Latest attack is seemingly innocuous maintenance notice.

Domain registrar eNom, the second largest domain registrar in the world, continues to be hit with phishing attacks. The first attack resembled an inaccurate whois report. The new one is a routine maintenance reminder.

What’s interesting about the latest phishing attempt is that it doesn’t compel recipients to visit Enom’s site to take any action. Typically phishing attacks scare recipients into taking action or risk losing account access and/or domain names.

The maintenance reminder includes a bogus link to Enom that links to a .biz domain name. The .biz domain name is no longer active. Interestingly, DomainTools shows that the .biz domain in question was never registered before, which makes me wonder if the phishers made a mistake in their email.

Most phishing e-mails are riddled with typos and grammatically incorrect sentences. The only tip on this e-mail (other than the hyperlink) is the subject line “Maintenance at eNom.com - warning!”, which is not the typical maintenance notice subject line from eNom.

The full text of the phishing email is below:

Dear eNom Customer,

Starting at 1 AM PT on Saturday, November 1st, 2008 until 4 AM PT, we will be conducting maintenance on our database and datacenter resulting in the following sites and services being unavailable:

* Main site
* All web hosting services
* Email services
* Communication with the registry affecting new registrations, renewals, and transfers

For access your account follow this link - [invalid link redacted]

The following services will not be affected and will continue to be fully operational:

* DNS will resolve normally - although operational through this downtime, any changes to DNS settings may be delayed intermittently for a period of up to 24 hours from the start of the maintenance period
* Email forwarding and site redirection will operate normally

We anticipate the maintenance will only last up to 3 hours. We apologize for any inconvenience during this short maintenance and thank you for your patience.

Sincerely,
eNom Tech Support

Moniker assures its clients that their domain names are safe.

In case there were any doubts (and I heard some), Moniker customers can rest assured that the company is fighting to keep your domains from ill-advised state governors.

Speaking specifically about the situation with the Kentucky governor, Moniker founder and president Monte Cahn released the following statement to Domain Name Wire today:

Moniker strives to protect the rights of domainers. While it has always been and continues to be Moniker’s policy to cooperate with law enforcement officials and investigations and to comply with orders of courts of competent jurisdiction, it must do so only after careful review of the relevant facts. In this instance, it does not appear that the Kentucky Court has jurisdiction over Moniker or the domain names for which it acts as registrar so as to require Moniker to comply with the terms of the Court’s Order. As such, Moniker has not handed over the domains and will protect the rights of the owners of the domains subject to the order of the Kentucky court by not handing over such names unless and until the matter has been resolved by the Kentucky court or there is an order of a court of competent jurisdiction ordering Moniker to do so.

Moniker has been known for bending over backwards to protect its customers’ domains, so its stance on the current issue doesn’t come as a surprise.

If you’re keeping score at home, your domains are safe with Moniker and Network Solutions. They aren’t safe with Enom.

Moniker joins other registrars in “renew before the increase” promotions.

Domain registrar Moniker has just cut the new registration and renewal price on .com domain names to $7.29 until the end of the month. Moniker joins other registrars in offering promotions prior to a wholesale price increase that goes into effect October 1. The current wholesale price of .com domains, including the ICANN fee, is $6.62. The price jumps to $7.06 on October 1. eNom is currently offering a $6.62 transfer special on .coms.

Wholesale prices of other domain extensions, including .net, .info, and .org, will also increase.

Regardless of which registrar you use, it makes sense to look at your new few months of registrations and renew them early. Keep in mind that you can renew your good domains today for 10 years at current prices. VeriSign (NASDAQ: VRSN) will likely hike .com prices 7% for the next three years and .net prices 10%, so you can save a bit of money across your domain name portfolio.

RulesofSaving.com, registered by a Connecticut man yesterday, pushes company over milestone.

A tip of the hat to GoDaddy Group, which runs GoDaddy.com, Wild West Domains, and Blue Razor, for crossing the 30 million domains registered mark. This number appears to reflect the total number of domains currently registered. Given expirations, that means GoDaddy has registered a lot more domains than that over its lifetime.

According to RegistrarStats.com, GoDaddy.com has around 26 million domains registered and Wild West Domains, its reseller program, counts over 3 million domains.

Demand Media’s Enom, also known for its strong reseller program, is the second largest domain registrar with 9 million domains registered. (RegistrarStats is a service of Enom).

When you consider it was just a decade ago that Network Solutions lost its monopoly on domain name registrations, it’s impressive to see the amount of competition. Network Solutions is now in third place. Register.com, another early entrant in the business, has fewer than 3 million domains registered. Both Network Solutions and Register.com focus on the business market and have significantly higher registration fees than most registrars.

GoDaddy’s keys to success? I’d have to say aggressive pricing and marketing.

Sedo has strict policy on domain speculation, Pool outlines rules.

[If you have arrived on this article from Slashdot, NoDaddy, etc., you may wish to see how this all started with GoDaddy.]

Many people (63 comments and counting) have commented on Domain Name Wire’s article about GoDaddy letting its employees bid on domain name auctions on its site. Several readers e-mailed requests for information on other companies’ policies. Here’s what I’ve found:

Sedo - Sedo places perhaps the most restrictions on its employees of any domain company. Kate Donahue, Director of Marketing for Sedo, explained:

Each employee (even our founders) are required to sign an agreement that they will not speculate in the domain market in any form during the term of their employment with Sedo. They must also disclose any domains which they had owned prior to their employment with Sedo. We do have one exception which allows them to purchase domains including their name, children’s or family names so that they can use them for personal sites, etc.

When I inquired if that makes it difficult to attract qualified employees, Donahue continued:

We have not seen any difficulty in hiring or retaining employees with these restrictions. Our priority is to maintain a secure and trusted marketplace and it is fairly standard for employees to sign an agreement that they will not speculate in the market in which they work. I think most applicants and employees understand the need for such agreements.

That’s an important note — that many other industries have clear rules against doing this.

Pool - Pool allows employees to bid in auctions with restrictions, Pool.com CEO Richard Schreier tells Domain Name Wire. Employees can bid on an auction by either a) making a single, upfront proxy bid that can’t be changed or b) “bidding to win”. In the latter scenario the employee can’t back out of the bidding at any point. He or she has to win the auction they enter. This prevents them from pumping up the price only to stick a customer with the bill.

Follow up on Enom - In Domain Name Wire’s article about GoDaddy , I quoted an employee of NameJet saying that its employees, as well as those of partners Network Solutions and eNom, are allowed to bid in NameJet auctions. I clearly stated to this NameJet phone representative who I was and what I was writing about, and she immediately answered my question, and added that “employees are responsible for paying just like every one else”. When prompted, she also said they do not receive a discount and get no unfair advantages. Adam Strong of Domain Name News contacted a Senior VP at eNom who said this is not the case. I have not personally heard from Enom yet. Until then, I’m assuming that the NameJet representative knows what she’s talking about. There may be a disconnect between NameJet and Enom proper. But the Enom representative’s comments sum up what many domainers feel about this topic: “Even if controlled, that practice has bad news written all over it.”

Updated 6/24/08 2:00 PM CDT: Enom informs me that “our employees need management sign off to purchase a domain from Namejet, however, we do have a strict policy against employees competing with customers in auction. Basically, the only way an employee can purchase a domain from Namejet is if no customer(s) backorder the domain and management signs off.” This applies to Enom and NameJet; not necessarily Network Solutions.