GoDaddy would not help a security issue.

[NamesMax]

I received a transfer authorization code email from Go Daddy tonight for a name I sold in May 2017. The Whois when I looked, was still showing my information. So the buyer made an error 16 months ago by not updating the contact information and does not realize it.

I spent my time calling into Go Daddy to tell them, thinking they would at least send out an "update your contact information" email to the account holder that the name resides in.......but no. I was told they won't do anything in this situation, unless the account holder calls in. Remember, the current owners don't even know that there is a problem.

So Go Daddy knows that I have the transfer code for an unlocked name that I should not have. That I was alerting them of a security risk to one of their customers and they don't care; there is not a process to take care of it. That if I was dishonest I could use that code, but they don't care.

I am stunned and realize that Go Daddy evidently does not care about the security of my portfolio, either.

Am I missing something here?

 

[richasis]

However disconcerting, I'm not surprised.

It a mad world outside our Virtual Reality!

 

[NamesMax]

They sent me a survey. I explained the situation in it. I wonder what their reply will be, if any.

 

[ikhub]

Another way to do it is:
https://forms.icann.org/en/resources/compliance/complaints/whois/inaccuracy-form
Icann will inform the registrar who will in turn inform the registrant to update the whois info.

 

[viniproject09]

I would recommend to lock the domain if its still with Godaddy and just renew there only for now. After that update your whois information. This is a mistake if you havn't changed your Whois information. That is important.

 

[NamesMax]

Thanks @ikhub

@viniproject09 it is not my name to do it. I sold it in May 2017. I was just trying to help a fellow domain owner but could not get Go Daddy's assistance.

 

[DanSanchez]

This is a constant battle at Godaddy, it is one of the many reasons why I steer everyone away from Godaddy on a daily basis. No other registrar commits this "mistake" so consistently.

 

[Name Trader]

I still have about 6 domains sold ages ago with my name still in the whois.I know because every few years they send me reminders about the owners credit card expiring asking me to update them. They really are not interested in dealing with this issue. Even after I do what they suggest and report their whois as being invalid. I'd thank them very much for the free domain, and enjoy the fun

 

[carob]

It's not their problem if you sold direct to buyer. The legal owner of the domain is the registrant and you can only change registrant with the consent of the registrant - it's even worse if registrant is dead. If the buyer never carried out the change of registrant they made a serious mistake and it is their problem.

If you want to help the person who bought the domain, but never became the legal owner, contact them.

 

[ikhub]

Thanks @ikhub

@viniproject09 it is not my name to do it. I sold it in May 2017. I was just trying to help a fellow domain owner but could not get Go Daddy's assistance.

You are welcome @NamesMax
It could have been another situation also where someone buys a domain, does not update the whois and abuses in any manner, may have to face the heat initially in such a case.

 

[Jonathan MacDermid]

The last time I spoke with Godaddy was when they kept sending emails regarding my account to an old email address I previously used. Although I had updated all Whois records and my Account contact details at Godaddy, the emails kept being sent to the old address on occassion.
The Godaddy rep stated that unfortunately this happens. When you register a domain with them and then change email address, the info keeps getting sent their even if you change the contact details.

This could possibly mean that new owners are indeed updating their contact details but on occasion the previous email address is still linked to the domain and receiving info not meant for it.

Would like to hear Godaddy's response to this.

 

[Name Trader]

Flowers bloom quite well in sh.. (would be my guess).

 

[NamesMax]

If you want to help the person who bought the domain, but never became the legal owner, contact them.

Don't know them. It was sold via Afternic.

@Joe Styler can you tell us why Go Daddy could care less about the security of a customer's name. I just brought it to Go Daddy's attention and you couldn't even be bothered to send the owner of the account an simple email to check the contact information. This means any of us with names at Go Daddy need to realize that Go Daddy really does not care about us, after the sale.

 

[Joe Styler]

I cant tell you without listening to the call. We have very strict policies in place that help protect people against things like social engineering. If you are not the account holder you are not going to get much info no matter what you say. The agent cannot even see what you are talking about to confirm it nor can they see the email address of the account holder or any other personal information without being provided with the account security info to validate the customer into the account. So they would have no way to know how to email the owner other than to look at the WHOIS i.e. public info which you said was wrong.

We do routinely send out emails to the account holder to update the WHOIS and make sure it is accurate. You have probably gotten those emails. Also with a change of registrant on a transfer there needs to be authorization by the gaining and losing parties via email before the domain moves with the new ICANN change of registrant rules that took effect about a year ago.

So the account holder would be notified of the transfer and the current and proposed registrant contact info which should alert them that something is wrong.

You can always report invalid WHOIS which will suspend the domain if the information is confirmed to be inaccurate via our whois using the link at the bottom of the whois results, or emailing [email protected] or by using the link already provided to contact ICANN.

If you sell a domain on our marketplace it will almost always update the WHOIS to the buyer. In cases where is cannot we inform the buyer they need to update the WHOIS. If it happened outside our system we don't and really can't tell the buyer what to do with the WHOIS. Many people have domains in their account that are not theirs and they do not want the WHOIS to match their account info. For instance I have some names for my brother in my account, web designers may control domains for their customers but leave the domain WHOIS in the customer's name. Ultimately it is the domain owner's responsibility to update their WHOIS correctly, we cannot make a judgement call about what should be on it or not. The only time we would update the WHOIS is with a court order. Even a valid complaint on a bad WHOIS will result in us suspending the domain until the owner of the account updates the WHOIS contacts we will not go in and change them.

We can't go around updating people's WHOIS because someone tells us we should that doesn't have access to the account. That would be a real problem. We can contact the domain owner about the WHOIS when we receive a WHOIS complaint in the ways I outlined above. We do routinely make customers aware of the fact that they need to update their WHOIS and keep the information current. We do have ways to report invalid WHOIS and get it corrected via the email, form, or link above. Support cannot see who the account holder is let alone contact the account holder so contacting them is not the right avenue to resolve an invalid WHOIS. They should have however, guided you to the link or email you could contact.

 

[Name Trader]

This has been going on FOR YEARS. i understand all your constraints, but you would have thought this would have been sorted out by now.

 

[creataweb]

Yes I'm getting a lot of emails about names I don't own for a long time now. What's the easiest way to get them moved to the new owner's info?

 

[Joe Styler]

Yes I'm getting a lot of emails about names I don't own for a long time now. What's the easiest way to get them moved to the new owner's info?

Report an invalid Whois [email protected]

 

[Daniel Owens]

If, the buyer is not wise enough to double check the contact info that is filed with godaddy for a domain they own or bought then they shouldn't be buying domains. However, you should still email them with instructions on how to change the contact info on their end, once they change info you should both get emails to confirm change contact info to their's. If, the buyer never replies to you it's on them.
Note, Styler is super smart so you could report the invalid whois, but I think you should contact them first and do that as last resort.
Side Note: As, much as half the people I bought domains from off namepros that had the domains at godaddy have done an improper push, which meant I don't get the email to confirm contact change, instead I have to manually change the contact info then we both agree to it. Any of you who do pushes at godaddy remember you can select "use details from specified customer account" when pushing to another account to avoid all this hassle. Thanks.

 

[NamesMax]

I was not asking the rep to change the WHOIS. But Go Daddy, surely knows in whose account the domain resides. They can contact that account holder with a heads up. If I was not honest, I could have taken that auth code ant transferred the name to my account elsewhere. The whois shows I had continually owned it. I was just trying to help a Go Daddy customer which is more than what Go Daddy was willing to do.

In my day job, I sometimes have a customer walk away and leave their phone behind. If I were Go Daddy, I would say, "Too bad, not my job. I can't be looking out for things for that customer" Instead I try to catch up with the customer to let him know he left it behind.

@Joe Styler if I can send an email to [email protected] (which I never knew about) why is that, having taken the time to call on an invalid whois, your rep could not have taken the information down to put through whatever process that email would have sent the info through?

Bottom line is that from a relationship standpoint with your individual customers, Go Daddy cares more about it's processes than it does about it's relationship with it's customers. You can't run a business like a law book and expect loyalty from your customer base.

I like wowing customers with going out of the way to help them, not telling them, "oh that's the policy." Many BIG companies empower their employees to wow the customer; Nordstram, Marrriot, Southwest Airlines to name a few. It seems go Daddy just says, " according to the 3rd operations manual, chapter 5. paragraph 2, subline 7, we can not do that unless you were to recontact us according to paragraph 17. subline 4 of chapter 6 in the same manual"

Your customers are much more valuable than your policy manuals.

 

[Joe Styler]

Because we don't know who you are. You could be lying to us. If you have an invalid whois you can report it via the whois or via the email, or via ICANN. As I said the rep should have provided you with the right info on how to report it but we are not going to report it on behalf of someone.
An invalid whois complaint can take down the domain if it is suspended by the person not responding to the complaint. Uninformed people try routinely enough to make false invalid whois complaints on domains they want to buy but the owner is ignoring them, or names they are trying to steal, or domains owned by competitors they want to shut down etc. Doing so will not result in these things happening in almost all cases but people still try routinely. It is not always a good citizen who wants us to do the right thing contacting us about a WHOIS update.
We have procedures in place that protect everyone the best we possibly can. You have three routes to report this if it is concerning to you.
As I said that agent you spoke with doesn't know who you are, and they don't know who owns the account the domain name is in. They cannot see that information until you can validate. That is on purpose for security of the account holder.
We feel this is the most secure way to handle the whois. As I also said the account holder would have been informed that they need to update their whois. That is their responsibility ultimately to update their whois. They also would have been informed of the transfer and the registrant data to the account email at the time of the transfer to alert them to the fact that their WHOIS was wrong. We have other safeguards in place to help alert people of their whois besides these.
Ultimately, you may be able to steal the domain by using the auth code. But then again you may not. If there is a change of registrant the domain won't move until the new and old registrant agree that it is ok for it to move. If the owner changed the registrant info on the transfer to his own then he would also have to agree to the transfer out change.
If you did steal the domain that is not the end of the story, if we feel the domain was stolen we have ways to get the domain back for the owner with other registrar agreements. The domain owner can also sue or press criminal charges if you were to take the domain, it is not easy to hide where a domain name is and who ultimately has it. A court would then decide where the domain should be and any penalties/judgments that may be associated with the outcome.
I feel our security it very tight and multi layered. We are not going to let the agents see who owns the accounts as part of our security so they have no way to know if you are telling them the truth or not. This is on purpose and part of a larger well thought out security procedure to help limit things like social engineering.
At the end of the day we do tell people to update their WHOIS regularly. We let them know the importance of doing so. We have several procedures in place for you as the non domain owner to report an invalid whois. We cannot presume to know the correct WHOIS info for each customer, we can only tell them that it must be accurate and explain the rationale behind it and the compliance issues associated with accurate information. Just because a domain name is in my account it does not mean it should have my WHOIS info on it. We are not a court, and not equipped to make judgements when we have a person calling us to say the info is incorrect. We do not know if they are lying or not. Which is why we only change WHOIS info when a court or governing body says we need to.
It may seem simple enough to look at this one case and say you know the info to be incorrect. I don't doubt you. But we cannot make decisions based on that. We have policies in place for a reason and they are in place to remain compliant to all laws and regulations of various governments and non-government bodies (think ICANN) and to limit as a whole any negative experiences for our customers.
We are already taking various steps to make sure customers have accurate WHOIS information. You have a path to report incorrect information that is sent to our legal team they decide what to do with the complaint at that time based on various criteria that will result in our compliance with the regulating bodies.

 

[Daniel Owens]

Because we don't know who you are. You could be lying to us. If you have an invalid whois you can report it via the whois or via the email, or via ICANN. As I said the rep should have provided you with the right info on how to report it but we are not going to report it on behalf of someone.
An invalid whois complaint can take down the domain if it is suspended by the person not responding to the complaint. Uninformed people try routinely enough to make false invalid whois complaints on domains they want to buy but the owner is ignoring them, or names they are trying to steal, or domains owned by competitors they want to shut down etc. Doing so will not result in these things happening in almost all cases but people still try routinely. It is not always a good citizen who wants us to do the right thing contacting us about a WHOIS update.
We have procedures in place that protect everyone the best we possibly can. You have three routes to report this if it is concerning to you.
As I said that agent you spoke with doesn't know who you are, and they don't know who owns the account the domain name is in. They cannot see that information until you can validate. That is on purpose for security of the account holder.
We feel this is the most secure way to handle the whois. As I also said the account holder would have been informed that they need to update their whois. That is their responsibility ultimately to update their whois. They also would have been informed of the transfer and the registrant data to the account email at the time of the transfer to alert them to the fact that their WHOIS was wrong. We have other safeguards in place to help alert people of their whois besides these.
Ultimately, you may be able to steal the domain by using the auth code. But then again you may not. If there is a change of registrant the domain won't move until the new and old registrant agree that it is ok for it to move. If the owner changed the registrant info on the transfer to his own then he would also have to agree to the transfer out change.
If you did steal the domain that is not the end of the story, if we feel the domain was stolen we have ways to get the domain back for the owner with other registrar agreements. The domain owner can also sue or press criminal charges if you were to take the domain, it is not easy to hide where a domain name is and who ultimately has it. A court would then decide where the domain should be and any penalties/judgments that may be associated with the outcome.
I feel our security it very tight and multi layered. We are not going to let the agents see who owns the accounts as part of our security so they have no way to know if you are telling them the truth or not. This is on purpose and part of a larger well thought out security procedure to help limit things like social engineering.
At the end of the day we do tell people to update their WHOIS regularly. We let them know the importance of doing so. We have several procedures in place for you as the non domain owner to report an invalid whois. We cannot presume to know the correct WHOIS info for each customer, we can only tell them that it must be accurate and explain the rationale behind it and the compliance issues associated with accurate information. Just because a domain name is in my account it does not mean it should have my WHOIS info on it. We are not a court, and not equipped to make judgements when we have a person calling us to say the info is incorrect. We do not know if they are lying or not. Which is why we only change WHOIS info when a court or governing body says we need to.
It may seem simple enough to look at this one case and say you know the info to be incorrect. I don't doubt you. But we cannot make decisions based on that. We have policies in place for a reason and they are in place to remain compliant to all laws and regulations of various governments and non-government bodies (think ICANN) and to limit as a whole any negative experiences for our customers.
We are already taking various steps to make sure customers have accurate WHOIS information. You have a path to report incorrect information that is sent to our legal team they decide what to do with the complaint at that time based on various criteria that will result in our compliance with the regulating bodies.

You at Godaddy provide amazing services one thing I love is how secure your services are. It, makes sense that you'd make the process a little hard, yet you do provide a way to report the whois info. This is probably so you can provide the correct security measures which I am frankly greatful for. In, my opinion both the buyer and seller should make sure whois info is correct within the first few days after domain pops into the winners account.

 

[Joe Styler]

Thanks. I do understand what @NamesMax is saying and I do appreciate his points completely. If people as a whole were like him then it would be easier for us to adjust the WHOIS and release more info for the agents etc. Unfortunately some bad actors ruin it for the rest of us and make it harder than it should be to do the nice thing here which is all he is trying to do.
On our aftermarket on most transactions we force the new WHOIS info now. We also worked to try and make it even more explicit when people move domains that they should update their WHOIS as part of it. It is a balance of security not only around domain possession and ownership, but negatively impacting someone's DNS etc, and making sure that the WHOIS is correct. All of which are very important.
I'm not disagreeing with @NamesMax here. I'm really just trying to give more background about why we choose to do what we do.