Dear everyone

New types of attacks on domain names are coming up on a daily basis. Many clients ask us about implementing potential additional security measures for their domains, such as protecting against complex phishing attacks. In this newsletter we would like to introduce the additional security measures we find the most effective and reasonable.

Additional security measures are available at 3 levels :


At domain name level: “Domain PIN Lock”

What is this? It is a new service which allows a PIN token procedure by SMS to secure your domain. A PIN will then be requested for all administrative actions, such as owner updates, transfers, etc. and also for the de-activation of this specific service. We believe that this service clearly enhances the security of domain names. Note that it’s crucial to use a “generic” phone number and not connected to only one employee who may not be working for your company in the future.
As the annual cost for the Domain PIN Lock is USD 15 per domain, we recommend this precaution for business-critical domain names only.


At registry level: “Registry Lock”

With this service, domains are automatically locked on registry level.
This service allows registry-level protection for domain names and/or hosts (name servers). It enables the setting of Extensible Provisioning Protocol (EPP) registry server status codes on selected domain names and/or hosts – to prevent malicious or inadvertent modifications, deletions, and transfers. It is available for .COM, .NET, .TV, .CC and .NAME domain extensions and hosts.
As the annual cost for Registry Lock is USD 399 per domain, we recommend implementing this service for business-critical domain names only.


At name server level: “DNSSEC”

Last but not least – should you want to enhance security at the name server level, we recommend using DNSSEC – This feature mustbe added manually by the BRANDIT Support team upon request for those domain names extensions that support this feature and have zone files on our nameservers.
What is this exactly? Basically, if DNS is the phone book of the Internet, DNSSEC is the Internet’s unspoofable caller ID. DNSSEC guarantees a web application’s traffic is safely routed to the correct servers in a tamper-proof manner, so that a site’s visitors are not intercepted by a hidden “man-in-the-middle” attacker and sent to a fraudulent site replica. These attacks usually go unnoticed by sites’ visitors, increasing the risk of phishing, malware infections, and personal data leakage.
We are offering this service free of charge to you, our client. Should you be interested or need more detailed information about the DNSSEC, please talk to your designated BRANDIT Client Support contact.


If higher security standards for your business-critical domains are crucial to you, we will be happy to review these options with you.


Wishing you a great day and start of Summer! – Your BRANDIT Family

Your e-mail address will be used to send you communication messages and invitations to our events in accordance with our Privacy Notice. You can unsubscribe at any time.

© 2020 BRANDIT. All Rights Reserved. Privacy notice & Terms and Conditions

Share This