domain names management whitepaper


Published on

Published in: Marketing
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

domain names management whitepaper

  1. 1. Protect your Brand Capital:Strategies for your domain name management Effective branding strategies (from name creation to brand protection and valuation) are essential to launch, grow and protect your business. “Protect Your Brand Capital” is one of several whitepapers produced by VAYTON. Brand Capital. The aim is to provide up-to-date background information, trends, and implications for your business in a digital, global marketplace. In this whitepaper, seven best practices are presented for protecting and optimizing the value of your Domain Name portfolio. But first, you should be aware of current and emerging threats to fully protect your brand capital. The winds of change have dramatically altered the business and marketing landscape. Whether you are a local business or a multinational corporation, you will not be able to attract and sustain a healthy customer-base without a strong, protected brand presence on the Internet. Paul Twomey (president of ICANN – Internet Corporation for Assigned Names and Numbers) called the new developments a “transformative revolution” and cited 1.4 billion current Internet users with a projected 1.5 billion in the next two to three years. Eurostat, the Statistical Office of the European Communities, reported that in 2009 one person in two in the EU27 used the Internet daily. Those countries with the highest proportion of daily access and use (three-quarters or more) were Netherlands (90%), Luxembourg (87%), Sweden (86%), Denmark (83%), Germany (79%), Finland (78%) and United Kingdom (77%) - Eurostat news release, Dec. 8, 2009. 1 Page Copyright 2011 NTLUX S.A. VAYTON Brand Capital -
  2. 2. In the not too distant past, a company just starting up would go through the process of creating a name and registering a trademark to launch and market its business enterprise. Acquiring an Internet address came next, though often as an afterthought. The company would scramble to find a domain name (DN) that matched the brand name. The next step would be to register and periodically update the DN account information. There seemed to be no other considerations. The DN was secured and the company went live on the web. Unfortunately, many companies failed to anticipate threats posed by cybercriminals and neglected to protect their brand capital with a robust Domain Name management strategy. Without a rigorous DN management strategy and without cutting-edge technology to thwart cyber attacks, a company places itself at risk. Loss of revenue, a damaged reputation, and security compromises (for the business and the customer) are three of the most severe consequences. New communication technologies bring new marketing opportunities—and new threats The Internet has pushed the marketplace into a global arena. The innovations altering the landscape of business and marketing (such mobile Internet and social networking) are at the same time ushering in vulnerabilities. Multinational corporations are forced into registering hundreds of DNs to prevent interruption of business and brand dilution. Cybersquatters have registered hundreds and thousands of DNs with the malicious intent of “domain hijacking” or strong-arming a company into buying at an exorbitant price brand-linked domain names. Internet traffic to a company’s website risks being redirected to a malicious site. Worse, the cybercriminal can solicit private customer information under the pretense of being the authentic website. Prospective consumers are using the Internet not only to shop for products and services but to assess the brand promise. Brand dilution happens when customers are redirected to malicious sites seeking to damage the company’s reputation. It may take just one mistyped letter when entering an Internet address to be redirected to a bogus site. No one who has an Internet presence is exempt: including celebrities, writers, and politicians. Immediately after the State of the Union Address by U.S. President Barack Obama (January 2010), the official websites of the 2 members of Congress were attacked and defaced with anti-Obama PageCopyright 2011 NTLUX S.A. VAYTON Brand Capital -
  3. 3. messages. The creator of Bridget Jones, British author Helen Fielding, the fashion house Chanel and the Reuters news company all won cybersquatting cases recently (Reuters News, March 15, 2009). Chanel won against an entity using the DN and in bad faith. A cybersquatter case can be won if an entity has registered a DN that contains a company’s brand name or a variation on the brand name and uses that DN in “bad faith.” Complaints are filed under the Uniform Domain Name Dispute Resolution Policy (UDRP), a quick and cost-effective dispute resolution procedure administered by the WIPO Arbitration and Mediation Center. According to WIPO, the top five sectors filing cases in 2009 were biotechnology and pharmaceuticals, banking and finance, Internet and IT, retail, and food, beverages and restaurants.THE NAT URE AND M AG NIT UDE O F T HE T HRE AT S The Internet Corporation for Assigned Names and Numbers (ICANN) is an international non-profit entity whose mission is to regulate Domain Name registration and monitor domain abuse. The magnitude and severity of the threat to a company is summed up by the ICANN Security and Stability Advisory Committee (SSAC): “Domain hijacking can disrupt or severely impact the business and operations of a registrant [company], including … denial and theft of electronic mail services, unauthorized disclosure of information through phishing web sites and traffic inspection (eavesdropping), and damage to the registrant’s reputation and brand through web site defacement.” These threats are possible because of vulnerabilities in the DN registration system. The Domain Name System (DNS) works like an automated telephone directory but substitutes the numeric Internet Protocol (IP) addresses with a unique name (usually the brand name). Registrars require all prospective Web site registrants (DN “owner”) to provide contact information, which is then made available to the public on the Internet through a service called 3 Page Whois. Each top-level domain or TLD (.com or .eu for instance) has a registryCopyright 2011 NTLUX S.A. VAYTON Brand Capital -
  4. 4. responsible for managing Domain Names and setting policy for the domain. The registrant is responsible for keeping the Whois information current. An expired registration for a DN means it can be bought by a third party with “bad intent,” potentially harming the company or product. The recent availability of new generic TLDs (21 to date) has increased the chances of a company’s brand name being hijacked by a cybersquatter who  acquires a company’s Domain Names that have expired and tries to re-sell the names at a high price;  registers a company’s brand/trademark with a different top-level name taking consumers to a counterfeit site; and,  registers Domain Names identical to a company’s DN but with one letter altered (known as typo-squatting). The Anti-Phishing Working Group (AWG) monitors phishing attacks around the globe. Phishers attempt to obtain private information (such as passwords and credit card numbers) primarily through emails and social networking sites. A Phisher will redirect the Internet user to a fake site that mimics the design of an authentic site. When using the search engine, a user may be fooled into accessing a site that mimics the authentic site. TrendMicro, a security company, is already reporting in 2010 the risks of users trying to find information about the new Apple iPad but being directed to phising sites. The phisher will use a domain name that has one altered letter in the Internet address or that mimics a brand-linked address. Social engineering seems the preferred technique. The Internet user is tricked into voluntarily providing private information. AWG recently published Global Phishing Survey: Trends and Domain Name Use 1H2009. Major findings from the AWG report with implications for domain name protection and management are cited here: 1. In 1H2009, the average uptime of all phishing attacks was noticeably shorter than in 2H2008. This is an encouraging improvement, most likely reflecting efforts by providers and responders. 4 2. The Avalanche phishing kit accounted for a whopping 24% of all Page phishing attacks launched in 1H2009. This criminal operation is one ofCopyright 2011 NTLUX S.A. VAYTON Brand Capital -
  5. 5. the most sophisticated and damaging on the Internet, and targets vulnerable or non-responsive registrars and registries. 3. The great majority of phishing is also concentrated in certain namespaces – just five TLDs 4. The amount of Internet domain names and numbers used for phishing has remained fairly steady over the past two years. 5. Anti-phishing programs implemented by domain name registries can reduce the up-times of phishing attacks, and can reduce the number of malicious registrations made in those TLDs. 6. The unique characteristics of Internationalized Domain Names (IDNs) are not being used to facilitate phishing, and there are factors that may perpetuate this trend in the future. 7. Phishers continue to use subdomain services to host and manage their phishing sites. Phishers used such services more often than they registered domain names via regular registrars. This trend shows phishers using services that cannot be taken down by domain registrars or registry operators. The AWG report further noted that “Of the maliciously registered domains, 1,098 contained a relevant brand name, variation, or misspelling thereof. This represents 25% of maliciously registered domains, and just 3.6% of all domains that were used for phishing. Placing brand names or variations thereof in the domain name itself is not a favored tactic, since brand owners are proactively scanning Internet zone files for such names. … Instead, phishers almost always place brand names in subdomains or subdirectories. This puts the misleading string somewhere in the URL, where potential victims may see it and be fooled. Internet users are rarely knowledgeable enough to be able to pick out the “base” or true domain name being used in a URL.” The ICANN Security and Stability Advisory Committee (SSAC) posted a study based on a series of incidents occurring from May 2008 through April 2009. 5 PageCopyright 2011 NTLUX S.A. VAYTON Brand Capital -
  6. 6. Below are several common characteristics SSAC listed in their review of domain name abuse incidents. (Key points have been highlighted.) 1. Many organizations have domain name registration accounts that contain high-value or business-critical names, domain names that could be as valuable to the organization as any tangible asset, trademark or intellectual property right the organization possesses. 2. Many registration service providers operate with consumer-focused service objectives; i.e., the registration service is highly automated and focused on serving very large numbers of registrants at a high rate of transaction. Automation is extremely important in any business endeavor that attempts to provide service in a timely and scalable manner. Our study revealed that attackers have familiarized themselves with registrar behavior and will exploit certain aspects of automation; for example, knowing that electronic mail is the preferred method of notifying registrants of contact and configuration changes, renewals, etc., attackers often attempt to disrupt delivery to email addresses by modifying DNS configurations. 3. Among the incidents we studied, the victims were frequently customers with business critical domain accounts operated by registration service providers with consumer focused service objectives. In some cases, customers did not adequately assess the risk associated with the possible loss of control or access to their domain registration account until they were victimized; in other cases, the internal policies and monitoring activities in place prior to the incident were not sufficient to detect or block the attack. 6 PageCopyright 2011 NTLUX S.A. VAYTON Brand Capital -
  7. 7. ATTACKERS ARE CLEVER AND TECH-SAVVY According to “Measures to Protect Domain Registration Services Against Exploitation or Misuse,” (SSAC Report [English]; [French]), DN attackers apply a variety of methods to hijack and maliciously use domain name account information. SAMPLE CASES REPORTED BY SSAC – ICANN was victimized by a group of hackers accessing ICANN’s domain registration account at ICANN described the attack as “sophisticated, combining both social and technological techniques.” The attackers altered the DNS configurations of several domains (,, and Visitor traffic was rerouted to a defacement web site. CheckFree (now FIServ), the leading global provider of information management and electronic commerce systems for the financial services industry suffered a DN attack. The attacker gained control of CheckFree’s domain registration account and modified the DNS configuration of several domains, including and Customers logging onto their accounts to make online bill payments were “redirected to an impersonation web server in the Ukraine that attempted to install a malicious code that contained an Adobe Reader exploit.” “Registrars have been and will continue to be targets for attackers. Just as customers of financial institutions may be victimized by attacks against an online banking portal, so may domain name registrants be victimized by attacks against registrar domain administration pages.” 7 PageCopyright 2011 NTLUX S.A. VAYTON Brand Capital -
  8. 8. The SSAC report cited vulnerabilities that registrars, registrants and resellers of DNs should address: 1. All an attacker needs to gain control of an organization’s entire domain name portfolio (and to hamper authorized access to that portfolio) is a user account and password. 2. Attackers need only guess, phish, or apply social engineering techniques on a single point of contact to gain control of a domain registration account. 3. Attackers scan domain account registration and administration portals for web application vulnerabilities (e.g., SQL injection). A successful exploit of vulnerable application code can result in the disclosure of account credentials for many domain accounts. 4. Email is the preferred and often the only method by which some registrars attempt to notify a registrant of account activity. 5. Attackers can block delivery of email notifications to targeted registrants by altering DNS configuration information so that email notifications will not be to any recipient in the domains the attacker controls through a compromised account (e.g., registrant’s identified administrative or technical contact email addresses hosted in the domain). 6. Access to and the ability to modify contact and DNS configuration information for all the domains in a registration account is commonly granted through a single user account and password. 7. Even when unauthorized modification of DNS information is discovered quickly, the process of restoring DNS information to correct for a malicious configuration can be a lengthy one that is inherent in the distributed nature of the DNS and related to time to live (TTL) values. 8 PageCopyright 2011 NTLUX S.A. VAYTON Brand Capital -
  9. 9. From the business point of view, the nature of the threats to Domain Name security must be thoroughly understood to determine what actions should be taken to prevent disruption and damage to the company, product or service. VAYTON. Brand Capital offers the following recommendations:  The company should be informed about best practices in managing Domain Name portfolios for optimal brand protection and valuation.  This should be followed by an assessment of the current Domain Name portfolio management system benchmarked against best practices.  Finally, a corporation should decide whether it has onboard the necessary expertise and resources to manage effectively and proactively its DN portfolio. 9 PageCopyright 2011 NTLUX S.A. VAYTON Brand Capital -
  10. 10. SEVEN BEST PRACTICES FOR DOMAIN NAME MANAGEMENT “Best practices applied in provisioning management seek to assure that these operations are performed in proper sequence, by authorized parties, in a timely and auditable manner, with low probability of omission, intrusion or error.” - ICANN, SSAC Report, 2009 Once a business understands current and emerging threats to its brand, a robust portfolio management system should be seriously considered. VAYTON has identified the following seven best practices for protecting and optimizing your brand capital. The practices cited below are based on published literature on domain name management strategies, case studies by Internet policymakers and VAYTON’s own experience developing and managing domain name portfolios for a variety of clients in Europe. View Your Domain Names as a Corporate Asset Is the management of your Domain Name portfolio an integral part of your total business management strategy? Is domain portfolio management in sync with your corporate objectives and goals? If the answers are no, this is your first clue that your company has failed to see your DN portfolio as a valuable corporate asset to be protected and valorized. The risks are too great not to have a comprehensive domain management strategy. And, the opportunities to valorize this asset are too numerous to be ignored. Centralize Domain Name Management Choose a single, accredited registrar for your DNs to reduce costs and risks and have a single-point of contact (corporate administrative contact). As new top level domains become available and as the company builds its e- commerce for products and services, the necessity of continuously acquiring new Domain Names can result in too many opportunities to miss renewal deadlines. You should not only have an effective management system but a comprehensive strategy to protect and optimize your brands and trademarks. 10 Page Copyright 2011 NTLUX S.A. VAYTON Brand Capital -
  11. 11. Perform Systematic DN Portfolio Audits Audit all your Domain Names immediately. Do managers in different areas of the company who control Domain Names have the same policies for renewals and management? After an enterprise-wise audit is performed, you should develop policies and procedures for systematic renewals and acquisition of new domains. Audit and Centralize Your Trademark Portfolio at the Same Time Many countries require a new trademark or a local company to also register a domain name. This is true for France. So, audit and centralize your trademark portfolio at the same time you centralize your DN portfolio. Monitor Domain Registration Information for Guaranteed Renewals Take steps to ensure you have the resources and technology for guaranteed domain renewals and control over the process. Failure to update Whois can result in losing DNs to cybersquatters who will try to resell the DNs to you at exorbitant prices or redirect Internet traffic to a bogus or counterfeit Web site. Renewing your DNs for periods longer than the usual two years will ease the administrative burden. However, with large portfolios, having different initial registration dates for DNs, managing renewals can be an administrative hassle leading to mismanagement of this valuable asset. Stay Informed About New Threats Do not wait until the crisis (the counterfeiting, the disruption of services, or unauthorized access to company and consumer information) occurs to take action. Devote resources to monitoring the threats on the horizon, assessing the potential harm, developing a plan and taking action to protect your DN portfolio asset. Monetize Domain Names The commercial and marketing use of domain names is a key element for brand valuation; a well managed domain name portfolio can reduce the advertising costs by several thousand Euros. This can largely compensate the 11 expenses of new domain names and the domain name management expenditures. PageCopyright 2011 NTLUX S.A. VAYTON Brand Capital -
  12. 12. RIGOROUS DOMAIN NAME MANAGEMENT FOR OPTIMALBRAND PROTECTION AND VALUATION ICANN recommends that registrars “provide security measures to safeguard against the non renewal of the customer’s domain names due to technical errors or oversight, to protect the customer from domain name hijacking through unauthorized modification of registration records, and to prevent unauthorized, malicious DNS configuration. The business model for these registrars is focused on handling individual transactions with a very low probability of error. VAYTON. Brand Capital has the expertise and cutting-edge technology for managing your Domain Name (DN) portfolio and optimizing your brand asset. We offer personalized, customized DN management services to protect your intangible property—your brand value and integrity. E X P E R T I S E - Outsourcing DN portfolio management to VAYTON may be the wise choice for your company. A dedicated team of experts can ease the burden of DN portfolio management at all levels: administrative, technical and strategic. C O M P R E H E N S I V E S E R V I C E S - You can count on a comprehensive suite of services necessary to prevent brand devaluation and security compromises. We will audit, monitor, centralize, renew and recover your domain names. C U T T I N G - E D G E T E C H N O L O G Y - We have developed technologies and platforms to audit, monitor and centralize domain names. These technologies are customized to answer decision makers’ as well as technical team requirements. 3A boul ev ard du P ri nc e H enri , L - 1724 L ux em bour g 12 t el . +352. 26. 44. 17 . 93 f ax . +352. 26. 44. 18. 4 3 Cont ac t : Ni c ol as V A N B E EK Page c ont ac t @v ay t on. c omCopyright 2011 NTLUX S.A. VAYTON Brand Capital -