap up domains as soon as they drop.
The aftermarket for expired domains creates a feeding frenzy among speculators, which is bad news for domain holders who let their domains expire. Once a domain is reregistered, the only recourse the original domain owner has is to go through ICANN’s dispute resolution process (which is outlined at www.icann.org/udrp). During disputes, ICANN tends to favor copyright holders and people with legitimate claims on a domain—which would act in favor of PIBMUG’s claim against Ultimate Search. But the process is a time consuming hassle, and ICANN doesn’t give preferential treatment to previous owners of domains who let them expire.
Losing the Ball Completely
Not every organization has control over its own domain. Sometimes, a company without strong technical resources will give the reins to an outsider who seems to have a better handle on the situation. This can have disastrous results—as a theater company and a housing authority found out earlier this year.
CASE #3: Taking a Domain by Barnstorm
The oldest continuously operating community theater in Pennsylvania, The Barnstormers Theater outside Philadelphia, bought a Web site package from a small hosting company two years ago. The company took control of everything—domain registration, Web site hosting, and updates. This was great for the small volunteer-run theater…until the hosting company went bust. The Web site disappeared, and any visitors to the group’s domain name got an error message. The Barnstormers’ contact at the now nonexistent host went AWOL, and left them high and dry.
The theater found free hosting for its Web site at GeoCities, and rigged up an ad-laden version of their site there. But nobody involved know how to handle the domain issue, so they had to change their Web address at the various arts and theater portals, search engines, and periodicals that listed them.
When the domain finally expired, a fan of the group snapped it up and arranged for new hosting for barnstormerstheater.com at a local community site. But unlike Barnstorm’s good fortune, there are disasters.
CASE #4: Housing authority…without authority
A city housing authority in Delaware (which asked not to be named in this article) outsourced most of its technical services to a pretty reliable company throughout the 1990s. The support company developed and maintained the Authority’s general infrastructure, including an intranet.
At the time, there were no plans for a public Web site, but last year, an office manager submitted plans and a project management timeline for a public site that she could develop and manage herself. When she came to register the Authority’s domain name, she found that the .com, .net, and .org versions had all been registered years earlier. The registrant was their IT company, which used the names as a bargaining chip for taking control of the Web development project—a potentially lucrative contract.
Who Owns Your Name?
Possession is nine tenths of the law. If you register a generic sounding domain name or one that matches a business you own and run, you have a good case for keeping it. And if someone else does so on your behalf, you won’t easily be able to wrest control of the domain back. If another Barnstormers theater had registered barnstormerstheater.com when it dropped, the original owner would have no recourse through ICANN or the law courts. The only other recourse would be to buy back the domain at whatever price the new owner wanted—and prices can run into the hundreds or even thousands.
Five Cardinal Rules for Domain Owners
If these horror stories have given you the fear, take heart. A few simple guidelines can keep you from suffering the same fate.
Rule #1: Control your own domain
Make sure your name and contact information appear in your domain’s owner and administrative contact fields. Hop over to your registrar or to betterwhois.com and enter your domain name in the form. The site will return the domain’s whois information (who is the owner, who is the technical contact, and so on). Your name, address, and current email address should be in the owner (or Registrant) and Admin Contact fields. If it’s not, follow your registrar’s instructions for updating them.
Rule #2: Keep contact information up to date
The most important information in any domain record is the admin contact. It’s to this email address that domain registrars send their reminders. If you ever decide to switch to a different registrar, all the confirmation email messages go to this email address. If you’ve changed ISPs, or you’ve hired a new office manager, you’ll need to update this email address immediately. Different registrars handle the update procedure in different ways—some registrars let you do this by logging in to administration Web pages, some require notarized written proof. Check with your registrar for details.
Rule #3: Keep your own records
Don’t rely on your registrar for domain renewal reminders—we’ve already read how two organizations come to grief over that. Check the whois information for all the domains you have registered. At the bottom of the whois record, you’ll see details like these:
Record last updated on 1-May-2002.
Record expires on 12-Oct-2004.
Record created on 12-Oct-1999.
Plug that “record expires” date in big bold letters into your PIM, your diary, and your wall calendar. Tattoo it on your wrist if you need to, but make sure that a month before that date, you pay the registrar for another year or two of registration.
Keep a Lock on Your Domain
Some domain registrars provide a service called domain locking. If you’re paranoid that someone may try to hijack your domain, check with your registrar about how to turn on the lock. This prevents anyone from transferring ownership of your domain (not an easy or likely thing for most domain holders, but possible for hackers targeting high-profile sites).
Of course, it also prevents “slamming” by unscrupulous registrars who send bogus domain renewal notices that actually transfer your domain to a new registrar. You don’t lose control of your domain this way, but you often end up paying more or losing services like free hosting or e-mail forwarding. And even high-profile companies like Network Solutions seem to regard this as a legitimate marketing tool.
Keep a Backup
What’s the first thing you do when you hit a Web site that’s not what you were expecting? You check the Web address for typos, right? If it looks right…you figure you copied it down wrong and replace the .com with .net, or .org, or even .info until you see what you’re expecting.
Anticipate this behavior, just in case someone manages to get control of your main Web domain. If you have the .com, .net, and .org versions of your domain name in reserve, all redirected to your main site, you’ll have an instant quick fix for any domain napping problems. Sure, this will set you back a few bucks—but it gives you more flexibility in the long run.
And it’s pretty good for bragging rights too.
Copyright © 2002 by Matt Lake. Reproduced with permission. Article reproduction coordinated by Steve Bass, Pasadena IBM Users Group.Matt manages two dozen domains, and maintains a domain buyer’s guide called RegSelect. Matt Lake manages two dozen domains, and maintains a domain buyer’s guide called RegSelect. Matt has written for many publications, including PC World, CNET, Computer Currents, and ZDNet. You can reach him at email@example.com, because his spam filter’s is never set beyond “Stun.”
Winners is a member of the Association of Personal Computer User Groups (APCUG) is an international, platform-independent, nonprofit corporation (incorporated in Washington, DC) devoted to helping user groups throughout the world. Almost 400 user groups are members of APCUG. http://www.apcug.net/