Few things in a small business’s technology setup are as easy to overlook and as consequential when something goes wrong as the domain name.
Your domain — yourcompany.com, or whatever it is — is the foundation of everything online. Your website lives there. Your email comes from it. It appears on your business cards, your invoices, your signage, your Google listing. And yet most small businesses have only the vaguest idea of where it’s registered, when it expires, who has access to the account, or what would happen if they lost it.
What Can Go Wrong With a Domain
Expiry. Domains must be renewed, typically annually. If the renewal is missed — because the reminder goes to an old email address, because the credit card on file has expired, because whoever set it up has left the business — the domain lapses. Within days, your website is down and your email stops working. Within weeks, domain squatters or speculators may have registered it, and getting it back can be expensive or impossible.
Account compromise. The registrar account that controls your domain is a target. If that account’s email or password is compromised, an attacker can transfer your domain to another registrar, redirect your DNS, and take control of your website and email traffic. Domain hijacking of this kind has affected businesses of all sizes.
DNS misconfiguration. Your DNS (Domain Name System) settings control where your domain points — which server handles your website, which handles your email. A misconfiguration here can take down email delivery, break website access, or redirect traffic to unintended destinations. DNS changes take time to propagate and errors can be difficult to diagnose.
Phishing via your domain. Attackers can send email appearing to come from your domain by exploiting missing or misconfigured email authentication records (DMARC, SPF, DKIM). This is used to impersonate your business in phishing campaigns targeting your customers — and the damage is to your reputation even though you’re the victim.
Domain Security Best Practice
Know where your domain is registered and when it expires. This sounds basic, but many businesses discover during a crisis that nobody currently employed knows the answer. Check. Write it down. Put the expiry date in a recurring calendar reminder.
Enable auto-renewal with an up-to-date payment method. Most registrars offer auto-renewal. Enable it, and keep the payment method current. Then still track the expiry date as a belt-and-braces measure.
Secure the registrar account. The account that controls your domain should have a strong, unique password and MFA enabled. The email address associated with it should be one that still works and is actively monitored.
Enable registry lock. Many registrars offer a “domain lock” or “transfer lock” — a setting that prevents unauthorised transfer of the domain to another registrar. Enable this. It adds a layer of protection against domain hijacking.
Configure email authentication records. SPF, DKIM, and DMARC are DNS records that tell receiving mail servers how to handle email claiming to come from your domain. Properly configured, they prevent attackers from spoofing your domain in phishing campaigns. Most small business domains are either missing these records or have them misconfigured.
Use a single, documented DNS management point. Avoid having DNS settings split across multiple providers or accounts. One clear, documented point of control with appropriate access management is significantly easier to manage and audit.
Document ownership. If a key person in your business holds the registrar account in their personal name and leaves, recovering ownership can require legal intervention. Register domains in the business name, or ensure ownership documentation is clear.
The Email Deliverability Connection
Email authentication matters beyond security. Google and Microsoft have tightened email deliverability requirements in 2024 and 2025. Domains without proper SPF, DKIM, and DMARC records are increasingly likely to have their email treated as spam — or rejected entirely — by major email providers.
If your business email regularly ends up in recipients’ spam folders, misconfigured or missing email authentication records are one of the most common causes.
What W3IT Checks
Domain and DNS configuration is part of W3IT’s standard security and infrastructure review. We verify that:
- Domain expiry is known and auto-renewal is configured
- Registrar account access is appropriately secured
- Email authentication records (SPF, DKIM, DMARC) are present and correctly configured
- DNS settings are documented and under clear management
It’s one of those areas where a small amount of attention prevents a significant amount of potential disruption. If you haven’t reviewed your domain setup in the past year, it’s worth doing.