I am curious: does anyone here on HN have a registrar to recommend who they know (preferably from experience) would actually be more helpful in this circumstance?
Because from the sound of it, the unwillingness of the registrars (both of them) to take action here without being compelled to by a lawsuit is the root of the problem. The FBI's willingness to be helpful is nice, but doesn't solve the root problem, and as a law enforcement agency they can only really help in cases where they manage to "catch the criminal". And paying off the criminal just isn't an acceptable solution (although stopping the payment immediately is cool and all).
I would be willing to select a registrar on the basis of their policies, not their prices. Policies like this sort of dispute resolution and policies about how they handle DMCA notices or government subpoenas (and non-subpoenas), if only I knew which registrars had the best reputations for these things.
I lost a domain because Gandi refused to do anything about it; although I was well within the renewal period and tried to contact them many times Gandi refused to process any sort of renewal until it expired and was deleted by their system.
Gandi ONLY accepts support requests through their web form (no email, no phone), and generally ignores those or provides nonsense answers several days later.
As long as you never ever need any sort of support, Gandi is fine.
This was several years ago; what's done is done. I moved all my domains to another provider shortly afterwards. I'm not giving you another chance to screw me.
You publicly complained about their customer service. They have offered to right the wrong. You have a poor sense of fairness if you are willing to make a public claim and then aren't willing to address the issue when the company calls you out on it.
Oh, the stupidity, it burns. What sort of righting do you think they could do, several years past the fact? Gandi refused to respond to their web form for a period of about four weeks or more; they let my domain expire and be deleted (if I recall, the only problem was that my credit card expiration date needed to be updated in their system and the charge processed). Besides the immediate hassle and serious annoyance of having an uncontactable company ignore their support form, it ended up costing me a few hundred dollars to buy the domain back from a domain speculator who snatched it up.
What price should I put on that? What price is it worth to Gandi? Are they going to offer me a year's free domain registration with them? That offer has negative value to me; I wouldn't take it unless paid a lot of money to do so. Are they going to offer me a pile of money (no they aren't, it's not worth it to them). So what exactly are they going to offer here to right the wrong?
The point here - which the top of this thread made, but maybe it wasn't explicit enough for you - is that services such as domain registration can easily have effects disproportionate to the cost of providing them. If all of Google's domains were deleted tomorrow, the cost to Google would easily exceed ($10 x number_of_domains). So a poor service experience can easily do more damage than the sum total of all revenue ever received from a particular customer. Thus the commenter looking for companies which try hard to provide good service. Gandi.net is not such a company, in my experience. (Hint: companies which provide good service have email addresses and phone numbers to contact them.) That's my only comment.
just to drive a point home about "calling out stupidity". Your follow up statement is the equivalent of stating "I'll never ever ever use a Windows product because several years ago I use Windows M.E. and it was so bad and they wouldn't fix anything so they can't possibly have fixed any of the issues I may or may not have actually experienced".
It really irks me when people use this sort of logic. I can't say what their support was like several years ago, but I have heard nothing but fantastic things about their support and service offerings over the last 2-3 years, and not by the general web user, but by us "nerd elites". So dude, chill the Eff out and don't be such a hard ass against something that happened admittedly several years ago.
Oh, and you call out "what could they possibly provide me after so many years", well you have a direct response from a customer support person who has offered the ability to "make it right". You do not know what they would be willing/capable of doing until you ask. So get off your high horse and just ask. They might surprise you...
Maybe I'm stupid, but I agree wit the parent - if a company fails me, I won't go back to them no matter how much they promise to have cleaned up their act.
It's not that I don't believe companies can fix their problems; it's that I believe in feedback and the one form of feedback companies cannot ignore is revenue. It's Darwinian - if a company screws too many customers, they die.
So I haven't used Windows since Microsoft's deeply unethical attacks on OpenDocument; I moved all my US domains from GoDaddy to NameCheap after the elephants broke that camel's back; and Domain Central have all my Aussie domains after NetRegistry de-registered a heavily used domain name in very dubious circumstances.
I do worse (I'm bad, I know). A large Telco in Australia once charged me $800 in phone calls several years ago before the TIO and ACCC mandated SMS notifications when accounts go over a certain amount.
I explained the situation to them, that I was a good customer, I'd just had my first child, could they shave off some of the bill as a goodwill gesture. Even $40. They didn't budge an inch.
Over the next 6 years I've made a complaint about every single fault, bill error, outage and mistake they have made. Each time I've demanded compensation. I have a number of accounts with this Telco.
I estimate that I've recovered $700 worth of compensation. I'll keep going till I get the entire amount back, then probably go on for another $100. Then I'll stop. And probably find alternative services and dump them completely.
Besides the immediate hassle and serious annoyance of having an uncontactable company ignore their support form, it ended up costing me a few hundred dollars to buy the domain back from a domain speculator who snatched it up.
I once let a domain expire by accident, but since it was obscure the squatter who snatched it let it lapse after the ~45 day ICANN "trial" period that used to be a boon to evil squatters (AIUI, IIRC). So I just registered it again myself.
While I doubt neither the veracity of your claim nor your reaction to Gandi's actions (if such a situation happened to me, I would certainly not want to give a company my business going forward), I have had a very different experience with them: all of my queries to Gandi support have received prompt, relevant replies that addressed my issue.
Also, ny domain registered with Gandi can be renewed by any Gandi handle. In the event that you're having trouble accessing the handle that owns a domain or otherwise cannot renew it normally, you can create a new handle and use that to renew the domain. See https://wiki.gandi.net/en/domains/renew and https://www.gandi.net/domain/renew?lang=en for details.
I'm not sure if their "any handle can renew any domain" policy/system existed at the time of your situation, but it should prevent similar issues from occurring today.
One aspect I found puzzling about Gandi is that until recently they published your "handle" in the WHOIS information, which in effect gave away your username. Now, some may tell me hiding that is security through obscurity or some such, but in my mind it adds another protection layer.
I seem to remember that being the case with Network Solutions back in the early days.
Gandi seems to hide your handle these days for certain domains if you have whois privacy enabled: my .com/.net names with Gandi don't show the handle, but my .org domains do. My .us domains (which don't allow whois privacy) also show the handle.
Then again, one can easily enable two-factor authentication and it's essentially irrelevant if the handle is known.
Moniker claims that they have never lost a domain. I've got several domains (over 50) registered with them and never had a problem in almost 8 years. Many of them belonged to high traffic sites that might be desirable to thieves.
I also have many with Name cheap right now and haven't had a problem them either.
I use Moniker as well. I pay for their "Portfolio MaxLock" (https://www.moniker.com/domainnames/domainsecurity.jsp) service. Whenever I want to make a change (even DNS), I'm forced to answer the security questions that only I would know. In order to get around that, I'd have to contact their security team directly and provide a substantial amount of identification.
Aside from the security features, Moniker's site and technology seems to be fairly unimpressive.
I'd definitely be open to exploring other options if people have suggestions for truly-safer registrars.
Look at it from the GoDaddy's point of view: This woman is claiming she has rights to a domain in one of their customer's accounts. As far as they know it was legitimately transferred in by one of their paying customers. Her real issue rests with HostMonster and the ICANN dispute resolution system.
GoDaddy could seize the domain until the dispute is settled. If everyone recognized she was the previous owner, that should be enough to cause an investigation into the transfer.
Not saying a claim from anyone should cause a seizure, but the legitimate previous owner should be able to dispute it for a time period. Domains are stolen all the damn time.
I worked in webhosting for nearly a decade so I'm quite familiar with the volume of fraud and stolen domains. But to play the devils advocate how would you feel if somebody claimed a domain you own was stolen just to freeze your account and waste your time. You'd be furious at GoDaddy for freezing your account over a fictitious claim.
This. I want to upvote this comment a hundred times. If there's a dispute with probable cause, temporarily freezing the domain while launching an immediate investigation seems by far the best balance of thwarting domain theft and minimizing fraudulent claims.
I'm not very familiar with their policies. Does that apply even in the case of theft? Didn't the article's author recover her domain within a few days?
It's no matter what you are only allowed to move domains once every 60 days. It is to prevent somebody from stealing a domain and moving it through 10 different registrars to wash the history of ownership.
No, GoDaddy was never in doubt: "No one at either company questioned my statement (supported by written proof) that the website belonged to me. No one doubted that it had been transferred without my authority".
So GoDaddy's refusal to help was ridiculous. At the very least, they could have frozen control of the site for a day or two while investigating.
By ICANN policy domains can only be moved once every 60 days. How did you want them to go about freezing the site? ICANN has a dispute resolution policy in place.
And given that both registrars acknowledged that she was the real owner, I'd expect the transfer (to the thief) would not be counted as a legitimate one within that period.
I use gandi.net never had any serious issues with them and since their located in France (yes i intentionally avoided American companies) all this suing problem may not apply to them or at least it would be a lot more difficult.
One thing is certain though most people i know have had issues with GoDaddy and avoid it like the plague.
Gandi now has offices in the USA, so they are effectively an American company as far as being subject to the US legal system and extraconstitutional orders from agencies and such. You won't get any privacy protection or immunity from illegal orders from Gandi.
Gandi does have an office in San Francisco, but our registrar service is accredited and located in France. It is under EU law.
Those who have been following the industry's responses to the massively reprehensible, illegal dragnet surveillance will know better than to take any company at their word as they swear up and down that they care about their users' right to privacy. So I know this will be taken with a grain of salt (hell, I take it with a grain of salt and I work here)...
But as far as I know, and I've asked around, we _actually_ do protect our customers' privacy to the maximum possible legal extent.
The day I find out otherwise is the day I no longer work here.
>I would be willing to select a registrar on the basis of their policies, not their prices.
Yes, absolutely this. I've searched through forums and read various reviews of various registrars and some say gandi is good, some name.com, some others, but at the end of the day nobody said "I've had this problem where my domain was stolen and this company was willing to help".
I'm also willing to pay more for good support when serious problems arise.
I would recommend Melbourne IT or Namecheap for what you are looking for. I would recommend you take advantage of WHOIS protection, two factor authentication, locking your domain at the registrar level (not just with Namecheap for example, but with the actual registrar), using strong passwords, etc.
The company can only do so much, so make sure you do everything you can do as well to make your domains as secure as possible.
I use iwantmyname.com and their service is amazingly good and fast. I never got my domain name stolen, but I'm confident they would do anything they could for me to recover it!
Because from the sound of it, the unwillingness of the registrars (both of them) to take action here without being compelled to by a lawsuit is the root of the problem. The FBI's willingness to be helpful is nice, but doesn't solve the root problem, and as a law enforcement agency they can only really help in cases where they manage to "catch the criminal". And paying off the criminal just isn't an acceptable solution (although stopping the payment immediately is cool and all).
I would be willing to select a registrar on the basis of their policies, not their prices. Policies like this sort of dispute resolution and policies about how they handle DMCA notices or government subpoenas (and non-subpoenas), if only I knew which registrars had the best reputations for these things.