NameSilo

GoDaddy's privacy protection turned out to be an unpleasant experience

Spaceship
Watch
Impact
225
Hello everyone,

I hope you are doing great. Being an introvert, all this time that I have been a member of this forum, this is the second time I have posted on "discussion" or "reviews" as I want to share this very recent disappointing experience of mine with you.

Well, I pay for Full Domain Protection on Godaddy for few of my domains (I know some of you may think it's not worth it). Because I have security on, everytime I made a change to the dns they sent me an one time password. This is normal. I wanted to try some things so I changed the dns to one of my domains more than 5 times in a 7-day period and the following message appeared: "You have requested more than 5 one-time passwords for this action in a 7-day period. For your protection, you will not be able to request another one-time password for the next 7 days".

This is ridiculous and unacceptable. Noone warned me that this would happen if I entered the right passwords more than 5 times. The only warning was that if I failed 3 times to enter the right one then I would be restricted to make changes to the dns for 24 hours but this was not the case!! All the changes I made were successful. I typed the right one-time passwords everytime. I am the owner and I can make any changes I want so what do they mean by "for your protection" ? I have screenshots that prove that all the changes were successful and done by me. If I didn't pay for this domain protection I don't think this would happen! I wouldn't have to wait 7 days to change them again!

Right after this message appeared, I chatted with an agent but she didn't seem to understand that I had typed the right one-time passwords every time. She told me:" It ensures that any changes to your domain settings are not made without proper confirmation". I replied that not even once did I enter the wrong password. Again, she didn't undesrtand and she thought that I entered the wrong passwords, even though I had sent her the screenshot of the mesage more than 2 times.

I told her that I would wait here till the problem was resolved. She replied that she would help me that was why she was there and that she would reach out the Advanced Team, but they did nothing. The problem is that they should make owners aware of this before they attempt to change dns a few times. I mean, a message like the one they have for the 3 failed attempts of wrong password (this message appears before even trying to enter a password if you have protection) would be most welcome. So, I am making this suggestion to improve user experience in the future.

@Paul Nicks @James Iles @Joe Styler
 
Last edited:
14
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
The same happened with me. A good thing to do is change from OTP to a Google Authenticator code option.
 
0
•••
That seems like a crazy limit, especially since they list Edit custom hostnames as a high-risk action in their docs. I wonder if I'm misunderstanding that, because it takes 6 changes to set up basic MS365 email (domain verification, MX, SPF, DKIM x2, DMARC). Maybe new hostnames don't count? What if you change mail providers?

Maybe it's scoped to 5 changes for the exact same thing, so you'd have to edit the www hostname 5 times and that's the only thing that locks.

I don't mind those kind of rate limits if they're clearly explained and configurable. Hiding them has no benefit, especially if it's a misguided attempt to improve security. Bad actors already know what they are, so the only thing that's being accomplished is increasing the risk to customers that don't know about the hidden limits.

What happens if you make a typo on your 5th NS change? I don't even understand what's being accomplished with a limit of 5 NS changes. If a bad actor can make one change, the damage is done. In fact, if I were a bad actor I'd change your NS 5 times on purpose so I could "lock in" the changes with the 5th one.
 
1
•••
I don't mind those kind of rate limits if they're clearly explained and configurable. Hiding them has no benefit, especially if it's a misguided attempt to improve security.
This is exactly my point!
 
2
•••
If it is such a pain in the Axsss
Then just don't use GD
Nobody is forcing you to use gd
 
0
•••
If it is such a pain in the Axsss
Then just don't use GD
Nobody is forcing you to use gd
If I knew this was going to happen, I wouldn't use GD. But most people, including me, usually hope that things like this can be fixed. That's why I made it known.
 
4
•••
If I knew this was going to happen, I wouldn't use GD. But most people, including me, usually hope that things like this can be fixed. That's why I made it known.
Dude. Anything you do at gd costs money and they make it hard...
 
3
•••
Hi @Domain Pro Seller,
Thanks for your feedback on Domain Ownership Protection. We'll share it with the team to see whether we can make any adjustments in how we communicate policies.

We do include these limits for very good reasons. One of the high-risk actions listed by our team is changing nameservers. So, we make sure that added authorization is in place. Depending on the authorization method, we may have limits on the number of times you can correctly or incorrectly use it within a given period of time. One-time password validation, for example, has limits of 5 correct attempts per 7 days (incorrect code limits are much lower) to ensure your continued protection using this method of validation.

By switching to an authenticator app as your 2FA method, you won't be limited in usage, and you won't encounter the same security locks associated with one-time passwords.

We hope that the added information helps.
 
2
•••
  • The sidebar remains visible by scrolling at a speed relative to the page’s height.
Back