Do you think that hosting companies should lock their customers' domains by default ? As you know if a domain is not locked anyone with access to the admin-C's email account can transfer the domain away.
A hacker could gain access to the email address using a trojan horse or virus and steal the domain. In some cases the admin-C email address is not valid anymore and may even be available for registration to anyone. In this case anyone can easily steal the domain. On shared hosting accounts someone may install a script that operates as user nobody and gain access to email accounts on that server so if the domain uses an admin-C email address on this server it could be stolen by a hacker using a PHP exploit.

I did compare a few hosting companies but almost all big companies lock domains by default (i.e. Godaddy, 1&1, Yahoo). The only big company I found that doesn`t lock domains is Dreamhost.com.

The scenerio you describe is not a good argument for locking a domain, but it does have a smidge of validity.

That said, yes, domains should be locked - but the client should always be given a control panel in which they can manage their own domains, including unlocking them if they wish to.

--Tina

The scenerio you describe is not a good argument for locking a domain, but it does have a smidge of validity.


Well, I think it`s a pretty good argument. Keep in mind that losing a customers domain could result in a hundred thousand dollar lawsuit if they lose the domain because it was not locked and argue that not locking the domain was due dilligence. Let`s say the hacker stole the domain using a user nobody script and the email account was hosted on your servers. This would make it 100% your fault and liability limitations in your TOS would be irrelevant as it was due dilligence.

Well, I think it`s a pretty good argument.

Your scenerio is no different than them gaining access to the domain's control panel (via a lost password retrieval sent to the hacked email account), which would effectively make locking the domain useless.

The only real benefit to locking a domain is that some registrars have a policy of transferring a domain if the domain is NOT locked and the domain admin doesn't explicitly protest the transfer after x number of days.

--Tina

Your scenerio is no different than them gaining access to the domain's control panel (via a lost password retrieval sent to the hacked email account), which would effectively make locking the domain useless.


Not necessarily. A smart customer can use another email address in the control panel than the one he is using as the admin-C email address. If the domain is locked the hacker would have to hack two email accounts which means more safety due to the fact that the domain was locked.

A hacker could gain access to the email address using a trojan horse or virus and steal the domain.

That implies the customer's computer is infected. If their computer is infected, your whole point of locking a domain falls apart.

As I said, your argument has some validity - but, to me, the better reason to lock a domain is to prevent it from being transferred by legitimate (although sneaky and unethical) means. That's the far greater risk.

--Tina

Hello,

Well depends basically. If you are registering the domain name for your client free of cost, then better lock the domain atleast for the period of 60 days. If the client pays for the domain registration, then there is no need for the domain to be locked. Because once locked the domain becomes void for transfer.

Thank you.

Regards,

Hello,

Well depends basically. If you are registering the domain name for your client free of cost, then better lock the domain atleast for the period of 60 days. If the client pays for the domain registration, then there is no need for the domain to be locked. Because once locked the domain becomes void for transfer.

Thank you.

Regards,

After registration it is locked for 60 days anyway...that`s because of ICANN terms. And after that I don`t see a problem about locking it if you unlock it upon request. It`s only for the customers security and the customer has nothing to lose as long as you unlock it upon request which you are legally required to do anyway. Also since the customer is registered as owner/admin-C he could even contact the registrar if you wouldn`t respond so even if you go out of business he wouldn`t lose the domain. I don`t see the problem in locking domains.