How to Prevent Unauthorised Domain Transfers and Name Server Changes

Written on 08 February, 2024 by Matthew Storer
Categories Domains Security

Among the many aspects of online security to consider, domain name security is one of the most underestimated and misunderstood.

Imagine this: Your business’s entire online presence vanishes overnight. It happened to Regions Bank in 2013. With over 1700 branches and 2400 ATMs, they experienced a lapse in domain renewal, leading to a week-long shutdown of all online banking and web services. This isn’t just an inconvenience; it’s a business nightmare, resulting in lost revenue, customer trust, and irreparable damage to their reputation.

As you build your digital presence, do not underestimate the importance of domain name security, read on as we delve into the industry best practices to keep your online business safe.

We have one simple question to ask you; how many people have had access to your domain account over the years?

Imagine a scenario where your business’s website suddenly becomes a chaotic mess of unrelated ads due to someone hijacking your DNS, or worse, your domain is no longer under your ownership after an unauthorised domain transfer.

The repercussions extend beyond the immediate inconvenience of reverting your DNS or having to reclaim your domain name, sometimes to no avail. It affects your brand’s reputation, customer trust, your profit, and can take years to recover from. The good news is, with diligent implementation of domain name security best practices, you can safeguard your digital assets.

7 Tips and Tools to Prevent Unauthorised Domain Transfers and Name Server Changes

As you read this list, keep a mental note if your domain account has these features active. 

1. Manage Your Domain with a Reputable Registrar

Research and opt for reputable registrars who meet industry standard accreditations and partnerships like Melbourne IT. In 2019, a series of attacks targeted domain registrars, leading to the hijacking of several websites. Choosing a registrar known for robust security measures, such as Melbourne IT, could have mitigated these risks.

2. Use Strong Passwords for Accounts

A strong, unique password is your first line of defence. A strong password requires a combination of uppercase and lowercase letters, numbers, and symbols.

  1. Change your password often
  2. Enable Multi-Factor Authentication (MFA)

Enhance security by implementing MFA. This adds an extra layer of verification, requiring not just a password but also a second method, such as a code sent to your phone or email. Melbourne IT provides MFA for our accounts, learn how to set up MFA with this support article.

At Melbourne IT we have set every account to prompt a password change on your next login from January 1 2024.

3. Keep Your Details up to Date with Your Provider

Once you have purchased your domain name and set up your account with your provider, ensure that you maintain all valid details with your provider for any renewal reminders and security notices. A Microsoft Teams outage in 2020 was partially due to an expired security certificate, which could have been avoided with up-to-date contact information ensuring timely renewal notifications.

4. Turn on Auto Renew for Your Domain

One of the most common mistakes domain owners make is not setting the domain on auto-renewal. This makes your business vulnerable with the possibility of your business website and emails going offline if not renewed on time, we service multiple requests weekly to try and recover domains which have expired. Enable auto renew on your domain name to ensure that you don’t miss the deadline leading to a drop of your domain name.

Learn how to check your domain is on auto renew with this support article.

5. Enable Domain Private Registration

Private Registration, or WHOIS privacy, shields your contact information, such as your name, private email address, and phone number, from public access where it can be exploited for phishing attacks or spammed leading to unwarranted contact, or be mined by data miners for identity theft and fraud.

6. Enable Domain Lock

Melbourne IT offers a free domain lock that enables locking your domain from inside your Melbourne IT account. Your domain name cannot be transferred away without unlocking your domain and using the domain key found inside your account. This lock also disables changing DNS records until the domain is unlocked, preventing a DNS hijacker redirecting your domain to a spam site. This ensures an additional level of security to your domain name.

7. Enable Registry Lock

Melbourne IT also offers a further level of security for your key domain(s), a Registry Lock that enables locking your domain at the registry level with a security passphrase. Your domain name cannot be transferred away or any DNS changes made without the security passphrase and direct contact with our corporate team, and the domain will relock no later than 48 hours after the request to unlock. This ensures an additional level of security to your key domain name, fortifying against any account or email hacking or disgruntled employees with access to your account.

Read more about Registry Lock here.


Your domain name is the digital face of your business. Implementing these domain name security best practices not only protects your online identity but also ensures uninterrupted business operations. Risking your domain’s security risks unauthorised transfers or DNS changes, DNS hijacking, dropped domains, or lost domains, and can leave you with an irreparable reputation and a massive loss in business. Secure your domain with Melbourne IT as a reputable and accredited registrar, turn on auto-renewal, leverageour array of domain protection tools, and keep your account details secure and up to date to instil confidence that your online presence is secure and protected.

Safeguarding your digital assets isn’t just a proactive measure; it’s a necessity and the provided examples are not a mere cautionary tale but a vivid reminder of the fragility of online assets, no matter how big the brand.

Don’t leave your domain security to chance, incorporate these tips and tools into your domain management strategy to ensure that your business remains secure, accessible, and trustworthy to your customers.  If your brand is worth stealing, it’s worth protecting. Melbourne IT, your brand in safe hands.

Looking for some help with domains, hosting, web design or digital marketing?

Send me marketing tips, special offers and updates