Registry Lock is a service offered by a domain name registry that consists of several “ServerProhibited” statuses to protect the subject domain from unauthorized transfer, updates and deletion. But what does that really mean?
To understand how registry lock works and why it is an extremely valuable addition to the domain name security we need to understand how domain name registration and management works:
Typically, the registrant (any physical or legal person who registers a domain name) opens an account with the registrar (a legal entity that offers domain name registration services), searches for an available domain name and registers it by paying the fee determined by the registrar. When the registrant decides to launch a website on the domain they need to provide the registry (a legal entity that operates and manages the database of all domain names registered under a certain domain extension, such as .ME) with Domain Name System (DNS) name servers (for instance mns03.domain.me and mns04.domain.me) via the registrar. This is how the domain resolves to the website.
Now, imagine that hackers get an access to the account the registrant uses to manage the domain name. What can they do?
They can transfer out, or even worse, delete the domain of a multi-billion dollar corporation making their online identity disappear in a second. Or, they can redirect a domain of an e-commerce platform to a website of their choice or simply to a page where they show off and they take credit for the hack. Or, in one of the worst-case scenarios, trick the users of the service/product that runs the compromised domain into believing that it is still legitimate and start obtaining sensitive information. If only there was a way to prevent this?
Enter Registry Lock – a security feature that prevents unauthorized updates, transfers and deletions of the domain name. In addition to “ClientProhibited” statuses that are set by the registrar, the domain with the activated Registry Lock has “ServerProhibited” statuses set by the registry. This means that updates to the domain can be made only after the registry, the highest authority for a respective domain extension, has been notified about the requested change by both parties the (registrant and the registrar) via secure communication channels. All the statuses are displayed in