registrars The Thing That Should Be Added to Every Registrar's Terms of Service

equity78 · May 24, 2016

When you look at the Terms of Service for any registrar they are all basically the same, they are looking to cover their behind. Go Daddy wants you to know they may record a conversation without your permission:

You are aware that GoDaddy may from time-to-time call you about your account, and that, for the purposes of any and all such call(s), you do not have any reasonable expectation of privacy during those calls; indeed you hereby consent to allow GoDaddy, in its sole discretion, to record the entirety of such calls regardless of whether GoDaddy asks you on any particular call for consent to record such call. You further acknowledge and agree that, to the extent permitted by applicable law, any such recording(s) may be submitted as evidence in any legal proceeding in which GoDaddy is a party.

Or that you hold them harmless for whatever might arise:

16. INDEMNITY

You agree to protect, defend, indemnify and hold harmless GoDaddy and its officers, directors, employees, agents, and third party service providers from and against any and all claims, demands, costs, expenses, losses, liabilities and damages of every kind and nature (including, without limitation, reasonable attorneys’ fees) imposed upon or incurred by GoDaddy directly or indirectly arising from (i) your use of and access to this Site or the Services found at this Site; (ii) your violation of any provision of this Agreement or the policies or agreements which are incorporated herein; and/or (iii) your violation of any third-party right, including without limitation any intellectual property or other proprietary right. The indemnification obligations under this section shall survive any termination or expiration of this Agreement or your use of this Site or the Services found at this Site.

I believe there is one thing lacking in the terms of service and it should be added, that item should be titled Domain Theft.

There should be clear information detailing what the registrar will do for you if one of your domains are stolen.

The latest case of a domain stolen is AQM.com. This domain moved from Enom to NameSilo and here is what the NameSilo customer service rep said to the registrant who had their domain stolen:

Van: NameSilo Support - 7 Datum: 24 mei 2016 13:12:24 CESTAan: Fatih Turna Onderwerp:Antw.: Aqm . com stolen

We will not keep replying with the same information. For the last time, you need to work through Enom. You have no affiliation with our company and have never been a Registrant in our system. We therefore have no standing to get involved on your behalf. Feel free to send this to anyone else you like, but the answer will not change, and we will not continue replying with the same instructions. Sorry you do not like our answer, but that does not mean it will change.

The domain left their registrar and moved to Ename. The one thing that helped me from reading that is that I was thinking of opening a NameSilo account and now will never do business with them.

The fact of the matter is that two domainers, Theo from DomainGang.com and @TheLegendaryJP a member here, do more for victims of stolen domains than registrars and ICANN. That needs to change !

ICANN pulls in a lot of money from domain investor activities, they should alot some of those funds to having someone responsible in dealing with domain thefts.

Now domain owners need to do their share as well, using two factor authorization, strong passwords etc...

It is time for registrars to tell their customers specifically in writing what they will do to recover their stolen assets.

Keith DeBoer · May 24, 2016

good points Raymond!

elevator · May 24, 2016

I wonder how regisrars deny their responsibilities. The way I look at it is like keeping property in someone house and when stolen; the cutodian of the house
now, deny knowing the thief. How dear on earth such people think they can prosper.

elevator · May 24, 2016

sorry I forgot to mention my appreciation; thank you very much, you have a very cogent point. Cheers.

Aspiring Billionaire · May 24, 2016

equity78 said:
ICANN pulls in a lot of money from domain investor activities, they should alot some of those funds to having someone responsible in dealing with domain thefts.

It is time for registrars to tell their customers specifically in writing what they will do to recover their stolen assets.

I second your motion @equity78, where to from here?

Perhaps we can have a professional who's educated and experienced (or even currently practicing in law) to assist or advise on what we can do as domain investors to initiate the process of airing our valid concerns.

Even a draft (or some sort of plan) is better than merely exchanging bad experiences and fears among ourselves. Hoping that "Theo from DomainGang.com and @TheLegendaryJP" also have input on "ideas of action" or "ideal solutions" based on their experiences in dealing with matters like these..

Awaiting the next step (eg. petitions).

Regards
Clint

Daniel Mac Sweeney · May 24, 2016

Thank man, I will be putting 2 step verification on my account from now on.! Thanks for the info.

cyc · May 24, 2016

Sorry to hear these kind of news, but we don't know the details here, can't see exactly what is written completely in conversation, so it may sound easy to judge without knowing.

There's a 60 days transfer lock between each registrar change as you know.

So, if domain name was transferred to NameSilo, then it would need 60 days to transfer to Ename.

I wonder how long after the original registrant contacted NameSilo for the issue.

Registrars have a chance to return the transferred domain name for a short period unless there're different situations, if this is lack of responsibility of original registrant, what can registrar do then?

If you have a good asset, you should chose a secure location to keep it, enabling the features that given to you.

DU · May 24, 2016

equity78 said:
There should be clear information detailing what the registrar will do for you if one of your domains are stolen.

What's more important is what they will do to allow you to prevent that theft.

The question is what should they do if you:

Use an expired domain name for your contact address
Use "topsecret" as your password on all systems
Access your email using public wi-fi on a non-secure port
Pass your customer id around like candy
Don't use a tool to monitor the whois
Don't use a domain management service
Wait 90 days to notice something's maybe wrong?

Your domain may be worth $50.000 but registrars are making what <$10 a year from it.

Domainers complain about 60 day locks, they complain about registrars locking them out of their account, having to send id or private information! They complain about passwords being too complicated. You can't have it both ways.

If you have a valuable domain it's your job to protect it.

That said, the solution is not at the registrar level but at the registry level. Time for a domain management/registration overhaul.

Mr. Deleted · May 25, 2016

I recently bought a LLLL.com on ebay that is on Uniregistry, and paid NameSilo for the transfer, then they send me a message that they can not do it for 60 days, and when I said I wish I knew it was in the 60 days transfer time, they send me this message

You may want to ask your current registrar if they will waive the 60-day lock. It is extremely rare, but we have seen it happen a handful of times. Alternatively, you can cancel the transfer and get a refund and then place the order when the lock is lifted.
Thanks,

Rick
NameSilo support

equity78 · May 25, 2016

DU said:
What's more important is what they will do to allow you to prevent that theft.

The question is what should they do if you:

Use an expired domain name for your contact address

Use "topsecret" as your password on all systems

Access your email using public wi-fi on a non-secure port

Pass your customer id around like candy

Don't use a tool to monitor the whois

Don't use a domain management service

Wait 90 days to notice something's maybe wrong?

Your domain may be worth $50.000 but registrars are making what <$10 a year from it.

Domainers complain about 60 day locks, they complain about registrars locking them out of their account, having to send id or private information! They complain about passwords being too complicated. You can't have it both ways.

If you have a valuable domain it's your job to protect it.

That said, the solution is not at the registrar level but at the registry level. Time for a domain management/registration overhaul.

All valid points and no one said that there is not responsibility on the registrant. The post was talking about a detailed answer if it happens. If you leave your car open and it gets stolen, the police will still look into it and tell you their protocol for investigating a stolen car, they don't say you left the door open GFY, or what do you want us to do ?

Just like everything else some registrars will be willing to do more than others and they may just be the registrars people want to do business with over those that do little.

Aspiring Billionaire · May 25, 2016

equity78 said:
All valid points and no one said that there is not responsibility on the registrant. The post was talking about a detailed answer if it happens. If you leave your car open and it gets stolen, the police will still look into it and tell you their protocol for investigating a stolen car, they don't say you left the door open GFY, or what do you want us to do ?

Just like everything else some registrars will be willing to do more than others and they may just be the registrars people want to do business with over those that do little.

I agree with your analogy @equity78, well said.

Going back to my previous note with how we need to go forward from here ...

Seeing as how some of the our more respected and experienced domainers are often in direct contact with (or able to communicate directly with) high-status employees within the employ of some registrars, PLUS adding to the point you've just made about how "some registrars will be willing to do more", how about:

* We kindly request the help and assistance of the well connected "veteran domainers" to approach/make contact with the "who's who" to suggest the implementation of your original post (adding some form of registrant assurance within their terms of service). This way (eg. GoDaddy.com) not only makes industry history in providing the peace-of-mind on the domain industries biggest concern, but also in the process gain a loyal flock of both old and new domain investors for the long term. The "sales pitch" could be in the lines of "it's going to happen at some point, why not take this opportunity to pioneer the service for a better recovery & placement process within the domain industry".

I am in no way saying that all of the wording and legal side of the "terms" are already in place and ready to implement, but that a start be initiated in some respect.

Often times we have no interest in matters that don't affect us, until (or if) it happens to us. I've personally thought that the 2fa NameCheap feature was an inconvenience, but immediately after reading the AQM.COM post, enabled my GoDaddy and other registrar accounts accordingly. This added a little peace of mind, but this is not the bigger concern. $10 per domain adds up, but essentially we pay their bills because without us (collectively of course) they won't exist - a mutual & 2-way dependency.

Hoping that fellow domainers concur?

Regards
Clint

DU · May 25, 2016

equity78 said:
All valid points and no one said that there is not responsibility on the registrant. The post was talking about a detailed answer if it happens. If you leave your car open and it gets stolen, the police will still look into it and tell you their protocol for investigating a stolen car, they don't say you left the door open GFY, or what do you want us to do ?

Just like everything else some registrars will be willing to do more than others and they may just be the registrars people want to do business with over those that do little.

Two different organizations in your analogy. The police will investigate but I'm not sure what your insurance company might say. Warranties and insurance don't typically cover negligence (but positive market image has an impact which is why they mostly pay in the end). In general, to be fair, it's not really negligence but an honest mistake thru phishing or being hacked, etc. That said, if companies are going to start offering recovery services there has to be money in it (whether it's a service add-on, increased rates) with a corresponding terms that remove their expected effort when there's not a lot they can do.

Apply your example to domains - who are the police? Who can understand the nature of the theft and prove it? It's not the registrar. What if the new owner paid for it and has paperwork? Are the original registrar authorized to steal it back? Where's the legal jurisdiction in all of this?

The issue with theft can only be solved through tighter controls which domainers will hate:

Pay additional money to have their domains managed. This is common - why do people leave $xx,xxx names protected by a hotmail address password? It's like leaving your house/car unlocked all the time.
Pay for additional prevention and recovery services at cost. Why would a registrar like NameSilo spend hours of resources on what, to them are two legitimate transactions - in and out? They don't have a relationship with you at all in the instance described. Market opinion notwithstanding.
Enhanced identification requirements to perform maintenance. There is a thread here about Dynadot locking people out of their account and people being furious.

If you employed something like blockchain or private keys your domain would be perfectly protected; however, you could also lose your domain if you throw away the key.

You started the discussion about there needs to be something in the terms. What would you want to see?
What constitutes good effort or a policy that has meaningful value. What promise makes the policy adjustment worthwhile.

I stand by the assertion that the best registrar is the one that best PREVENTS the problem and there are many ways and each has pros/cons: 2-step verification and/or requirement for signed / faxed authorization form and/or use of 256-bit keys for login etc. Are you willing to put your domain under the protection of a private key that is the lone proof of ownership. The only statement I can see of value is a registrar that says we will never transfer ownership of domain without the following items taking place, followed by a list of items that meets your criteria.

equity78 · May 25, 2016

DU said:
Two different organizations in your analogy. The police will investigate but I'm not sure what your insurance company might say. Warranties and insurance don't typically cover negligence (but positive market image has an impact which is why they mostly pay in the end). In general, to be fair, it's not really negligence but an honest mistake thru phishing or being hacked, etc. That said, if companies are going to start offering recovery services there has to be money in it (whether it's a service add-on, increased rates) with a corresponding terms that remove their expected effort when there's not a lot they can do.

Apply your example to domains - who are the police? Who can understand the nature of the theft and prove it? It's not the registrar. What if the new owner paid for it and has paperwork? Are the original registrar authorized to steal it back? Where's the legal jurisdiction in all of this?

The issue with theft can only be solved through tighter controls which domainers will hate:

Pay additional money to have their domains managed. This is common - why do people leave $xx,xxx names protected by a hotmail address password? It's like leaving your house/car unlocked all the time.

Pay for additional prevention and recovery services at cost. Why would a registrar like NameSilo spend hours of resources on what, to them are two legitimate transactions - in and out? They don't have a relationship with you at all in the instance described. Market opinion notwithstanding.

Enhanced identification requirements to perform maintenance. There is a thread here about Dynadot locking people out of their account and people being furious.

If you employed something like blockchain or private keys your domain would be perfectly protected; however, you could also lose your domain if you throw away the key.

You started the discussion about there needs to be something in the terms. What would you want to see?
What constitutes good effort or a policy that has meaningful value. What promise makes the policy adjustment worthwhile.

I stand by the assertion that the best registrar is the one that best PREVENTS the problem and there are many ways and each has pros/cons: 2-step verification and/or requirement for signed / faxed authorization form and/or use of 256-bit keys for login etc. Are you willing to put your domain under the protection of a private key that is the lone proof of ownership. The only statement I can see of value is a registrar that says we will never transfer ownership of domain without the following items taking place, followed by a list of items that meets your criteria.

You keep missing the point and that might be on purpose, I am talking about after a theft. Not what are the best prevention methods, what is and what should never be. Add to the fact that not all thefts are from registrant negligence. Sometimes the registrar employee screws up due to social engineering.

If the answer is we will do nothing, great put that in the terms of service. Tell your customer in the event of a theft, to what lengths you will go, I can't make it any simpler.

If you see no value in that, fine, you are perfectly entitled to that opinion. My belief is there are some that will go farther than others, those would be the registrars worth doing business with IMO.

As I said ICANN needs to step up as well.

DU · May 25, 2016

equity78 said:
You keep missing the point and that might be on purpose, I am talking about after a theft. Not what are the best prevention methods, what is and what should never be.

I'm not missing the point - I'm saying your concern is misplaced. What's the point of worrying about what's too late?

You're worrying about what someone can can recover from a fire after the house has burned down.
I'm saying you're better of worrying about buying a fireproof safe for what you don't want to lose.

A couple of questions people should consider:
If a registrar has great procedures in place to prevent theft why would you worry about their recovery procedures?
If a registrar offered services to protect and insure your domain would you pay for that?

Most importantly for this discussion:

DU said:
You started the discussion about there needs to be something in the terms. What would you want to see? What constitutes good effort or a policy that has meaningful value. What promise makes the policy adjustment worthwhile.

Why not answer that so I can understand what your expectations would be? Or are you literally saying that they should have something like:

DOMAIN Theft
Please re-read the section titled INDEMNITY which says we aren't responsible for anything and won't do squat to help you unless it's so obvious a blind monkey with fingers in its ears could recognize the name was stolen AND we were told within about 30 days which is a window where we could probably still do something without incurring a lot of cost, headache, and pain. We will send an email to Acro too. We will do more but we'll charge you about $100/hr, would that be ok?

You think I'm being a pain but I just the think the whole discussion is framed incorrectly.

equity78 · May 25, 2016

DU said:
I'm not missing the point - I'm saying your concern is misplaced. What's the point of worrying about what's too late?

You're worrying about what someone can can recover from a fire after the house has burned down.
I'm saying you're better of worrying about buying a fireproof safe for what you don't want to lose.

A couple of questions people should consider:
If a registrar has great procedures in place to prevent theft why would you worry about their recovery procedures?
If a registrar offered services to protect and insure your domain would you pay for that?

Most importantly for this discussion:

Why not answer that so I can understand what your expectations would be? My concern is right where I want iOr are you literally saying that they should have something like:

DOMAIN Theft
Please re-read the section titled INDEMNITY which says we aren't responsible for anything and won't do squat to help you unless it's so obvious a blind monkey with fingers in its ears could recognize the name was stolen AND we were told within about 30 days which is a window where we could probably still do something without incurring a lot of cost, headache, and pain. We will send an email to Acro too. We will do more but we'll charge you about $100/hr, would that be ok?

You think I'm being a pain but I just the think the whole discussion is framed incorrectly.

First off I am not really looking for your guidance on where my concern should be. My concern is right where I want it to be.

Secondly now it is you who is off with the analogies. A domain being stolen is not akin to the house burning down as once that is burned down it is gone, stolen domains have been recovered.

No one ever said that people should not have strong passwords, not repeat them, separate email from the registrar then what appears in the Whois, two factor authentication.

What we are discussing in that regard does nothing for someone like @fattee77 who wants to know what's going on with AQM.com ?

There is no universal terms for what happens after a theft. I agree with your points on protection and taking it to the blockchain (though many would find that too complicated and throw away keys etc...) There still are going to be domain thefts and registrars should be able to say what they will do for you on their end.

I have also thought of registrars finding someone to underwrite a policy for domain theft protection, they may make a couple bucks from people who have super valuable domain names.

DU · May 25, 2016

equity78 said:
Secondly now it is you who is off with the analogies. A domain being stolen is not akin to the house burning down as once that is burned down it is gone, stolen domains have been recovered.

Not all domains are recovered. Things can often be recovered from a fire.
No analogy is perfect.

equity78 said:
What we are discussing in that regard does nothing for someone like @fattee77 who wants to know what's going on with AQM.com ?

You gave your blog the title "The Thing That Should Be Added to Every Registrar's Terms of Service" which will do nothing for someone like @fattee77. In your example you quote Namesilo - why should they do anything? How would a term of service even apply when the "owner" is not even a customer?

Don't get bent out of shape because I thought the subject was interesting enough to comment (I thought in a positive discussion way) because I think your point and title is wrong.

equity78 said:
First off I am not really looking for your guidance on where my concern should be. My concern is right where I want it to be.

I wasn't providing guidance I was stating my opinion. I wasn't asking for your opinion on whether you thought I was purposefully missing the point either, so I guess we're even?

I rarely post on these blogs and I'm remembering why.

DU · May 25, 2016

Thought I'd have a do-over:

Great Post Raymond!!! Thanks man.. I'll change my ways for sure.
I agree with everything you say!

equity78 · May 25, 2016

DU said:
I rarely post on these blogs and I'm remembering why.

I know the feeling.

equity78 · May 25, 2016

DU said:
Thought I'd have a do-over:

Great Post Raymond!!! Thanks man.. I'll change my ways for sure.
I agree with everything you say!

Hahahahahaha I have been in too many threads with you for too many years to know that would never be true.

I don't think my post was great, I think it is something needed, because every time I see a domain stolen, the owner never knows what to do, gets a million different stories etc...

DU I am fine with someone saying we won't do much or anything. That way the registrant doesn't sit around having false hope. They can contact a lawyer or some other governing body etc...

DU · May 25, 2016

equity78 said:
I don't think my post was great, I think it is something needed, because every time I see a domain stolen, the owner never knows what to do, gets a million different stories etc...

The substance of this I *do* agree with. Education on the ways to secure assets is definitely lacking. The fact that overall control of names is lacking is a huge issue (names shift across registrars across geographies). I don't think registrars can promise anything more than they do in their fraud determines. That whole subject is something you could tackle quite well with your background in a much more substantive way.

I would encourage you to continue blogging here and ignore me - I actually seek your posts out - but that kind of a post would be and should be a sticky here if you did it. Especially if you got input from the people you know.

Maybe I'll leave on a positive.

DU · May 25, 2016

determines should be department (it's late and I can't edit)

equity78 · May 25, 2016

DU said:
The substance of this I *do* agree with. Education on the ways to secure assets is definitely lacking. The fact that overall control of names is lacking is a huge issue (names shift across registrars across geographies). I don't think registrars can promise anything more than they do in their fraud determines. That whole subject is something you could tackle quite well with your background in a much more substantive way.

I would encourage you to continue blogging here and ignore me - I actually seek your posts out - but that kind of a post would be and should be a sticky here if you did it. Especially if you got input from the people you know.

Maybe I'll leave on a positive.

Dude I never have any problem with the debating back and forth, it is all on topic. And like I said maybe it is a fools errand. Maybe it is just domains get stolen and you take whatever communication they give you. I just think people should know since they are already stressed with the domain gone. ICANN needs to step up and I do think the domain theft insurance is a product that could bring some money in for the registrars.

Always a pleasure chatting, I first thought your account got hacked.

DNScholar · May 25, 2016

Totally new perspective, makes me more attentive to TOS.

pablohc86 · May 25, 2016

I continue to think that for registrars is not hard to get back a domain to the real owner. If there is a case of steal, just ask the actual owner to proof why the transfer happened.

LucidDomains · May 25, 2016

You have a fair point but I think you are being unduly harsh on NameSilo personally.

NameSilo can't reveal the information to a random person no matter who they are claiming to be. Most of my best domains are at NameSilo and I see this is a good sign of protecting our assets.

If you email them asking for information 100 times that they are not at liberty to provide, you will eventually get a testy reply back.

They provided the route which is to go through the original registrar - eNom.

registrars The Thing That Should Be Added to Every Registrar's Terms of Service

Top Member

BrandableInsider.comTop Member

DNCombo.comTop Member

DNCombo.comTop Member

Established Member

DanielMacSweeney.comTop Member

Established Member

Secret SantaTop Member

Slabaugh.com 800-266-2728Top Member

Top Member

Established Member

Secret SantaTop Member

Top Member

Secret SantaTop Member

Top Member

Secret SantaTop Member

Secret SantaTop Member

Top Member

Top Member

Secret SantaTop Member

Secret SantaTop Member

Top Member

DNScholar.comAccount Closed (Disallowed)

Top Member

LucidDomains.comTop Member

Similar threads

We're social

Pinned

Appreciation

Agreement