If there are two things that are going to make life a process of jumping through hoops it is incorrect contact details on an account, or incorrect contact details on a domain name.
We all change our email addresses from time to time – especially ones that are out of band and are, to a certain extent ‘disposable’. This becomes an issue with they are the sole authorised contact for an account. Equally – other examples might be when a member of staff leaves, and with it go the metaphorical keys to the castle.
There are two places these need to be kept up to date as a priority:
1.// CONTACT DETAILS ON AN ACCOUNT;
2.// WHOIS DETAILS ON A DOMAIN NAME.
So lets go through these in a little more detail…
Contact Details on an Account
You call in, or raise a ticket, and the engineer will help you up to a point, but you are not cleared to discuss the matter, or request changes. This might sound odd – however social engineering from either outside of the company or inside of the company is a very real thing – and something we do encounter in the wild.
We will be referencing one of two things – either the account holder, or the ‘administrative contact’ – or one of the authorized contacts – with which we are happy to discuss matters.
These details are handled within your control panel. Log in, update the details periodically.
WHOIS Details on a Domain Name
When a domain is registered it is registered with a number of fields. Registrants name, Type of registration (business, personal), Postal Address, Email address – and optional contact numbers.
It is a REQUIREMENT for these details to be correct – this is part of the undertaking you make when you register a domain name for a period of time. Some of you will be aware that when you renew a domain name it will send you out an email to check that the email address is correct. If it is not, then they will try again a few times, before suspending the domain name, and eventually moving it to pending delete. This is now standard practice.
Moreover – when an email address is changed on WHOIS data – they email it to check it is live. If it is not confirmed – they will suspend the domain. The reasoning behind it is pretty clear.
On a UK domain* the ‘registrant name’ cannot be changed – they view this as a new registration – and you will need to contact Nominet (the governing body) directly – who will charge for this. It is a pain but a necessity for them. In reality this cost is a drop in the ocean compared to the renewal cost every time you move a non UK domain.
Equally – if a registrar is unable to verify the postal address as a real and valid location – they will email you to the contact address to advise it needs updating. If there is no reply – they will repeat, and then you will have failed validation.Twice. [sad boop]. The domain will be suspended.
The message here is pretty clear – however people are forever falling between the gaps.
So why am I feeling the need to waffle on about this today?
Well – I thought you were never going to ask.
There is talk afoot to prevent domain name hijacking, increase validation and the like by adding a layer of authentication by contacting BOTH parties. The old email address and the new one.
This has implications as you can imagine – and we are looking into this at this time. However now seemed a pertinent point to give a little nudge, a reminder, keep your details up to date as part of your review.
If this does go through – there will be a necessity to update the details BEFORE the old account dies… and that is going to cause a world of pain. We are keeping a very close eye on this, and will update you as we find out more.
*There are a few other with specialist rules – JAnet domains such as ac.uk gov.uk and so on – as well as .uk domains and a few others.