Home / Blogs

New gTLDs: The Registry Lock

Last week, The New York Times website domain was hacked by “the Syrian Electronic Army”. Other famous websites faced the same attack in 2012 by the Hacker group “UGNazi” and, in 2011 by Turkish hackers.

Basically, it seems that no Registrar on the Internet is safe from attack, but the launching of new gTLDs can offer new ways to mitigate these attacks.

Back-end Registries play an important role supporting new-to-be Registry Operators

The back-end Registry provider is the technical partner to support a Registry. It is in charge of all technical operations between the Registry and the Registrars… for the benefit of the Registrant.

In simple words, when a Registry selects a robust, performant and secure back-end Registry service provider, Registrars have a relatively easy job implementing security functions and their clients, the Registrants, can rest assured that their domain names can be secured in the Registry.

Why is such a technical option so necessary?

A ‘Registry Lock’ allows Registry-level protection for domain names and/or hosts (name servers). The service enables to set Extensible Provisioning Protocol (EPP) server (Registry) status codes on selected domain names and/or hosts to prevent malicious or inadvertent modifications, deletions, and transfers—even if the Registrar is compromised.

Basically, the “Registry Lock” is an option a Registry Operator, armed with the proper experience and the correct procedures, can elect to implement, at his back-end Registry provider. It is like buying a car “with” or “without” an airbag.

Nowadays, few would purchase a car which did not come equipped with an airbag, even though many drivers are justifiably proud of never having been in a car accident. I once had one, while driving slowly and the idiot, in the car ahead of me, stopped sharply in the middle of the road for no reason whatsoever. Not only did I almost break my nose…but I was also found to have been at fault for having rear-ended him! I wish I had had an airbag on that day…and another car on-hand to drive the day after.

Applied to field of domain names, it means that without a domain name ‘airbag’ such as Registry Lock, you can lose control of the domain name with all the potential consequences that come with it.

  • Loss of revenue – for e-commerce sites this can account for many hundreds of thousands of Euros every hour that the domain is out of your control.
  • Diversion of email traffic – all inbound and outbound email can be collected, read and replied to by the malicious 3rd party who can also spam like crazy from a reputable email address.
  • Domain names repointed – to malicious look-alike, phishing or ‘graffiti’ websites denigrating your brand or others’.
  • Loss of customer confidence – aside from the embarrassment factor, which might be significant, consumer confidence in the brand will undoubtedly be affected, which in turn will affect sales revenue and customer loyalty.
  • Revised career prospects – if you are the one with responsibility for your brand’s domain names you will be in the unhappy position of being the one to explain your top-management why emails don’t work any longer and why your websites are pointing to a porn site (or worse).

So, in simple words if the registry operator does not offer “Registry Lock” your key domains are at risk. If a Registry lock is an option take it, for all domains that you intend to register in a Registry’s Sunrise Period.

With a registry lock activated, you can rest easy in the knowledge that, even if the registrar is compromised, the attackers cannot affect your online business.

Registrars are the ones concerned… in particular during “Sunrise Periods”

If Registrants are not that concerned here, Registrars truly are:

  • More added value is offered to their clients when choosing a highly secured new domain name extension, in particular if they don’t have the financial capacity to offer all 1,000 of them;
  • With such a crowded domain name space and so many offers, Registrars will need to make decisions based on the quality of the domain name extension, cost efficiency and simplicity of implementation;
  • Registries offering Registrars a single access to all their domain name extensions with this option included, minimizes costs, administrative and financial paperwork;
  • Sunrise Periods are intense for brands with the intention to secure their core domain names: such option included, is a great added value for a client to make a decision.

The New York Times’ example

I do not know if The New York Times plans to change its domain name when the .NEWS Registry is launched. I sincerely hope it does because “nytimes.news” sounds much better than “nytimes.com”.

Should this happen, let’s hope that the Registry that wins the .NEWS Top-Level Domain (7 are competing for the honor) offers the “Registry Lock” option. This would likely mitigate any such attack in the future.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Jean Guillon, New gTLDs "only".

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign