Owner of FamilyAlbum.com finds his domain was re-registered by another GoDaddy customer.
The (previous) owner of FamilyAlbum.com was surprised to find that he no longer owned the domain, which had not expired. He contacted GoDaddy to task what happened and received the following response:
Dear Tim,
On 12/19/2006 we received a third party complaint of invalid domain contact information in the Whois database for this domain. Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.
The contact information for the domain which displayed in the Whois database was indeed invalid. On 12/19/2006 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain.
If you find any invalid contact information for this domain, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the domain name. Examples would be a bounced email or returned postal mail. If you have a bounced email, please attach or forward with your reply or in the case of returned postal mail, scan the returned letter and attach to your email reply or please send it to:
Attn: Domain Services
14455 N Hayden Rd
Suite 219
Scottsdale, AZ 85260Thank you,
Domain Services[IncidentID:87351]
I was surprised that GoDaddy took this action without contacting the customer by phone or postal mail. To be clear, it is an ICANN requirement that Whois data be accurate. I am constantly frustrated by inaccurate Whois information and certainly think this goal is admirable. Few registrars do anything about it and often let people register domains with bogus phone numbers such as 555-555-1234 or email addresses such as nospam@nospam.com.
It is fair for a domain registration to be revoked for incorrect information, but what should the registrar do to verify the Whois information? Is sending an email enough? People frequently change email addresses and updating Whois is probably not high on their priority list (at least for non-savvy domain owners). If the phone number of postal address are correct, should the registrar still delete the registration?
Domain names are valuable. I think it’s reasonable to expect that the registrar will try to contact the domain owner by phone or postal mail at a minimum, assuming the contact information isn’t clearly bogus. The message from GoDaddy to the customer seems to indicate that they only tried e-mailing him.
Another concern is who now owns the domain. Whois shows GoDaddy’s Whois protection service. But did a third party actually buy this domain, or does GoDaddy actually own it now? It’s impossible to prove, but it appears that GoDaddy might be holding the domain. The domain currently resolves to a GoDaddy parking page. If someone else registered the domain they would likely move it to a parking service that generated revenue for the registrant, not GoDaddy. (Of course, it’s possible that the new owner simply hasn’t changed the DNS yet).
Either way, this should be a warning to all GoDaddy customers. Personally, I would expect my registrar to do more than contact me via e-mail about an issue as important as this. Over the next week I’m going to contact various registrars to ask them what they would do in this same case (similar to what CNET did over the Seclists.org fiasco). Look for their responses soon.
UPDATE 2/28/07 – GoDaddy Responds
This might be a scam. Did you confirm this with GoDaddy? I don’t see why GoDaddy would sign the email as Domain Services. Sounds fishy.
Also, this sentence “The domain has subsequently been purchased by another party.” is odd.
I would think the world’s largest domain registrar would say “The domain was subsequently REGISTERED by another party.”
Maybe a GoDaddy reseller is involved?
I have seen domains “snaked” by picking up an email address from a deleted domain that someone is using for a whois on a current domain.
All emails go to the email address now owned by the “snake” who thens approves away the transfer.
Very rare but I know it has happened.
Wow….just when you thought they couldn’t get any lower….
When registrars charge less than $6 a year for .com, they seriously have little to no incentive to render help for potentially complex issues like this. If you want better service, be ready to pay more.
I don’t recall if registrars ARE required to contact the registrant and/or contacts for invalid WHOIS. But they’re just doing it as a courtesy.
Although legal agreements protect the service provider, they do spell out what are the responsibilities of both the provider and the end-user. It’s the end-user’s responsibility to be aware of what s/he can and can’t do.
I somewhat sympathize with the original registrant of FamilyAlbum.com if indeed what you reported had happened to him/her. But it IS their responsibility to ensure the domain name’s contact details are updated.
Don’t be surprised at this stuff. Domains are becoming more and more valuable. The domain registtration business is so competitive they cannot make money just registering domain names. Godaddy runs TDNAM.com where they auction off domains. i am not saying they did one thing or the other in this case but be aware this kind of thing goes on all the time. ICANN will not do anything so you need to fend for yourself.
Rob, the e-mail the owner received was in direct response to his e-mail support request to GoDaddy, so it is not a scam.
I talked to GoDaddy today and they are preparing a written response. I asked them to respond on two fronts: 1) what there formal policy is for inaccurate Whois information and 2) What happend to the domain after it was ‘deleted’. Did GoDaddy sell it, retain it, or what?
I’ll post GoDaddy’s response when available.
It is all over for godaddy now. They have been doing this kind of stuff for a while. Google godaddy sucks and see and see for yourself. I will be moving all of my 2500 domains out of godaddy ASAP.
FamilyAlbum.com is obviously a generic domain. Who could have been comoplaining abount it and why would godaddy care.
Your domains are not safe at godaddy!
That’s totally unacceptable. GoDaddy needs a better solution.
I don’t see why a $100 a year “insurance policy” for a big domain portfolio, or an extra $10 for a single domain could not be offered to contact you by various methods and maybe even a time extension before the deletion occurs.
I’m sure that guy/gal that owned FamilyAlbum.com wants to vomit now that they don’t own it.
Godaddy has not thought this out well – or, maybe this setup is intentional. Makes you wonder why ? …….. more TDNAM auctions, PPC income they get before it goes to parking, etc….???
Moniker.com seems to have a good reputation from what eveyone is saying. It may be worth springing a litle more to be with them.
This has got me concerned now….
Isn’t Tim curious about who the “third party complaintant is? How did the third party know the contact info was invalid? Is the complaintant the new registrant? Was there ANY valid contact info for Tim at all at the time of the complaint? If not, then why not?
Something key information is missing here.
Godaddy is not going to call any one outside of AZ. They don\’t even provide a 1-800# to contact them.
Now we know where GoDaddy\’s priorities are at. They spent millions on SuperBowl ads but pennies on customer support services and infrastructure. For those thinking about dropping GoDaddy, check out 1and1 Internet http://www.1and1.com. 1and Internet is the registrar of choice for me; nearly all of mine domains are with them.
Update:
GoDaddy said it will respond by today with an official answer.
eNom isn\’t safe either: check out this horror story: http://www.crankycustomer.com/
Hmm… there’s lots of ways to look at this. Godaddy and most top registrars have a stake in every domain that’s in their customers’ accounts. That’s just business. If you don’t renew your domain, they have first chance at it and can resell it, usually at huge profits. There is no money for registrars to sell domains, it costs them $6 for .com’s so if they’re selling to customers at $7, that customer would have to buy 1000 domain in a year for the registrar to make any decent income.
I’m not writing for godaddy, or condoning their action. I think the registrar should make every effort to contact ALL whois listed contact information sources, postal mail, phone number, email and fax.
I personally filed an “invalid whois” complaint on a .us domain that someone had in their account, but used my contact information. I couldn’t access the domain, couldn’t change anything on it, but it listed ALL my whois contact information as the proper registrant. However, it wasn’t in my godaddy acct for some reason.
Strangely, it took me about four months and 20 emails and phone calls to get godaddy to contact the account holder using my whois info, and to either change the info to the true acct holder, or release the domain to me because I was the whois registrant of the domain. On top of that, .us domains are VERY seriously watched for correctness in ownership, and you can’t even get privacy protection for them. My worry was that the owner of the acct that had the domain would us it for nefarious purposes, and leave my whois contact info in place. That could bring possible problems to me so I threatened godaddy with a lawsuit if any problems occured by the domain account holder using the domain for bad purposes, and leaving my whois info up for the domain.
After about five months, and after I applied for a domain-grab account at $18.99, they told me they had deleted the domain — approximately a week later the domain was obtained by me. So godaddy wasn’t asking me for more money, or putting it up on auction… but maybe it was because I know the registrar industry very well (as a domain consultant for registrars) and I told them exactly what the rules were in dealing with this situation.
But it was a LONG HARD ROAD to get that domain back.
In this case though, it seems that this valuable domain was picked off somehow because maybe a “icann update” notice was sent out (these are required for all registrars to do yearly – we all get them) and the notice bounced back. Godaddy could easily check the bounced emails on these ICANN whois notifications, take a look at the domain in question, and then say “whoa, nice domain, bad whois info, hmmm… let’s delete it and take it.” I’m not saying that’s what happened, but it’s easy pickings and totally legal from ICANN standpoint.
It will be interesting to see the history of this situation, how it all came started, who “purchased” the domain, and when Godaddy sent out the email or received the “invalid whois” complaint to set this in motion. A simple lawsuit would require godaddy to reveal this information — which could nail them or simple show them to be following rules without a conflict of interest in their belly.
only an email? wow.
so lets say someone makes a complaint against microsoft.com (or whatever domain). godaddy only sents an email, hacker breaks into system, deletes the mail and logs. then backorders domain. godaddy sees no reply in 8weeks later, hacker now owns microsoft.com and redirects it to linux.com
is this still the fault of the registrant for not replying to an email?
Re-reading this story today, while cleaning up my blog. It occurs to me that if somebody wanted a domain what is to stop them doing this: (1) backorder a domain, (2) mail bomb the current domain owner (so the owner can’t respond to email), then (3) complain to GoDaddy about inaccurate contact information in the domain registration record
Hi Tim, Thanks for the article. As a holder of many domains through Godaddy, this scares the crap out of me, and makes me wonder just how much domain-stealing is going on by shady characters right now, preying on godaddy customers. As the last commenter noted, whats to stop someone with nefarious intentions from methodically backordering, mailbombing , then complaining to godaddy so that the domain is taken away and given to the next backorder in line? Did you ever get responses from other registrars about how they’d approach this issue?
I believe this is a scam, their reputation is at stake.
haha, I think its funny people don’t provide the whole story. Here’s what probably really happened: “I don’t want my whois being shown and I’m too cheap to buy privacy, here’s a good idea, I’ll take my info off!!!!! I’m sooooooo smart!” months later: “why did I lose my domains??? Waaaaaaaaaaaa I’m breaking ICANN law and doing wrong things, errrrrrr I’m not going to take responsibility and blame the domain registrar!”
this is the classic situation all registrar tech supports deal with each day. If you want to keep your domains, here’s an idea, keep you’re stuff up to date! Would you not tell your customers if you changed email or phone number? No? Then why would you for the companies you work with? Get some responsibility and keep your info up to date. Cry next time if u actually do something right and you get screwed, not if its you’re own moronic fault
my domains be safe with GoDaddy because I was reading this article
and thank you.
stepez2001@yahoo.itstepez2001@yahoo.it
i know that TDNAM.com auction site is pretty fishy. apparently they have guys up in the exec branches of the corporation going onling and bidding just to bump up the prices of the domains. i would most certainly not trust that site. on top of that they don’t even show you the bidders “nickname” so you at least know that an actual want to be investor/domain seeker is purchasing it, not the V.P. trying to rake in more cheap, dirty money
I just did a search for a .com in my wife’s name. GO DADDY bought the name and then upped the price to $69.00 just to screw me over. DON”T DEAL WITH THE JERKS
Wow, very bad time. Godaddy is big but has a wrong politics firm.
What’s funny is I just bought a domain from tdnam that had been canceled by Godaddy for invalid whois.]]] in case your wondering it’s Myloo.com
GoDaddy said it will respond by today with an official answer.
As a reseller for Godaddy . I to have had some problems with Godaddy. But I learned the hard way and that was make sure that you cross and dot all items when buying and renewing domains.
bottom line buy your domains for 10 years and there is no problems.
What’s funny is I just bought a domain from tdnam that had been canceled by Godaddy for invalid whois.]]] in case your wondering it’s Myloo.com
Interesting. Never heard back with that “official” response from Go Daddy.
I imagine this is not the case anymore?