domains GoDaddy Launches Payable Domains

[Lox]

...... Now when a domain name is registered, its usefulness is no longer contingent on its owner creating a website and publishing content. Instead, domain owners can quickly start taking payments via their enabled Payable Domain. For example, if a person registers the domain of their name or business, such as www.roohshad.co, they will then receive the corresponding Payable Domain, pay.roohshad.co, to accept payments. Once that first payment is received, domain owners can then link a bank account to their GoDaddy Payments account, complete the verification process, and receive payouts for transactions just as they would with any other payments service. Payments are processed securely and efficiently, with funds deposited into users' bank accounts as early as the next business day....

read more

 

[Namingfy]

With the fees GoDaddy makes on domain sales it kind of mitigates their risk.
The chargeback risk is a drop in the bucket when you are collecting 15%.

It's 25% if you don't use their name servers - landing page!

 

[Namingfy]

There is much more risk as a private seller. You could lose the money and the domain.

This is the biggest risk of all.

You've no control over domain and money.

No one can steal your Merchant account from Stripe OR any such provider.
But, one can steal your domain from GoDaddy and take your money too.

 

[Future Sensors]

This is the biggest risk of all.

You've no control over domain and money.

No one can steal your Merchant account from Stripe OR any such provider.
But, one can steal your domain from GoDaddy and take your money too.

Both solutions, GoDaddy Payable Domains and Stripe, have their own specific threat vectors.

 

[LoveCatchyDomains]

Both solutions, GoDaddy Payable Domains and Stripe, have their own specific threat vectors.

Is there any specific vulnerability with the Stripes, that may make it less appealing than the GoDaddy Payable
Domains?

 

[Future Sensors]

Is there any specific vulnerability with the Stripes, that may make it less appealing than the GoDaddy Payable
Domains?

Stripe does have a Bug Bounty program, which is good. You are never done securing your services.

It's a bit off topic to discuss this topic in detail here. My main concern was that Namingfy should recognize that Stripe is just as dependent on a domain name and all sorts of other dependencies. Attack vectors can occur on many levels.

 

[Future Sensors]

Regarding GoDaddy:

GoDaddy: Hackers stole source code, installed malware in multi-year breach

https://www.bleepingcomputer.com/ne...-code-installed-malware-in-multi-year-breach/

February 17, 2023

 

[LoveCatchyDomains]

Stripe does have a Bug Bounty program, which is good. You are never done securing your services.

That's an important point here. This is a company that acts proactively, to try to prevent hacks. It also provides public information to support that they have identified and corrected such vulnerabilities.

GoDaddy: Hackers stole source code, installed malware in multi-year breach

This recent incident is certainly a concern, if they are expanding their services to include this "payable domains" feature. One critical issue with this company still seems to be the lack of alerting ALL their customers to this recent hack.

Apparently, their hacking incident involved both GD employee and customer accounts. So, if they intend to expand their financial services, why not try to demonstrate the ability to quickly alert ALL customers to a security vulnerability that actually happened?

It's probably very important, as a company expanding their financial transactional services, to demonstrate a high level of commitment to keeping their customers informed AND protected.

 

[MKA]

Later they will charge 25% if we use paypal.com.

I could definitely see them implementing a penalty fee for PayPal, so that domain traders will use their service instead. After all, every dollar PayPal makes off a GoDaddy sale is a dollar that could've gone to GoDaddy....

 

[DN_Hunter]

Having pay.domainname.ext forward to a GoDaddy Payments page is interesting.

Someone could register a domain name at a different registrar and setup the same thing to have the appearance of a GoDaddy payment page.

I don't know if that is good or bad -- but people will have to know that going to pay.domainname.ext does not 100% mean it's a GoDaddy payment site...

 

[Namingfy]

It's a bit off topic to discuss this topic in detail here. My main concern was that Namingfy should recognize that Stripe is just as dependent on a domain name and all sorts of other dependencies. Attack vectors can occur on many levels.

Stripe dependent on Stripe.com
GoDaddy dependent on GoDaddy.com

So both have SAME level security issue if either Stripe/GoDaddy forgets(!) to renew their name OR their primary domain is stolen!

But, having 'my brand.com' registered with GoDaddy and 'my brand.com' being stolen away is a different security threat which is applicable only for GoDaddy new mechanism 'pay.my brand.com'.

Besides, it's not uncommon for small business owners forgetting to renew their name or update their card! Even big players like Sony and Microsoft have let their domain expire!

So, in addition to the name being stolen, we now have additional threat of domain not renewed, resulting in loss of not only business brand name (.com) but also money as it's tied to payment system!

 

[James Iles]

Hey everyone, thanks for tagging me in this thread. I’ve got some answers to some of the questions posed in this thread.


Is there a working demo with customizable features?
The public demo of the front end is available at pay.roohshad.co - there’s no demo of the creation of the page, but there are various screenshots around to give you an idea of the service.


Can the quick payment site be customized in any way, or are they all going to look exactly like the example in the press release? Can you at least put your own logo and company name?
Yes, it can be customized with the image/branding you want, as well as the information for which product/service you want.

You can find out more about the service in this blog post.

How do I opt out of this?
You simply don't activate your Payable Domain if you don't want to use it.


I hope that gives a bit more information into the service - it’s pretty straightforward if anyone does want to play around with it…

 

[Acroplex]

How do I opt out of this?
You simply don't activate your Payable Domain if you don't want to use it.


I hope that gives a bit more information into the service - it’s pretty straightforward if anyone does want to play around with it…

Thanks James.

Just so that I make sure I understand it accurately, the option to create a payable domain exists, so what constitutes an "activation" practically? I read about that occurring once a payment is sent via the pay.* subdomain.

So the question is, can one turn off the option to create pay.* subdomains by default?

 

[Future Sensors]

So the question is, can one turn off the option to create pay.* subdomains by default?

My understanding is that it's based on opt-in from the start.

 

[QUAD DOMAINS]

James,

Because this is a corporate roll-out of a new product/feature, we can only expect GoDaddy will be EXTREMELY selective about which questions, comments and concerns they allow you to address. Fair enough. Hopefully they won’t be secretive or misleading; and will opt to be completely transparent.

With this stated, we’re curious as to why domain holders are being introduced to the idea of their domains accommodating 3rd level domains this way? Apparently GoDaddy has a way to create 3rd level domains that’s not being extended to the domain holder (or “owner”); and thus “withheld”.

It’s a bit concerning that GoDaddy can apparently say “Hey, we’re going to permit you to have a pay.yourdomain.ext; but not allow you to create 3rd levels at-will on the domain you own”. With many blockchain domains coming equipped with a 3rd level feature, it feels a bit like GoDaddy is attempting to “bird feed” domain holders with just a bit more option and utility. (Options and utility it seems could’ve been provided all along.)

So, we guess the key questions come down to:

1. How does GoDaddy have the ability to create 3rd level domains on an asset “owned” by the customer? (Especially when the customer has no existing ability to create 3rd level names at-will.)

2. What will GoDaddy’s general stance be on the issues that could arise should a UDRP be filed in relation to a domain that’s actively receiving payments? (It seems GoDaddy has a way to regulate payment traffic if required to do so.)

3. Will GoDaddy institute a payment processing and payout threshold for domain holders that use their domains as “payable domains”?

4. Will payable domains via GoDaddy be able to function as a portal for fiat AND crypto-payments? (After all, we are in an era where blockchain domains are being used to accept crypto-payments. Also, Ethereum Name Service (ENS) apparently has a function that allows .com names to be used as wallet addresses.)

Inquiring minds would like to know where things are headed respectfully. Hopefully you’ll be kind enough to enlighten us.

 

[bmugford]

4. Will payable domains via GoDaddy be able to function as a portal for fiat AND crypto-payments? (After all, we are in an era where blockchain domains are being used to accept crypto-payments. Also, Ethereum Name Service (ENS) apparently has a function that allows .com names to be used as wallet addresses.)

I would not hold your breath on that.

Their "Prohibited businesses with GoDaddy Payments" specifically mentions virtual currency as a business excluded from payments.

Brad

 

[Future Sensors]

It’s a bit concerning that GoDaddy can apparently say “Hey, we’re going to permit you to have a pay.yourdomain.ext; but not allow you to create 3rd levels at-will on the domain you own”.

Could you explain what you mean here? It's perfectly possible to create subdomains at GoDaddy.

The instructions are here:

https://www.godaddy.com/help/add-a-subdomain-4080

 

[bhartzer]

If you set up a domain marketplace, you could sell domains via pay.(yourdomain).com. 2.3 percent is a lot less than the 15 percent commission.

 

[Future Sensors]

GoDaddy Payable websites that are already indexed by Google can be viewed here.

 

[Future Sensors]

Let's look at one example website, https://pay.hydrogames.org/

pay.hydrogames.org. 3195 IN CNAME paylinks.commerce.godaddy.com.
paylinks.commerce.godaddy.com. 3041 IN CNAME t1k.poynt.net.
t1k.poynt.net. 126 IN CNAME t1k-tcp-0866dd263bca47cc.elb.us-east-1.amazonaws.com.

https://poynt.net/

https://www.godaddy.com/help/how-are-godaddy-and-poynt-connected-40430

 

[QUAD DOMAINS]

@Future Sensors,

Sure. To clarify, we’re simply saying it seems they (GoDaddy) are taking the liberty of setting up a “specific” 3rd-level domain for an asset they don’t own.

It just seems like an odd thing to do with an asset that’s “owned” by someone else. What 3rd level domain will they take the liberty of assigning next?

Assigning “pay.” to every GoDaddy-held domain essentially interferes with a domain “owner’s” ability to leverage the 3rd level in a manner they deem fit.

A mere Whois query might lead people to assume that just because a domain is registered at GoDaddy its owner accepts payments via “pay.” whichever domain.

Unless there was a unanimous vote by every customer for their entire GoDaddy portfolio to have a “pay.” 3rd level variation allocated, this is concerning.

Ex: If you didn’t specifically authorize futuresensors(dot)com to have a pay. 3rd level, would it raise a few concerns about the level of ownership you have if it were allocated without your consent?

Your home is your home. Another person (or in this case company) dictating that your living room will be their bedroom impacts your “control”.

 

[QUAD DOMAINS]

@bmugford,

Thanks for chiming in. We weren’t necessarily alluding to our desire for GoDaddy’s payable domains to be leveraged for crypto-payments.

We know they (GoDaddy) are touting this as “innovative”; and we figured that might mean a domain that could be used to accept both fiat AND crypto.

After all, we know blockchain domains are synonymous with being used as payment addresses; and according to @Future Sensors GoDaddy’s payable domains for fiat have been in existence.

We just figured “innovative” per GoDaddy possibly meant a domain that could be used to accept both fiat and crypto. That seems innovative right?

I would not hold your breath on that.

Their "Prohibited businesses with GoDaddy Payments" specifically mentions virtual currency as a business excluded from payments.

Brad

 

[LoveCatchyDomains]

Sure. To clarify, we’re simply saying it seems they (GoDaddy) are taking the liberty of setting up a “specific” 3rd-level domain for an asset they don’t own.

Sure, and now there are additional concerns. What privacy do those using this have?
In one example given, a health-related clinic is using the domain for billing. Are HIPAA standards being maintained? Do they need to be under these circumstances?

How much transaction information is being retained by GD? Probably, a company using this is not expecting to share all their client contact, billing, and sales information with GD--and then have that used for GD marketing and sales.

Yes, it sounds great to have this convenient service. But what are the other costs related to such a service?

 

[HotKey]

Is this like the web2 solution to web3 crypto payments but with fiat?

 

[Future Sensors]

Hello @QUAD DOMAINS

As I understand it, this service is on an opt-in basis only, and no pay.* subdomain will be created if you don't intend to use the service. It is completely on a voluntary basis. So I'm not following you.

Personally I do think that this new packaged, turnkey service can be benificial for customers. I also think it's a logical step for GoDaddy to take, businesswise. But it's not "revolutionary" or "evolutionary" in the sense that they change how domains work (the graphic in the press release and the comments made by Paul Nicks). That part is all thin air to me, and I don't like it. All of this has been announced with far too much fanfare.

---

https://en.wikipedia.org/wiki/Snake_oil​

---

​

 

[Bob Hawkes]

While I don't think it deserves a place on the evolution of domain names chart , I think the idea of integrating GD Payments will be attractive to many professionals and small businesses. The percentage they charge for credit card processing seems reasonable, and I can see this being competition for PayPal and other payment systems.

Sure, GD Payments could readily be integrated into a website, but this makes the process easier and will be attractive to some.

Any form of payment system will be tested by various bad actors, and hopefully it has thought out vulnerabilities.

I wonder, if this is successful, if it might be just the first of various pre-installations they might do.

It is of course good for GD, if it means another reason for end users to register their domain names there and to buy into various extra cost services.

-Bob