DAN.COM Domain Marketplace (Official Thread)

[DAN.COM]

DAN.COM (formerly known as Undeveloped.com) is on a path to be become the biggest domain marketplace in the world. We use state of the art technology to solve everyday problems buyers and sellers in the domain industry face. At DAN.COM we focus on automating most processes required to buy & sell domains to increase a more efficient and active secondary market for domains.

What sets us apart is our strong focus on product development and customer satisfaction. We leave nothing to chance and every single feature and element we introduce is professionally and carefully designed and built.

DAN.COM is ranked in the top 5 best-rated marketplaces in the world (According to the biggest review platform Trustpilot) and in the domain industry, we're the domain marketplace with the highest rating with an average of 9,4 out of 10 points.

At DAN.COM you will get the highest value for the lowest commission around. Due to our domain transfer automation, we can offer significantly faster handling of domain transactions and payouts (usually within 24 hours) at the lowest fee charged by any domain marketplace.

We've been the first on many fronts and proudly will continue to keep innovating. We were the first to offer optimized for sale pages since 2013, the first to provide payment plans in the form of lease to own and rentals and also the first and only domain marketplace offering free SSL on all domains parked with us for over a year now.

Read more about DAN and our future plans here: https://blog.undeveloped.com/a-big-leap-forward-3a3cc59ed418

This thread is created to act as an informal communication board between the DAN team and the domain community. Feel free to post feedback here and to discuss how you use DAN.

What this thread is not meant for is support. Please contact our support team here: [email protected] when you need assistance.

Previous reviews under old brand: https://www.namepros.com/threads/undeveloped-com-experience.893201/

 

[LaszloSchenk]

I noticed your for sale/ lease box on right side, floats to bottom of page now, covering part of footer than has contact info etc

Good morning @MasterOfMyDomains,

Thank you for informing us.

Could you send me a private message with some additional details on what device was used and a printscreen?

I look forward to hearing from you.

 

[LaszloSchenk]

I understand that Dan needs my name, email and phone number. They are a registered company, they have a privacy policy, great.
However when I want to buy a domain on Dan from a seller here on Namepros, then I have to share my name, email and phone number first with the unknown seller, because the seller needs to input my details on that "add new lead" form. And this unknown seller is most likely a private individual without any privacy policy. My problem comes from this, why am I forced to share my private details with the seller?

Dear @Charybdis,

Thank you for raising this question.

As a seller, you have the option to import leads or transactions to move a negotiation or sale to a safe environment. As a buyer, you do not have an account with Dan.com but only are required to leave your:
- Name
- Email
- Phone number

Without these details and particularly the email we could not notify the buyer of any proceedings. The email is required to inform a buyer of new offers, payment, or transfer instructions. In addition, the phone number is required for our account managers to follow up on your clients when for example payment or transfer is stalled by them. The minimum contact details are required for us to ensure a smooth and efficient process of imported transactions and negotiations.

Best regards,

 

[alcy]

I understand that Dan needs my name, email and phone number. They are a registered company, they have a privacy policy, great.
However when I want to buy a domain on Dan from a seller here on Namepros, then I have to share my name, email and phone number first with the unknown seller, because the seller needs to input my details on that "add new lead" form. And this unknown seller is most likely a private individual without any privacy policy. My problem comes from this, why am I forced to share my private details with the seller?

its just some starting details..they gotta checkout later on their own etc.

just put 1111111 for

Dear @Charybdis,

Thank you for raising this question.

As a seller, you have the option to import leads or transactions to move a negotiation or sale to a safe environment. As a buyer, you do not have an account with Dan.com but only are required to leave your:
- Name
- Email
- Phone number

Without these details and particularly the email we could not notify the buyer of any proceedings. The email is required to inform a buyer of new offers, payment, or transfer instructions. In addition, the phone number is required for our account managers to follow up on your clients when for example payment or transfer is stalled by them. The minimum contact details are required for us to ensure a smooth and efficient process of imported transactions and negotiations.

Best regards,

furthermore the previous poster may want to note that if buyer not willing to share anything other than his email which may happen... u still will not deny an add lead that for instance says not available in the name or phone fields.

in other words... the email is the one crucial thing for sale to move on.

 

[Charybdis]

Dear @Charybdis,

Thank you for raising this question.

As a seller, you have the option to import leads or transactions to move a negotiation or sale to a safe environment. As a buyer, you do not have an account with Dan.com but only are required to leave your:
- Name
- Email
- Phone number

Without these details and particularly the email we could not notify the buyer of any proceedings. The email is required to inform a buyer of new offers, payment, or transfer instructions. In addition, the phone number is required for our account managers to follow up on your clients when for example payment or transfer is stalled by them. The minimum contact details are required for us to ensure a smooth and efficient process of imported transactions and negotiations.

Best regards,

"As a buyer, you do not have an account with Dan.com" - but what if I do? You are asking some questions on the lead form and on the checkout form, all these pieces of information are already available in my account (including my billing details). It is a hassle to fill in everything again and again. The "add new lead" form should have an option to enter a DAN account ID, and then the account owner would receive an email notification about the new lead. If you don't want to force buyers to create a dan.com account, then the DAN account ID could be optional.

Now I figured out that I should use a throwaway email, a fake phone number and a fake name, I send these details to the seller for the new lead form, and then when I receive the transaction link from Dan, I can edit all my information anyway, and then I can enter my real information on the form.

Question: if I send fake details to the seller, and then later I add my real information on the Dan checkout form, then what will you share exactly with the seller? Then will the seller still see my real contact details?

But I think the solution should be to force both buyers and sellers to create a dan.com account first, I will tell you why:

your domain transfer process is not 100% secure now because you send out the link to the domain name transfer conversation between Dan and the buyer in unencrypted email.

The transfer conversation page uses secure SSL, however the email containing the unique link to the transfer conversation is an unencrypted email, and the domain name transfer conversation link is not protected by password. If an attacker cracks the network traffic, then the attacker can get the unencrypted email, open the link in it, and then the attacker can enter his/her details required for the transfer or push, or the attacker can use the auth code, and at this point you might transfer the domain ownership to the attacker.

The only good solution would be to force the buyer to create a dan.com account first. The buyer should then enable two-factor authentication for maximum security. Then the seller will use the account ID of the buyer to create a new lead. The buyer would receive an email notification about the new lead, but this would be only an email notification. Then the buyer should login to the dan.com account, and the domain name transfer conversation should be available only in the account, after logging in.

That way even if an attacker can get the notification email, then it is not enough, because the attacker would also need to hack into the buyer's dan account, guessing the username, password, and then cracking the two-factor authentication, which is nearly impossible.

There are programs which can decrypt the network traffic if that network traffic is unencrypted. Imagine the following situation: the buyer and the attacker are sitting at the same cafe, using the Wifi network of that cafe. Buyer receives the domain transfer conversation email from Dan. Attacker is running the software which decrypts the network traffic of the cafe's public Wifi in real time. Then the attacker can get the full email from dan, and now the attacker has the link to the domain transfer conversation and then the attacker can enter his/her own details required for the domain transfer.

 

[alcy]

"As a buyer, you do not have an account with Dan.com" - but what if I do? You are asking some questions on the lead form and on the checkout form, all these pieces of information are already available in my account (including my billing details). It is a hassle to fill in everything again and again. The "add new lead" form should have an option to enter a DAN account ID, and then the account owner would receive an email notification about the new lead. If you don't want to force buyers to create a dan.com account, then the DAN account ID could be optional.

Now I figured out that I should use a throwaway email, a fake phone number and a fake name, I send these details to the seller for the new lead form, and then when I receive the transaction link from Dan, I can edit all my information anyway, and then I can enter my real information on the form.

Question: if I send fake details to the seller, and then later I add my real information on the Dan checkout form, then what will you share exactly with the seller? Then will the seller still see my real contact details?

But I think the solution should be to force both buyers and sellers to create a dan.com account first, I will tell you why:

your domain transfer process is not 100% secure now because you send out the link to the domain name transfer conversation between Dan and the buyer in unencrypted email.

The transfer conversation page uses secure SSL, however the email containing the unique link to the transfer conversation is an unencrypted email, and the domain name transfer conversation link is not protected by password. If an attacker cracks the network traffic, then the attacker can get the unencrypted email, open the link in it, and then the attacker can enter his/her details required for the transfer or push, or the attacker can use the auth code, and at this point you might transfer the domain ownership to the attacker.

The only good solution would be to force the buyer to create a dan.com account first. The buyer should then enable two-factor authentication for maximum security. Then the seller will use the account ID of the buyer to create a new lead. The buyer would receive an email notification about the new lead, but this would be only an email notification. Then the buyer should login to the dan.com account, and the domain name transfer conversation should be available only in the account, after logging in.

That way even if an attacker can get the notification email, then it is not enough, because the attacker would also need to hack into the buyer's dan account, guessing the username, password, and then cracking the two-factor authentication, which is nearly impossible.

There are programs which can decrypt the network traffic if that network traffic is unencrypted. Imagine the following situation: the buyer and the attacker are sitting at the same cafe, using the Wifi network of that cafe. Buyer receives the domain transfer conversation email from Dan. Attacker is running the software which decrypts the network traffic of the cafe's public Wifi in real time. Then the attacker can get the full email from dan, and now the attacker has the link to the domain transfer conversation and then the attacker can enter his/her own details required for the domain transfer.

since u are the only one ever talking about this then obviously it's not really an issue.. as I said just make sure the email is good and everything will move on from there...

 

[Future Sensors]

"As a buyer, you do not have an account with Dan.com" - but what if I do? You are asking some questions on the lead form and on the checkout form, all these pieces of information are already available in my account (including my billing details). It is a hassle to fill in everything again and again. The "add new lead" form should have an option to enter a DAN account ID, and then the account owner would receive an email notification about the new lead. If you don't want to force buyers to create a dan.com account, then the DAN account ID could be optional.

Now I figured out that I should use a throwaway email, a fake phone number and a fake name, I send these details to the seller for the new lead form, and then when I receive the transaction link from Dan, I can edit all my information anyway, and then I can enter my real information on the form.

Question: if I send fake details to the seller, and then later I add my real information on the Dan checkout form, then what will you share exactly with the seller? Then will the seller still see my real contact details?

But I think the solution should be to force both buyers and sellers to create a dan.com account first, I will tell you why:

your domain transfer process is not 100% secure now because you send out the link to the domain name transfer conversation between Dan and the buyer in unencrypted email.

The transfer conversation page uses secure SSL, however the email containing the unique link to the transfer conversation is an unencrypted email, and the domain name transfer conversation link is not protected by password. If an attacker cracks the network traffic, then the attacker can get the unencrypted email, open the link in it, and then the attacker can enter his/her details required for the transfer or push, or the attacker can use the auth code, and at this point you might transfer the domain ownership to the attacker.

The only good solution would be to force the buyer to create a dan.com account first. The buyer should then enable two-factor authentication for maximum security. Then the seller will use the account ID of the buyer to create a new lead. The buyer would receive an email notification about the new lead, but this would be only an email notification. Then the buyer should login to the dan.com account, and the domain name transfer conversation should be available only in the account, after logging in.

That way even if an attacker can get the notification email, then it is not enough, because the attacker would also need to hack into the buyer's dan account, guessing the username, password, and then cracking the two-factor authentication, which is nearly impossible.

There are programs which can decrypt the network traffic if that network traffic is unencrypted. Imagine the following situation: the buyer and the attacker are sitting at the same cafe, using the Wifi network of that cafe. Buyer receives the domain transfer conversation email from Dan. Attacker is running the software which decrypts the network traffic of the cafe's public Wifi in real time. Then the attacker can get the full email from dan, and now the attacker has the link to the domain transfer conversation and then the attacker can enter his/her own details required for the domain transfer.

Hi @Charybdis

First of all, I want to congratulate you, because you think from a security point of view.

I have a few remarks though.

DAN is using an external email provider mandrillapp.com (Mailchimp) for sending out emails about imported leads to the buyer. Mandrillapp is using strong TLS encryption for sending emails to the receiving SMTP server, if the receiving SMTP server also supports SMTP with STARTTLS. They also use DKIM signatures.

I'm not sure where you're seeing unencrypted network traffic as you mention above. Maybe your receiving SMTP server is not configured securely. I recommend choosing a more secure email provider, because all email you receive through that SMTP server has been sent unencrypted to that server. Not only email from DAN.

One general consideration for DAN may be to avoid using too many third party providers when transmitting sensitive information to customers.

Requiring any potential buyer to configure 2FA for a domain purchase is almost certainly going to kill the deal. But I do agree with you in general, that this can be part of better account security.

The story about using public Wi-Fi in the same cafe may be theoretical and even practical correct (I can wholeheartedly recommend the book Wi-Foo on this subject), but it is not very likely to happen.

As mentioned, the network traffic between the mail servers is encrypted. The person using public Wi-Fi can use numerous secure and insecure ways to access websites and read their email, but I think it would go too far to discuss the many attack vectors of using public Wi-Fi, or other ways insecure communications can happen at many other levels. There are many thousands of attack vectors here. The most important factor is still the human being.

I agree with your proposal that first creating a buyer account, and providing the account ID to the seller, can make it easier for imported leads. This may certainly be an improvement when implemented wisely, also security wise.

 

[Charybdis]

Hi @Charybdis

DAN is using an external email provider mandrillapp.com (Mailchimp) for sending out emails about imported leads to the buyer. Mandrillapp is using strong TLS encryption for sending emails to the receiving SMTP server, if the receiving SMTP server also supports SMTP with STARTTLS. They also use DKIM signatures.

I'm not sure where you're seeing unencrypted network traffic as you mention above. Maybe your receiving SMTP server is not configured securely. I recommend choosing a more secure email provider, because all email you receive through that SMTP server has been sent unencrypted to that server. Not only email from DAN.

I am talking about this issue in general, I think I use a secure email provider.

Not every email server supports proper encryption. If the receiving email server doesn't use a proper encryption, then the sender cannot send the email in encrypted form.

The first point of the possible attack is when Dan sends out the email to the email server of the buyer.

The next issue is when the buyer opens that email. If the buyer hasn't configured the email client properly or the email server is not configured properly, then it is possible that the network traffic won't be encrypted between the buyer's computer and the buyer's email server.

Anyway, it is security 101 that you shouldn't send out sensitive data in unencrypted emails. The link to the conversation where the buyer can enter the transfer details is sensitive information.

The domain name transfer conversation should be protected by password. So the easiest way is to force the buyer to create a free dan.com account.

Two-factor authentication: no, don't force the buyer to configure the two-factor authentication, it should be optional like now. The buyer can decide whether to configure the two-factor auth first or not.

 

[alcy]

I am talking about this issue in general, I think I use a secure email provider.

Not every email server supports proper encryption. If the receiving email server doesn't use a proper encryption, then the sender cannot send the email in encrypted form.

The first point of the possible attack is when Dan sends out the email to the email server of the buyer.

The next issue is when the buyer opens that email. If the buyer hasn't configured the email client properly or the email server is not configured properly, then it is possible that the network traffic won't be encrypted between the buyer's computer and the buyer's email server.

Anyway, it is security 101 that you shouldn't send out sensitive data in unencrypted emails. The link to the conversation where the buyer can enter the transfer details is sensitive information.

The domain name transfer conversation should be protected by password. So the easiest way is to force the buyer to create a free dan.com account.

Two-factor authentication: no, don't force the buyer to configure the two-factor authentication, it should be optional like now. The buyer can decide whether to configure the two-factor auth first or not.

hmmm I'm starting to get the picture... do watch out for that lightning strike when u step out yer doorway too.

 

[Future Sensors]

I am talking about this issue in general, I think I use a secure email provider.

Not every email server supports proper encryption. If the receiving email server doesn't use a proper encryption, then the sender cannot send the email in encrypted form.

The first point of the possible attack is when Dan sends out the email to the email server of the buyer.

The next issue is when the buyer opens that email. If the buyer hasn't configured the email client properly or the email server is not configured properly, then it is possible that the network traffic won't be encrypted between the buyer's computer and the buyer's email server.

Anyway, it is security 101 that you shouldn't send out sensitive data in unencrypted emails. The link to the conversation where the buyer can enter the transfer details is sensitive information.

The domain name transfer conversation should be protected by password. So the easiest way is to force the buyer to create a free dan.com account.

Two-factor authentication: no, don't force the buyer to configure the two-factor authentication, it should be optional like now. The buyer can decide whether to configure the two-factor auth first or not.

I'm still curious where you are seeing the unencrypted network traffic, when you say you're using a secure email provider. Do they provide SMTP with STARTTLS, or don't they/you?

You're right that email is not 100% secure. You have the sending and transmission part, the processing part, the filtering part with potential uploads to other parties, the storage part, the way email is fetched from the server. And still the world uses email. But please use SMTP with STARTTLS.

Even when you require your buyer to create a secure DAN account first, the determined attacker (with access to email of the victim) can still ask for a password reset, receive it through email of the victim, and proceed from there.

 

[Charybdis]

I'm still curious where you are seeing the unencrypted network traffic, when you say you're using a secure email provider. Do they provide SMTP with STARTTLS, or don't they/you?

You're right that email is not 100% secure. You have the sending and transmission part, the processing part, the filtering part with potential uploads to other parties, the storage part, the way email is fetched from the server. And still the world uses email. But please use SMTP with STARTTLS.

Even when you require your buyer to create a secure DAN account first, the determined attacker can still ask for a password reset, receive it through email of the victim, and proceed from there.

I was talking about email security in general. The only secure way to send out sensitive information in an email is to encrypt the body of the email (and the attachments if any). But then you need the public cryptography key of the buyer to encrypt the email with the public key, and then the receiver must decrypt it, so it would be a hassle.

If you don't want to encrypt the full email then the only secure solution is to not send out any sensitive data in the email.

You are right about the security issue with the password reset link, however it can be solved by turning on the two factor authentication. Even if an attacker manages to get the password via the password reset option, then the attacker would still need to enter the second factor in addition to the password.

In summary, here is the most secure way to handle the domain transfer:
Protect the domain transfer conversation link with password and with an optional two-factor authentication, so the transfer conversation should only be available inside the dan.com account, while logged in.

 

[Future Sensors]

I was talking about email security in general. The only secure way to send out sensitive information in an email is to encrypt the body of the email (and the attachments if any). But then you need the public cryptography key of the buyer to encrypt the email with the public key, and then the receiver must decrypt it, so it would be a hassle.

If you don't want to encrypt the full email then the only secure solution is to not send out any sensitive data in the email.

You are right about the security issue with the password reset link, however it can be solved by turning on the two factor authentication. Even if an attacker manages to get the password via the password reset option, then the attacker would still need to enter the second factor in addition to the password.

In summary, here is the most secure way to handle the domain transfer:
Protect the domain transfer conversation link with password and with an optional two-factor authentication, so the transfer conversation should only be available inside the dan.com account, while logged in.

But we had just agreed that 2FA would kill the potential sale...

Where did you see the unencrypted traffic, btw?

 

[Charybdis]

But we had just agreed that 2FA would kill the potential sale...

Where did you see the unencrypted traffic, btw?

You don't get my point, I said that 2FA should be optional like now. If the buyer wants extra security, then the buyer can turn it on, but it is not necessary.

I don't see any unencrypted traffic, my email server is secure. But not every email server is the same.

And even if the traffic itself is encrypted, the email itself is not encrypted, unless you encrypt the full email locally first, before sending it out. But then you would need the public key of the recipient.

The email server and external services such a spam checker can still access the content of the full email if the email itself is not encrypted.

Again, the only secure way to send out sensitive information in an email is to encrypt the full email locally first before sending it out, or to not include any sensitive information in the email at all.

 

[Future Sensors]

You don't get my point, I said that 2FA should be optional like now. If the buyer wants extra security, then the buyer can turn it on, but it is not necessary.

I don't see any unencrypted traffic, my email server is secure. But not every email server is the same.

And even if the traffic itself is encrypted, the email itself is not encrypted, unless you encrypt the full email locally first, before sending it out. But then you would need the public key of the recipient.

The email server and external services such a spam checker can still access the content of the full email if the email itself is not encrypted.

Again, the only secure way to send out sensitive information in an email is to encrypt the full email locally first before sending it out, or to not include any sensitive information in the email at all.

The good thing is that technically I agree with a lot of what you are saying.

I like encryption a lot, on all levels.

It is not always workable commercially for the masses. You also mention this yourself

 

[Charybdis]

The good thing is that technically I agree with a lot of what you are saying.

I like encryption a lot, on all levels.

It is not always workable commercially for the masses. You also mention this yourself

I agree that encrypting the full email locally is not a good idea, too complicated.

That's why the only solution should be to force the buyer to create a free dan.com account and move the entire domain name transfer conversation link behind the member-only password and 2FA-protected area.

 

[LaszloSchenk]

"As a buyer, you do not have an account with Dan.com" - but what if I do? You are asking some questions on the lead form and on the checkout form, all these pieces of information are already available in my account (including my billing details). It is a hassle to fill in everything again and again. The "add new lead" form should have an option to enter a DAN account ID, and then the account owner would receive an email notification about the new lead. If you don't want to force buyers to create a dan.com account, then the DAN account ID could be optional.

Now I figured out that I should use a throwaway email, a fake phone number and a fake name, I send these details to the seller for the new lead form, and then when I receive the transaction link from Dan, I can edit all my information anyway, and then I can enter my real information on the form.

Question: if I send fake details to the seller, and then later I add my real information on the Dan checkout form, then what will you share exactly with the seller? Then will the seller still see my real contact details?

But I think the solution should be to force both buyers and sellers to create a dan.com account first, I will tell you why:

your domain transfer process is not 100% secure now because you send out the link to the domain name transfer conversation between Dan and the buyer in unencrypted email.

The transfer conversation page uses secure SSL, however the email containing the unique link to the transfer conversation is an unencrypted email, and the domain name transfer conversation link is not protected by password. If an attacker cracks the network traffic, then the attacker can get the unencrypted email, open the link in it, and then the attacker can enter his/her details required for the transfer or push, or the attacker can use the auth code, and at this point you might transfer the domain ownership to the attacker.

The only good solution would be to force the buyer to create a dan.com account first. The buyer should then enable two-factor authentication for maximum security. Then the seller will use the account ID of the buyer to create a new lead. The buyer would receive an email notification about the new lead, but this would be only an email notification. Then the buyer should login to the dan.com account, and the domain name transfer conversation should be available only in the account, after logging in.

That way even if an attacker can get the notification email, then it is not enough, because the attacker would also need to hack into the buyer's dan account, guessing the username, password, and then cracking the two-factor authentication, which is nearly impossible.

There are programs which can decrypt the network traffic if that network traffic is unencrypted. Imagine the following situation: the buyer and the attacker are sitting at the same cafe, using the Wifi network of that cafe. Buyer receives the domain transfer conversation email from Dan. Attacker is running the software which decrypts the network traffic of the cafe's public Wifi in real time. Then the attacker can get the full email from dan, and now the attacker has the link to the domain transfer conversation and then the attacker can enter his/her own details required for the domain transfer.

Good morning,

Thank you for your feedback.

As of now, buyers do not have an account with us. We only provide seller accounts while buyers can buy domains barrier-free. We found that reducing the barriers to buying domains by not forcing users to create an account had a positive effect on the go-through rate. The account you are referring to as a seller cannot be used for buying purposes.

That being said, we do have plans to establish buyer accounts in the future. This should also solve the problems you have encountered with the lead/transaction importer.

Regarding the usage of fake details, the seller will only see the email and phone number you have provided for importing the transaction. All contact details you provide in step 1 of your checkout are not visible to the seller and are there for internal use only.

Have a great day.

 

[blockhead]

DAN has been down for how long now??

What's going on? Expected to see something here.

Seems like all my parked domains just don't resolve now, can't access dashboard or anything....Yikes!

 

[LaszloSchenk]

DAN has been down for how long now??

What's going on? Expected to see something here.

Seems like all my parked domains just don't resolve now, can't access dashboard or anything....Yikes!

Good morning @cbd,

We have experienced no downtime nor received any notice besides yours. I have asked our product team to look into it and received a confirmation that there indeed was no downtime on the platform.

Are you still unable to reach our landing pages?

 

[krishmk]

Questions

a) For Seller Account - how to enable cypto-currency withdrawals? Its disabled...

b) If I import a lead into your system and if the buyer decides to pay by BTC - does the buyer need to do KYC? anything else required apart from the payment?

 

[Maxxo]

Hi DAN team,
@LaszloSchenk

We have a sale pending for a domain via DAN and trying to complete the transaction via 'push' to DAN escrow at Dynadot. What is the correct profile name to use in the field on the Dynadot push form where it says "Recipient Forum Name"? Is this your Dynadot profile? https://www.dynadot.com/user/dan

See screenshot:

https://imgur.com/cLjHUNy

If so I might be a nice idea to put something on your profile page like profile image and something indicating it is the official DAN escrow profile. It's all very simple stuff when you are familiar with the transaction process selling a domain via DAN but for the first time seller we need no doubt about the correct way to complete transfers to avoid any mistakes.

Thanks!

 

[Maxxo]

Here's another screenshot. No info about dan.com?

 

[LaszloSchenk]

Questions

a) For Seller Account - how to enable cypto-currency withdrawals? Its disabled...

b) If I import a lead into your system and if the buyer decides to pay by BTC - does the buyer need to do KYC? anything else required apart from the payment?

Good morning Krishmk,

Thank you for raising these questions.

In order to enable BTC payouts, you need to get verified. This is done once you have a payment pending. If you have a payout pending please contact our chat support or [email protected] to get the required instructions.

When it comes to buyers, they can pay with BTC at any given time. Only from a certain transaction value is KYC required.

Have a great weekend ahead.

 

[Charybdis]

Good morning,

Thank you for your feedback.

As of now, buyers do not have an account with us. We only provide seller accounts while buyers can buy domains barrier-free. We found that reducing the barriers to buying domains by not forcing users to create an account had a positive effect on the go-through rate. The account you are referring to as a seller cannot be used for buying purposes.

That being said, we do have plans to establish buyer accounts in the future. This should also solve the problems you have encountered with the lead/transaction importer.

Regarding the usage of fake details, the seller will only see the email and phone number you have provided for importing the transaction. All contact details you provide in step 1 of your checkout are not visible to the seller and are there for internal use only.

Have a great day.

I understand that not forcing buyers to create an account increases the conversion rate, but then make it optional: buyers could create an optional dan.com account (I think the same account could be used for both a seller and buyer account).

Because it would be much better for buyers to create an account first, before buying a domain:
- increased security: I mentioned the issue with sending out the transaction links via email above, buyer accounts could solve this problem: if the buyer has an account, then the domain name transfer conversation would be only available inside the password-protected buyer account,
- in case of a registered buyer you could auto-populate the fields on the checkout form.

So I figured out how to use the "add new lead" as a buyer: I should send a throwaway single-use email, a fake name and a fake phone number to the seller, and then I should enter my real details only during the checkout. But the current "add new lead" option is not good, because currently buyers share their private details (name, email, phone number) with the seller, and it is unnecessary. I didn't know that in fact I could send fake details to the seller for the "add new lead" and I shared my real details with the seller, which was unnecessary. The sellers don't have a proper privacy policy. Please change the current behavior of the "add new lead" form: email address should be perfectly enough for the sellers to create the transaction. And then the buyers can enter any additional required details during the checkout, which should be visible only to Dan.com.

 

[Jurgen Wolf]

Views column is not updating again a few days...

 

[Jurgen Wolf]

And I can confirm that 0 agents on Sunday but LiveChat shows the misleading statement about the reply under 10 minutes...

 

[tomcarl]

Couldn't help but notice and agree one person's complaint on TP feedback...

2021, people at home, lockdown...shouldn't there be a 6-day business week, full operation for a digital marketplaces at this time? Not just Dan, but all digital marketplaces. Busiest times for Amazon/eBay.

Doors close/operations cease for 2 days everywhere in the domain world 'cause it's the weekend?