
What is the difference and which should you be using?
© 2007 - 2026 Lexsynergy™.
All rights reserved.
For many businesses, domain names sit quietly in the background until something goes wrong. They support websites, email, internal infrastructure and more. Yet because domains are often acquired over many years, across different regions, departments and providers, the controls around them are not always as clear as the business risk demands.
A domain name may look like a simple digital asset, but the processes around it can be highly sensitive. A transfer request, domain dispute notice, registry lock, ownership update or urgent DNS change can quickly become a business critical issue.
Recent industry reports concerning fraudulent dispute related communications are a useful reminder that domain risk is not limited to cybersquatting, phishing websites or unauthorised registrations. Fraudsters will also seek to exploit the administrative processes that surround domain ownership, including dispute notices, transfer instructions and registrar communications.
For corporates managing large domain portfolios, the answer is not alarm. It is preparation.
When organisations think about domain security, they often focus on technical controls: DNS security, registry locks, two-factor authentication, access permissions and monitoring. These are all important. However, many domain related risks arise from process rather than technology.
A domain related message may arrive that appears to require urgent action and in large organisations, the recipient may not know whether the message is genuine, who has authority to approve the action, or which internal team should be involved.
This uncertainty creates risk.
A legal team may assume the matter sits with IT. IT may assume the instruction has already been approved by brand or marketing. A local office may respond directly to a registrar or third party without involving the central domain team. An external agency may request a DNS change without understanding the wider impact. In each case, the issue is not necessarily a lack of awareness. It is the absence of a documented control process.
Domain portfolio governance should therefore cover more than renewals and registrations. It should define how the organisation handles unusual, sensitive or high-risk domain events. Lexsynergy supports this by working with corporates to develop tailored domain strategies that assess existing processes, identify control gaps and establish clear triage procedures for high risk domain actions.

Disputes and transfers are two areas where control is especially important. In both cases, the organisation needs to know who can approve action, how instructions are verified and when escalation is required.
A domain dispute may involve a UDRP complaint, local dispute procedure, court order, takedown request or third-party legal notice. These matters often involve deadlines and formal procedural steps. If the notice is genuine, a delayed response can prejudice the organisation’s position. If the notice is fraudulent or inaccurate, acting too quickly can create unnecessary disruption.
Transfer controls are equally important. Domain transfers can be routine when centralising a portfolio, changing providers or restructuring ownership. However, they can also be a point of vulnerability if authorisation is unclear. A transfer instruction should never be treated as a simple administrative request when the domain supports a critical website, email system or customer facing service.
Fraudsters increasingly understand that large organisations rely on complex supplier chains and internal approval structures. They do not always need to compromise a system to create disruption. Sometimes, they only need to create confusion.
A convincing email, a realistic deadline, a familiar legal phrase or an apparent instruction from a recognised provider can be enough to trigger action if the recipient does not have a clear verification process. This is particularly relevant in domain management because domain names involve multiple parties, including registrars, registries, dispute providers, resellers, agencies, law firms and internal stakeholders.
The principle should be simple: any instruction involving a domain name should be verified through known, trusted channels.
That means not relying solely on the phone number, link, attachment or email address contained in the message itself. If a notice concerns a dispute, transfer, lock, DNS change or ownership update, the organisation should verify it through established contacts, existing account channels or the relevant official provider.
Verification should be seen as a standard part of good domain governance, not as a sign of mistrust. In large portfolios, it is a necessary safeguard.
Clear dispute and transfer controls should define how the organisation responds when something unusual happens. They do not need to be overly complex, but they do need to be documented, understood and consistently applied.
At a minimum, corporates should have clear rules for:

The organisation should also distinguish between business critical domains and the wider portfolio. A domain used for a short-term campaign does not carry the same risk as a primary corporate domain, a transactional website, an email domain or a customer login portal. Higher risk domains should have higher approval thresholds.
This is especially important for global businesses. Large portfolios often include defensive registrations, product domains, regional domains, legacy domains and domains held by acquired businesses. Without central visibility, it becomes difficult to know which domains matter most, which are correctly secured and who has authority to make decisions.
Start by identifying the domains that support core websites, email, customer platforms, payment journeys, authentication systems, regulated services or high value brands. These domains should be subject to stronger controls than low-risk defensive registrations or inactive domains.
A corporate portfolio should not be fragmented across local offices, agencies, individual employees or legacy providers without central visibility. Centralisation helps ensure that renewals, disputes, transfers, DNS changes and ownership records are managed consistently.
Document who can approve domain transfers, registrant changes, DNS updates, registrar changes, cancellations and dispute responses. Approval rights should reflect the importance of the domain and the potential business impact of the action.
Domain governance should not sit entirely with one department. Legal, IT, cybersecurity, marketing and brand protection may all have legitimate interests in the portfolio.
Legal teams are often responsible for disputes, enforcement and ownership issues. IT and security teams focus on DNS, email authentication, access control and infrastructure risk. Marketing teams may launch new campaigns or request new domains. Brand protection teams may monitor infringements and defensive registrations.
The challenge is that these teams do not always operate from a single domain management framework. This can lead to inconsistent instructions, duplicated registrations, unclear ownership and slow escalation when urgent issues arise.
A clear dispute and transfer control process gives all teams a shared operating model. It ensures that the right people are involved at the right time and that domain related decisions are made with proper context.

Lexsynergy works with businesses to bring structure, visibility and control to domain portfolio management. For organisations with large, international or complex portfolios, this means more than registering and renewing domain names. It means managing domains as business critical assets.
Through centralised domain management, we help organisations consolidate portfolios, maintain accurate records, apply consistent controls and reduce reliance on fragmented local arrangements. A centralised approach gives internal teams clearer visibility over what the organisation owns, where domains are held and how key actions are managed.
Security is also central to the way domain portfolios should be managed. Our ISO 27001 certified domain solutions include 2FA, SSO, IP whitelisting, customised user permission levels and telephone verifications where required. These measures support a wider governance model: limiting access, verifying sensitive instructions, escalating unusual activity and ensuring that domain related decisions are handled through trusted processes.
Corporate domain portfolios often include domains that support websites, email, customer portals, e-commerce platforms and key brands. Disputes, transfers, locks and ownership changes can affect business continuity if they are not handled correctly. Clear controls help ensure that sensitive domain actions are verified, authorised and escalated to the right people.
A domain transfer control is a process that governs when and how a domain can be moved from one registrar or provider to another. It should define who can approve the transfer, how the request is verified, whether the domain is business-critical and what additional checks are required before action is taken.
A domain dispute control is a process for handling notices such as UDRP complaints, local dispute procedures, legal correspondence or takedown-related requests. It ensures that the notice is verified, deadlines are recorded, legal stakeholders are involved and no action is taken without proper authority.
Large portfolios are often spread across multiple brands, regions, departments, providers and legacy systems. This can make it difficult to know who owns a domain, who can approve changes and whether an instruction is genuine. Centralised management reduces this uncertainty.
The company should verify the notice through trusted channels, not through links or contact details contained in the notice alone. It should contact its domain management partner, registrar or relevant dispute provider using known details, then escalate internally to legal, IT security and brand protection teams where appropriate.
An unexpected lock should be treated as a domain incident. The organisation should confirm the reason for the lock, identify whether it relates to a dispute, compliance issue, transfer request or security concern, and verify the information through the registrar or domain management partner.
Domains used for websites, emails, e-commerce, customer login, payment processing, regulated services and high value brand domains should have the strongest controls. These domains are more likely to create business disruption if they are transferred, misconfigured, locked or lost.
Any unexpected notice relating to a dispute, transfer, lock, ownership change or urgent technical update should be verified through known contacts or official channels. The organisation should not rely only on the contact details or links provided in the message.
Critical domains should have additional safeguards, such as restricted access, defined approval workflows, registry or registrar lock options where appropriate and named escalation contacts.
Portfolio owners should monitor for changes in domain status, registrar, registrant data, nameservers, DNS records and expiry dates. Unexpected locks, holds or transfer statuses should be investigated promptly.
A clear workflow should explain what happens when a suspicious notice is received, a domain is unexpectedly locked, a transfer is requested, or a dispute notice arrives. It should identify the internal stakeholders, external contacts, escalation route and evidence to preserve.
Domain portfolios change constantly as brands launch, businesses expand, acquisitions complete and markets evolve. Controls should be reviewed regularly to ensure that key domains remain protected and that stakeholder responsibilities remain current.
Domain controls should be reviewed regularly, particularly after acquisitions, brand launches, market expansion, supplier changes, restructuring or security incidents. A portfolio that was accurate a year ago may no longer reflect the organisation’s current risk profile.

For businesses managing large domain portfolios across multiple regions and TLDs, security is no longer a nice to have, it is essential for control, visibility, accountability and resilience.