While it may seem to be more of an operational issue than a security issue, I find that it’s always educational to ask organizations about their Domain Name renewal process and registration information.  There are lots of DNS domain registration services out there and, frankly, I don’t care which service an organization uses.  However, every organization should absolutely know whose names are on those records and when they are due to expire.  I’ve seen some really close calls where domains were nearly taken over by former employees who were listed as the Administrative Contact for corporate domains.

Unfortunately, there are also some folks out there trying to capitalize on domain name renewals without offering any legitimate service.  Personally, I’d call this a scam.  Sure, they’re going to do something (like submit your URL to Google which costs… nothing!) but unless you read the email carefully you won’t realize what you’re paying them for.  Take this example that showed up in my email inbox earlier today:

Misleading UCE that implies our domain name is expiring

The information on this form was retrieved from a DNS registrar using the whois command, likely through an automated job.  Taking those results, the data is put into a classic scam format.  Notice the short deadline and urgency.  Read carefully, though.  This is not a notice that our domain registration is about to expire, it is a notice that this offer for domain search engine registration will expire.  Lucky me, they only want to charge me $295 to submit my domain to Google for ten years.  Great work if you can get it, I suppose!!!

For a comprehensive course on how to identify critical controls, validate that the correct controls are in place and validate processes, consider the SANS 6 day course, “Advanced System & Network Auditing“.  David Hoelzer is the SANS IT Audit Curriculum Lead and the author of several SANS IT Audit related courses.