The title of this post is meant to be taken literally, not metaphorically. Do you control your domain?
Last Friday one of our portfolio companies briefly lost control of its domain. It wasn’t the fist time we’ve seen this happen and, as you can imagine, the result could have been disastrous (in this case we were able to lock down the domain before anything nefarious happened, but people don’t steal control of your domain for anything other than doing bad things, so it was lucky that we were able to avoid a serious issue). Different registrars have different rules for transferring domains around. In this case all it apparently took was someone writing the registrar and claiming the domain was in fact theirs. We believe (but aren’t positive) that the registrar did send an email to the contact listed in our account stating that the domain was to be transferred unless action was taken by us (that the process is that simple is a matter for another post altogether). But this email either didn’t get to us or was not acted upon promptly enough to prevent the transfer. The company then jumped through hoops for several hours to get the domain first locked down (so the party who stole it from us couldn’t redirect it) and ultimately transferred back.
We rarely (really never) talk about domain security when we’re talking about other security measures that companies take to lock down their data, transact securely, etc. But clearly it’s extremely important to make sure that you have (and always maintain) control over your domain. This starts with making sure your domain is a corporate asset – meaning that it’s not in the account of a founder but in an account that is owned and controlled by the company itself. It’s also extremely important to make sure the contact information in this account is up to date. And that you pay attention to any notices that your registrar might send you (in a timely mannor).
So seriously. Make sure you are the master of your domain.