Go to who.is
Yes… literally who.is is a website where you can find out where domains are registered. It’s the public library of the internet. Domains are not owned but leased from “the registry”
Look up the domain registration contact info
There’s a search bar on the who.is site. Use it! Search your domain.
Find the registrar and any relevant details
The “registrar” is the middle-man between you and registry. They help process the paperwork and keep things updated. The common consumer can’t just make requests to “the registry”.
There are many organizations/businesses that can help facilitate your domain registration. We want to make sure that we are contacting the correct entity for managing this registration.
Now that you know the primary organization for the domain registration; we want to check if there’s a reseller or separate vendor involved with the account.
Look up the source registrar’s WhoIs to check the type of account.
Whois.registrar.ext
The Godaddy/wildwest/secureserver/domains by proxy lookup is: whois.godaddy.com
Check to see if there’s a reseller line; if there is then this might be the storefront your account lives on. Search any relevant emails for that specific reseller ID.
If you find any emails with that storefront and account info; you now have more details to work with on who to contact or how to log into the account.
Attempt to get access to the account
Call the vendor of the domain registration (registrar).
Ask them to send any “customer number” or “password reset” emails associated with the account linked to this domain. They won’t be able to tell you any relevant details; but we just need a confident notification path for the email on file. We could guess… or we can just have the vendor send an email directly.
Once the registrar vendor has been contacted and you’ve requested customer number and password reset notifications… we check everywhere any anywhere for these emails.
See if anyone got any emails with a customer number or password reset. If they did then you have the details you need to log in at the account login page. Be mindful of which portal you try and log into, some of these storefront URLs are specific. The email with your customer number or password reset should have links to the storefront you should interact with.
If you can’t find these emails internally… This is when you should reach out to any previous admin or web dev to see if they got an email or text associated to this account you’re trying to access. This is where you search high and low; old and new to check what email might be connected to the account.
AS WITH ALL THINGS ONLINE INVOLVING ACCOUNTS AND SECURITY… PLEASE CHECK ALL LINKS AND MAKE SURE YOU’RE CONFIDENT WITH THE URL BEFORE YOU CLICK OR ENTER ANY CREDENTIALS. DO NOT GET CONFUSED AND INADVERTENTLY SEND CREDENTIALS TO SOME RANDOM EMAIL YOU THINK MIGHT BE RELEVANT. DOUBLE CHECK EVERYTHING.
If no one got any emails or texts or notifications when you contacted the registrar; or if you know that the email is no longer active or live then you’ll need to attempt some form of account update.
Most vendors have a form to fill out for account access or domain reclamation.
The GoDaddy one is at changeupdate.com
Registrar Account Management Options:
2FA Remove: This is a different version of the “email update” process but this will remove the 2FA on the account. THE NAME ON THE ACCOUNT MUST MATCH THE NAME ON THE ID. If it doesn’t then don’t waste your time.
Email Update: This will update the email on file for the account. You must submit a government issue ID. THE NAME ON THE ID MUST MATCH THE NAME ON THE ACCOUNT. If it doesn’t then this won’t work. Don’t even waste your time.
Domain Reclaim: This is the hardest to have success with because this is the most scrutinized process. It’s the most heavy handed because it means the domain will be moved from one account into another. You still have to submit an ID; but you also need to submit ANY other supporting documentation you have.
- What connects the person on the ID to the company/organization/entity? Are there additional documents that tie them to the company? Articles of incorporation? Bills with their name directly on it? Official government documents? (They don’t care about a business card or your picture on a website; this must be in print on something with a papertrail.)
- What connects the Person on the ID and the entity they are connected to… the domain? Are there payments made to the web dev for the registration? Is there communication about the web dev intending to send the domain to you directly? Did money change hands? Are there receipts? Can you connect the dots?
As you can see… getting into the account directly through an existing connection or communication path is most ideal. Getting your email admins to activate a catch-all inbox for your domain or going through old credentials are reasonable steps to making sure you’ve done your due diligence.
This is not on your registrar to give you access if your name isn’t on any of your stuff… Then it’s not your stuff. This emphasizes the importance of managing your own account and making sure you control access to your products and renewals.
If you are unable to access the account then… the domain may not be “yours” on paper. This is unfortunate but there are guidelines for companies online and access policies.