Hey, I’ve lost my company’s domain name!

Whois screengrab

I love me some VT 220 (ok, faux VT 220, but close enough)
The registration system for domain names isn’t really set up for corporate ownership, since the “owner” of a domain name is typically the person who is listed as registrant rather than the corporation. The down side of this system is something we see all the time, particularly with small companies – a domain name is registered by a well-meaning, tech-savvy employee (all too often in his or her personal account) and, when that employee moves on, the company is stuck without control over critical domain names and related accounts. If the employee is fired, it’s even worse, since the now-disgruntled employee may well have control over the company’s entire online presence for an indeterminate period of time.

While there’s no silver bullet here, there are a few best practices which make it easier to regain control over a domain under the control of a wayward (or simply unreachable) ex-employee. Those are:

  • Make sure the company name and address is listed as the Registrant, along with the name of an officer who is most likely to remain with the company. The tech savvy employee can be listed as administrator, to facilitate management of the domain without jeopardizing ownership.
  • Corporate web assets should be held in an account which is in the company’s name and paid for with a company credit card, and should be kept separate from other business or personal websites and domains.
  • Have an agreement in place making it clear that, upon termination of employment for any reason the domain name registrant and admin are to be changed to an officer of the company’s choosing. Ideally, this should be in a standalone agreement so you can provide it to the registrar without divulging hiring or salary information.
  • Make sure renewal notices and the like go to a generic e-mail address, ideally one which is monitored by more than one person, so that termination or resignation of an employee doesn’t result in a lapsed registration (although there are downsides to this as well).
  • Make sure someone other than the admin knows the password to the account (but be judicious, you also don’t want the password becoming generally known). For particularly active accounts, you may want to request a regular update confirming the password and listing all domain names along with expirations dates for the corporate account.
  • Make sure all domains are registrar locked against transfer and deletion

The above isn’t foolproof, since a knowledgeable or well-placed employee can manage to retain control no matter what the circumstances, and given that registrars differ in how they handle requests relating to domain name ownership. Also, be aware that some of the above suggestions may have downsides as well, so consider what’s best for your organization when determine who has access to accounts and how.

error