A best practice approach to domain security

MarkMonitor recently conducted its final instalment of ‘office hours’: a series of interactive, Q&A focused webinars highlighting the most pressing topics in domain management today.


The MarkMonitor™ office hours series, following a university office hours model, provide MarkMonitor customers the ability to ask questions on a variety of domain-related topics with real-time answers from MarkMonitor in-house experts and industry colleagues. To encourage candor, questions are anonymized and the sessions are not recorded.

This final session focused on domain security, discussing elements of securing domain names, along with features and protocols that businesses should put in place to secure their domains. Following a primer about best practices, several questions from the audience were put to the expert panel in real time.

Key takeaways included:

  • To prevent unauthorized, unwanted or accidental changes to domain names, brands should consider both registrar and registry locks. Registrar locks can be implemented by the registrar and ensure that no changes can be made to a domain name without confirmation from the owner. A registry lock provides an additional level of protection for strategic core domains and is dictated and authenticated by the domain name owner via a highly secured manual process, strengthening security.
  • When managing domain portfolios throughout a merger and acquisition, companies can heavily reduce the number of domains by creating their own brand-specific practices around their most important top level domains (TLDs). These practices should be used to guide domain decisions whenever a new brand is acquired. One guest speaker explained that by doing this they had cut such a list from 1,200 to less than 600 domains.
  • Make use of API security features – companies should pull up data within their own network and apply it for security practice by using audit logs to provide a longstanding history of all changes to domains. By incorporating this data into security tools tracking webserver and other logs, and adding domain management logs, companies can access a world of possibilities such as customized workflows for tracking ownership with metadata.

Today brands simply cannot afford to ignore domain security. Organizations need a strategy in place to ensure their domain portfolio is secure today, before any issues arise. This advice was highlighted by a guest speaker who experienced a security breach in 2017 while lacking a domain security policy. As a result, the business now has corporate policy focused on domain registration and DNS hosting to ensure it is properly monitored, managed and secured.


Thank you to our panellists for taking the time to join this office hours session and sharing their knowledge and insights with us. As a registrar for many of the most visited domain names on the internet, MarkMonitor tracks industry developments to help customers make the best decisions. For a copy of the prepared background slides from the session or to get in touch to discuss domain security, please contact us here.

Related posts