I have a bit of a bee in my bonnet about using domain names consistently as part of an organization's branding and communications. I don't much like the proliferation of special-purpose or short-term vanity domains.
They are particularly vexing when I am doing something security-sensitive. For example, domain name transfers. I'd like to be sure that someone is not trying to race with my transfer and steal the domain name, say.
Let's have a look at a practical example: transfering a domain from Gandi to Mythic Beasts.
(I like Gandi, but getting the University to pay their domain fees is a massive chore. So I'm moving to Mythic Beasts, who are local, friendly, accommodating, and able to invoice us.)
Edited to add: The following is more ranty and critical than is entirely fair. I should make it clear that both Mythic Beasts and Gandi are right at the top of my list of companies that it is good to work with.
This just happens to be an example where I get to see both ends of the transfer. In most cases I am transferring to or from someone else, so I don't get to see the whole process, and the technicalities are trivial compared to the human co-ordination!First communication
Return-Path: <opensrs-bounce@registrarmail.net>
Message-Id: <DIGITS.DATE-osrs-transfers-DIGITS@cron01.osrs.prod.tucows.net>
From: "Transfer" <do_not_reply@ns-not-in-service.com>
Subject: Transfer Request for EXAMPLE.ORG
https://approve.domainadmin.com/transfer/?domain=EXAMPLE.ORG
A classic! Four different domain names, none of which identify either of our suppliers! But I know Mythic Beasts are an OpenSRS reseller, and OpenSRS is a Tucows service.
Let's see what whois
has to say about the others...
Domain Name: REGISTRARMAIL.NET
Registrant Name: Domain Admin
Registrant Organization: Yummynames.com
Registrant Street: 96 Mowat Avenue
Registrant City: Toronto
Registrant Email: whois@yummynames.com
"Yummynames". Oh kaaaay.
Domain Name: YUMMYNAMES.COM
Registrant Name: Domain Admin
Registrant Organization: Tucows.com Co.
Registrant Street: 96 Mowat Ave.
Registrant City: Toronto
Registrant Email: tucowspark@tucows.com
Well I suppose that's OK, but it's a bit of a rabbit hole.
Also,
$ dig +short mx registrarmail.net
10 mx.registrarmail.net.cust.a.hostedemail.com.
Even more generic than Fastmail's messagingengine.com
infrastructure domain :-)
Domain Name: HOSTEDEMAIL.COM
Registrant Name: Domain Admin
Registrant Organization: Tucows Inc
Registrant Street: 96 Mowat Ave.
Registrant City: Toronto
Registrant Email: domain_management@tucows.com
The domain in the From:
address, ns-not-in-service.com
is an odd
one. I have seen it in whois records before, in an obscure context.
When a domain needs to be cancelled, there can sometimes be glue
records inside the domain which also need to be cancelled. But they
can't be cancelled if other domains depend on those glue records. So,
the registrar renames the glue records into a place-holder domain,
allowing the original domain to be cancelled.
So it's weird to see one of these cancellation workaround placeholder domains used for customer communications.
Domain Name: NS-NOT-IN-SERVICE.COM
Registrant Name: Tucows Inc.
Registrant Organization: Tucows Inc.
Registrant Street: 96 Mowat Ave
Registrant City: Toronto
Registrant Email: corpnames@tucows.com
Tucows could do better at keeping their whois records consistent!
Finally,
Domain Name: DOMAINADMIN.COM
Registrant Name: Tucows.com Co. Tucows.com Co.
Registrant Organization: Tucows.com Co.
Registrant Street: 96 Mowat Ave
Registrant City: Toronto
Registrant Email: corpnames@tucows.com
So good they named it twice!
Second communication
Return-Path: <bounce+VERP@bounce.gandi.net>
Message-ID: <DATE.DIGITS@brgbnd28.bi1.0x35.net>
From: "<noreply"@domainnameverification.net
Subject: [GANDI] IMPORTANT: Outbound transfer of EXAMPLE.ORG to another provider
http://domainnameverification.net/transferout_foa/?fqdn=EXAMPLE.ORG
The syntactic anomaly in the From:
line is a nice touch.
Both 0x35.net
and domainnameverification.net
belong to Gandi.
Registrant Name: NOC GANDI
Registrant Organization: GANDI SAS
Registrant Street: 63-65 Boulevard MASSENA
Registrant City: Paris
Registrant Email: noc@gandi.net
Impressively consistent whois :-)
Third communication
Return-Path: <opensrs-bounce@registrarmail.net>
Message-Id: <DIGITS.DATE-osrs-transfers-DIGITS@cron01.osrs.prod.tucows.net>
From: "Transfers" <dns@mythic-beasts.com>
Subject: Domain EXAMPLE.ORG successfully transferred
OK, so this message has the reseller's branding, but the first one didn't?!
The web sites
To confirm a transfer, you have to paste an EPP authorization code into the old and new registrars' confirmation web sites.
The first site https://approve.domainadmin.com/transfer/
has very
bare-bones OpenSRS branding. It's a bit of a pity they don't allow
resellers to add their own branding.
The second site http://domainnameverification.net/transferout_foa/
is unbranded; it isn't clear to me why it isn't part of Gandi's normal
web site and user interface. Also, it is plain HTTP without TLS!
Conclusion
What I would like from this kind of process is an impression that it is reassuringly simple - not involving loads of unexpected organizations and web sites, difficult to screw up by being inattentive. The actual experience is shambolic.
And remember that basically all Internet security rests on domain name ownership, and this is part of the process of maintaining that ownership.
Here endeth the rant.