Important changes
Changes which are important and in particular ones which are potentially service affecting need to be requested via a method which is both secure (to protect the customer) and also has an audit of the request (to cover us).

Obviously important requests can't be made via the telephone or email as neither of these methods ensures that it is the account holder/customer who is making the request as an incoming telephone call could be initiated by anyone and does not have an audit of the request and an email is easy to spoof/recreate (and often has a less secure password than an admin panel).

However there are other methods which can be used which are easy/quick to do and also secure.

1. Online Admin Panels
Most settings can be changed or updated via your online admin panel as this is performed over SSL and also requires your user/password to access it.

For example if you need to order or cancel either a service/product or domain name this can all be done from your admin panel.

To assist you with using our online admin panels we have a comprehensive list of tutorials available which are organised into sections for example the Billing Panel tutorials section includes tutorials such as Ordering a new Service / Product, Canceling a Service / Product, ordering a new domain name and also to cancel the renewal of a domain name and many more.

However there are some things that are very important and still need to be performed via the Manual Request Method which uses two factors of authentication. For example changing domain contact or registrant details or releasing domains to other providers or changing DNS settings.

NB: Anything which can be done via your admin panel can also be requested using the Manual Request method so if you lose your admin login details and you are not able to recover them using the lost password function of the admin panels you still have a back up method of making the request.

2. Manual Request Method.
In order to protect our customers (and also cover us) some types of request need to be made in writing and also need to be signed by the domain/account owner or a principle of the business.

Note that this is not the only aspect of the process as we also have to ensure that the signed request is not spoofed (ie we will check the source of the request). However from the customer point of view once you do this we can handle the request and will let you know if anything further is required.

As a result of these processes we have never processed a fraudulent request (We have had in excess of five attempts to date). The other reason for this is that it also covers ourselves.

As an example a past customer (now back with us) lost their domain* as a result of moving to an automated registrar. They then contacted us to advise us that they would be pursuing us for damages....until we supplied the signed and verified request regarding the domain transfer to another provider from their MD.

* Fortunately as it was a .co.uk we were able to assist them in recovering it.

Examples:
1. Changing domain contact or registrant details or releasing domains to other providers.
2. Updating name servers (if the DNS manager has not been enabled).
3. Changing security settings on web site folders.
4. Changing authorized contacts for a company.
5. Reboot requests and Firewall changes (dedicated/colo customers only).

Requests need to be made via facsimile or letter and need to be dated and signed by the domain owner or company principle*.

The request should be on headed paper (if applicable) and include all the relevant details of the request.

For example, requests relating to a domain name should include the domain name(s) in question and full details of the change or request applicable.

Emails cannot be used for this type of request as they are extremely easy to spoof and it is impossible to verify who sent them.

Although this means an extra process a less secure process may result in permanent loss of your site/domain so we trust you understand that this is as much for your own protection as it is to cover ourselves.

* For Limited Liability companies or Publicly listed organizations this should be a director and for partnerships a majority of the partners.

If you are unsure of the best method or require more information on why secure requests are needed, please do not hesitate to contact us.