I'm Bill Hartzer, Director of DNProtect AMA

[bhartzer]

I'm Bill Hartzer, and I am the Director of DNProtect.

I developed the algorithm behind DNP Score, which gives you a free analysis/report of any domain name.

I have also personally dealt with hundreds of stolen domain name cases since DNProtect has been offering the service the past few years.

Ask me anything related to domain name due diligence or stolen domain names.

 

[bhartzer]

Wouldn't it make more sense to have it automatically refresh when someone looks a domain up?
There is really no indication anywhere about how to refresh the page.

Brad

The data that we pull takes time... so there would be a massive additional load on the server and a lot more proxies needed. So right now we're only updating upon request. I believe we're currently processing thousands of domains every day and even then there's a backlog because so many people are requesting the score of a domain.

 

[Digital Nomad]

That's not Epik's strategy.
I "personally" created the "DNP Score" algorithm back in 2013-ish timeframe, and actually it was a manual process to calculate a score and do the due diligence. If you might remember, my previous product/service was called Verified Domains.
DNP Score is all MY 'intellectual property' and has been for years, nothing to do with Epik at all. Epik just automated my algorithm.

Epik's Marketing Strategy, not Intellectual property. Why promote DNProtect under Epik's brand? And then say it's not...

 

[bmugford]

The data that we pull takes time... so there would be a massive additional load on the server and a lot more proxies needed. So right now we're only updating upon request. I believe we're currently processing thousands of domains every day and even then there's a backlog because so many people are requesting the score of a domain.

Well, if I can manually add it to a queue why can't loading a page just automatically add it to the queue?
It would at least be beneficial to clarify how to refresh the score.

Brad

 

[Future Sensors]

@bhartzer This isn't really a question. If it is indeed the case that you want to continue DNProtect independently and without ties to Rob or Epik, I sincerely wish you every success in doing so. It is mainly the association with Epik that causes much discussion. Now, in the past, and probably in the future.

 

[Digital Nomad]

@bhartzer This isn't really a question. If it is indeed the case that you want to continue DNProtect independently and without ties to Rob or Epik, I sincerely wish you every success in doing so. It is mainly the association with Epik that causes much discussion. Now, in the past, and probably in the future.

The main issue is that if DNProtect says they are not an Epik brand, and @bhartzer says he only partnered with Rob, and then we all point out how DNProtect was indeed marketed as an Epik brand, and then he says these are mistakes, and we can't believe everything on social media etc. this creates confusion and reflects dishonesty, and now is your opportunity to be fully honest and transparent with us and delete posts that are not true on social media and anywhere else if they can't be edited.

The main concern is honesty.

 

[Future Sensors]

The main issue is that if DNProtect says they are not an Epik brand, and @bhartzer says he only partnered with Rob, and then we all point out how DNProtect was indeed marketed as an Epik brand, and then he says these are mistakes, and we can't believe everything on social media etc. this creates confusion and reflects dishonesty, and now is your opportunity to be fully honest and transparent with us and delete posts that are not true on social media and anywhere else if they can't be edited.

The main concern is honesty.

I fully agree that there may be a problem there.

 

[bhartzer]

The main issue is that if DNProtect says they are not an Epik brand, and @bhartzer says he only partnered with Rob, and then we all point out how DNProtect was indeed marketed as an Epik brand, and then he says these are mistakes, and we can't believe everything on social media etc. this creates confusion and reflects dishonesty, and now is your opportunity to be fully honest and transparent with us and delete posts that are not true on social media and anywhere else if they can't be edited.

The main concern is honesty.

Just to be transparent and honest, I never had access to Epik's social media, or any other marketing strategies or messaging they did to promote DNProtect on social media. DNProtect has always had its own Google Ads account, social media accounts, Reddit Subreddit, and other ways, separate then Epik, for marketing DNProtect.

 

[Digital Nomad]

Just to be transparent and honest, I never had access to Epik's social media, or any other marketing strategies or messaging they did to promote DNProtect on social media. DNProtect has always had its own Google Ads account, social media accounts, Reddit Subreddit, and other ways, separate then Epik, for marketing DNProtect.

So they did it without your permission? Were you aware of these social posts/emails/marketing?

 

[Future Sensors]

 

[Digital Nomad]

Show attachment 224503

Legendary sounds familiar...

 

[TCK]

Why is it so important to separate yourself from Epik? @bhartzer

 

[karmaco]

The main issue is that if DNProtect says they are not an Epik brand, and @bhartzer says he only partnered with Rob, and then we all point out how DNProtect was indeed marketed as an Epik brand, and then he says these are mistakes, and we can't believe everything on social media etc. this creates confusion and reflects dishonesty, and now is your opportunity to be fully honest and transparent with us and delete posts that are not true on social media and anywhere else if they can't be edited.

The main concern is honesty.

Epik is trying to distance itself from Epik….

 

[TCK]

I really feel for @bhartzer. I think he is a good guy and would have a beer with him. But this thread is showing that any association with Epik is not healthy. The numerous mega-threads about Epik have not been positive. The Epik staff have given up on defending the company and mostly because the staff are outsourced and have no commitment to the company.

 

[eternaldomains]

LOL, 2 APAs on NP, one became a hit and the other became an Epi* flop

 

[cooljub]

LOL, 2 APAs on NP, one became a hit and the other became an Epi* flop

Yeh, seems some people can't read..

Ask me anything related to domain name due diligence or stolen domain names.

 

[GoKaizen]

Why did you spend so much time promoting crap domain extensions?

 

[jberryhill]

Going after stolen domains can be a real pain, though.

First, a lot of claims of theft are from people who have (a) not paid their renewal fee, (b) have registered their domain name in the course of some sort of bundled service package and don't actually know their registrar, or (c) delegated control of the domain name to someone else under a contractual or other sort of arrangement. The first job is just sorting out if the domain name is actually stolen, and sometimes with someone who is not very familiar with the facts.

If the domain name was actually stolen, then you need to make sure that, in the event it is recovered, it is not vulnerable to the same attack.

Back when these were more common, one thing that would be frustrating was the use of WHOIS privacy or even people who registered names with aliases, since these made it difficult to point at historical records and say that the person in question was the historical owner of the domain name. Because going back to the registrar from which the name was stolen, and having the incorrect contact information for the victim, is instant credibility loss.

Bill, do you have any observations about the desirability, or not, of WHOIS privacy in this context?

 

[Bob Hawkes]

Thanks for doing this @bhartzer !

If you were giving a talk to a group of small business owners, what would be the 3 simple things they could do to make ownership of their domain name more secure?

Thank you,

Bob

 

[bhartzer]

Going after stolen domains can be a real pain, though.

First, a lot of claims of theft are from people who have (a) not paid their renewal fee, (b) have registered their domain name in the course of some sort of bundled service package and don't actually know their registrar, or (c) delegated control of the domain name to someone else under a contractual or other sort of arrangement. The first job is just sorting out if the domain name is actually stolen, and sometimes with someone who is not very familiar with the facts.

If the domain name was actually stolen, then you need to make sure that, in the event it is recovered, it is not vulnerable to the same attack.

Back when these were more common, one thing that would be frustrating was the use of WHOIS privacy or even people who registered names with aliases, since these made it difficult to point at historical records and say that the person in question was the historical owner of the domain name. Because going back to the registrar from which the name was stolen, and having the incorrect contact information for the victim, is instant credibility loss.

Bill, do you have any observations about the desirability, or not, of WHOIS privacy in this context?

John, you hit the nail on the head. The first thing we have to deal with is the people who think "their" domain name is stolen because they haven't renewed the name. So honestly of the many requests we get the first order of business is to sort that all out. In many cases it becomes a broker-type deal where DNProtect is helping them "buy back" the domain, which usually is cheaper than hiring a domain attorney to file and defend a UDRP.

There are a lot of times where domains aren't actually stolen, and it's another issue that can be resolved. So, when I get those, I usually just point them in the right direction. Such as telling them to call their registrar.

Regarding domain privacy, my view on it is that if you CAN turn privacy off that you should. Use a business address. Use your real name on it. Use a highly filtered email account on the domain. The problem is that if the domain is always on whois privacy, it's tougher to prove, initially, that you own the domain. Usually, when someone gets into a domain registrar account without permission, they immediately put it on whois privacy and then they will transfer the domain out. If it's been on privacy all along, then you don't have the switch from privacy off to privacy on.

 

[bhartzer]

Why did you spend so much time promoting crap domain extensions?

I always have gone into that with an open mind. I let the data show me whether or not "crap domain extensions" were good or not. I did real tests, such as PPC traffic experiments where you can control everything.
For example, the ad copy, keywords, landing pages were the same. But the only thing different was the TLD. The fact of the matter is that you end up spending less for clicks (because you have a higher quality score) than if you use a .COM domain for PPC.

 

[koolishman]

Informative thread.

Thanks Bill!

 

[MasterOfMyDomains]

Thanks for sharing your views, and reviews

 

[jberryhill]

Regarding domain privacy, my view on it is that if you CAN turn privacy off that you should. Use a business address. Use your real name on it. Use a highly filtered email account on the domain. The problem is that if the domain is always on whois privacy, it's tougher to prove, initially, that you own the domain.

We certainly agree about that. The downside is if the WHOIS email is also the account control email, in which case the WHOIS information is broadcasting, "compromise this email address to get the domain name."

 

[bhartzer]

Thanks for doing this @bhartzer !

If you were giving a talk to a group of small business owners, what would be the 3 simple things they could do to make ownership of their domain name more secure?

Thank you,

Bob

Never ever give access to your domain name registrar account to your web designer or web developer. If you feel you must do this, then give them the access for a short period of time and then change the password.

Register your domain name for at least 5 years in the future.

Make sure you use 2FA on your domain registrar account.
Don't host your domain name with the registrar. Those are two separate things, and it's more secure if you use a separate company for web hosting.

 

[bhartzer]

We certainly agree about that. The downside is if the WHOIS email is also the account control email, in which case the WHOIS information is broadcasting, "compromise this email address to get the domain name."

I agree that it can be a possible issue. Especially if you are using a gmail address on the whois record (don't do that!) Gmail accounts get hacked all the time. Unless, of course, you have Google Advanced Protection turned on.
Just don't use your same domain on the whois record. For example, on johnberryhill(.com), don't use [email protected] as the email contact. Use another domain.

We also saw this come up with the tile/customtilt(.com) case.

Facebook doesn't have a problem with not using privacy. On the facebook.com whois record, they use [email protected].