Dynadot refusing to unlock account, what are my options? ...

[tripflex]

Going to try and keep this short and sweet. I started a hosting company back in 2009, was just me and eventually grew in size. I ended up having to start hiring people and one of them that was with us for a short while I had setup an account with Dynadot to start catching auction domains.

Long story short, he left the company a month or so later, and now about 2 years later I go into the account to try and transfer one of the domains, and am unable to unlock the account.

Dynadot required birthday to unlock and if you don't have that you need the security question. I don't have the guys birthday and every attempt to contact him has failed.

Few things to note:

• All domains under account were purchase with MY business credit card with MY name on it
• The email on the account has been setup to forward to my email
• The address on the account is my company address
• The phone number on the account is company phone number

Contacted Dynadot multiple times and they basically refuse to unlock the account unless I get them a photo ID showing his name or provide the security question answer. I've asked them to just review the invoices and they will see it's my name on the credit card, asked to verify via sending a letter to address, or even call to verify, but they refuse to do any of that to verify the account.

So now i'm left with what options I have available to handle this. My first thought was just to get a lawyer involved, but that could end up costing a good chunk of change and I want to try and keep the cost down as much as possible.

The only other option I could think of was to let the domains expire and try and catch them in the Dyandot auction, or if the price ends up going crazy out of control in the auction, just renew the domain.

Does anybody have any suggestions or thoughts regarding this? I've exhausted every option I can think of to prove to them it's my account but have not gotten anywhere.

If I do let the domains go into auction and expire, say I end up not catching one of them because someone snipes the bidding and gets it .... technically I could still renew it, right? As long as it's within redemption period?

Thanks guys!!

 

[m-i-k-e]

• The email on the account has been setup to forward to my email

I just tried changing my password through the "forgot my password" option and it was simple. I entered my email address they sent me the password reset which included my username and I changed the password.

I'm now able to log in to the account with the new password and the username provided. If your email address gets the emails from Dynadot you should be able to change your password in seconds.

 

[tripflex]

I just tried changing my password through the "forgot my password" option and it was simple. I entered my email address they sent me the password reset which included my username and I changed the password.

I'm now able to log in to the account with the new password and the username provided. If your email address gets the emails from Dynadot you should be able to change your password in seconds.

Unfortunately that's not the problem, I have complete access to the account, and never had to reset the password as that's something I made sure I had from him before he left. The problem is unlocking the account so I can transfer the domain. In order to transfer, change account name, address, or email, you must unlock the account. This is only something specific to Dynadot as other registrars don't require all of this, but for some reason they are playing hard ball with me about it. Even their TOS has some holes in it where I know legally we would be fine, but again that will cost money to get a lawyer involved and i'm not trying to spend that on a couple domains only worth 1-2k

 

[m-i-k-e]

Aah I see what you mean now. Looks like you are only allowed to put in the wrong birthday 3 times or they lock that out.

Sorry, I can't help.

 

[mis_chiff]

Going to try and keep this short and sweet. I started a hosting company back in 2009, was just me and eventually grew in size. I ended up having to start hiring people and one of them that was with us for a short while I had setup an account with Dynadot to start catching auction domains.

Long story short, he left the company a month or so later, and now about 2 years later I go into the account to try and transfer one of the domains, and am unable to unlock the account.

Dynadot required birthday to unlock and if you don't have that you need the security question. I don't have the guys birthday and every attempt to contact him has failed.

Few things to note:

• All domains under account were purchase with MY business credit card with MY name on it
• The email on the account has been setup to forward to my email
• The address on the account is my company address
• The phone number on the account is company phone number

Contacted Dynadot multiple times and they basically refuse to unlock the account unless I get them a photo ID showing his name or provide the security question answer. I've asked them to just review the invoices and they will see it's my name on the credit card, asked to verify via sending a letter to address, or even call to verify, but they refuse to do any of that to verify the account.

So now i'm left with what options I have available to handle this. My first thought was just to get a lawyer involved, but that could end up costing a good chunk of change and I want to try and keep the cost down as much as possible.

The only other option I could think of was to let the domains expire and try and catch them in the Dyandot auction, or if the price ends up going crazy out of control in the auction, just renew the domain.

Does anybody have any suggestions or thoughts regarding this? I've exhausted every option I can think of to prove to them it's my account but have not gotten anywhere.

If I do let the domains go into auction and expire, say I end up not catching one of them because someone snipes the bidding and gets it .... technically I could still renew it, right? As long as it's within redemption period?

Thanks guys!!

If you hired him, did you not get his employee information?
If you set up the account, was it not you who created the security question?

While it is a pain in the ass, it is security we all depend on to prevent theft of our domains.
If by chance this was a disgruntled employee trying to gain access to your account,
you would be praising Dynadot Security system

they are reasonable, just got to find the right person to deal with - usually the Brass !

 

[tripflex]

If you hired him, did you not get his employee information?
If you set up the account, was it not you who created the security question?

While it is a pain in the ass, it is security we all depend on to prevent theft of our domains.
If by chance this was a disgruntled employee trying to gain access to your account,
you would be praising Dynadot Security system

they are reasonable, just got to find the right person to deal with - usually the Brass !

Unfortunately no, this was when I first needed help with everything so it was sort of, help us out and i'll pay for your weekly motel stay, lunch, and pocket change ... def not the way we do things now, but that was when first got busy and needed to at least get someone on board until I could get the hiring process figured out.

I understand security and the reasoning behind it, I just feel at this point there is way more than enough to verify it is actually my account but they refuse to budge on it. I mean just the fact that my name is on the credit card for every transaction under that account should be enough. Disgruntled employee would not have nearly as much information as I have provided them in attempt to unlock the account.

 

[randian]

Even if you have the employee's birthday it may not be what was used. I never give websites my actual birthday, for example.

 

[Name Trader]

@tripflex - At Dynadot you cannot renew a domain for regfee after it is taken from your account on Day 40. At which point it has been thru the auction process and after 40 days you cannot renew any domain which has been won at auction by somebody else. Domains not won at auction you can renew by paying the Redemption Fee.

 

[gilescoley]

Dynadot are terrible, a few years ago I had my account locked because I tried logging in from computer in Indonesia

I emailed them numerous times telling them it was me , the owner of the account, that was trying to access the account and could they unlock it. I never thought I had set up a security question so didn't know it.

I told them all the other personal details of the account and all the domains in the account and they still wouldn't unlock it

Eventually, after weeks of emails, I told them to stick it up their $@#%##& and registered my names when they dropped, there weren't many but what a bunch of clowns over there

 

[Dave_Z]

One thing I don't see in your description, tripflex, is if the ex-employee is the domain name's registrant. If s/he is, then that detail will form one of Dynadot's bases for handling your situation. That's probably why they're not accommodating you despite any additional information you're willing to provide them.

I mean just the fact that my name is on the credit card for every transaction under that account should be enough.

In a past work, I handled cases wherein a person of authority paid using his/her card on behalf of the organization. The organization and the person then squabbled over the domain name. The first insisted they own the domain name since it's registered to them, while the second argued s/he owns it by virtue of paying.

As some folks here know, registrars consider the (listed) registrant as the "owner" of the domain name despite the circumstances of its registration. Is that the case in your situation?

Additionally, it seems/sounds like your account has limited access towards the domain name. Something like the registrant account has full access to do anything and the technical contact account (which is yours?) can only change nameservers or edit personal information.

Essentially, Dynadot would rather err on the side of caution. That can work for or against someone depending on what side of the issue s/he is on.

Just offering some perspective, albeit it's (maybe) not helping you in the way you expect.

If I do let the domains go into auction and expire, say I end up not catching one of them because someone snipes the bidding and gets it .... technically I could still renew it, right? As long as it's within redemption period?

I doubt Dynadot will let you do that. Besides, doing that essentially means you'll renew the name for someone else.

 

[bmugford]

So you have access to the account where the domains are contained, but are not able to unlock the account to make any changes.

There are really only 2 options I see -

1.) Let the domains expire and go to Dynadot auctions. If you win them there then the domains will be moved to that account where you won't have the unlocking issue. If the domains go for too much you can still renew them for 3+ days past when the auction ends.

2.) Hire a lawyer. When something is related to security, Dynadot is unlikely to do much unless you have legal representation.

Brad

 

[Ralph2472]

Here's another option.
Assuming you know the guys name, and he lives in the U.S. you can easily get his details for a small fee.
Try Intelius.com
For $3.95 you can get his basic details including D.O.B. If you want more, it costs more; but you can get just about any information you want except medical records, and maybe his inside leg measurement.
I have no connection to Intelius other than having an account and using their services.
I hope this helps.

Regards

Ralph.

 

[Kate]

I think the most important thing is what the whois says.
If the whois says the domain holder is another person, then you need to demonstrate you actually are the rightful owner.

Basically, the registrars don't want to risk awarding domain names to a thief or a poser, and then be dragged in a lawsuit for negligence. Many partnerships go sour too...

This is why corporate domains should be listed in the name of the company, not an employee who could leave or even die in the future. Provided the account is not locked out yet, finding the DOB shouldn't be too hard.

 

[tripflex]

Hey guys thanks for all the responses and input, it is greatly appreciated.

@Dave_Z I agree and understand, and in fact the domains WHOIS is ALL my company information, for ALL domains, and has been since they were registered. And that's every one of them, admin, tech, etc.

The ONLY thing that is not mine is the actual Name on the account, and whatever he set as the birthday and security code. I asked around people who knew him and they were about 80-90% sure of what his birthday was, so IMO I think he used a different birthday like randian mentioned.

The problem is when he signed up it asked for first and last name, now I should have made him use my name but for some reason he put his own on there.

To clarify, I have full access to the account (its not a sub account) and have for the past 2 years or so, that means I can renew, change nameservers, etc. The only thing I can't do is transfer the domain, or change the First and Last name on the account.

To make matters even worse, all of the IPs for logging into the account were from our office or one of our servers, which is why I believe there is more than enough to prove that we own the domain.

The WHOIS details on the domains when they were first registered (and now) are/were my company name, address, and email.... I even emailed them copy of certification from our bank showing company details, a copy of state letter of incorporation showing my full name as the sole member, but still that's not enough for them.

Ughhhhhh...

 

[DU]

@Dave_Z I agree and understand, and in fact the domains WHOIS is ALL my company information, for ALL domains, and has been since they were registered. And that's every one of them, admin, tech, etc.

That is all that should matter if you can confirm ownership via the whois email/phone.

1) Post the security question - maybe we can crack it... lol

2) Post something half "need help" and half "pissed off" on their Facebook page and to their Twitter account. Rinse / Repeat getting more and more towards the "pissed off". <----This has worked for me in the past with various things (don't use frivolously though, good businesses should not be hassled needlessly and why always start friendly)

3) Send registered mail using legal letterhead (find a lawyer friend who can do pro-bono)

Dumb question - I presume you called on the phone?

 

[tripflex]

Thanks for everyone's response, and to answer your question DU, I did call numerous times but was never able to get a hold of anybody or when I did they just pawned me off saying "send an email here ..."

I did however finally get someone who was helpful and it actually ended up being on the weekend. I called and explained the situation, provided all my documentation and sure enough she was very helpful and reset the birthday for me! Profit!

So in the end I was able to get control of the account (even though we pretty much already had it) ... thanks for everyone's suggestions and input!

 

[-EM-]

Now transfer your domains before it is too late

 

[Dave_Z]

Thanks for everyone's response, and to answer your question DU, I did call numerous times but was never able to get a hold of anybody or when I did they just pawned me off saying "send an email here ..."

I did however finally get someone who was helpful and it actually ended up being on the weekend. I called and explained the situation, provided all my documentation and sure enough she was very helpful and reset the birthday for me! Profit!

So in the end I was able to get control of the account (even though we pretty much already had it) ... thanks for everyone's suggestions and input!

Thanks for the update, and glad that worked out.

 

[carob]

I was googling around trying to help solve a similar problem when I found this thread. Glad to see the OP got his names back, and glad to see Dynadot tries to care about security, but the problem is far worse than described here as you can get your account permanently locked without warning if you don't realise the dangers at Dynadot.

Dynadot required birthday to unlock and if you don't have that you need the security question.

You can submit the DOB three times. After a third failed attempt - you are not told there are only three allowed - you are asked to put in the secret security word set up when the account was created. If one - yes just one - attempt to input that fails for whatever reason, your account is locked and you are asked to send in a government photo ID, regardless of whether you have one or are allowed to send it, or are willing to take the risk of ID theft. You are told processing the ID can take 48 hours.

The lock, unlike most, does not expire - trying again later is futile, and Support does not help.

They do not warn you that loging attempts are limited and failure results in permanent locking. Login failure can be due to typos, interrupted internet connection, busy server, Dynadot malfunction, reversed date formats - in other words, not necessarily your fault, and yet you are treated like a criminal for wanting to access your own account.


This has happened to others as well:

https://www.namepros.com/threads/need-advice-dynadot-lock-out.729060/

This may need a whole warnings and alert thread - it seems to keep happening.

 

[bobbarato]

I'm a Dynadot fan and if sending in Gov ID will tip the scales, I'm fine with that. Beats paying for lawyers. There are those that think Dynadot is fly by night and there are those who think.

I am sympathetic to OP though and his initial attempts should have been enough the first time. What if OP said "Look / watch - I'm going to renew one of those domains right now. Still not good enough? I'll come back a week later and that charge will still be valid. Not fraud, no charge back."

 

[carob]

Many partnerships go sour too...

This is why corporate domains should be listed in the name of the company, not an employee who could leave or even die in the future.

That is normally good advice - you can find plenty of UDRPs where an employee left a company and took the domain with them, so the company had to UDRP to get it back.

BUT with Dynadot using a company name could be fatal if this account lock happens, because then Dynadot will robotically demand a photo ID, even if someone does not have one, like this person: https://www.namepros.com/threads/need-advice-dynadot-lock-out.729060/

It could actually be funny to see someone like Markmonitor try to explain to Dynadot that a company does not have a photo ID.

 

[cdboard]

this thread reminded me that I should verify that I can unlock my account.

I did, and locked it again. I suggest everyone check to see if they can unlock.

 

[SamuelLDotson]

They do not warn you that loging attempts are limited and failure results in permanent locking. Login failure can be due to typos, interrupted internet connection, <snip> reversed date formats - in other words, not necessarily your fault, and yet you are treated like a criminal for wanting to access your own account.

Many people get locked out of their accounts (or lock their accounts). Many times for the reasons you've stated above. Some people get locked out many times in the course of their history with us. They simply email us and we remove the lock.

An account would not be secure if we allowed, for example, an unlimited number of sign in attempts or birthday attempts. I do not believe you are suggesting we do that, but it would seem that there does need to be some limit in order to prevent brute force attacks.

BUT with Dynadot using a company name could be fatal if this account lock happens, because then Dynadot will robotically demand a photo ID, even if someone does not have one, like this person:

We actually wouldn't do that.

this thread reminded me that I should verify that I can unlock my account.

I did, and locked it again. I suggest everyone check to see if they can unlock.

Everyone should do that.
Especially if it is a company account. They should also make sure all the particulars for an account are recorded somewhere.

 

[carob]

We actually wouldn't do that.

But you did. I linked to another thread here where established Dynadot customers were told their accounts could only be unlocked if they supplied photo ids, which they did not have.

In many parts of the world there is no requirement to have a photo id of any kind and many people do not have one. So how do you unlock those accounts?

 

[forge]

I was googling around trying to help solve a similar problem when I found this thread. Glad to see the OP got his names back, and glad to see Dynadot tries to care about security, but the problem is far worse than described here as you can get your account permanently locked without warning if you don't realise the dangers at Dynadot.



You can submit the DOB three times. After a third failed attempt - you are not told there are only three allowed - you are asked to put in the secret security word set up when the account was created. If one - yes just one - attempt to input that fails for whatever reason, your account is locked and you are asked to send in a government photo ID, regardless of whether you have one or are allowed to send it, or are willing to take the risk of ID theft. You are told processing the ID can take 48 hours.

The lock, unlike most, does not expire - trying again later is futile, and Support does not help.

They do not warn you that loging attempts are limited and failure results in permanent locking. Login failure can be due to typos, interrupted internet connection, busy server, Dynadot malfunction, reversed date formats - in other words, not necessarily your fault, and yet you are treated like a criminal for wanting to access your own account.


This has happened to others as well:

....

This may need a whole warnings and alert thread - it seems to keep happening.

Same thing has happened to me today. I will lose the two domains they now hold hostage, so be it.

Do not register domains with this company. Avoid Dynadot, do not give them any business.