MENU
  • Enom.com
  • Resellers

Enom Blog

  • The Importance of Authentication in SSL

    July 23, 2019

    Advice, SSL

     Like

    Views: 1649

    Update: Want to sell more SSL? We’re here to help.  Join Enom and DigiCert for an interactive Webinar on December 3, 2019, at 1 PM ET. Register now!

    Browsers have evolved to offer a better user experience and greater attention to security. Perhaps most importantly, they now display a security warning to users when they land on a website that lacks encryption:

    This is a step forward to a safer Internet, but encryption is only part of the security equation. 

    Without a means to verify the owner of that website, the user can’t be sure who they are sending their information to. 

    When SSL certificates were first introduced, they served both these critical purposes:  

    1.  Encrypting the data in transit

    2.  Authenticating the website to which the data is being sent

    They were issued by a small handful of Certificate Authorities (CAs), accredited and compliant third parties able to provide both encryption and authentication of your website. 

    But as the Internet grew, so did the number of CAs in the market, and the variety of SSL options. And what was the main differentiating factor among these certificates? The level of authentication they provided.

    Today, SSL products range from free “encryption-only” certificates, which can be registered in a matter of minutes, to Extended Validation (EV) SSL certificates, which, as their name suggests, involve a thorough validation (authentication) process as part of their registration. 

    When choosing an SSL certificate for your site, or helping a customer select one for theirs, your main question should be: what level of authentication do I need? After reading this blog, the answer will be clear.

     

    Minimal Authentication: Domain-Validation (DV) Certificates 

    DV certificates are often described as “encryption-only” because they don’t provide confirmation of who the website owner really is. To register a DV certificate, the website owner simply needs to prove ownership of the domain name(s) they are trying to secure. 

    Think of a DV certificate like a library card: they are easy to obtain and aren’t considered a credible form of identification. 

     

     

    When to use a DV certificate

    These certificates are sufficient if you’re securing a page just to maintain browser compliance (and avoid those warnings), or if you’re hosting a site that purely provides information and you want it done securely.

     

    Basic Authentication: Organization-Validation (OV) Certificates

    Before issuing an Organization-validated certificate, the Certificate Authority vets the organization and individual applying for the certificate. If a website visitor chooses to view the OV certificate, they’ll find this verified company information included in the details. 

    You can think of an OV certificate like a driver’s license: obtaining one involves a bit more hoop-jumping, but they are better trusted as a form of identification. 

     

     

     When to use an OV certificate

    If you collect any basic personal information from your users, for example, login credentials, they’ll likely want to know who they are sending this information to. An OV certificate from a reputable CA may provide sufficient authentication and assurance in these cases. 

    However, Extended Validation certificates (see below) are often a better fit for e-commerce pages or business-critical sites where consumer trust is particularly important.

     

    Advanced Authentication: Extended-Validation Certificates

    Extended-validation (EV) certificates involve the most rigorous authentication process and, consequently, provide the highest level of assurance to website visitors. 

    What’s more, as mentioned above, they do this in a very obvious way: a green address bar that includes the name of the company. Finally, the CA Browser Forum, the SSL industry’s governing body, sets specific guidelines to govern the registration and authentication process for EV certificates. 

    These factors combine to make EV certificates the gold standard, and the assurance they provide becomes ever more essential as the average Internet user becomes savvier and security standards rise. 

    Continuing with our analogy, EV certificates can be thought of as passports: they are internationally recognized as the most trusted way to verify a website owner’s identity.

     

     

    When to use an EV Certificate  

    We recommend using an EV if you’re looking to establish a high level of consumer trust or collecting sensitive information, which could range from login credentials to national identifiers, to credit card information. While not all browsers treat EV certificates the same way, for users, the additional visual cues can inspire trust and confidence to proceed with the transaction or activity.

     

    Looking to better market your SSL lineup?

    Our partners at DigiCert have some great resources to help you educate your customers and help them find the right fit.  Through your partnership with us, you have access to an array of brands and certificate types to help make sure you properly meet the needs of your specific customer for their specific project. You can view our SSL offering here.

     

    This post was sponsored by DigiCert, an Enom partner, and leading Certificate Authority.

     

     

    Read More

  • The Evolution of the Domain Transfer Process

    July 16, 2019

    GDPR, Industry Insight

     Like

    Views: 1260

    people exchanging keys

    ICANN’s Inter-Registrar Transfer Policy (IRTP) defines the procedures and rules for domain name transfers. When it was first introduced in 2004, the Policy was limited to inter-registrar transfers. Over the years, it has been revised by Policy Development Process (PDP) Working Groups and expanded to include governance of domain ownership transfers and a transfer dispute process. But the original rules for inter-registrar transfers remained mostly unchanged until May 2018, when the Temp Spec came into effect, modifying the process for a post-GDPR world where Whois data, which had long been the primary means of transfer verification, was no longer publicly available.

    But the Temp Spec is temporary. So what’s the long-term plan?

    The last few months have been interesting. First, we’re now in the gap between the Temp Spec’s expiration and any formal update to the Transfer Policy. ICANN’s Expedited Policy Development Process (EPDP) team has recommended continuing to use the process outlined in the Temp Spec in the interim. The EPDP team also made several recommendations as to how the Transfer Policy should be modified, which we can expect to see reflected in those updates.

    Secondly, and much to the delight of domain policy enthusiasts (we exist!), the Transfer Policy came due for review by the GNSO Council. This is a standard practice for all ICANN Consensus policies: once a policy has been in place for a number of years, ICANN Staff compiles a report on its effects, which the GNSO Council uses to decide if the policy needs to be modified. This time around, the decision is a pretty clear one—the fact that we’re still following the Temp Spec method instead of the pre-GDPR transfer process points to the need to update the Policy. The Revised Inter-Registrar Transfer Policy Status Report is almost a formality, given the circumstances, but it includes some findings and related suggestions which will hopefully spark data-driven improvements to the Transfer Policy alongside the necessary GDPR-motivated updates.

     

    Recent Transfer Policy changes

    It’s been just over a year since Enom made necessary changes to our domain transfer process, and domains are still moving into and out of our platform smoothly. The biggest difference between our pre- and post-GDPR transfer process is that we are no longer able to use a “Form of Authorization” to confirm a domain owner’s transfer request. Instead, the authcode is used to verify that the request is valid and to initiate the inbound transfer within the registry system. We also now direct all transfer-related messaging to the registrant contact, since we no longer use an administrative contact for gTLDs.

    These changes are in keeping with the Temp Spec and with what we anticipate to be the future of the Transfer Policy. They’re also aligned with the work being done by the registrar and registry joint TechOps team: developing a more streamlined, user-friendly transfer process that remains secure against domain theft.

     

    Transfer Policy Status Report

    The Report discusses the impact that the Temp Spec had on the inter-registrar transfer process, but its overall scope is broader, with a focus on three main goals that transfer-related PDP working groups have been considering since they first began exploring how to improve the transfer process in 2005:

    – Portability

    – Preventing abuse

    – Providing information1

    The related central questions are:

    – Can registrants easily transfer their domain names?

    – Are processes standardized and efficient for registrars?1

     

    Takeaways from the Report

    The Report shows ICANN Compliance has noted a steady decline in the rate of transfer-related Compliance tickets, suggesting that there are fewer overall concerns about the process, perhaps because domain owners have gained experience with it. However, ICANN’s Contractual Compliance metrics do show that transfer issues remain the second-most common reason for people to contact ICANN Compliance, following only Whois inaccuracy concerns. This suggests that there’s room for simplification and further education around the transfer process.

    Another takeaway from the Report is that there was a significant spike in inter-registrar transfers in late 2016, likely caused by registrants changing their registrar just before the new Change of Registrant (COR) process and related lock came into effect. The Report also notes that immediately following the introduction of the COR lock requirement, ICANN Compliance began to receive a significant number of complaints about it.2 This tracks with our own customer service data which indicates frustration and confusion about COR locks generally, and we will be interested to see how COR lock complaint numbers change over time.

    As acknowledged in the Report, ICANN cannot directly track abusive transfers, as such situations are not reported consistently and cannot be independently verified.

     

    ICANN’s suggestions for improvement

    ICANN provides four suggestions for how to enhance the Transfer Policy moving forward, and we have some thoughts on each of them.

    ICANN Suggestion 1: Require registrars to log when a domain owner obtains their transfer authorization code.2

    Our perspective: Logging when an authorization code is retrieved by an end-user is a great idea, although implementation would be complicated. In many domain management interfaces, this code is visible by default on the domain name details page—there is no affirmative request to retrieve the code. So for many resellers and registrars, this requirement would involve significant development work, but that work is well worth doing.

    ICANN Suggestion 2: Provide a process or options to remove the 60-day COR transfer lock to better serve registrants’ needs.2

    Our perspective: The 60-day transfer lock has indeed proven to be a nuisance to both registrars and registrants, and there is some confusion as to whether and how it may be removed after it has been applied. We welcome clarification of the requirements but expect it to be a long process including consideration of whether alternative verification safeguards would become necessary.

    ICANN Suggestion 3: Clarify the Transfer Policy section about when a transfer can be denied due to non-payment.2

    Our perspective: This change would be a useful clarification. The section of the Policy where this is laid out can be confusing and difficult to parse, so making it more straightforward should help registrars more easily understand their rights and obligations in this regard.

    ICANN Suggestion 4: Clarify if the Change of Registrant process is applicable when the real underlying contact info is updated on a domain with an active Whois Privacy service.2

    Our perspective: This has been a topic of discussion between us and ICANN for quite some time. We believe that, if the underlying ownership data on a privacy-protected domain changes, that’s a Change of Registrant. If the purpose of the COR process is to protect domain owners against hijacking, this is just as important for domains using Whois privacy as it is for those without. ICANN, however, argues that privacy-protected domains are effectively owned by the privacy service, and so COR is not applicable. We want this issue to be clarified, but at this point it’s a question of contractual interpretation, which always needs to be approached with care.

    We appreciate that ICANN’s Contractual Compliance team has provided these suggestions and, if the GNSO Council decides that the Transfer Policy needs to be updated, which certainly seems to be the case, we look forward to working with the multistakeholder community to review these and other possible changes to the Policy.

    The future of the IRTP

    We always advocate for processes that keep things simple for the registrant while maintaining a high level of security and accountability. Tucows (our parent company) staff are part of the TechOps team, participating in the group’s efforts towards streamlining the transfer process to make domain transfers easier for domain owners while maintaining security against unauthorized transfers. Our hope is that the transfer process in use today under the Temp Spec will simply be turned into official policy. After all, it’s been in effect for over a year with no demonstrable detriment to domain owners.

    Our Support metrics show that domain transfers make up a significant portion of Support interactions, with most questions focused either on ccTLDs with special processes, or general transfer status requests (“When will my transfer be complete?”). We’re working on providing more information to our customers and resellers via our Knowledge Base, which we hope will help support you through this process.

    The work that we do in the ICANN community is complex, as is its impact on registrants and resellers. It’s important to make sure the decisions we’re making are data-driven, rather than based on gut feelings that could turn out to be incorrect or only accurate for a small portion of users. This report is a great start; we’re glad to see critical review and engagement with the process and hope that the data provided in the Inter-Registrar Transfer Policy Status Report will be taken into consideration as part of future efforts towards updating the Transfer Policy.

     

    1. ICANN Org. “Revised Inter-Registrar Transfer Policy Status Report .” Icann.org, ICANN, Mar. 2019, 4.
    2. ICANN Org. “Revised Inter-Registrar Transfer Policy Status Report .” Icann.org, ICANN, Mar. 2019, 31-32.

    Read More

  • We’ve refreshed our Webmail

    June 19, 2019

    Announcement, Featured, News, Resellers, Uncategorized

     Like

    Views: 2063

    As our Custom Email service grows, we’re working to continually improve the platform while maintaining high availability.

    One essential component of our email solution is our Webmail, which is both used by Enom’s direct customers and included in the email service our reseller partners can package as part of their own lineup.

    So, we’re excited to share that we’re launching a new Webmail! Starting today, users can preview the new Webmail to get familiar with the refreshed interface before its official launch on September 5, 2019.

    What’s new?

    The new Webmail will provide a better email experience. You’ll notice improved workflows and a clean, mobile-responsive interface that makes it easier to send emails, manage contacts, organize important events, and more.

    It’s important to note that the transition to the new Webmail will NOT impact contacts lists, settings, or any other existing mailbox data. The various functionalities and features of Webmail will remain, but their look, location, and how users interact with them, will change.

    What Custom Email users need to know

    On your Webmail login screen, you’ll now find an option to “Use the Webmail Interface Preview.” Simply toggle this on and log in to use the new Webmail interface. If you have any trouble, check out our Webmail Cheat Sheet.

    Over the next few months, we encourage you to get familiar with the refreshed interface. On Sept. 5, 2019, the new Webmail will become the default experience for all users—our old Webmail will be retired.

    We’d love to hear your thoughts on the new Webmail, particularly during this “Preview” period. You’ll find a Feedback option in the sidebar menu of the new interface.

    What resellers need to know

    If you already sell Custom Email…

    The new interface offers an intuitive user experience and will NOT impact your customers’ mailbox data or your own settings or integration. That being said, there are a couple of things we recommend you do to prepare for this change:

      Update your support and marketing resources

    We’ve created a number of resources to help you out. On our Webmail Landing Page, you’ll find everything from reusable communication templates to detailed end-user guides—repurpose these materials as you see fit.

      Let your customers know about the new Webmail

    They’ll now find a “Use the Webmail Interface Preview” toggle option on their Webmail login page. Our White-Label Messaging templates can help you with your communication efforts.

      Make note of the launch timelines

    Today: your users can preview the new Webmail to get familiar with the refreshed interface.

    Sept. 5, 2019: the new Webmail will become the default experience for all users—our old Webmail will be retired.

      Let us know what you think!

    Between now and Sept. 5, our new Webmail’s official launch date, we’ll be collecting feedback to help us improve the interface. Share your thoughts

     

    If you don’t currently sell Custom Email…

    Now is a great time to add email your lineup! Custom Email has all the standard features your customers want, but it costs a lot less than other solutions on the market.

    It offers you the potential to boost revenue and customer loyalty while avoiding the resource and infrastructure costs associated with hosting your own email service. We also make migration easy.

    Want to learn more? Contact our sales team today.

    Read More

  • Top questions from domain name buyers

    May 6, 2019

    Advice, New TLDs, Uncategorized

     Like

    Views: 8094

    People searching for their domain name.

    Guest Author: Alisha Shibli.


    Alisha is a Content Marketing Specialist at Radix, the registry behind some of the most successful new domain extensions, including .STORE and .TECH.

    Please note: The views expressed in this piece are the author’s own and do not necessarily represent those of Enom.


    When it comes to registering a domain name, it’s easy to get overwhelmed. After all, when you’re building a business or starting an online venture, you want to ensure that all factors are working to your advantage. The process of choosing the right domain name is a lot less daunting when you know the basics. So today, we’re tackling some of the most common questions asked by domain name buyers. The information here will also be handy for resellers looking to educate their customers.

    1. What is a domain name and how is it different from a website?

    Websites and domain names are closely related, but they’re two different things. You can think of your website as your house and your domain name as its address. In order for someone to access your website, they need to know its domain name.

    Every domain name has two basic parts: the “top-level domain” (TLD) and the “second-level domain.” For example, in the domain name [yourbrandname].tech, “.TECH” is the TLD and “yourbrandname” is your second-level domain. Together, these form a complete domain name.

    Your domain name will usually include your brand name or the name of a particular sector or product that you’re promoting. When choosing a domain name, you’ll realize there are now numerous TLDs available such as .STORE, .PRESS, .SPACE, .ONLINE, .WEBSITE, .SITE, etc. So, make sure you choose whichever brands your business best.

    2. What should I consider when buying a domain name?

    What some businesses don’t realize is that choosing a domain name is one of the most important decisions they make when establishing their online presence. The domain name is more than just a glorified IP address. It is important for search engines and for customers. Moreover, it is an incredible branding tool, which is why it is crucial to choose a name that adds value to your business and will help you stay relevant even a decade later.

    Here are a few factors to keep in mind when choosing a domain name for your business:

    • Buy domain names that are easy to spell and remember. Avoid using misspelled words. A unique spelling may seem creative, but such domain names fail to be radio friendly—a very important factor in the voice search era.
    • Keep your domain name as short as possible. Anything more than 18 characters is too long. For example, [healthysnack].store is a better domain name than [healthysnacks-store].com.
    • Avoid using hyphens and numbers in your domain name. They are just extra characters for your customers to remember. A user might forget to add the hyphen or get confused between the numerical “6” and the word “six”.
    • Make sure to do your homework and check global databases to ensure that your domain name isn’t trademarked or copyrighted. This will help if you plan to expand your business to other countries in the future.
    • Consider leveraging new, descriptive TLDs to brand your business and act as a home for different marketing and sales endeavors. For example, Emirates has emirates.com as its commercial website and emirates.store as its online merchandise store.  

    3. If I have multiple domain names, how can I use them together?

    You don’t just have to stick to one domain name! Using multiple TLDs in interesting ways can create memorable customer interactions with your brand, or, perhaps, promote your personal side-project alongside your primary business. Here are some of the many ways one can make use of new domain names:

    • Primary Domain: Use a domain name to create an online identity for your business. For example, louder.online or stronger.tech
    • Professional Email ID: Use a domain name to make a strong first impression with a unique email id. For example, [firstname]@[brand].online.
    • Branded URL Shortener: Use a domain name to enhance brand visibility and build trust with every link that you share online. For example, [yourbrandname].tech/contest looks more official than “https://bit.ly/2taRHVV”.
    • Domain Redirect: Use a domain name to make an important inner page easily accessible by creating a deep-link. For example, kindle.store redirects to Amazon’s Kindle store.
    • Product Launches: Use a domain name to attract customers to your new product, store upgrades or seasonal promotions. For example, if you are introducing a new car and want to position it as a “fun” car, you can launch it on [carname].fun.
    • Personal Brand: Use a domain name to build an attractive online persona for yourself. For example, terrene.space is the portfolio website of a freelance photographer, writer, graphic designer & illustrator, Ana Petre.
    • Vanity: Use a new domain name to share your social media profile. For example, [yourname].tech could forward to one of your social media profiles.
    • Blog / Press Page: Use a domain name to make your brand gain visibility online with a [brandname].press. For example, cars.mclaren.press is McLaren’s official media site.

    4. How can I decide between a ccTLD, geoTLD, gTLD, or nTLD?

    Let’s first clarify the difference between these terms.

    Generic top-level domains (gTLD) are, as their name suggests, generic. They have a broad application based on the purpose of the website. For example, .COM (commercial), .ORG (organization), .NET (networks), .EDU (education), etc.

    Country code top-level domains (ccTLD) are regulated by a specific country and are best used to target customers within that country. Some examples include. US, .CA (Canada).TR (Turkey) .IN (India), .CO.UK, .AE (UAE), .DE (Germany), .FR (France), etc.

    GeoTLDs are similar, but they are tied to a specific region, rather than a country. City extension like .NYC or .LONDON as well as options like .AFRICA and .ASIA exist.

    New generic top-level domains (nTLD), which are sometimes just referred to as “new TLDs”  are recently launched generic domain extensions.

    They tend to be more industry- or product-specific, so their adoption has the potential to make the Internet more organized and business-friendly. Some other examples of nTLDs include .STORE for eCommerce and retail, .TECH for technology, .FUN for leisure, .PRESS for media and news.

    Plus, there are many with universal appeal, like .ONLINE, .SITE, etc. In fact,  .ONLINE and .SITE have become so popular that over 1 million domain names have been registered on each of these extensions so far. And these nTLDs are still relatively new, you are likely to find that your perfect domain name is available on one of them!

    In summary

    When it comes to choosing the right domain extension for your domain name, you need to look at the nature and purpose of your business. For example, if you have a tech business, then a .TECH domain would be an ideal choice.

    With the information above, you are well-equipped to make an informed choice. Get started with a search for your perfect domain name.

    Read More

  • Updates from ICANN64 – Kobe, Japan

    April 8, 2019

    Industry Insight, News

     Like

    Views: 2532

    A small delegation from Tucows attended ICANN64 in Kobe, Japan, and we want to share a few quick highlights about the progress made in some key areas.

    RDAP Working Group

    RDAP, everyone’s favorite new registration data access protocol, is now in the implementation phase. This means that registrars and registries must implement RDAP according to the documented profile requirements by August 26, 2019.

    As we’ve mentioned before, Tucows has already implemented the original version, so we’re now reviewing the final profile to understand what minor updates are needed. The RDAP Working Group recognizes that the current profile is based on the Temp Spec and will need to be modified to align with the policy coming out of the EPDP. As members of the RDAP Working Group, we’ll be participating in that process and making sure we’re on top of any further changes.

    Access to Whois Registration Data

    ICANN’s Technical Study Group on Access to Registration Data, which we’ll refer to as the “TSG,” met with several different groups during ICANN64 to present information about their work and answer questions from the community.

    Leading up to the conference, they were focused on developing a “straw man” technical model that uses RDAP to operationalize the EPDP’s upcoming “Standard Access” (Phase 2) Model. The TSG team members confirmed that they do not plan to build the system they are designing; instead, the objective was to create a Model that can be presented to the European Data Protection Board (EDPB) for review and feedback.

    ICANN CEO Göran Marby’s idea seems to be that if the EDPB signs off on this Model, registrars and registries could follow it when providing Personal Data to ICANN for disclosure to third parties, and this would bring a reasonable expectation of “diminished liability.” However, many of us are concerned that the EDPB will not be able to base any decision off the TSG’s Model — they would most likely also require the accompanying Policy. This policy does not exist yet — it will come out of the EPDP Phase 2 work — and until it does, any request to have the EDPB review the Model is premature and ineffective.

    Additionally, as we were reminded by Cathrin Bauer-Bulst from the European Commission, any statement by the EDPB that the Model is acceptable could easily be retracted in the future; it’s not a guarantee of legality. The TSG team has a face-to-face meeting planned for mid-April to finalize their report, after which it will be handed back to ICANN’s CEO.

    Phase 2 of the EPDP & next steps for the IRT

    The EPDP team met four times over the course of the ICANN64 conference, primarily focusing on planning for Phase 2 of their work: the creation of a Standard Access Model for disclosure of non-public registration data.

    There was also discussion about convening an Implementation Review Team to bring the Phase 1 recommendations into reality and how to bridge the Implementation Gap period between when the Temp Spec expires (May 25 2019) and when the EPDP recommendations become mandatory policy (February 29 2020).

    The team is still looking for a new Chair, as Kurt Pritz stepped down following the end of Phase 1. His admirable leadership and calm in the face of contentious issues will be difficult to replace. In the coming days, the EPDP team will continue to work with ICANN leadership to determine exactly how to proceed with these next steps. The Tucows team will be an active voice in that discussion, and we will keep our resellers up-to-date as things develop.

    Read More

« Previous 1 2 3 … 19 Next »

FEATURED POSTS

  • Our Ongoing Commitment to Combatting DNS Abuse

    October 18, 2019

  • We’ve refreshed our Webmail

    June 19, 2019

  • Colleagues review ICANN's temporary specification requirements.

    What Domain Resellers Should Know About ICANN’s Temporary Specification

    September 18, 2018

  • keys on surface.

    Enom’s Tiered Access Directory (gated Whois)

    June 19, 2018

CATEGORIES

  • Advice
  • Announcement
  • Developers
  • DNS
  • Featured
  • Fun
  • GDPR
  • Industry Insight
  • New TLDs
  • News
  • Premium Domains
  • Promotion
  • Resellers
  • Roadmap
  • SSL
  • Uncategorized
  • WTB

ARCHIVES

  • December 2019
  • November 2019
  • October 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • September 2018
  • August 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • January 2016
  • December 2015
  • November 2013
Support
Report Abuse
Help Center
Contact Us

 Resources
WHOIS Lookup
Maintenance Alerts
Developers
Products & Services
Domain Name Search
Premium Domains
Web Hosting
SSL Certificates
Website Builder
Basic Email
Bulk Tools

© 2020 Enom Blog |