February 9th, 2009 by James Koole (Comments Off)
For all of our Resellers who are selling .co.uk domain names, we wanted to let you know about a recent change made by Nominet, the .uk Registry operator.
You may or may not have bumped into this in the past, but until recently, after a .uk domain name expired, the Registry would send a paper invoice to the registrant inviting them to renew the domain name for £80 plus tax (VAT).
This notice mentioned Tucows as the registrar, and it also confusingly invited the registrant to renew with the Registry directly.
On February 4th, 2009, the Registry moved this somewhat puzzling process to email and made some changes to reduce confusion. The Registrant is now contacted by email with details of the specific domain name, its expiry date and the registrar and public URL for the registrar to help the registrant make their renewal. The offer to renew directly with the Registry is now omitted.
This is a minor change, but it is something that both Registrants and our Resellers might find a bit confusing. We wanted to take this opportunity to explain to you what is going on so that you can be ready to handle any inquiries from your customers about these emails.
Nominet has more information about this process on their website.
February 3rd, 2009 by James Koole (Comments Off)
Landrush for the new .TEL gTLD opened just a few minutes ago and already the news is spreading around the world about this interesting new domain extension. OpenSRS is now live and connected to the Registry for Landrush orders and all pre-orders in our system have been processed.
There has been a ton of media coverage around the launch of .TEL. Here’s a sampling:
The CEO of Telnic, appeared live on the American business news network CNBC this morning as well (view online). And .TEL received worldwide media coverage on BBC television and other radio and television stations throughout the day.
There’s a lot of buzz surrounding .TEL right now. As Landrush proceeds, expect more and with General Availability less than two months away, now is the time to start educating your customers about the value of .TEL domains.
January 28th, 2009 by James Koole (Comments Off)
Phishing attacks are often associated with banking websites, but domain owners and Resellers need to be aware as well – hackers are actively targeting domain registration and management systems in an attempt to acquire user credentials. We’ve put together some information that will assist you both in protecting yourself from phishing attacks, and also to assist you in educating your customers so they can avoid falling victim to these hackers.
I’ve split the information into two groups; there’s some tips and info about what OpenSRS is specifically doing to protect against phishing, and also some general advice that applies to any and all online accounts.
OpenSRS Specific information:
- OpenSRS will never ask you for your username or password via email. We never ask for detailed personal information via email either (many phishing attacks use a form to be filled out that requests all of your personal info).
- All OpenSRS service administration systems including the Reseller Web Interface (RWI), the Manage Web Interface (MWI), and the Mail Administration Center (MAC), are protected by SSL Digital Certificates.
- When notified of an issue related to possible phishing directed at OpenSRS Resellers, domain registrants or competing domain Registrars and service providers, our abuse and compliance teams immediately work with their colleagues around the world to identify and disable the offending domain(s).
- OpenSRS abuse and compliance teams are well connected with various agencies and institutions in the global effort to identify and eliminate phishing websites no matter the target.
General tips:
- Be suspicious of any and all emails purporting to be from banks, financial institutions, or other online services that require you to log on via a link. Use your browser bookmark instead of clicking links in email.
- Check the SSL digital certificate of the site you are logging into if you have any concerns. This is as easy as clicking on the favicon in the address bar of Firefox or the lock icon on Internet Explorer. Ensure the information in the digital certificate matches the site you think you are logging into.
- Newer browsers, like Firefox 3, Internet Explorer 7 and Safari 3.1 offer protection against some phishing attacks by alerting you to known phishing sites when you attempt to surf to them. This doesn’t provide complete protection, however, as new phishing sites are created all the time.
The Anti-Phishing Working Group (APWG) has created an educational page for consumers with excellent information that will assist them in protecting themselves from being phished. Feel free to educate yourself and also to share this resource with your customers.
January 27th, 2009 by James Koole (Comments Off)
.TEL Landrush is now just around the corner – beginning on February 3, 2009. As mentioned previously, OpenSRS is full participant in the launch of .TEL. You’ll be able to start pre-ordering for starting at 0500 GMT on Friday, January 30th, 2009. At the same time we turn on Landrush pre-orders, we’re turning off Sunrise Orders.
.TEL Landrush is structured fairly simply. Telnic, the .TEL registry, isn’t holding auctions for high value or premium domain names nor is it withholding any names from the Landrush (except for a few names on a “reserved list” as required by ICANN and as needed for registry operations).
There are going to be a ton of great .TEL domain names available in many different languages. Some examples include geographic names like newyork.tel or generic names like pizza.tel. During Landrush, everyone has a shot at grabbing one of these potentially valuable names. Each is offered at a fixed price ($329.60US including a three-year registration) on a first-come, first-served basis.
Landrush pre-orders are fairly simple, but there are a few things you should be aware of:
- Pre-orders are not guaranteed. When the Registry opens, we’ll start submitting orders along with everyone else.
- When a pre-order is submitted, we’ll put $275 on hold in your Reseller account. If that order is successful when Landrush officially opens, we’ll charge through the full $329.60. If the order is not successful, we’ll remove the hold and you’ll pay nothing. That’s a bit different from the Sunrise period during which the $275 fee was payable to the Registry regardless.
- ALL Landrush pre-orders submitted to pending will be processed. If you don’t wish for a pending order to be processed, you must cancel it prior to the Registry opening.
Also of note is that ordering via the API will also go live at 0500 GMT on Friday, January 30th, 2009. The documentation has been updated to reflect the changes and additions.
Telnic noted that during the Sunrise period, many companies realized the value of .TEL and registered their ‘brand’.tel, including Starbucks, Microsoft, Google and CNN. It’s expected that Landrush will be busy as people try to grab some of the high-value .tel domains, and also jump in and ensure that they get the .tel for their company or organization.
For Resellers that submitted .TEL Sunrise Applications, Telnic has provided a lookup tool to determine the status of Sunrise applications.
We’ll have more about .TEL in the coming weeks and months as we get closer to the General Availability and the official, full launch of this innovative new domain extension on March 24th, 2009.
January 19th, 2009 by James Koole (Comments Off)
I’m happy to tell you that the Registry promotions that we ran throughout 2008 with much success will be returning again in 2009. Last year we worked with various Registries to offer special pricing to OpenSRS Resellers including .INFO, .TV, .AT, .CN and more.
We’re doing things a little differently this year. We’re asking our Resellers to opt-in to each promotion. There are different requirements that need to be satisfied in order for us to offer special pricing, so we need to ensure that each Reseller has agreed to the terms of each promotion. We’ll also make any marketing materials or other resources available to you when you sign up.
The first promotion of the year is for .INFO domains. Just like last year, we’ve put together a great promotion with Affilias that allows us to offer you .INFO domains at a Registry cost of zero – yes, as in nothing. All you pay on .INFO domains is the ICANN fee of $0.20 and your OpenSRS Management Fee. You can opt-in to this promotion by filling out a quick and easy form. More details can be found here.
And, to commemorate US Presidential Inauguration Day, the .US Registry (Neustar) is offering a special promotion between now and the end of February, 2009 on .US domain names. Effective immediately, .US domain names will cost you five bucks instead of ten.
You can mark the occasion by offering your customers the chance to display their patriotism with a .US domain name.
Like the .INFO promo that is currently underway, you need to sign up to receive the promotional pricing. Click for more information about the terms and conditions of this promotion and to sign up to receive the special pricing.
We’re committed to passing on the savings to our Resellers and we hope you take advantage of these promotions by doing a little marketing and promotion of your own. These promotions continue to be a great way to drive sales among both existing and new customers.
Photo credit: Tim Parkinson – thanks for doing the Creative Commons thing!
January 8th, 2009 by James Koole (Comments Off)
Passwords are in the news these days, and the news is not good. A great example was the result of some recent hacking that included the Twitter accounts of people like US President-elect Barack Obama, and Britney Spears. It turned out that the password protecting the administrative area for Twitter was ‘happiness’ – not very smart.
Another recent story making the rounds has to do with what’s been referred to as the “Worst 500 passwords of all time.” A hacker has a good chance of breaking into an account by simply running this list of common passwords against the login system.
The takeaway for Resellers? Change your password. Especially if you see yours on that list. But either way, it’s a good practice to change your passwords on a regular basis and also to make sure you choose strong passwords. Also, it wouldn’t hurt to educate your users about passwords.
Garrick Lau, who heads up our own security efforts here at Tucows, has some suggestions for choosing passwords. He suggests that any password you use should at the very least:
- have at least 6 characters
- should never contain the words that can be found in the dictionary
- should contain characters from three of the following categories:
- uppercase letters
- lowercase letters
- numbers
- non-alphanumeric characters (eg. %, $, @)
Garrick also suggests changing passwords often, and not reusing passwords across different sites. For example, don’t use the same password for your OpenSRS account that you use for your email account. He also says not to use the same email account for registrations as it becomes the single point to access all the keys of your kingdom via the “forgot password” function if that email account is compromised.
While a super-strong password is ideal, it’s sometimes hard to remember. Printing out passwords is okay, as long as you keep that printout safe (keep it in your wallet, but don’t stick it to your monitor, for example). And don’t do something foolish link storing them in a simple text file on your computer desktop with usernames and passwords plus the URL for each site.
Whatever you do, changing passwords often is a great habit to have. Changing your Reseller Web Interface password is really easy. Here’s a very short screencast showing exactly how to do it in under 40 seconds:
While you’re changing that OpenSRS password, think about security on your other systems. How many of you use the same password for everything you do online? Hackers know this is common and once they get one of your passwords, they’ll try different services to see if you reuse passwords like many people do.
In short, start with passwords and resolve to make security front of mind this year and in the future.
November 26th, 2008 by James Koole (Comments Off)
Thanks to all who attended the .TEL webinar we held Wednesday. We hope you found it informative and useful.
For those who were unable to attend, the full archive of the webinar is embedded below. Additionally, we’ve also converted both presentations into PDF format for download as well.
We tried as best as we could to answer all of the questions that came up during the webinar. However, if you feel as though we missed yours or you didn’t get a satisfactory answer, feel free to ask again in the comments and we’ll try to get you the answers you need.
A reminder that you can try out .TEL for yourself and obtain your very own VIP .TEL domain. Head to http://www.telnic.org/vip/ and give it a try. You’ll be able to see the management interface that Telnic provides and gain a better understanding of the innovative .TEL concept.
Here’s the archived presentation (which will play on an iPhone or iPod touch through some sort of new blip.tv magic – we love blip.tv):
November 26th, 2008 by James Koole (Comments Off)
Telnic, the Registry for the new .TEL extension is providing marketing materials that you may wish to use in your efforts to sell .TEL domains to your customers. In addition, they’ve also created a short video presentation about .TEL that you may choose to embed or use on your websites.
The marketing materials are available for download as PDF files in a bunch of different languages. They’ve also provided the source files for all languages (QuarkExpress format for those with the capability to edit Quark files). Here’s the links:
As a reminder, our .TEL webinar takes place at 1:00 P.M. ET today (Wednesday). Those unable to attend the live presentation will be able to view an archived version and download the presentations as PDF files. We’ll post that information to the blog later today.
November 25th, 2008 by James Koole (Comments Off)
Thursday, November 27th is Thanksgiving Day in the US. Up here in Canada, we already gave thanks a few weeks ago. So while many of our American friends will be tucking into a huge spread involving turkey and all the fixings, we’ll be here answering support calls and providing the usual services to our Resellers.
Platypus ISP Billing customers can head to the Platypus website to find out what’s open and closed at our Starkville office. You can bet they’ll be cheering on Mississippi State in the annual Battle of the Golden Egg on Friday.
To all Americans – our customers, and fellow employees – we wish you a Happy Thanksgiving and a safe holiday.
November 24th, 2008 by James Koole (Comments Off)
There have been a few stories popping up online recently talking about how a possible flaw in a commonly used free email service might allow malicious hackers to steal domain names. The flaw is not new — in fact, I blogged about it way back in January.
What this highlights again, is that the email address used as the administrative contact for domain names is a weak link. Lose control of the email address, and you risk losing control of the domain names listed under it. Whether the registrant uses a free webmail account, or the email provided with their domain name, that email address is the key to ownership of the domain name.
Protecting yourself from the threat of having a domain name stolen through email hacking is relatively easy — use WHOIS privacy. If the domain name can’t be associated with an email address, it’s less likely that a hacker will either a) target an email address in the first place or b) be able to tie a valuable domain name to a specific email account.
Granted, the chances of being hacked this way is minimal for the average registrant, but nevertheless, as a domain reseller, you may want to help educate your customers about the importance of having a secure password on their email account, and about the importance of WHOIS privacy. I’d even suggest that you might not want to have multiple domain names with the same administrative email account as it increases the chance that a hack could steal your entire portfolio of domain names at one time.
As you are probably already aware, OpenSRS offers Contact Privacy for free with every domain name that supports it — we think it’s that important.
