David TaylorWalton Goggins — best known to UK audiences for playing The Ghoul in Amazon's Fallout and Rick Hatchett in The White Lotus — launched a new advertising campaign for GoDaddy on 22 April 2026. Titled "Daddy of Domains," the campaign leans into Goggins' unexpected status as an internet cultural figure, playfully positioning GoDaddy as the authoritative home of domain name management. It is also, incidentally, a well-timed reminder that domain names are among the most underprotected assets many UK small businesses own.
Why Your Domain Name Is More Valuable Than You Think
For most UK business owners, a domain name feels administrative: necessary, unremarkable, and something that renews automatically every year. In practice, it is one of the few digital assets with a direct monetary value that is also routinely left unsecured.
Domain hijacking — where criminals take control of your domain by exploiting weak account credentials, expired registration windows, or by social-engineering your registrar's support team — is a growing category of cybercrime affecting UK businesses. A compromised domain can redirect your website visitors to fraudulent pages, intercept your business email, and sever your relationship with customers in hours. In serious cases, recovering a domain once it has been transferred can take weeks and may require legal proceedings.
The problem is compounded by consolidation in the domain registrar market. Large registrars process millions of support requests, and social engineering attacks — where criminals impersonate the legitimate account holder — are difficult to defend against at scale. UK businesses using weak authentication on their registrar account are particularly exposed.
The UK Domain Landscape
The .co.uk and .uk domains are managed by Nominet, the UK's domain registry, which also operates a dispute resolution service for domain name conflicts under UK law. For businesses whose primary market is British customers, a .co.uk domain carries the strongest brand recognition. But the security of that domain depends entirely on the account credentials protecting it — and the registrar's own policies on account recovery and transfer authorisation.
GoDaddy's 2026 "Daddy of Domains" campaign builds on the same platform as Goggins' 2025 Super Bowl ad for the company and his "Goggle Glasses" partnership, cementing him as the brand's unlikely spokesperson. The campaign is effective entertainment — and it is well-timed, arriving during a period when UK cybersecurity bodies have repeatedly highlighted credential-based attacks on SMB accounts as a priority concern.
For domain security specifically, the UK's National Cyber Security Centre (NCSC) recommends five practical controls that most small businesses have not fully implemented. These controls apply regardless of which registrar you use.
Five Domain Security Steps UK Businesses Often Skip
1. Register for at least three years and enable auto-renew. The majority of opportunistic domain hijacks begin with expiry. Domain squatters run automated monitoring tools that target expiring domains and register them within minutes of lapse. Setting auto-renew from day one, combined with a calendar reminder 60 days before expiry, eliminates this risk.
2. Enable two-factor authentication on your registrar account. Most major registrars support 2FA, but it is rarely enabled by default. A time-based one-time password (TOTP) or hardware security key as a second factor makes credential-based account takeover significantly harder. If your registrar does not offer 2FA, moving your domain registration to one that does is a reasonable precaution.
3. Use a domain lock. "Registrar lock" or "domain lock" is a feature offered by most registrars that prevents your domain from being transferred to a different registrar without a specific unlock step and additional authentication. For UK businesses that are not actively moving their domains, this should always be active.
4. Register defensive variants. If your primary domain is yourbusiness.co.uk, consider registering yourbusiness.com and yourbusiness.uk. Brand impersonation via near-identical domain registrations — sometimes called "typosquatting" — is a common attack vector used both to intercept customer traffic and to send phishing emails that appear to come from your business.
5. Keep your registrar account separate from your hosting account. If an attacker compromises your web hosting account, having your domain registration at a separate provider limits the blast radius: they cannot redirect or transfer your domain in the same attack. Many small businesses bundle these with a single provider for convenience, but separation significantly reduces risk.
What UK Law Says About Domain Disputes and Theft
Under the Fraud Act 2006, obtaining control of a domain by deception — including impersonating the legitimate account holder to a registrar's support team — is a criminal offence, carrying penalties of up to ten years' imprisonment. Civil recovery of a domain is possible, but in practice it is expensive and slow.
For trademark disputes, the ICANN Uniform Domain-Name Dispute-Resolution Policy (UDRP) provides a faster and less costly route than litigation for businesses with registered trademarks. Nominet operates its own equivalent dispute resolution service for .uk domains. These processes are designed for cases where a domain has been registered in bad faith to capitalise on an existing brand, and they are generally resolved within weeks rather than months.
For UK business owners, the central practical reality is that prevention is substantially less expensive than recovery. The NCSC's Small Business Guide, available free at ncsc.gov.uk/collection/small-business-guide, covers domain security alongside email protection, device management, and backup procedures, and is the most practical starting point for businesses without a dedicated IT function.
When to Bring in an IT Specialist
If your business relies on its domain for customer-facing services, e-commerce, or email, a periodic security review with a qualified IT specialist is a proportionate investment. Areas worth covering in such a review include: registrar account authentication settings, DNS record integrity, email authentication protocols (SPF, DKIM, and DMARC), monitoring for lookalike domains that could be used in phishing attacks, and the security of any third-party services that use your domain as a login identifier.
ExpertZoom connects UK businesses with vetted IT specialists who can assess your current domain and email security posture, implement missing controls, and advise on what your specific configuration needs. Walton Goggins makes an excellent pitch for domain management — but the decisions that actually protect your business need more than a campaign.
