Hello,
Today I think someone tried to hijack one of my email accounts,
possibly to steal a domain name. As far as I can tell, they failed. (I
even got a virus email on a related email address at almost the same
time, and I don't that is a coincidence). Anyhow, all my domains are
now locked (most of the valuable ones were already locked).
I'm wondering what other "best practices" people are following in terms
of protecting their domains, and perhaps Tucows/OpenSRS might get some
valuable input as to possible new features that can be implemented over
time, to give peace of mind.
Besides domain locking, are there any other things we can do to protect
our names? I also make sure to have no electronic record of passwords,
for example. Also, notification of transfer requests goes to an email
address which is NOT in the same domain or on the same server as the
admin account.
Any other ideas?
I was thinking that perhaps the Admin addressed could be cloaked by
Tucows/OpenSRS in the WHOIS, so that a potentially malevolent
individual wouldn't know which email address needs to be hijacked. For
instance, we could have an email address of:
[EMAIL PROTECTED]
('verified' being a subdomain under OpenSRS, or could be a different
domain) which would then forward the email to ones REAL admin account.
Anyone subscribing to this "verified" service (at a slightly higher
fee, presumably), would also be "verified" for the WHOIS accuracy issue
raised by ICANN at:
http://www.icann.org/announcements/announcement-03sep02.htm
and thus have their names be on a 'white-list' for automatic protection
from WHOIS accuracy challenges.
I'd mentioned other ideas in the past about harware tokens (such as
RSA's "SecurID"), or Digital Certificates, like banks often issue for
remote access. Phone verification might be another option.
Perhpas I'm just too paranoid, but just one bad incident can cause ugly
publicity (e.g. if a top domain like GM.com, EDS.com or BMO.com was
hijacked, all of which are at OpenSRS), and economic damage.
What other 'best practices' are folks following, or would like to see,
to protect their own domains, and domains of their customers/prospects?
Sincerely,
George Kirikos
http://www.kirikos.com/
__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
