Your Domains and DNS are exposed to risks

Hosted by the Canadian Marketing Association
Speakers: Peter Engels & Peter Lamantia

Peter Engels
Hello everyone, and welcome. Digital strategy is paramount to all of us, and today we’ll be focusing on a critical part of your digital landscape—one that’s often under-managed by digital leaders, with major consequences.

There are newly emerging risks and brand impacts related to your company’s domains and the Domain Name System (DNS) that you need to be aware of. In this session, we’ll highlight those risks with real-life examples, explain why they occur, and share practical guidance to help you assess your company’s vulnerability.

We’ll also cover best practices you can implement to mitigate that risk and protect your digital brand. Finally, we’ll introduce a completely new naming convention for the global internet—one that hundreds of companies are already adopting.

Let’s face it: digital strategy is no longer just one part of your business—it’s everything. It defines how we operate, how we compete, and how the market sees us.

Paul Willmott of McKinsey put it well: “Our competitor set, and in our opinion our entire business landscape, is not what it used to be.”

Many Canadian companies are embracing this shift. CIBC was recently recognized for excellence in digital transformation. Rogers CEO Joe Natale not only championed digital strategy but also appointed a Chief Digital Officer to lead that effort. Dean Connor of Sun Life was named Canada’s Outstanding CEO of the Year, largely for his leadership in digital innovation.

Digital strategy is a winning move for these companies—but what happens when digital goes disastrously wrong?

The fact is, everything digital depends on the domain name system, and we’re seeing more brands hurt by domain-related events—most of them completely preventable.

Here are a few examples:

• Hackers redirected the name servers of a major cryptocurrency exchange and emptied user accounts of $400,000.
• A major bank in Brazil was hacked—customers were redirected to a fake version of the bank’s site, where their account information was stolen.
• Companies that simply forgot to renew domains—like Marketo and Sorenson Communications—saw their operations go dark, while others like Dell had customers redirected to malicious third parties.
  Many similar events happen quietly, without ever becoming public.

Failed domains can result from human error or administrative mishaps, but deliberate attacks are growing. Hackers are now specifically targeting domain and DNS weaknesses.

The root problem is that many companies still manage their domains and DNS in departmental silos—marketing, IT, brand protection, and legal often operate separately. Every audit we conduct reveals security gaps that internal teams had no idea existed. The business impacts can be severe, ranging from lost revenue and customer trust to regulatory penalties and legal exposure.

Why do these risks persist?
Usually it’s one or more of the following: lack of awareness, complacency, or a mistaken belief that it’s already under control.

Everything about your digital operation depends on three pillars of security and compliance:

1. Access – Who can get into your systems, and how?
2. Change management – What rules, approvals, and processes govern every modification?
3. Visibility – What was done, by whom, and when?

Real-time auditing and monitoring in these areas are vital.

If your company is publicly traded, regulated, or otherwise digitally dependent, the environment has fundamentally changed.

For those joining us from Europe, you’ll already know about the upcoming EU General Data Protection Regulation (GDPR), effective May of this year. Had companies like Dell, the Brazilian bank, or that cryptocurrency exchange experienced those same breaches post-May, they could be fined up to 20 million euros or 4% of global revenue, whichever is greater.

There’s no question—our digital world is changing. And now, to talk about how to adapt to that change and protect your business, here’s Peter Lamantia, CEO of Authentic Web.

Peter, over to you.

Peter LaMantia
Thanks, Paul, and thank you to everyone joining us today. I’d also like to thank the Canadian Marketing Association for hosting this session.

We really do work in fascinating digital times. There’s so much innovation, so many new technologies and capabilities emerging. The pace of change is incredible—sometimes confusing, but also exciting.

But alongside that, new risks and exposures continue to grow.

During this webinar, I’ll ask a few self-assessment questions to help you reflect on your own organization. Let’s start with this one:

Does it make sense that domains and the DNS are still managed more or less the same way they were 20 years ago?
Think about what the internet looked like in 2000—it’s a completely different world now.

Let’s start there, by reviewing the growth in digital complexity.

Since 2000, everything about digital has accelerated. When ICANN launched its new top-level domain program in 2012, it expanded the internet dramatically—over 1,300 new top-level domains were introduced. These include generics like .club, .homes, .bank, and .insurance, geographic domains like .nyc, .london, and .quebec, and branded domains such as .google, .apple, .amazon, and .rogers.

At the same time, social networks and mobile platforms exploded. Social is where consumers live—but these are third-party spaces that brands don’t control. Content creation has also skyrocketed, doubling repeatedly over the past decade. All this happens while consumer trust remains low due to rising cyber threats.

Yet, most companies are still managing their domains the same way they did 10 or 20 years ago. That doesn’t make sense. Addressing that gap—strategically and operationally—is why I founded Authentic Web.

Let’s look at consumer trust. Do we actually trust the internet? Not really—and that’s the right instinct. We try to be smart online, but we know we’re exposed. That means consumers place their trust directly in brands—and when that trust is broken, the reaction is swift and damaging.

Every single digital experience your customers have with your brand runs on the domain name system (DNS). It may feel like an old technology, but it’s the bedrock of the entire internet. Lose control of a DNS record, and it can instantly redirect your customers to fraudulent sites.

Take Great-West Life as an example. They manage around a thousand domains—from the flagship greatwestlife.com to brand protection names like greatwestsucks.com and sub-brands like canadalife.com. Many organizations of similar size have hundreds of thousands of DNS entries—some actively used, others forgotten or pointing nowhere.

The challenge? Visibility. Who manages what? What’s secured? What’s still live? Many of these records outlive their owners or internal systems and become potential exploits for attackers.

Manage all this with multiple registrars, legacy tools, departmental silos, and constant turnover—and it’s clear why it becomes unmanageable.

Now, zooming in more technically, each domain relies on DNS “resource records” that make up its zone file. These records control mail servers, microsites, redirects, APIs—everything the user sees or doesn’t see online. Multiply that by hundreds or thousands of domains, and you can quickly end up with tens of thousands of endpoints, not all of them controlled or even known.

Hackers already exploit this. They can see everything that’s exposed publicly. On the dark web, denial-of-service or email spoofing attacks can be purchased like any online service—even with 24/7 support and “satisfaction guarantees.”

The enterprise environment compounds this. What used to be one domain, one registrar, one DNS provider has evolved into enormous portfolios spanning many systems and departments. Every department has a stake—marketing, IT, brand, security, compliance, and finance—but rarely is there unified control.

Ask any of them, and the frustration is similar:

• The business owner doesn’t know what’s owned or what it’s costing.
• The compliance lead tracks everything by spreadsheet and emails.
• Legal faces rising IP costs.
• Marketing experiences long delays and incomplete data.
• Security can’t enforce DNS policies effectively.
• IT is overworked and burdened with cleanup.

This is what we mean by silos. Each stakeholder group operates independently, and critical domain functions depend on manual inputs, disconnected systems, and institutional knowledge that gets lost when staff change.

So ask yourself these three questions:

1. Do you have a unified, tamper-proof system to manage your domains and DNS?
2. Can you prove that security policies and change management processes are enforced?
3. Is your system integrated with registrar and DNS service controls?

For most companies, the answer is no—and that’s the problem.

Fortunately, this can be fixed. The solution starts with executive prioritization—recognizing that domain security is not an IT task, but a business risk. Once leadership commits, applying modern control systems and clear policy enforcement can make a huge difference, often quite quickly.

Begin with a baseline assessment of your current condition.

• Who has access to your systems and how?
• Are logins secure and monitored?
• Are change management processes automated and auditable?
• Do you have visibility—reporting, analytics, and monitoring—across your DNS?

Once you know where you stand, you can build an action plan to lock down access, streamline change management, and establish visibility.

Ultimately, domains and DNS must be automated, secure, auditable, and measurable. If you can measure it, you can manage it—and if you can manage it, you can improve it.

Now, let’s look at the next frontier: the digital paradigm shift that’s already underway.

ICANN’s expansion of the domain space introduced not just generic and geographic domains, but the brand registryor brand top-level domain.

These are proprietary namespaces that your company alone controls—entirely closed to outside registration. They’re trusted, secure, and customizable. Think of it as a new digital platform—a blank canvas for innovation and brand authenticity.

Some of the world’s largest brands applied for their own registries in the first round—Rogers, Shaw, Google, and Amazon, to name a few. Global financial firms like JP Morgan, Visa, Amex, and Barclays were also among the first movers, leveraging these brand-controlled spaces to strengthen security and trust.

Industry adoption is accelerating—last quarter saw an 82% increase in brand registry websites launched globally. The next application round is approaching, expected sometime in 2020, and projections suggest brand TLDs will make up a significant portion of participants.

As Bill Gates once said, “We always overestimate the change that will occur in two years and underestimate the change that will occur in ten.”

The message is clear: don’t be lulled into inaction. The internet is evolving rapidly, and organizations must evolve with it—or risk being left behind.

Whether your focus is on security, compliance, trust, or innovation, domain and DNS modernization has become a strategic imperative.

So ask yourself:

• Are you equipped to manage domain and DNS risk today?
• Are you prepared for what comes next with brand-owned TLDs?

Business is digital; everything runs on the DNS. As incidents increase in frequency and impact, the need for modernization and best practices has never been greater.

Thank you very much for joining us today and for your interest in this critical area. I’ve been studying and working in this field for many years, and it’s one that’s often overlooked until it causes real problems.

If you’d like to discuss your company’s DNS risk or modernization strategy, feel free to reach out. I’d be happy to help.

Now, let’s take a few questions.

Audience Question
What are some common fixes uncovered in a domain or DNS audit?

Peter LaMantia
Great question. The big issues are usually too many unmanaged services, poor SPF configuration—meaning spoofed emails can go out under your brand name—and missing DNSSEC, which prevents cache poisoning attacks. On the positive side, audits also uncover opportunities: cleaning up old or unused domains, improving resolution, and cutting costs by eliminating redundancy.

Audience Question
How do domains and DNS affect SEO?

Peter LaMantia
That’s another good one. In short, the cleaner your DNS structure and domain portfolio, the better. Search engines prioritize stability and security. If you clean up unresolved domains and align everything with relevant content, your SEO performance improves naturally. Moving to a trusted dot-brand domain can also provide long-term visibility gains as search engines evolve to recognize brand authenticity.

Audience Question
What will it cost companies to get their own brand domain?

Peter Lamantia
The application fee in the first ICANN round was $185,000 USD, plus additional setup and operational costs. The good news is those costs are expected to drop significantly in the next round. And when you consider the savings from consolidating and owning your own namespace—especially for companies managing hundreds or thousands of domains—it’s a strong return on investment.

Paul Engels
Thank you, Peter, and thank you to everyone who joined us. We hope this session has given you practical ways to think about domain management, DNS security, and the future of digital branding.

Peter Lamantia
Thanks again, everyone. It’s been a pleasure speaking with you.