Feb 10, 2021 - by Staff Writer
To gain a deeper understanding of corporate domain name management across the world’s largest companies, we recently completed an in-depth analysis of the Global 2000. The Global 2000* is an annual ranking of the top 2,000 public companies in the world by Forbes magazine. The ranking is based on a mix of four metrics: sales, proﬁt, assets and market value.** We leveraged our own Brandsight technology to conduct our analysis – and the results were surprising.
We began our analysis by looking at domain name portfolios belonging to the 50 largest Global 2000 companies to identify how many of the domains contained within those portfolios actually resolved to live content. Our analysis revealed that only 28% of these domains actually resolve to live content. Ideally, companies should strive for 90% resolving, with only 10% of a portfolio not resolving. If a domain name is worth renewing, then it should be forwarding to live, relevant content. Exceptions for the 10% may include derogatory terms, or adult-themed domains.
We also analyzed the main corporate domains of the Global 2000 and identified that only 17% had implemented Registry Locking. Registry Locking should be deployed for all core domains and any others that are critical to business operations. This includes production websites, email, internal applications, websites used for channel partners and resellers. While Registry Locking does require some additional time to make updates to domains, it is well worth the investment to create this additional layer of security. Registry Locking guards against inadvertent or unauthorized updates to valuable domains.
In our analysis, we uncovered that only 3.5% of the Global 2000 corporate websites had implemented DNSSEC. DNSSEC protects against cache-poisoning and man-in-the-middle attacks. Companies that are collecting credential information should seriously consider implementing DNSSEC. We also identified that 14% of the corporate websites of the Global 2000 suffered from DNS conﬁguration issues resulting from lame delegation. Lame delegation can cause delays in DNS resolution.
Unsurprisingly, 90% of corporate website domains are configured to receive email, and 84% are leveraging SPF (Sender Policy Framework). SPF enables owners to specify which servers are authorized to send mail. Fifty percent of these domains were also leveraging DMARC (Domain-based Message Authentication, Reporting and Conformance). DMARC provides protection against email spooﬁng.
Our analysis uncovered that just over 60% of root domains are properly secured with an SSL, and 84% of corporate websites leveraging www as a host are properly secured with an SSL. While one would expect these numbers to be higher, more concerning is the mismatch between what is secured for the root as opposed to what is secured for the www.
Using our own very own technology to uncover these issues, we’ll continue to monitor the corporate websites of the Global 2000. It will be interesting to see how these domains evolve over time, and we look forward to sharing our findings with you.
The information contained in this blog is provided for general informational purposes about domains. It is not specific advice tailored to your situation and should not be treated as such.
*Data obtained from Forbes Global 2000: https://www.forbes.com/global2000
Recent posts from Staff Writer