← Back to Blog
May 12, 2026By Robert Miller, Chief Security Officer

Beyond Nameservers: Why EPP Registrar Locks are Crucial

The Threat of Domain Hijacking

Domain hijacking occurs when an unauthorized entity gains control of a domain registration, changing nameserver delegations or owner records. Once nameservers are changed, attackers can redirect web traffic, hijack corporate emails, and issue rogue certificates in minutes.

Extensible Provisioning Protocol (EPP) Status Codes

To prevent unauthorized changes, registries support EPP status locks:

  • clientTransferProhibited: Blocks unauthorized domain transfers to other registrars.
  • clientUpdateProhibited: Prevents modifying nameservers or contact info.
  • clientDeleteProhibited: Prevents domain deletion.
  • The Auditing Checklist

    Ensure that all high-value root domain assets have active transfer locks at the registrar. Check RDAP/WHOIS status queries for your domains and flag any domain that does not show `clientTransferProhibited` as an immediate security risk.