I'm Bill Hartzer, Director of DNProtect AMA

[bhartzer]

I'm Bill Hartzer, and I am the Director of DNProtect.

I developed the algorithm behind DNP Score, which gives you a free analysis/report of any domain name.

I have also personally dealt with hundreds of stolen domain name cases since DNProtect has been offering the service the past few years.

Ask me anything related to domain name due diligence or stolen domain names.

 

[bmugford]

But I also blame their policies, as well. No one wants to wake up to their email not working and their website down because their domain was stolen.

Can you point to any specific GoDaddy policies, especially ones that are outside industry norms, that might lead to domain theft?

Brad

 

[bhartzer]

It's funny how you give GoDaddy a negative twist indirectly, but ignore all questions about Epik promoting DNProtect as their brand and being aware of that or down playing it all, anyways bro, good luck with everything.

Not badmouthing any registrar in particular, just mentioned that there are stolen domain names from there. I agree with Brad that it's mostly because they have so many registrations. In fact, my contacts at GoDaddy are always very helpful when there are stolen domain names. They take it seriously, and we're able to deal with those cases.

I can't and won't respond to any questions about Epik because I'm not an employee there and have absolutely no insight into what's going on there. I'm not ignoring, I just have NO info to provide. You probably know more about it than I do, as you've most likely been reading more Namepros threads than i have.

 

[Digital Nomad]

Not badmouthing any registrar in particular, just mentioned that there are stolen domain names from there. I agree with Brad that it's mostly because they have so many registrations. In fact, my contacts at GoDaddy are always very helpful when there are stolen domain names. They take it seriously, and we're able to deal with those cases.

I can't and won't respond to any questions about Epik because I'm not an employee there and have absolutely no insight into what's going on there. I'm not ignoring, I just have NO info to provide. You probably know more about it than I do, as you've most likely been reading more Namepros threads than i have.

Question was, let me repeat, were YOU aware, you nor I do not need to have any deep insight into any NamePros threads for that, but only what you were aware of... My guess is you were aware, but can't say because you will get into trouble with mr. Monster, because he is your partner after all.

 

[bhartzer]

Can you point to any specific GoDaddy policies, especially ones that are outside industry norms, that might lead to domain theft?

Brad

Sure, if an email (such as a gmail account) is hacked and the GD account is accessed, 2FA is turned off, all contact details are changed on the account, the domain is pushed to another account, or transferred out.... they say it's not their problem and won't do anything to help.

Yes, the registrar account was not hacked. However, shouldn't a registrar help, in some way, to get the domain back for their customer?

 

[bmugford]

A couple more questions -

Around what percentage of contacts do you receive regarding domain theft that actually involve theft?
I would imagine a large percentage are confused people who simply let a domain expire.

If they did indeed let the domain expire, is that the end of it? Or, do you offer some type of buyer acquisition service to approach the new owner.

Brad

 

[bhartzer]

Question was, let me repeat, were YOU aware, you nor I do not need to have any deep insight into any NamePros threads for that, but only what you were aware of... My guess is you were aware, but can't say because you will get into trouble with mr. Monster, because he is your partner after all.

Was I aware of what specifically?

 

[TCK]

Yes, I've personally dealt with several hundred cases in the past year or so alone. What type would like you to hear? The most common ones? The most outrageous ones?

@bhartzer I want to apologize if my question sounded like I was being facetious. Still trying to discover my voice in writing. You are a stand up guy by dealing with all the comments in a calm and collected professional manner. But it is a genuine question. I think that any stories you can tell will help your marketing by showing how serious the problem is.

 

[bhartzer]

A couple more questions -

Around what percentage of contacts do you receive regarding domain theft that actually involve theft?
I would imagine a large percentage are confused people who simply let a domain expire.

If they did indeed let the domain expire, is that the end of it? Or, do you offer some type of buyer acquisition service to approach the new owner.

Brad

I would say that about 1/3 of what we get are where someone's confused or they let a domain expire. 3/4 are where something 'nefarious' happened, as in they know the domain thief (their former employee, former web designer, or account hacked).

For those who lost the domain name due to expiration, then we give them the options and let them decide:
- wait until the domain expires again
- reach out to the current owner of the domain and try to buy it back
- have us reach out to the current owner
- file a UDRP or URS

 

[Digital Nomad]

Was I aware of what specifically?

Nice deflection, anyways the answer is clear, cheers.

 

[bmugford]

I would say that about 1/3 of what we get are where someone's confused or they let a domain expire. 3/4 are where something 'nefarious' happened, as in they know the domain thief (their former employee, former web designer, or account hacked).

Well, let me break it down ever further.

Roughly what percentage of legit cases of theft that you get are by unknown parties to the owner vs known parties.

So basically, what percent are stolen by a random party via whatever means vs what percent is by an employee, web designer, etc. holding it hostage.

I have had several interactions with people in the past that are in the latter group.
I think it is bad business practice to not have possession of your domain.

Brad

 

[TCK]

@bhartzer Just wondering if you were involved in mitigating the fallout from the Epik hack? And are you aware of any lost or stolen domains from Epik accounts? And lastly, what actions if anything were taken in order to prevent a future hack that you are aware of?

 

[bhartzer]

@bhartzer I want to apologize if my question sounded like I was being facetious. Still trying to discover my voice in writing. You are a stand up guy by dealing with all the comments in a calm and collected professional manner. But it is a genuine question. I think that any stories you can tell will help your marketing by showing how serious the problem is.

OK, here are a few:

Fashion boutique owner has 2 locations, one in NYC and one in LA. They sell in their stores and online (ecommerce). NYC site is on Wix and using ecommerce there. Wix account for NYC store is hacked, domain stolen and transferred to another registrar. I worked with Tucows directly get the domain back. Within a few hours we had a police report filed, TURF signed and notarized, and sent to gaining registrar. Gaining registrar took two weeks to acknowledge it. Site was back up and running 2 weeks after the TURF was filed. Website was down for 2 weeks and the biz owner lost a LOT of sales.

Celebrity goes into T-Mobile store in NYC to upgrade their phone. T-Mobile employee, in the back of the store, makes a copy of the SIM card and then does the upgrade. Employee tries to steal crypto from the celebrity, but the celeb didn't have it tied to 'that' phone, crypto apps installed on their other phone. Hackers couldn't get the crypto so they stole all the celebrity's domain names. It took police reports, T-mobile corporate, two domain registrars, and a web host to get the domains back. I coordinated it all. Charged the celebrity $399 to get the domain names back.

Server hosted at GoDaddy was hacked, the hacker got root access to an IT company's web server. That server had at least 100 domains (perhaps 110 or so as I recall) and sites hosted. Some large client websites. Websites taken down, some remained up and running. All domains transferred to about 5-6 different registrars. It took about a week or so, but finally the last domain was returned. I don't think the IT company lost any clients, but many were furious.

That's only 3, there are so many more... like an insurance company that had their domain stolen, all customer data, records, everything was accessed through the domain (usually a subdomain, for example). Email didn't work for their 50 or so employees. We got the domain back fairly quickly.

 

[bhartzer]

Well, let me break it down ever further.

Roughly what percentage of legit cases of theft that you get are by unknown parties to the owner vs known parties.

So basically, what percent are stolen by a random party via whatever means vs what percent is by an employee, web designer, etc. holding it hostage.

I have had several interactions with people in the past that are in the latter group.
I think it is bad business practice to not have possession of your domain.

Brad

I'd say that it's about 1/3 of the cases where the domain owner knows the domain thief.

 

[bhartzer]

@bhartzer Just wondering if you were involved in mitigating the fallout from the Epik hack? And are you aware of any lost or stolen domains from Epik accounts? And lastly, what actions if anything were taken in order to prevent a future hack that you are aware of?

Not involved in any way with the Epik hack that you are referring to. I am not aware of any domains that were stolen as a result of that.

 

[Future Sensors]

https://golden.com/wiki/EPIK-XM6KZA/activity

 

[Future Sensors]

Bill, I'm also feeling really uncomfortable with this thread by now. I wish you well.

 

[bmugford]

https://golden.com/wiki/EPIK-XM6KZA/activity

I know a lot of this thread has been about Epik, but I will just make this one comment.

Either this was an Epik product, and was advertised that way OR it was not an Epik product, but advertised that way.

I would personally have a huge issue if another company was advertising my company as their product, if it wasn't true.

Brad

 

[equity78]

Bill this was an Epik product correct? Because I came up with the name and owned DNProtect.com which Rob purchased from me years ago.

Rob wrote in 2019

Great input here.
@bhartzer, @DomainGraduate, @Ala Dadan and I are meeting this afternoon to plan out the next steps for the development and commercialization.
This type of co-creation input is super helpful for refining the Minimum Viable Product and getting it live in the market. Fortunately, a lot of pre-work has been done on multiple fronts.
For those who are missing the context, see related posts:
https://www.namepros.com/threads/poll-for-name-protection-product-concept.1155658/
https://www.namepros.com/threads/name-validation-and-name-protection-product-concept.1155026
We are also working on re-insurance partnerships beyond the normal D&O, E&O, General Liability and Cyber Liability coverage. Re-insurance is only needed for catastrophic unrecoverable loss.

https://www.namepros.com/threads/what-are-the-must-have-features-for-dnprotect-com.1156889/

 

[TCK]

I am still scratching my head because this has not been addressed in public. Why the embarrassment of being associated as part of the Epik empire. I own a company and we have a number of brands launched and launching soon. I am extremely proud of each and every brand and will stand on a mountain to scream about the umbrella brand.

 

[bhartzer]

I know a lot of this thread has been about Epik, but I will just make this one comment.

Either this was an Epik product, and was advertised that way OR it was not an Epik product, but advertised that way.

I would personally have a huge issue if another company was advertising my company as their product, if it wasn't true.

Brad

This is where I think the confusion is: Epik Labs, when it existed (I believe it's been shut down? I'm not sure), was an "incubator" of sorts. Epik Labs incubated a lot of different projects; some became Epik products, many didn't. DNProtect was always a 'startup' part of Epik Labs, and was not an Epik "product". DNProtect is no longer associated with Epik.

 

[bhartzer]

https://golden.com/wiki/EPIK-XM6KZA/activity

That's called "link building"... Golden is a part of the Knowledge Graph. I highly recommend adding your organization, your websites, etc. there. Wonder why it was so easy for you to find it in Google? It's a powerful site to get listed on Most likely the result of link building and contributions I made to that site a few years back.

 

[bmugford]

This is where I think the confusion is: Epik Labs, when it existed (I believe it's been shut down? I'm not sure), was an "incubator" of sorts. Epik Labs incubated a lot of different projects; some became Epik products, many didn't. DNProtect was always a 'startup' part of Epik Labs, and was not an Epik "product". DNProtect is no longer associated with Epik.

It is really just semantics anyway. Most people do see your company as a product or service of Epik.
I think it is a reasonable view to have, because it was advertised that way many times.

Regardless, I wish you luck with your company.

Thanks for doing the AMA.

Brad

 

[Future Sensors]

That's called "link building"... Golden is a part of the Knowledge Graph. I highly recommend adding your organization, your websites, etc. there. Wonder why it was so easy for you to find it in Google? It's a powerful site to get listed on Most likely the result of link building and contributions I made to that site a few years back.

I just had the impression that you were breaking some links. But not so.

 

[TCK]

This is where I think the confusion is: Epik Labs, when it existed (I believe it's been shut down? I'm not sure), was an "incubator" of sorts. Epik Labs incubated a lot of different projects; some became Epik products, many didn't. DNProtect was always a 'startup' part of Epik Labs, and was not an Epik "product". DNProtect is no longer associated with Epik.

First of all whether it is or it wasn't, do you feel any association with Epik past or present hurts your brand. I assume DNProtect is your baby. However, when you look at the website you see connections to Epik. For example, link to TrustRatings. Are you going to say TrustRatings is not an Epik brand. What about the competing forum? Is that an Epik brand. Is there a website that clarifies what are Epik brands? Because this is confusing and questions are not being answered straightforwardly. There appears to be gaslighting here.

 

[bhartzer]

First of all whether it is or it wasn't, do you feel any association with Epik past or present hurts your brand. I assume DNProtect is your baby. However, when you look at the website you see connections to Epik. For example, link to TrustRatings. Are you going to say TrustRatings is not an Epik brand. What about the competing forum? Is that an Epik brand. Is there a website that clarifies what are Epik brands? Because this is confusing and questions are not being answered straightforwardly. There appears to be gaslighting here.

Personally, I don't think association with Epik hurt the DNProtect brand. The website needs to be updated, and the new version of the site should roll out soon. I don't know anything about the status of any other brands, products, etc.. I'm not an employee, staff, or associated anymore. If I knew anything I would tell you.

This is the last post I'm going to make that mentions Epik. It's not the point of this thread anyway, I would rather spread my knowledge here about stolen domain names and protecting them.