Manager Controls Your Domain And Loses It - Traps & Scams Every Musician Must Avoid

Imagine your band is about to announce a headline show and your site returns a parking page that says buy this domain. Your email bounces. Your mailing list evaporates. Your manager answers the phone with a sleepy voice and says I thought it was all on auto renew. That is a professional nightmare that happens more than you think. This guide will show you how managers end up controlling artist domains and how those domains get lost, stolen, or ransomed. You will learn the traps, the scams, the legal terms explained in plain language, and a practical checklist to protect yourself today.

Everything below is written for artists who want to keep their careers in their hands. We will use real life situations that feel like your group chat. We will explain every acronym and term so you can talk to techies and lawyers without sounding confused. We will give you contract language you can copy. We will show how to recover a domain if it goes missing. We will also give you a no nonsense action plan to lock things down right now.

Why Your Domain Matters More Than You Think

Your domain is not just a website address. It is the backbone of your online identity. It powers your email addresses, it ties into social verification on platforms like Instagram and YouTube, and it routes traffic that converts casual listeners into fans. Lose control of your domain and you lose the inbox that your booking agent, promoter, and fan club use to contact you. If that sounds dramatic, remember that tour offers, sync opportunities, and legal notices often land in email first. Having no access to those messages is like playing Russian roulette with your career.

Three Real Life Horror Stories

Scenario One: The Friendly Manager Who Registers The Domain

A rising indie artist hires a manager to handle the boring admin. The manager, trying to be helpful, registers the domain using their own email and payment method. Six months later the manager ghosts. The domain expires. A domain squatter purchases it and posts a buy this site page. The artist cannot get email for press, and the tour agent cannot confirm dates. The artist pays ransom to get it back or starts from scratch with a different name and loses streaming verification.

Scenario Two: The Renewal Invoice That Is A Trap

A manager receives what looks like a renewal invoice from a registrar. They click the link, fill out payment details, and the site is a convincing fake. The scammer now has login details. The attacker transfers the domain out and changes DNS records. The artist wakes up to bounced emails and a blank website. The registrar requires proof of ownership and a long fight follows.

Scenario Three: The Social Engineering Phone Call

A promoter calls and says the artist needs a login transfer urgently for a festival. The manager, under pressure, gives the auth code or approval over the phone. Without a transfer lock and with the auth code in hand, the recipient initiates a domain transfer. The transfer completes and the manager realizes too late. The artist faces legal expense to reverse the move and loses momentum while things get sorted.

Who Actually Owns Your Domain

Domains are registered through companies called registrars. Each domain has a registrant, an administrative contact, and a technical contact. Registrant means the legal owner of the domain. Administrative contact is the person who can approve transfers and change key details. Technical contact manages settings like DNS. The safest configuration is the registrant and administrative contact being the artist or the artist company. When a manager controls those details instead, the artist has less legal control and more friction to recover things.

WHOIS, pronounced as wee ize, is a public directory that shows who is listed as the registrant and the contact emails. Some registrars offer privacy protection which hides those details but does not remove the underlying ownership. ICANN is the Internet Corporation for Assigned Names and Numbers. That is the global body that sets domain rules. UDRP stands for Uniform Domain Name Dispute Resolution Policy. That is a common process used to challenge cybersquatting if someone registers a domain in bad faith that matches your trademark or brand. We will break that down later.

Common Traps And Scams Explained

Manager Registers Domain In Their Name

This is the most common trap. It looks convenient. It lets the manager be helpful and get things done fast. It is convenient until the manager changes jobs, argues with you, or decides to monetize the asset. The fix is simple. Domains must be registered to the artist or a company the artist owns. If the manager is helping, they can be given administrative access without being the registrant.

Fake Renewal And Fake Registrar Scams

Scammers send invoices that mimic registrars. The link in the invoice leads to a fake login where credentials are captured. If you pay, your card is charged and your account can be compromised. Always go to your registrar directly by typing the address you know, not by clicking links. Use bookmarks for your registrar login.

Auth Code Theft And Transfer Trickery

To transfer a domain between registrars you usually need an auth code also called an EPP code. If a shady manager emails or texts that code to a third party the domain can move. Transfer locks exist and you should enable them. Do not send auth codes without a signed agreement and a clear reason.

Domain Expiry Auctions And Backorders

If a domain expires it may be available for purchase at auction. Domain auction houses and backorder services compete for expired names. A squatter can buy your expired domain for relatively little and then demand a ransom to return it. Auto renewal is cheap insurance. Register your domain for multiple years and enable auto renewal on a payment method the artist controls.

Email Compromise And Password Resets

Your registrar account recovery is often tied to an email address. If the manager controls that email, they can initiate password resets across every service tied to your domain. Do not let control of your registrar account rest with an email address you do not own. Create a dedicated recovery email that only you control and protect it with multi factor authentication or MFA. MFA means using more than one way to confirm identity usually a password and a phone or an authenticator app.

Typosquatting And Traffic Hijacking

Scammers register lookalike domains that are one letter off. They then buy ads or set up phishing pages to trick fans and business contacts. That can lead to lost clicks and data leaks. Register obvious misspellings of your domain and buy common top level domains like .com .net and the country specific versions relevant to you. If this sounds like overkill, remember that a single viral post can send tens of thousands of visits to the wrong page in hours.

Key Terms You Must Know

• Registrar. A company you pay to register a domain name. Examples include GoDaddy, Namecheap, and Google Domains. They manage the records and renewals.
• Registry. The organization that runs the top level domain like .com or .music. A registry is different from a registrar.
• WHOIS. The directory that shows registrant and contact information unless privacy protection is used.
• Auth code. Also called EPP code. A password needed to transfer a domain to another registrar.
• Transfer lock. A setting that prevents a domain transfer without manual unlock from the registrar account holder.
• MFA. Multi factor authentication. A security layer that requires more than a password to log in. Common options are text messages and authenticator apps.
• UDRP. Uniform Domain Name Dispute Resolution Policy. A faster alternative to court that deals with trademark style disputes for domains.
• DNS. Domain Name System. The system that tells the internet where your website and email live. Changing DNS can break email and site access.

Every one of these terms matters because they are the levers used to control your online identity. Learn them like you learn a new chord progression.

What A Safe Ownership Setup Looks Like

Artist or artist's company should be listed as the registrant. Administrative contact can be the artist, an in house label, or a lawyer. Manager can be a technical contact if they are truly handling day to day updates. Make sure the email on record for the registrar account is an email address that the artist controls and that email has MFA. Payment methods for auto renewal should be on a card that the artist or their company owns. Grant the manager explicit access with a password manager or a shared credential system that allows for revocation. This is the internet version of giving someone a copy of a key rather than transferring the deed to your house.

Contract Clauses To Protect Your Domain

Put these ideas into the management agreement. You do not need to sound like a lawyer. Use clear language that a human can read in a hurry.

Sample Clause 1: Registrant Ownership

The artist will be listed as the registrant of all domain names related to the artist's trade name and brands. The manager agrees not to register, transfer, pledge, or encumber said domain names in the manager's name without the artist's prior written consent.

Sample Clause 2: Access And Credentials

Manager will be provided administrative access only with credentials stored in a mutually agreed password manager. Manager shall not change registrant contact information without written approval. Artist reserves the right to revoke access at any time upon written notice.

Sample Clause 3: Renewal And Payment

Artist will maintain payment methods for domain renewals. Manager will notify the artist at least 60 days prior to any domain expiration. If manager pays renewal on behalf of the artist such payment will be recorded and reimbursed within 30 days of invoice.

Sample Clause 4: Transfer Requests

Any transfer of domain ownership requires a signed transfer authorization from the artist and will be handled using an escrow service acceptable to the artist. Auth codes will not be provided to third parties without a signed agreement.

Sample Clause 5: Breach And Remedies

If manager acts in bad faith with respect to the domain the manager agrees to immediate return of control and will be liable for costs to recover the domain including legal fees and any purchase costs required to reacquire the domain.

You can copy these clauses into an email to your manager and ask them to initial each one. That is better than nothing.

How To Secure Your Domain Right Now

This is a fast action checklist you can use tonight before you sleep. It is practical. It is mean as hell. It works.

1. Check WHOIS. Type your domain into a WHOIS lookup tool. Confirm who is listed as the registrant and the admin contact.
2. Confirm registrant email. If the email is not one you control, get it changed immediately.
3. Enable MFA on the registrar account. Use an authenticator app. Do not rely on SMS only.
4. Enable transfer lock. It is sometimes called registrar lock. Turn it on.
5. Set auto renewal and put the payment on a card you control or on a company card.
6. Back up DNS records. Export your DNS zone file from the registrar or hosting provider and store it in your password manager or cloud drive.
7. Get a copy of the auth code and store it in an encrypted password manager. Do not email it.
8. Register common misspellings and relevant top level domains. This prevents typosquatters from hijacking your traffic.
9. If the manager currently controls things, insist on an access audit. Get a list of accounts like registrar, hosting, email provider, and the passwords or password manager access documented.
10. Set up a legal hold. Ask your manager to sign a short confirmation that they will not transfer or change registrant details without written notice. Save that email.

If Your Domain Is Already Gone

Recovering a domain can be straightforward or messy. It depends on how it was transferred and who holds it now. Here are the steps to try in order.

1. Log into your registrar account and look for transfer history. If you can still access it there is a chance to reverse the transfer or cancel it.
2. Contact the current registrar where the domain now sits. Ask for their abuse or support team. Provide proof of identity and ownership. Be ready to upload ID and invoices that show use of the domain such as hosting bills, screenshots of email with the domain, and publishing dates.
3. If the domain was transferred in bad faith or registered by a third party to profit from your brand, file a UDRP complaint. UDRP is faster and less expensive than litigation. It requires proving three things. The domain is identical or confusingly similar to your trademark. The new owner has no rights or legitimate interest in the domain. The domain was registered and used in bad faith.
4. If the domain was merely expired due to negligence, negotiate a buy back or use a marketplace. Sometimes the squatter will sell it back cheaply compared to legal costs. Document everything.
5. Contact your lawyer. A trademark lawyer who understands domain disputes can advise whether arbitration, court filing, or a transfer request to ICANN is the best option.
6. Lock down related accounts. Change passwords on any email, social media, streaming service, and payment account that used the compromised email address or domain.
7. If you believe the manager acted fraudulently gather communications, contracts, invoices, and bank records. This helps if you need to file a police report or pursue civil remedies.

How UDRP Works In Plain Language

UDRP is a fast track arbitration for domain disputes. You file a complaint through one of the providers like the World Intellectual Property Organization or WIPO. The complaint needs evidence that the domain is confusingly similar to your trademark, that the current owner has no legitimate interest, and that the owner registered or used the domain in bad faith. Decisions can transfer the domain back or cancel it. Costs vary but are usually far lower than a court case. UDRP is useful if someone intentionally registers your band name to extort you. It is less useful if your domain was legitimately sold at auction or if you never trademarked your name and the registrant can show legitimate use.

How To Use A Password Manager And Shared Credentials Safely

Give access. Do not hand ownership. Use a password manager that supports shared folders. Put registrar credentials in a shared folder that the manager can access. Keep the master account and recovery email under your control. When the working relationship ends, remove the manager from the shared folder. That revokes access without you flipping through old paper notes. Use apps like 1Password or Bitwarden. They let you audit access and force revoke instantly.

What About Using A Lawyer Or Escrow For Transfers

When selling or transferring a domain use an escrow service. Escrow holds money until control is confirmed. Many registrars offer domain escrow. Escrow prevents scams where the buyer pays and the seller ghosts. If you are transferring ownership mid management use an attorney to hold the auth code and confirm the transfer with a legal letter. That costs money but is worth it for high value names.

How Domain Loss Affects Music Business Systems

Domains connect to email and to streaming platforms. Losing control can interrupt the ability to verify your artist profile on platforms. Verification often relies on email or on DNS records. Losing the domain can make it harder to claim official profiles. Distribution accounts like DistroKid and CD Baby are tied to email addresses for password resets. If your email is a domain account and that domain goes away you will have a much harder time accessing your distributor. That can delay releases and roy alty payments. Protect the email and the registrar like you protect your master recordings.

Signs Your Manager Might Be Heading Toward A Problem

• Manager insists the domain or account remain in their personal name for convenience.
• Manager refuses to put credentials in a password manager or refuses to give a list of accounts they control.
• Manager delays renewing domains or invoices citing confusion or lost cards repeatedly.
• Manager resists signing a simple clause that the registrant remains the artist.
• Manager pressures you to approve transfers quickly and without written paperwork.

If you see one of these signs, lock things down now. Do not wait until a deadline.

Practical Email Templates You Can Use

Template To Request Registrant Change

Subject line: Request to update registrant details for domain name

Hi [Manager Name],

I need the registrant and admin contact for [yourdomain.com] updated to my legal name or to my company [company name] by [date]. Please confirm that you will make this change and provide a screenshot of the updated WHOIS record once complete. If you need assistance I can share the steps with you or we can do it together in a call. Thanks.

Template For Registrar Support If Domain Is Missing

Subject line: Urgent help needed for domain recovery [yourdomain.com]

Hi Support,

I am the artist and original owner of [yourdomain.com]. My domain appears to be owned by [current registrant]. I can provide invoices, screenshots of my email address using the domain, social media verification, and a contract showing continuous use since [year]. Please advise the process to recover or lock this domain while we resolve ownership. My contact is [phone] and email is [recovery email].

Recommended Registrars And Tools

Use registrars with good reputations for support and security. Examples include Google Domains, Namecheap, and Gandi. Choose one that supports MFA, privacy options, and exportable DNS records. Tools to bookmark now include WHOIS lookup, ICANN WHOIS, and a reliable password manager. Consider using a domain monitoring service that alerts you if WHOIS details change or if the registration status updates.

Action Plan You Can Use Today

1. Check WHOIS and confirm registrant. If you are not listed start the registrant change process with your manager or registrar today.
2. Enable MFA on both your registrar account and your recovery email.
3. Turn on transfer lock and set auto renew with a payment method you control.
4. Export DNS records and save them in an encrypted place. Back up your website if you use a hosted site.
5. Create and store auth codes securely in a password manager. Do not share them over chat or email.
6. Add contract clauses to your management agreement that guarantee domain ownership for you.
7. Register key misspellings and other TLDs that are likely to be purchased by squatters.

FAQ

Who should be the registrant of my domain

You or a company you control should be the registrant. That ensures legal ownership. The manager can be an admin or technical contact but not the registrant. This prevents accidental or malicious transfers if the working relationship breaks down.

Can I transfer a domain if my manager registered it in their name

Yes you can but you will need cooperation or legal remedies. If the manager cooperates they can transfer registrant details or provide an auth code. If they do not cooperate you may have to use dispute resolution such as UDRP or court action. The faster you act the better.

What is an auth code and why is it important

An auth code also called an EPP code is like a password for moving a domain to a new registrar. Keep it private and only provide it when you have a signed agreement and use escrow for transfers. Treat it like a bank PIN.

Is WHOIS privacy a problem for artists

WHOIS privacy hides your contact info from public listing. That can be good to avoid spam. It does not replace ownership. The registrar still knows who the registrant is. Use privacy if you want but make sure the underlying registrant is correct and your contact data for account recovery is secure.

How much does recovering a stolen domain cost

Costs range from low to very high. If it expired and is in backorder you might pay a few hundred to a few thousand to reacquire it. If a squatter demands ransom the price can be much higher. UDRP filing fees are a few hundred to a few thousand depending on the provider. Court litigation can cost tens of thousands. Prevention is always cheaper.

Get Contact Details of Music Industry Gatekeepers

Looking for an A&R, Manager or Record Label to skyrocket your music career?

Don’t wait to be discovered, take full control of your music career. Get access to the contact details of the gatekeepers of the music industry. We're talking email addresses, contact numbers, social media...

Packed with contact details for over 3,000 of the top Music Managers, A&Rs, Booking Agents & Record Label Executives.

Get exclusive access today, take control of your music journey and skyrocket your music career.

Unlock Instant Access