- only register domains for yourself
- create and use accounts that only you should be able to access
- register domains only as an individual and not tied to any company or organization
- don’t have any business partners, someone building your website, etc.
- never die
…congratulations! You probably won’t end up in a sticky situation regarding who owns your domains.
Most people never give a second thought to domain ownership after registration. It’s one of those things that might cross your mind or prompt you to log in once a year, but as we see on a fairly regular basis, things can become difficult, or downright contentious, pretty quickly.
- Who owns your domain name?
- If a domain is registered by an ex-employee
- If a domain is registered for a partner-run business/organization
- If a domain is registered by someone who is building a website for you
- If a domain is registered by someone who dies
- If a domain is registered to be sold for profit
- The bottom line
Who owns your domain name?
Let’s cover the basics first. The legal owner of a domain name is the person and/or organization listed as the domain’s registrant or owner contact. Domains typically have four contacts: registrant/owner, admin, technical, and billing. These can be the same person or different people.
For most types of domain names, you can check the contacts listed using a WHOIS lookup (note that for some ccTLDs, the registry does not display this information, and it won’t be displayed if you have a WHOIS privacy service in place, if applicable, so you would need to login to your iwantmyname account to see the contact details) This means that if you are the registrant contact for a domain, then you are the legal owner of the domain. These people are not:
- The person or people whose names are the admin, technical, or billing contacts for the domain.
- The person who used to be listed as the registrant/owner (but it’s since been changed to your name).
- The registrar with which you register the domain name unless they put their own details for the registrant contact, which is bad business practice and not allowed under many domain extensions, but still happens…
- The web hosting provider you use to host your website.
- The person who paid for the domain.
- The person you hired to build and/or manage your website for you.
- A person who owns or has access to the account in which the domain resides.
- The company or organization you work for, if not also listed in the registrant contact information (though this can be tricky).
- A company or organization with the same name as the domain, if it’s not registered to them. (However, if they have a trademark or other rights to the name, they can come after you and potentially take it.)
- Your business partner or another person who is or was running a company, club, or other organization with you if their name isn’t listed as the registrant contact.
- A brokerage service used when buying/transferring the domain.
If a domain is registered by an ex-employee
The most common issue we see is when employees register domains for an organization, then later leave. The domain often ends up marooned in an account no one has access to, and if the account login email no longer exists, no one can receive the account password reset emails, and no one will be alerted to any issues with domain renewal until the website or email stops working.
And here’s the worst-case scenario: if the employee who registered the domain does so completely in their name (where the organization isn’t listed on the account contact details, payment details, or domain registration details), there is absolutely no proof (aside from, perhaps the domain name itself) that the organization has any right to the it.
These situations are tricky, and we require a lot of authentication and proof before we will allow anyone access to the domain. More likely, though, we tell these people to seek legal advice and/or work it out amongst themselves, or use the UDRP process (see below) because we are not in the position to decide who has the right to a domain name.
So if someone in your organization has been tasked with registering a domain name for the company, or a department, or a specific project, or whatever:
- ensure that the organization’s name and contact information are on the account and on the domain registrant contacts, especially the registrant/owner one.
- ensure that the email address to access the account is one accessible by more than one person, e.g. firstname.lastname@example.org, rather than email@example.com.
- make a list of organizational assets that includes domain names and their access details.
Then, if that employee leaves, you won’t get a rude awakening that there’s a problem when the website goes down and email stops working… because the domain renewal couldn’t be billed to a deactivated credit card and expired months ago.
If a domain is registered for a partner-run business/organization
If you start a business, club, or organization with other people, similar principles apply. Things happen, businesses (sometimes) fail, and relationships can go south rather quickly. It’s like a divorce, but with your business at stake.
If things get ugly and legal, assets can get frozen. And if we get conflicting information about an account or domain, we may be forced to block it until the issue is sorted out. That means no one can access the account or domain -- to take a website down or put it back up, to pay for a renewal, or any other function.
Sometimes we even find that people forget about domains once businesses fail, and their partners never receive expiry notifications because they were never on the account. There are all kinds of legal considerations, especially if a business is successful. So please, ensure that the domain and related accounts are not just in one person’s name with singular access. Ensure that the account shows proof of more than one principle, or is focused on the organization, rather than one founder’s name, payment, and contact details.
(And for some additional reading, here’s is a good article with some things to think about regarding buying domains with partners.)
If a domain is registered by someone who is building a website for you
Having your own website is an important step in building a brand, business, or other online identity, but many people don’t have the skills or the time to build one. If you hire someone for the task, it’s important to ensure that they’re just responsible for the work and that they don’t actually own it.
(For web designers/developers with a roster of clients, we recommend creating a separate account for each client. It can be a bit of extra work initially, but it’s valuable in the long run because it enables setting up the account in the client’s name with their billing and contact information. That way the client has access to the account to update contact or credit card details, transfer the domain, cancel renewal, etc., without having to rely on anyone else. And if the client parts ways, you won’t have to worry about scrubbing your credit card information from the account or forwarding billing renewal emails because it’ll already be under client control.)
The most important thing to remember is that domains are typically registered using account contact details, and if that’s someone else’s information, they are the legal owner of your domain. If you have someone building your website, make sure the account contact details are your own. They can be the technical contact for the domain, but it’s important that the registrant/owner is you or your company. If your designer/developer just disappears one day (it happens!), having primary account access and proof of ownership is so important.
We also recommend using an email address for account login, contact/notification, and domain registrant contacts that does NOT use your domain name. If you use firstname.lastname@example.org, but mydomain.com accidentally expires, not only will your website go down, you won’t be able to receive emails at any addresses associated with that domain. A backup email address using another domain, mail server, or free account like Gmail can save you a lot of headaches.
We should also note that the reverse of this, or a combination of scenarios, have happened (i.e. we hear from a new technical contact who has been tasked with getting a website/email back up, or refreshing the site, etc., and they have pretty much zero idea how to access it. Don’t do this to the nice people. You’re paying them good money. Pay them to build you a great website; don’t end up paying them to waste time on a snipe hunt of administrivia and headaches.
If a domain is registered by someone who dies
Another situation is when people die. It’s going to happen to all of us, so there’s no excuse not to be prepared. Digital legacies are becoming an increasingly important estate consideration, especially in this day and age of social media, cloud storage, etc. (We have a whole article on death and digital legacy if you’re interested. In short, you want to have a list of your online properties, login details, and what’s to be done with them if you die.)
In many cases of death, the credit card on file will be canceled, the domain will expire, and the website will go offline. Done. In other cases, we’ll be contacted by people trying to close accounts, but who have no access. If they can access the deceased’s email account, they can send a password reset and log in to close things down, but otherwise authentication can be difficult and upsetting. And if the domain is for a site or enterprise run by more than one person, if one of them dies, you end up in a partner ownership situation, as outlined above.
These situations are unfortunate and awkward for us, and we sympathize greatly with people trying to sort things out. But at the same time we can’t abandon our security procedures for any situation. Fussing over password resets or providing identity documentation or other administrivia when you’re dealing with grief is the last thing anyone wants to deal with. Be kind to those who will survive you.
If a domain is registered to be sold for profit
Some people register domain names speculatively, and often go after domains that include the names of big companies, popular products, media enterprises, you name it. Or maybe you’re just a big fan and want to set up a fan site that the big media company that owns the popular product, franchise, etc. will want to pay you money for (there’s been some kerfuffle related to this regarding Star Wars in the past, for example).
Making money this way is possible, but you’re just as likely to get a legal notice. And if they own the trademark, which they very likely might, they have a much stronger case and can demand you hand over the domain for zero dollars. (We have an extensive guide to options when someone else has a domain name you want. It provides reverse information as well, i.e. what likely options are if you have a domain you hope someone else will want to procure.)
Sometimes though, what looks like “domain squatting” can actually be a case of someone having a domain long before a company or product is created and wants its corresponding domain. In these cases, the new company may offer to buy the domain off of you, or they may lodge a UDRP complaint (Uniform Domain-Name Dispute-Resolution Policy), which basically claims that you own a domain you don’t really have rights to and aren’t using the best way, and the other company has a trademark or business case that is better suited to the domain’s ownership and use.
Once upon a time domain squatting and speculation were more common and easier to get away with, but those days are long past. Registering what you think is a hot domain in hopes of a big payday is not the likely windfall some people still think it is. You’re more likely to be threatened with legal action.
The bottom line
Digital assets and property are something we need to get used to in this increasingly technical world. Items like domain names are often very closely tied to our identities, interests, families, income, and other parts of life.
We need to think of them as being as important as the physical items in our homes, or our financial assets, and plan to get organized accordingly. It’s really just a matter of being aware upon setup, and occasionally ensuring that things are up to date (perhaps an annual digital checkup around the New Year would work). Future you, and your descendants, will thank you.