Best practice for newly registered domains: PART 2 – Key considerations for purchasing

1. Carefully select a top-level domain (TLD)

If you’re unsure what a TLD is, read this FAQ. Over a thousand TLDs have been added to the original seven general TLDs (gTLDs) created during the internet’s early development.

With such a massive influx of TLDs to the marketplace, registrars who operate the TLDs are vying for market share, so many new TLDs are offered either free, in the case of Freenom, or very cheaply for the first year. Miscreants take advantage of these low costs, registering hundreds, if not thousands, of domains for malicious purposes. These domains get listed by security vendors, and consequently, their associated TLDs start to get a bad reputation. For this reason, some security professionals chose to blanket-block these TLDs.

At Spamhaus, we don’t recommend the blanket blocking of TLDs. The domain space is fluid, making it exceptionally hard to predict where the next significant domain, the next hot start-up, may choose its name. While it may seem like a quick win to dismiss an entire TLD, it will undoubtedly target sites and traffic you don’t want to block. Meanwhile, the miscreants you originally targeted have switched to a different TLD.

Choose a TLD whose registry not only pays “lip service” to anti-abuse but takes action when it comes to abuse, i.e., they try to ensure minimum fraudulent registrations, and when they do occur, they work quickly to take these domains down.

2. Where you host your domain matters

Once you’ve purchased your domain, it requires hosting somewhere. The question is, where? Naturally, there are numerous considerations when choosing a provider, including the type of hosting, i.e., shared or virtual private servers, reliability and capacity of those servers, speed, and effectiveness of its customer service, in addition to the cost.

Rarely, when reading articles detailing the key factors to consider when choosing a hosting provider is, reputation and approach to anti-abuse mentioned. But it should be!

Think about your domain as a shop front. You wouldn’t want to have it in a neighborhood filled with buildings in disrepair and vandalized, would you? After all – a neighborhood’s reputation can attract or put customers off. Similarly, the area in which you host your domain matters. Those providers hosting domains associated with malicious behavior, e.g., phishing websites, malware download sites, spam, etc., get a poor reputation in the industry. By association, your domain can be negatively affected.

Here are 10 things to look for when choosing your hosting

(Ideally, you’re looking for the answer to be yes to each question):

General questions:
1) Is two-factor authentication (2FA) mandatory for all account logins?
2) Are automated notifications enabled for potentially suspicious activity on accounts/servers/etc.?
3) Does your provider offer managed services or support to help with setup and/or security issues?
4) Is there an Acceptable Use Policy (AUP), and is your provider prompt in dealing with abuse from other users?

For your website:
5) Does your provider offer a Web Application Firewall (WAF) or similar?
6) If they offer free services, are these segmented from paying customers?
7) Does the provider offer automated update services?

For your email:
9) Does your provider support modern email authentication options on your corporate email?
10) If you choose one, does your mailing list provider support bringing your own domain?

3. Protect your domain

Earlier, we mentioned that your domain is an asset. In fact, it’s a hugely important asset. Imagine if you lost control of your domain. How would that affect your ability to operate? Almost every other online service you may use depends on your domain name for email signups, password resets, and DNS verification records. It could very well bring your business to an abrupt halt, not to mention the loss of revenue you would incur.

Make sure that wherever you buy your domain name, they give you options to lock it down. At a minimum, have two-factor authentication on the account used for managing the domain name and, if applicable, the DNS). Do not use a freemail account for your domain registrations, if possible.

Good luck with your domain shopping expedition. Remember, you get what you pay for! Make considered decisions about who you’re purchasing from and where your domain will reside. Next up, we’re looking at actions you can take to establish a good reputation for your domain as quickly as possible.