Critical customer mistakes often blamed on domain registrars.

When online backup service CrashPlan.com went down earlier this month, the company was quick to blame its domain name registrar GoDaddy. Code 42 Software, which runs the CrashPlan.com service, tweeted about how GoDaddy “mistakenly removed our root nameserver entry”, “inappropriately took over our DNS”, and did a DNS “hijack”.

What Code 42 Software never tweeted was that it had mistakenly let the domain name expire. The outage was Code 42’s fault, not GoDaddy’s.

None of the previous five e-mails GoDaddy sent to Code 42 Software alerting them to the impending expiration got the company’s attention.

The myth that GoDaddy was to blame then spread across the web. One commenter on an unrelated CNET story wrote that “GoDaddy somehow hosed their domain.” (Code 42 Software did not respond to a request for comment for this story.)

Domain registrars frequently get thrown under the bus when one of their customers makes a mistake. In another case, a registrant of a popular web site had their non-Go Daddy email account compromised, which allowed an attacker to steal their domain name by transferring it away from GoDaddy. The customer publicly blamed GoDaddy, even though the problem was with the customer’s e-mail security.

GoDaddy deals with the brunt of attacks like this, given its massive size and mass market strategy. But other registrars feel the heat, too. Earlier this year fingers were pointed at eNom when several high value domain names were stolen. The real culprit? The customer used a weak password, allowing the thief to access their account.

Companies with popular web sites have a number of added tools they should use to protect against many of the most common domain problems. Moniker and Fabulous offer domain locking tools with added security. GoDaddy offers Protected Registration. Companies should also subscribe to DomainTools’ Registrant Alert to find out about potential theft quickly. The sidebar of this story has other tips for protecting your domain names.

The difficulty for domain registrars is how quickly misinformation spreads across the web. It doesn’t matter that it was Code 42’s fault that CrashPlan.com went down. It doesn’t matter that it wasn’t the registrar’s fault that a domain was stolen. Just the accusation, combined with the viral nature of social media, can damage a registrar’s reputation.

Domain registrars seek new profit opportunities.

Yesterday’s news that new domain name registrations are down sharply and the total base of domains registered is stagnant is bad news for domain name registrars.

For years, registrars have been able to count on new registrations to fuel growth. Although the margin on new registrations is small, registrars earn money by cross selling other products to registrants. So the typical margin on a domain may be only $2, but the margin with “extras” may be closer to $5-$10.

How can registrars counteract falling numbers? There are three key ways:

1. Take market share away from competitors. Although new registrations are down, there were still 9 million new domains registered last quarter. Aggressive registrars can capture a larger part of this pool. Also, the drop to 9 million is somewhat overstated since many of the domains registered at this time last year were from domain tasting, which was only done in scale at a handful of registrars. Registrars can also grow their base by courting domain transfers.

2. Do a better job of cross selling. Registrars that get customers — new and old — to load up their shopping carts can boost revenue. The key is to offer something innovative on top of standard web hosting and domain privacy products.

3. Push for new TLDs. Wonder why eNom, Tucows, and Network Solutions are so keen on seeing new top level domain names introduced? Cha-ching. Even though most of these new TLDs will fail, it could significantly boost these registrars’ sales over the next 2-3 years. It’s a lot easier to sell new TLDs than to come up with innovative products for their customers.

Keep in mind that ICANN’s revenue from domain registrations is also under pressure. Its contract with VeriSign will actually result in a $6M boost in financial year 2010, but its growth will certainly take a hit from reduced new registrations. It can’t take market share from competitors and can’t cross sell. So look for it to push through new TLDs as well.

New restrictions face domain name resellers.

Domain name registrar resellers will face new restrictions under ICANN’s new registrar accreditation agreement.

Several of these restrictions were spelled out in an email from eNom to its resellers yesterday:

1. If, in the future, eNom is obligated to provide a link to an ICANN webpage, Resellers must also provide such a link (at this time no link is necessary).

2. Resellers are prohibited from displaying the ICANN or ICANN-Accredited Registrar logo, or from otherwise representing themselves as accredited by ICANN unless they have written permission from ICANN to do so.

3. Resellers shall identify the sponsoring registrar, eNom, or provide a means for identifying the sponsoring registrar, such as a link to the InterNIC Whois lookup service. Any registration agreement used by Resellers shall include all registration agreement provisions and notices required by the ICANN RAA and any ICANN Consensus Policies.

4. Resellers must ensure that the identity and contact information provided by the customer of any privacy or proxy registration service offered or made available by Resellers in connection with each registration will be deposited with eNom or held in escrow or, alternatively, display a conspicuous notice to such customers at the time an election is made to utilize such privacy or proxy service that their data is not being escrowed.

All of these changes are welcome and should help improve the image of the reseller business. My only concern is with loopholes. Consider #4, “display a conspicuous notice to such customers at the time an election is made to utilize such privacy or proxy service that their data is not being escrowed”. Just what is a conspicuous notice? I worry that a reseller will not properly disclose to a customer that the data isn’t being escrowed. If the reseller goes out of business or has bad intentions, domain owners can lose their domains.

Two of the three largest domain name registrars — eNom and Tucows — have resellers as the foundation of their businesses.

Domain registrar offers RichContent system to customers and resellers.

Domain name registrar eNom has released RichContent, a new content widget system for individuals to add content to their web sites. The system is built by Pluck, which eNom parent company Demand Media acquired in 2008.

RichContent offers various widgets users can copy and paste into their web sites to pull related content and links from various blogs and news sources. Major web sites already use the tool through Pluck.

Although rich content is a good way to add relevant content to your web site, it will not improve search rankings. Your web page simply serves up javascript, which is ignored by the search bots. However, the company is considering adding an SEO-friendly version in the future.

eNom resellers are able to sell RichContent to their customers.

You can see an example of RichContent in operation at JanesSuperGarden.com.

Man sues eNom after domain (not in his name) is transferred to someone else.

One of the costs of doing business as a domain registrar is the inevitable lawsuits. Most of these are trademark suits where the plaintiff includes the registrar of a domain name as an defendant. But some of them are more interesting, such as a suit against eNom for allegedly failing to implement appropriate domain transfer safeguards.

Plaintiff William Georgevich claims he bought the domain name Detox.org from Janet Bridgers. After acquiring the domain, a person identified only as “Godfrey” in the lawsuit contacted the whois contacts for Detox.org and offered to buy it for $1,500. (As it turns out, Godfrey is Justin Godfrey, who owns EscrowDNS). One of those solicitation emails was sent to the whois technical contact, who forwarded the request to Bridgers, thinking she still owned the domain. Bridgers agreed to sell the domain to Godfrey for $1,500 and transferred the domain name.

Clearly, Bridgers still had access to the account in order to transfer the domain name. And, if the description in Georgevich’s lawsuit is valid, Bridgers agreed to sell the domain name to Godfrey that she already sold to Georgevich. But Georgevich isn’t suing Bridgers. Instead, he’s suing eNom claiming that Bulk Register, which it owns, failed to take adequate safe guards to prevent this sort of transfer.

(He also filed a separate suit against Godfrey, which was voluntarily dismissed on July 10. In a statement to Domain Name Wire, Godfrey wrote “Our company does not comment on frivolous lawsuits. Our justice system allows for anyone to file a lawsuit against anyone without justification. If the Plaintiff thought the suit was worth pursuing we would’ve file a response.”)

Here are some of Georgevich’s allegations in his case against eNom, and my take:

CLAIM: Bulk register did not send an email to either Bridgers or Georgevich confirming the transfer, “as is the industry standard”.

ANALYSIS: It is industry standard to send an alert to the domain owner informing them of a transfer. However, historical whois records indicate the domain was never put in Georgevich’s name, so there’s no way Bulk Register could have contacted him. The only e-mail addresses in the whois were Bridgers’ and the technical contact’s.

CLAIM: Godfrey (the buyer) used a weakness in Bulk Register’s account interface to bypass the formal process of transferring domain names from one account to another, which typically take 24-48 hours and require email confirmations from the owner prior to occurring.

ANALYSIS: I’ve never heard of a registrar taking 24-48 hours for a transfer between accounts. It’s usually instantaneous. As far as requiring email confirmation, that depends on the registrar. Presumably the person who accesses the account has authority to transfer the domain. If not, then the domain owner shouldn’t have provided access to them.

CLAIM: Because Bulk Register hadn’t implemented safeguards, the domain was instantly transferred without Georgevich being able to approve/decline the transfer.

ANALYSIS: I’m not convinced the domain was ever in Georgevich’s account to begin with. His name never shows up in whois, and Bridgers had access to the account.

CLAIM: An administrative freeze to block the domain from transfer to another registrar failed to prevent Godfrey from moving the domain to another registrar, change whois, and change nameservers.

ANALYSIS: I don’t quite get this. It appears to be at eNom right now, which owns Bulk Register. But the whois and nameservers could be changed.

CLAIM: Georgevich secured a valuation of the domain name at $250,000.

ANALYSIS: Cough. Cough.

Georgevich is suing to get the name back and damages of over $75,000.

Lawsuit file (pdf)