Discuss your Epik Experience!

[Dandelion]

I think Epik is building the best ever Domain Lander in the history of domaining, and it really needs to be talked about extensively. That's why I am creating this discussion thread. A lot of thought process really goes into the project. And I can see (for the first time) a landing page that is built from the stand point of domainers rather than for just the marketplace itself.

Everything you have ever dreamt of getting or seeing in a professional landing page can be found in the new Epik marketplace landing page design.

Some of my Favorites Features:

1. The ability to optimize your "domain for sale" landing page to actually rank on Google, displaying your sales pitch/domain description. I just did that with few of my generic domain names such as ASAP.TV, targeting certain keywords, and they are showing pretty well on Google. That's a huge plus in my marketing effort.

2. Being able to change background image is another huge one for me. If you are good with pictures and images, you will surely find this very useful. I did that with Nagasaki.org and the result was truly amazing, showing the city of Nagasaki right at the background.

There are too many positive features and I don't want to mention all of them, all alone

So I am leaving you guys to share and discuss what you loves most or dislike about the new Epik marketplace and the landing pages.

The only negative for me is the checkout process. There are too many terms and conditions buttons to tick before checking out. It will be nice if they can streamline those into one beautiful big button

They also need to place the checkout button directly under the payment options. Right now it is awkwardly place somewhere below at the sidebar, which I don't find cool at all.

Sales experience is also welcomed in this discussion. I haven't had any sells so far at Epik because I started using the marketplace just recently, but the future is looking so bright.

 

[7363824]

EPIK sent me an email about my domain name that someone made an offer for "ONE PENNY".....

Well I'll double that offer.

 

[Gube]

EPIK sent me an email about my domain name that someone made an offer for "ONE PENNY".....

Feel free to add a minimum offer amount, You can edit it in Bulk too
Personally, I did set my minimum offer to 50$

Gube

 

[Gube]

so, i suppose no one wants to be notified when/if his Epik account is pwned...
no problem, we'll get a "transferred out" email after the point of no return is already passed, why bother

can Epik and @Rob Monster please comment on this too

i personally do not feel safe enough unless i get those emails immediately after my acc been accessed

i would def not keep my most valuable names with the registrar which does not offer this dead simple security feature (Namesilo )


Show attachment 138265

Good point.
We will review what we can do with the team. Security is a big concern for us and risking any domain is not something we can afford, therefore, actions will be taken to ensure the platform stays safe for everyone.

Regarding account security, You can enable 2FA from here : https://registrar.epik.com/account/security/
On this page, it's also possible to enable IP whitelisting.
It's already a great way to limit risks related to your account being accessed by 3rd parties

Gube

 

[Rob Monster]

so, i suppose no one wants to be notified when/if his Epik account is pwned...
no problem, we'll get a "transferred out" email after the point of no return is already passed, why bother

can Epik and @Rob Monster please comment on this too

i personally do not feel safe enough unless i get those emails immediately after my acc been accessed

i would def not keep my most valuable names with the registrar which does not offer this dead simple security feature (Namesilo )


Show attachment 138265

@Gube gave a a good answer on this one already. As far as I know, we do have the most compete security solution of the industry. That being said, the idea of being able to be notified when your account is accessed is a reasonable request. So, we'll discuss with @vitigo about adding an alert where you can choose between SMS and email for receiving an alert. It is not the best security feature but fine to add it for peace of mind of those who find such access alerts to be useful. If folks agree this feature is useful, press LIKE on either 4pm's post or this post. If there are 10 likes for that feature, we'll see if we can add it next week.

 

[4pm]

Regarding account security, You can enable 2FA from here : https://registrar.epik.com/account/security/

...and what happens if i lose my phone with all that 2FA sms/authenticator stuff?
what about non-US phone numbers - can you guarantee timely SMS delivery, ...or will they be delivered at all? not really, lets face it

On this page, it's also possible to enable IP whitelisting.
It's already a great way to limit risks related to your account being accessed by 3rd parties

...and how many of us got a static IP?
instead, many of us travel alot, so you kidding me with this IP whitelisting, right?

***

do you really think Namesilo, Porkbun, Name.com are less competent in online security, why?

Name.com:

Porkbun:

 

[Gube]

...and what happens if i lose my phone with all that 2FA sms/authenticator stuff?
what about non-US phone numbers - can you guarantee timely SMS delivery, ...or will they be delivered at all? not really, lets face it

Our sms providers are quite reliable, and in case one provider is not able to send the sms in a proper time frame, the request is sent to the other provider.
In case of any issue, our support team is available 24/7, there is always someone to help if needed

Gube

 

[4pm]

As far as I know, we do have the most compete security solution of the industry.

Where did you get that info from?
Have you ever did independent security audit?
Which company did that?

I think all you know about your security comes from your developers. Right?

You load at least 3 resources from 3rd party domains - is what i see on my dashboard page:

2 json files from federatedidentity.com
1 js file from zendesk.com

not mentioning a gif from domaining.com

all above are security holes.
because you don't control those domains.
that's 101 of online security.
i would question your devs competence.


PS. jquery in 2019, really?? do you outsource development to 3rd world countries??

 

[4pm]

Our sms providers are quite reliable, and in case one provider is not able to send the sms in a proper time frame, the request is sent to the other provider.
In case of any issue, our support team is available 24/7, there is always someone to help if needed

Gube

nothing in this world is as reliable as email or messengers
sms can be easily intercepted (SS7)
first google link https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin

 

[4pm]

look
i like epik and i transferred like 40 names there already
but you should really take security seriously

especially if you sell yourself as a
The SWISS BANK of domains

thats what i basically wanted to say

 

[7363824]

The IP whitelisting is nice but it is true most internet users have have dynamic IPs. Could be cool if I could put a hostname from a dynamic DNS provider on the whitelist which would treat whatever IP that resolves to as whitelisted.

Also as far as 2FA personally I really like to see support for hardware security keys (U2F) as that's more convenient and secure than even TOTP (the 6 digit code from an app) and as pointed out way more secure than SMS based two factor which is almost trivial to intercept by someone who knows what they are doing.

And certainly l would hope there is a robust secure practice around dealing someone who can no longer get in to their account because of the IP restriction or 2FA. Like make me send in a copy of my driver's license that has to match the name/address on the account.

To Rob's point about the email, once they are in it's already too late so I am actually glad to see an emphasis on preventing them from getting in at all. That said yes email notifications are trivial to add.

 

[twiki]

Quick question:

Can you add to the Epik Marketplace, domains from other registrars?

X

 

[Rob Monster]

Quick question:

Can you add to the Epik Marketplace, domains from other registrars?

X

You can. We just have to approve you for it but then you can list domains as Make Offer or BIN. The lease/finance domains have to be on Epik first.

 

[Cal2]

Regarding account security, You can enable 2FA from here :

I don't know if it's possible, but is there a way that only certain names in one's account could be set up to require 2FA before being able to do something like transfer them out, instead of 2FA to access one's account? I'm thinking about the convenience of not always needing 2FA to get into one's account, but still offering 2FA security for those domain names that one considers especially valuable, for various reasons.

Or could/should one have a separate Epik account for more valuable domains, and enable 2FA for that account?

 

[Rob Monster]

I don't know if it's possible, but is there a way that only certain names in one's account could be set up to require 2FA before being able to do something like transfer them out, instead of 2FA to access one's account? I'm thinking about the convenience of not always needing 2FA to get into one's account, but still offering 2FA security for those domain names that one considers especially valuable, for various reasons.

Or could/should one have a separate Epik account for more valuable domains, and enable 2FA for that account?

It is a good idea.

Crypto exchanges like Coinbase work the same way. Security is relatively light for accepting funds and for browsing activity, but if you want to transfer a balance on-chain, you have to validate with your private key -- in effect that is your 2FA. So, I like the idea of being able to allow a 2FA for selected domains.

This also does prevent the case of a customer doing a bulk update and inadvertently changing DNS on a strategic domain.

I think we'll start with the notifier feature since apparently that is a dealbreaker for a few folks who want that activity noted even if their account is totally locked down.

I should add that we have yet to lose a customer domain and mind the store mighty closely when it comes to domain security.

 

[Not a robot]

You can. We just have to approve you for it but then you can list domains as Make Offer or BIN. The lease/finance domains have to be on Epik first.

How does that work? I listed some domains I have on NameBright but I never received verification mail...

 

[Cal2]

It is a good idea.

Crypto exchanges like Coinbase work the same way. Security is relatively light for accepting funds and for browsing activity, but if you want to transfer a balance on-chain, you have to validate with your private key -- in effect that is your 2FA. So, I like the idea of being able to allow a 2FA for selected domains.

Thanks for giving it consideration, Rob. For myself, I've a few domain names with Epik I'm wanting to spend a lot of time building, and wouldn't like to see any disappear.

I'm thinking it could help make Epik more attractive to those with portfolios that have some valuable names. And I could see it helping Epik maintain its zero domain name theft record, if those valuable names were made harder to steal because people were more willing to use 2FA when it came to those domains.

 

[Rob Monster]

How does that work? I listed some domains I have on NameBright but I never received verification mail...

I sent you a PM. We just have to approve your account for listing non-Epik domains.

We are working on additional feature that will allow verified domains to be added by anyone. That is part of a larger initiative called WHOQ (universal whois) and an expanded marketplace initiative for selling integrated digital brands. Details coming soon.

 

[Rob Monster]

The IP whitelisting is nice but it is true most internet users have have dynamic IPs. Could be cool if I could put a hostname from a dynamic DNS provider on the whitelist which would treat whatever IP that resolves to as whitelisted.

Also as far as 2FA personally I really like to see support for hardware security keys (U2F) as that's more convenient and secure than even TOTP (the 6 digit code from an app) and as pointed out way more secure than SMS based two factor which is almost trivial to intercept by someone who knows what they are doing.

And certainly l would hope there is a robust secure practice around dealing someone who can no longer get in to their account because of the IP restriction or 2FA. Like make me send in a copy of my driver's license that has to match the name/address on the account.

To Rob's point about the email, once they are in it's already too late so I am actually glad to see an emphasis on preventing them from getting in at all. That said yes email notifications are trivial to add.

I have been following Fido, U2F and Yubikeys for YEARS. I never figured a hardware solution would go mainstream but here we are.

I actually met with Clear (airport biometric) 3 times in 2018 to explore a cooperation with them in the identity space. I have been working on Federated Identity projects since way back in 2007.

I do believe single sign on for the world is coming. That said, I think it is still a wide open race. Our Toki project may have a dog in that hunt by the time all is said and done.

The key thing nobody else has solved is the challenge of local authentication in tribal communities like you find in many emerging economies.

As we work to bring another 1 billion folks online in the next 5 years, the issue of identity verification becomes a challenge. Some nations like China and India have national biometric schemes. Most don't.

 

[Rob Monster]

Where did you get that info from?
Have you ever did independent security audit?
Which company did that?

I think all you know about your security comes from your developers. Right?

You load at least 3 resources from 3rd party domains - is what i see on my dashboard page:

2 json files from federatedidentity.com
1 js file from zendesk.com

not mentioning a gif from domaining.com

all above are security holes.
because you don't control those domains.
that's 101 of online security.
i would question your devs competence.


PS. jquery in 2019, really?? do you outsource development to 3rd world countries??

FWIW, nice witty commentary there. I actually appreciate it. That is actually why I love NamePros. I get to banter with folks with different skills and ideas.

As for Jquery, most has been ported to more current frameworks. Check out this one for example:

https://marketplace.epik.com/

As for FederatedIdentity.com, that is actually ours. There will be a really big identity update coming in January based on KeyCloak. You might be aware that there is a long list of Epik projects:

- Anonymize.com: Privacy solutions, e.g. VPN (live)

- Armored.net: Secure Cloud storage (live)

- CloudChase.com: Resilient OpenStack Hosting (Dec 2019)

- BitMitigate.com: CDN and DDoS Mitigation (live)

- DNEncrypt.com: Free SSL certificates (Jan 2020)

- DNProtect.com: Domain Insurance (Jan 2020)

- DomainGraduate: Online training course (relaunching Nov 2019)

- DropElf.com: Tools for online expiry stream discovery (live)

- Epik Registrar: Our flagship product! (live)

- Epik Escrow: Our fast-growing service for domain transaction processing (live)

- Epik Marketplace: Domain name marketplace (live)

- FullVenue.com: Online event booking (beta)

- NameBrokers.com: Online broker network (Jan 2020)

- Masterbucks.com: Cloud Wallet (live - relaunching Jan 2020)

- Sibyl Systems: Resilient cloud hosting (live)

- Toki.com: Decentralized smart search engine (Jan 2020)

- TrustRatings.com: Online trust score (beta)

- Us.Tv: Online video publishing (live)

- Watchmask.com: Online video privacy (live)

- WhoQ.com: Universal WHOIS/RDAP/Blockchain name search (Dec 2019)

So the intent is implement secure SSO based on the latest protocols. The reason why Identity upgrade is so important is because Identity will be used for upgrading Masterbucks. I gave a hint about it here:

Toki will also have its own crypto, worked into existence by operating Toki servers.

As for Domaining.com's logo, I think we'll drop that one. We get more traffic than they do at this point.

Anyway, will PM you.

@vitigo

 

[Rob Monster]

Our sms providers are quite reliable, and in case one provider is not able to send the sms in a proper time frame, the request is sent to the other provider.
In case of any issue, our support team is available 24/7, there is always someone to help if needed

Gube

On the SMS delivery topic, we use top-of-the-line Twilio. They deliver to every country. Sometimes that is done at nosebleed prices but it is mission critical so we do use them. There are cheaper alternatives, yes.