Registry Lock prevents domain name hijacking. This occurs when an attacker gains unauthorized access to registration data for a domain name, thereby gaining administrative control over the domain. That enables them to modify several elements of the domain, including the website to which the domain resolves. The hijacker can execute DNS modifications, WHOIS updates or even unauthorized transfers. Registry Lock also prevents unintended consequences by incompetent or negligent behavior by personnel.
Your customers rely on your expertise and assistance to protect their valuable domain names and the business / value it serves. Registry Lock is the most effective weapon available against domain name hijacking as it involves human interaction that automated systems cannot easily bypass. Although there is a cost involved, this should be weighed against the consequences of the domain name being hijacked by criminals. Leading to subsequent loss of reputation and sales if the domain name is an integral part of your customer’s business activities.
Domain brand protection with Registry Lock
Registry-level locking of domains provides additional levels of authentication between the registry and the registrar of the domain name. If anyone requests a change to a registry locked domain, an authorized individual at the registrar must submit a request to the registry to unlock the domain name. The requester is then contacted by the registry (e.g., by phone), and required to provide an individual security phrase, for the domain name to be unlocked. (procedures differ per registry). This “out-of-band” step protects against automation errors and system compromises.
The WHOIS lookup tool will enable you to check if your domains are locked at the Registry. In the results, there are up to 4 “Status” fields: Delete, Renew, Transfer and Update. Delete, Transfer and Update are the critical statuses for locking your domain name. Using Update as an example, if the status for Update says “serverUpdateProhibited” then your domain name is locked at the Registry level and cannot be unlocked (and therefore changed) without “out-of-band” authentication between the Registry and your registrar. This “Server” and “Prohibited” status must appear for all three statuses (Update, Delete, Transfer) for the name to be on Registry Lock.
If the WHOIS results for your domain name only indicates “clientUpdateProhibited” this means that your domain name has been locked by your registrar, but not at the registry. This registrar locking may still leave your domain name vulnerable to various types of malicious activity. If your WHOIS results show both “client” and “server” status as “Prohibited,” your domain names are locked.