I am a publisher located in Europe and my life's work is all in one .com domain. I often wonder how secure the ownership of a domain is and if there are any steps necessary to secure it. My registrar requires a signed document to transfer domains. By post or scanned. But how secure is that? How would they know if I sent the document or somebody else?
And what if somebody hacked the registrar? Are there global mechanisms to undo wrongful domain transfers?
> located in Europe and my life's work is all in one .com domain.
As a non-US citizen you should definitely move to another TLD entirely. US asserts jurisdiction over .com/.net/.org and has been known to seize such domains at will even if they have no ties to the US. You would have little recourse without great difficulty.
As a non-US person myself I will therefore personally never hold such a domain.
National TLD's would be a good choice but there's also .eu which I reckon would also be a safe choice. They also do not publish WHOIS information for privately held domains.
People rarely consider this when purchasing domains (which jurisdiction they fall under) but it's an important issue in my opinion.
The CloudFlare Registrar would auto-renew your domain a year in advance, aggressively lock it and prevent transfer, and allow you to require multiple people in your organisation to approve significant changes.
Any registrar that is selling you a domain for $10 per year is making such razor thin margins that they cannot do more than the minimum and rarely enforce doing that with diligence.
I was rather pleased that one of my domains ultimately is managed by an arcane human process involving actually dealing with a bureaucracy... this slows everything down so much that it's hard to achieve anything at all. It was entirely accidental, the domain has a .sm TLD and that municipality is tiny.
What CloudFlare are effectively doing is using a highly bureaucratic and formal process to ensure the domains are safe and secure, to mitigate the risks involved. That your organisation can shape the policy you want is also a benefit, you can ensure only the real decision makers get to authorise changes.
And what if somebody hacked the registrar? Are there global mechanisms to undo wrongful domain transfers?