Posts Tagged ‘domain management’

New Rules for Changing Domain Ownership

Tuesday, October 4th, 2016

ownershipOn December 1st, 2016, ICANN will require all accredited registrars significantly change how they handle domain ownership changes.  Briefly, it will no longer be possible to update the domain owner’s contact information by simply logging in to manage the domain and submit a new set of contact data.

Inter-Registrar Transfers

Currently, the only type of transfer of a domain that requires confirmation is the Inter Registrar transfer which is governed by ICANN’s Inter Registrar Transfer Policy.  The process of transferring a domain from one registrar to another will still follow the confirmation process with the domain’s current administrative contact.  The current contact must click a link sent to the contact in the current Whois record for the domain being transferred.  The admin contact must confirm the transfer with the current registrar, and may confirm the transfer away from the current registrar.

Inter-Registrant Transfers

New starting in December will be the process of confirming changes in the owner contact of a domain.  When there is a change in the owner contact’s first or last name, organization name, email or telephone number, a new confirmation process will be triggered.  The process is as follows:

  • Register4Less (R4L) will first check if the domain name is eligible for a change in the owner’s contact.  If the domain is not, the contact update will not be saved and a message presented to the user stating why the domain cannot be updated at this time.
  • R4L will send an email to the current owner contact requesting they (or their designated agent) approve the change.  If that email is not responded to favourably, the contact change is rejected.
  • Once confirmed by the current owner contact, R4L will send an email to  the new owner contact requesting they (or again, their designated agent) approve the change.  Note, the previous and new owner contact may be the same address.  Both emails need to be confirmed in order for the update to complete.
  • If / when both confirmations are positive, R4L will then send an email to both contacts confirming the update.

The R4L Team will post updates to this procedure as they develop.

Login Security Agent Live

Monday, January 25th, 2016

Login Security AgentUsually, for the weekly blog post we try to write about something informative, about a new service we’re rolling out, etc.  This past Wednesday, though, we had an interesting incident in our support team we’d like to share with you.

Mid afternoon, William Wakely, an relatively new customer for Register4Less, contacted our support via the secure online chat on our website.  He was reporting that overtime he logged our of his account, his password would get reset.  He was able to log back in by using the email that is sent with the Lost Password function.

Passwords of course will not reset themselves.  The only way for a password to get changed is for someone that is already logged in to go to the menu Profile > Change Password and submit a new password.  Once we were able to confirm William was the true domain owner, we asked him to check the Login Security Agent (LSA) page (also under Profile).

Sure enough, William was able to see there was another login session active from a different IP address.  William provided us with the IP address, and we were able to see this was coming from a different internet service provider from his, and not one that he recognized.

William had not yet setup the LSA kill password, so he did that while we were still on our chat session, and once set up, terminated the other person’s login session, and then reset his password.

We don’t actively track how frequently the LSA kill session function is used, though we could if we went through all of our log files.  It was however interesting and rewarding to be chatting with a customer and help them use this function live.  With any other registrar, the customer and true domain owner would not able been able to kick the other person off of their account, so resolving this problem would not have been easy.  LSA saved the integrity of William’s account!

Why Whois Privacy Matters

Monday, January 11th, 2016

Privacy button. White enter key and white keyboard.

Would you post your full address, email & phone number on your facebook wall?  Of course not.  So why would anyone want that information readily available in your domain’s Whois record?

When a domain name is registered, we are required by ICANN’s policy to collect personal/company contact information for the domain. This consists of the owner’s first & last name, company name (if applicable), postal address, email address, phone number and optional fax number. Without Whois privacy, this information would immediately be published in the domain’s Whois record.  The Whois database is an important part of the structure of how domains are registered, but more often than not, they are scanned using computer programs to put together a database of email addresses to be used by marketers, to send spammers, scammers, even identity thieves.

Without Whois privacy, a domain’s Whois record will look like (of course, not actual contact information):
John Doe, Doe’s Widget Company Inc.
123 Maplewood Drive, Los Angeles, CA, USA

With Whois privacy enabled, this same domain would appear:
Register4Less Privacy Advocate, 3501256 Canada Inc.
5802 Bob Bullock C1 Unit 328C-195, Laredo, TX, USA

Why not just have fake contact info?

Some will ask, why not just provide fake information with the domain registration?  There are a number of reasons why that’s not a good idea.

  1. Legally, all domain name owners are bound by the registration agreement between you and your domain’s registrar.  ICANN mandates that this registration agreement must include the clause that you will maintain accurate and up to date contact information for your domain.  Under the registration agreement, if you do not keep your information complete and updated, your domain is subject to suspension.
  2. With the update 2013 Registrar Registry Agreement, ICANN is now requiring registrars to confirm the email address of the domain owner.  When a domain is registered or a domain is updated with an email address that’s not already confirmed, we send an email out to that address for confirmation.  If the email bounces or is not replied to, we are required to suspend the domain.
  3. The contact information you maintain on account with us is what we use to send you reminders for your domain registration or hosting renewal.  If the address is not working, you’ll miss the reminders and may forget to renew your domain.  That can cause downtime, and the potential for a redemption renewal (much more costly due to higher fees from the registry, or worse, loss of the domain.  If that happens and a domain speculator picks it up, you’re at their mercy to buy the domain back.

Protect Your Identity

Identity theft is a crime that is on the rise.  The best way to not have your personal contact information taken is not to make publicly available.  When you register a new domain, choose to have Whois privacy enabled when you submit your order.

Avoid Unwanted Solicitations

Spammers regularly query the Whois servers of domain registrars in order to build a database of working email addresses.  If your domain is not private, you can expect to receive emails with offers to buy your domain, to congratulate you that you’ve been awarded a $15 Million, life and health insurance offers, etc.  You should also ensure never to put your email address in plain text in a website.

Upgrade Now for Free

Register4Less was one of the first registration providers to introduce Whois privacy back in 2002.  At that time, a number of registrars were sending mail to domain owners with what looked confusingly like an invoice for the renewal of their domains (at rates 3 times higher than our fees).  A number of domain owners were tricked by these solicitations, and sent off their payment to these companies.  While we helped customers cancel these transfers and get their money back, we knew we needed to come up with something to help prevent this abuse.

The Whois privacy service we developed has always been provided free of charge to our customers.  We fully intend to keep this service free of charge for our customers.  It’s part of what makes us the non-evil domain registration and web hosting company!

R4L Poll Results are in!

Wednesday, August 12th, 2015

Last week, we sent out an email asking you to vote on the option of R4L adding automated telephone notifications in the event one or more of your domain names is about to be suspended. A total of 755 votes were cast. The team at R4L would like to express our gratitude to all of you that took the time to express your preference. The result of the votes are as follows:

Do you wish to add an automated telephone notification for domain names that are to be deactivated?

  • Yes, please add this for BOTH domains that are deactivated due to expiration and non-confirmation. (58%, 435 Votes)
  • No, I don't wish to receive automated phone calls from (23%, 175 Votes)
  • Yes, only for domain deactivated for owner's email not being confirmed. (19%, 145 Votes)

Total Voters: 755

Loading ... Loading ...

Clearly, the overall preference is to add this service, and our team are now working on getting this live. We have already updated the messaging preferences page to have allow you to opt out of telephone notifications for either domains that are to be suspeded due to expiry or contact not being confirmed. The default for both of these is enabled, so if you do not wish phone notifications, please log in and update your preferences (Profile > Messaging Preferences).

Owner Contact Verification

Monday, August 3rd, 2015


The poll is now open.  Please click here to cast your vote.

ICANN requires all accredited registrars to verify new contact information for domain owners.  If you would like to read ICANN’s policy regarding Whois accuracy, please click this link.

Currently manages this process by an email that we send to the new contact email address.  This email contains a link for the domain owner to click to verify their address.  In the event that the email sent to the domain registrant bounces or if the link in the email that we send is not clicked, we are required to place a clientHold on the domain name.  This will prevent the domain from resolving, so any web hosting or email service will stop working.

It does happen that people will sometimes ignore the request to verify, or their spam filter will mistakenly block the email (please, whitelist in your spam filter email coming from any address  In cases like these, the verification doesn’t happen, and the domain in question will be suspended. as you hopefully know tries to provide the best possible customer support, and tried to do this in the most streamlined, efficient manner possible.  Our support team have dealt with some customers who have understandably been upset by their domains being suspended due to this process.

Our team have been discussing options to improve notification.  Having our support staff call is not an efficient way to handle this, so the solution we are proposing would be to have an automated notification call to the phone number on file for the domain owner.  There of course would be an option to opt-out of this type of notification.

Cast Your Vote Now

We have added a poll on our blog site for you to be able to cast your vote.  As always, if you’re an R4L customer reading this, thank-you for your continued business!