The importance of the annual domain name portfolio health check


    - by Stuart Fuller, Head of Brand Services -

    In his excellent blog last week, DomainNameWire.Com, Andrew Allemann wrote about the importance of an annual check-up on domain portfolios to ensure that everything is ship-shape and up to date.

    Keep your portfolio up to date

    Not only are there ICANN requirements about ensuring domain details are present and correct but most registrars are also obliged to ensure the registrant details are right. However, a domain name audit should go much deeper than ensuring any personal details are correct.

    The management of a corporate domain name portfolio is a constant balance between cost control, brand protection and opportunity. There are few companies who will profess to wanting to spend more on domain names when their annual budgeting process starts, yet the growing risks from cyber threats, with domain names often the attack vector, means that it would be negligent to simply ignore the potential for cybersquatters, typosquatters and those with nefarious intentions on an organisation’s digital ecosystem.

    BrandShelter has over a decade of working with organisations of all sizes across the globe in managing their domain name portfolios. Whilst there is no “one size fits all” approach, with every brand holder having a different tolerance to balancing risk versus reward, there are key tasks that should be undertaken regularly. That is the basis of the BrandShelter proprietary Portfolio Integrity Model which helps brand holders ensure that their domain portfolio is working to meet their digital objectives 24 x 7.

    In the next few blog posts we will identify some of the key elements of the Portfolio Integrity Model that organisations should take in reviewing their domain name portfolio on a regular basis to ensure they stay one step ahead of competitors and those intending on doing harm to their own reputation, revenues and customers.

    Step 1 - Domain ownership consistency

    The implications of GDPR on personal data saw the lights turned off the conventional WHOIS model. Whilst this was a welcome step for many who believe in the privacy of data, within the domain name and brand protection world it has meant that hiding the details of the potential domain name owner (like a fraudster who ever actually use their real identities!) has made the job of ensuring the right domains are in the right hands difficult to say the least.

    Companies move locations frequently, personnel change all of the time, yet very rarely will organisations think about updating their domain name registration records. It is a requirement of the registration of a domain name under the ICANN terms and conditions that all registrant details are kept up to date. The 2013 Registrar Accreditation Agreement (RAA) signed by most domain name registrars means that they have an obligation to ensure that all of their customers’ details are up to date AND verified as correct.

    Most organisations will have domain names with a variety of registrars, either because it has been easier for a department such as IT or Marketing to simply buy a domain for a specific purpose rather than go through central processes. This leads to multiple owners of domain names which should those individuals then leave the business creating risks that those domain names could be manipulated against the organisation - for instance, suppose a former IT manager is terminated but still has access to the domain names as he is the registrant owner?

    Whilst legislation has meant the removal of most of what was considered public data from the Whois, there is still a need for any organisation to ensure the private or personal data is consistent. BrandShelter measures best practice in this area by the number of domain names within the portfolio that have the same, correct, details for the organisation as well as having a defined policy, with internal owners and stakeholders, who own the registration and renewal process.

    The recommendations to improve the health of the portfolio in this aspect includes:

    • Create a single domain name registration template using a generic owner, such as Domain Admin, rather than an individual;
    • Create a single organisation-wide email address for the registrant details, ensuring that it is a monitored email account;
    • Review the existing domain names both within this portfolio and any others to ensure all details are consistent;

    It should be noted that changes to domain name update procedures under the IRTP (Inter-Registrar Transfer Policy) may mean that any changes to the registrant details will result in the domain names being locked by the existing registrar from being transferred away for a period of 60 days.

    BrandShelter can create the necessary templates for organisations to ensure consistency across their domain name ownership details and setting up a single organisation-wide email address, eliminating the risks that may exist, unbeknown to brand holders.

    In our next part we will focus on managing the domain expiry process and protecting organisations from the risks of dropped domain names.