Subscribe to RSS Feed

09|29|2007 02:24 am EDT

Wall Street Journal covers Domain Theft

by Adam Strong in Categories: Miscellaneous, News, Registrars

The Wall Street Journal covers the “scourge” of the domain business, domain theft. Check the article out here.

DomainNameNews contributor and “domain consultant” Richard Lau encourages domain owners and businesses to layer on the security when protecting your valuable domains:

“The more valuable your domain name, the more you need to sacrifice convenience for security”

Other notable figures in the domain space are quoted as well including : Bob Parsons, Monte Cahn, and John Berryhill. This is nice coverage on a very serious topic.



jp durban

November 12, 2007 @ 10:11 pm EDT

Godaddy aids and abets the theft of valuable domain

Bye bye it was nice owning you!

There’s no shortage of scams on the internet. We have all heard about Nigerian 419 fee in advance scams, phony lotteries, identity theft, phishing, and now pulling up from the rear, domain hijacking aided by weak counterintuitive security measures by registrars like Godaddy.
Like any other crime, unless it directly affects you, a colleague, or a loved one, theft only happens to the other guy. In modern society we have acclimated to taking precautions to protect our loved ones, our homes, and our possessions spending billions on security and insurance. We’re all taught early in life to lock the doors and windows and not to open the door to strangers.

After all this indoctrination and preparation for the imperfect world we share, one would assume that these simple yet effective common sense principles would also apply to the world of protecting valuable assets like internet domains at the world’s largest domain registrar. ]

In case you are not familiar with Godaddy they are the company that airs the boorish and unoriginal Super bowl commercials targeting puberty bound adolescent males with a busty semi-attractive brunette (inappropriate term) that only a certain recent ex-president could desire.

Godaddy generates its share of negative press regarding the mishandling and questionable acquisitions of other’s domains but I have an experience to share that should make anyone with a website or a domain in the waiting to take notice and seriously consider if they should trust Godaddy with their property.

It’s no secret that Godaddy’s domain and site hosting services are less than stellar. Their site is a spam laden kludge of half finished partially functional user modules that even their own support staff can’t navigate or recommend using. There is so much emphasis on up selling and hyping gimmicky add-ons you feel like you are speeding down the Las Vegas strip on acid.

Aside from the cheesy half-baked Godaddy user interface there is a much larger problem at Godaddy that should scare the hell out of anyone with domains in their care. My company currently has nearly 500 domains with Godaddy and aside from the inferior user interface and hit and miss customer support, we were at least happy with the pricing.

On November 5th I received an email from Godaddy indicating that I cancelled a domain. (Of course we did not cancel our own domain, someone else did)

Within seconds another email arrived again from Godaddy stating that our domain was transferred!

This all occurred without any involvement on our part. Apparently someone was able to break into our account and grab one of our most valuable domain names without any problems.

Godaddy, without any common sense verification procedures or theft protection measures just gave the domain away as if it was business as usual. No checks, no balances, no confirmations, just a non-secure open door into our cyber vault!

Distraught and panic stricken I was was looking for any indication that this was a simple error at Godaddy and I discovered a line on the transfer email stating “If for any reason this information is incorrect or you feel this change of registrant request was made in error, please contact us within 15 days at

A sigh of relief came over me and I quickly contacted the email link provided. I was on my way to getting our stolen domain back! Let’s hear it for Godaddy and a little common sense!

Well not so fast. They said it was our fault! Well, they were right in the sense that it was our fault to do business with such a schlock firm but I digress.

Oh but wait there’s still hope. I can contact the Godaddy “Change” department and change the transfer! Hope restored and surely they will fix this right!?

Well not exactly. They too said it was our fault because someone was able to get into our account.

I would accept this premise if I didn’t have over 10 years experience in the acquisition and management of internet domains and did not have the latest and best in spyware, anti-virus, keylogger, and phishing protection by Avira, AVG, Adaware, Spycop, and others.

Godaddy could have very easily without any effort, just reversed their error but there is no incentive to since the culprit registered my, well his now, domain with guess who?

GODADDY of course!

Godaddy, without any common sense security measures or firewall-like protection just gave the domain away as if it was business as usual. No checks, no balances, no confirmations, just a non-secure open door into our cyber vault!

I even explained to the less than intelligent “customer service” rep that all they had to do was look at their server logs and check the I.P. address of the thief and that would prove my point. The real evidence however was in the new WHOIS registration that had to be filed by the thief. The names and address locations were all faked and the most glaring evidence was the phone number. It was the world’s first 6 digit phone number! But all this didn’t raise a single eye brow with sharp minds at godaddy.

Here’s what you have to look forward to when you become a Godaddy domain theft victim. To recover our domain that was stolen as a result of Godaddy’s failure to provide even the most basic common sense checks and balances protocols to intercept fraudulent cancelations and transfers, we will have to go to the WIPO in Switzerland!

We will have to hire a legal firm that specializes in WIPO/ICANN law and pay them $400.00 to draft a cease and desist letter and then pay $1,500.00 to ICANN to empanel a few impartial arbitrators to render an opinion!

All Godaddy had to do was send a simple
automated email to the official email address
on record, asking if we were sure that we
wanted to cancel and transfer our domain.

Doing business with the company more interested in their next Super bowl model than basic security for their client’s assets, will cost us upwards of $10,000.00 to recover a nine dollar domain!

This coming Super bowl I will be watching out for the next Godaddy bouncing bimbo wondering if the guy that stole our domain is watching too, thanking Bob Parsons for making him and all the other lowlifes that hacked Godaddy accounts so much easy money.

If you have any domains at godaddy transfer them at once to a reputable registrar before you end up where I am today wondering where the fairness is in this bizarre situation.


November 30, 2007 @ 12:32 pm EDT

This just happened to me as of November 15th, 2007. I received a cancellation notice when I had not initiated a cancellation of my domain (! I have just e-mailed them and waiting a response. I’m furious!! I only just realized this cancellation letter in my bulk folder because I was transferring another one of my domain’s to their account. Well now I feel like an idiot, what do they use a web tv as their firewall? Good god, I’m ripping my hair out here because of their stupidity.




January 26, 2008 @ 9:44 pm EDT

I just lost all my domains (over 20) because some jerk hacked my GoDaddy account. I had legit businesses built up on my domains and they are now under the control of some hacker! I have no idea what to do about this. :( I´ve put in two years work on one of the websites and now it is useless.

Domain Guy

August 9, 2008 @ 3:45 pm EDT

Can’t agree more with some of the commnets. I think there’s lots of game playing with domain registrars too.

Greg Abbott

December 14, 2011 @ 11:15 am EDT

I had my account stolen from by someone who re-regestered it with No notification and no warning. Now they are trying to sell it back to me for $5,600.00. This is internet THEFT and there should be a federal law against it.

RSS feed for comments on this post · TrackBack URI

Leave a Reply