Hetzner just turned off our hole domain, without contacting us first at all! All servers unreachable, 10k angry customers hammering us. All because if they receive a trademark complaint they won't contact the domain owner first and give them reasonable time to "fix" the "issue" (even 2 hours would have been enough). No, they just turn off the production server and simultaneously send an e-mail "you better respond to their complaint if you want your domain back up".

Totally unprofessional and a complete joke. Will never use them on a production system again. Always angry if they are mentioned here like they are a legitimate choice...

Ouch. I use Hetzner and OVH but after this I guess no more Hetzner for me. I already had an unpleasant encounter described below. Do not want to give Hetzner a chance to screw me with this kind of asshole attitude.

Previous experience: I already had one of our videos suspended for "copyright violation" (this was on media hosting site) despite the fact that I fucken made this video myself. Some company had stolen it claimed as their own and submitted hash. Since mine has the same hash ( duh! ) access to my video was blocked resulting to download complaints from customers who purchased it. I sent numerous complaints with the results that amounted to roughly "fuck you". I've given up but suddenly out of blue after 2 month I received the apology from some C-level of theirs telling me that they were in error and access to my video was restored.

Heroku did this to me. A former employer was mad at me for daring to leave my job and made a malicious DMCA claim against my website. Heroku took it down with zero notice and treated me like a criminal when I called them to quit their bullshit

The power of false DMCA takedowns is just insane. You can get a copyright strike if your fucking keyboard makes too much noise.

If this was a business site and you had a service interruption you should absolutely sue them for damages.

I think the DMCA protects them against liability for simply staying within the DMCA safe harbor. But if the claim itself was malicious, the DMCA does allow you to sue the person who made the claim.

A cursory googling suggests DCMA takedowns would take 1 day, 72 hours, or up to 10 days on various websites/services. If the law does not mandate it be that fast, then Heroku and Hetzner's alleged actions of less than 2 hours notice would indeed be tortuous and interference with business. They are backbones for businesses, they are not twitter.

The DMCA requires that service providers who wish to benefit from the safe harbor preventions act on takedown notices "expeditiously". No precise quantitative minimum or maximum timeline is provided by legislation, but under 2 hours is certainly expeditious.

Under 2 hours is fine for a rando on Twitter, it's not OK to cut off a paying customer after doing zero due diligence.

Morally and in terms of business sense I agree with you, except I might argue that 2h is too short even for randos on Twitter (especially late on Sunday night) when the allegation is of trademark violation instead of something more urgent to resolve. Trademark matters by definition impact commerce alone, unlike if the Twitter account were compromising computers through malware or harassing or stalking humans.

But to the extent US law applies and the other required details of the DMCA safe harbor are attended to, I do think the DMCA prevents the service provider from monetary liability in this scenario. Of course, criticizing them for acting rashly remains 100% fair game.

(As to the question of whether US law applies: one example you were discussing, Hetzner, is based in Germany and not the US. But I can imagine circumstances where US law might sometimes apply to them anyway, and/or Germany might have similar laws. I'm not an expert on the international angle here, and I'm not a lawyer in any case.)

That's outrageous. How did this pan out, mate?

They said I was not allowed to ever host the falsely claimed content on Heroku ever again. They said that I should pursue external avenues for disputing the claim. I took my site off Heroku and kept it offline because of the implicit threats of lawsuits from my previous employer. The site was my online portfolio of work and experience I was using for job hunting. However, my Heroku account was also used to host my profit-generating website/business, and instead of taking down only my portfolio site, they took down every site on my account. My account was completely disabled and I wasn't able to even remove the specific site and put my other ones back online, which is why I had to call them to re-enable it, but only after they treated me like shit and like I was murdering babies even though I told them the DMCA claim was malicious.

I did not mention the former employer or any of their projects/clients by their names and did not include any images of those projects that were protected by any copyright that they held. It was screenshots of the website functionality after I had removed all original styling and revamped it myself (on my own time on my own machine using only publicly available HTML/CSS) from the ground up to anonymize it. All branding and images were removed and replaced. These revamps were never publicly released and were only used to create screenshots to display their functionality. They claimed copyright ownership of the images that I took, on my own computer, that had zero resemblance to their own software except for the workflows that they had. These were all public facing sites and there was no internal/proprietary workflow information being shown. The work being displayed was 100% my own creation during my employment, and I was not claiming any credit for work that wasn't done by me.

I did not bother disputing the fraudulent DMCA claim because my former employer that did it was extremely litigious and loved lawsuits and loved making them as long and expensive as possible to punish the people they were trying to bully into submission. The owner would frequently boast in the (open concept) office about all his lawsuits and how he was forcing people to comply to his demands with the threat of ruining them financially with lawsuits.

It did have an impact on my ability to find new employment, but I found employment anyway. I just made a PDF version of my website (well laid out) and send that with my cover letter.

Christ, that's absolutely awful. Sounds like leaving was a good decision though, I wouldn't want to work anywhere that toxic.

Hey, that reminds me of Cloudflare's response to Phishing Reports. Someone claims you're phishing? Page gets locked and there's no recourse. You can reach out to Trust & Safety, but I've never gotten a reply in over a year. Tech support just says "sorry, we can't do anything about it". So you either live with some page(s) on your site getting a big fat "EVIL LURKS AHEAD" warning, or you migrate off of CF.

That said, with Hetzner I've had the trademark complaints as well, but they've always given us 24h, and were always okay with us saying that our usage (e.g. showing a logo of a shop next to their review) was fair use.

I’d like verification of that behavior from CF.

I have an email from them forwarded by a third party reporting phishing on a CF-DNS-hosted site where Cloudflare denied they had any responsibility whatsoever as “they host no content”.

Of course, it requires a subpoena to discover who DOES host the content, as they are the only ones who know.

They'll put a warning message in front of the URL that's been claimed to use phishing ("Warning: Suspected Phishing Site Ahead!"), here's what that looks like: https://archive.ph/qqR8t

They do it for lots of right reasons, I'm sure, but they also do it based on simple claims. While I thought that's a great way to hurt any site if such a claim is all it takes, I haven't experimented with it, so I don't know if you have to make it a legalese thing, or if they do some automated checks. But once you get a site flagged, it'll probably stay so, unless they have some very good connections to CF.

They will forward any complaints also to the hosting company of the origin, but if you're not in luck, the site will be hosted at a questionable company that has no trouble hosting phishing sites. Hetzner for example did quickly react and requested comments from us under threat of shutting down the server. They were happy with our response and their own checks however.

Still, I agree that they should have a way of de-anonymizing who is behind a site, their business is in protecting against technical attacks, not protecting against the law.

Thanks for that.

By contrast, this is the email that a MAANG company received recently regarding a site being reported for phishing one of their login sites:

https://ibb.co/kcsQN0w

So I guess they are somewhat arbitrary in their phishing actions.

Are you sure they turned off the domain?

Your case sounds like one of your IPs got blocked in their firewall, which can happen if you use bittorrent or receive a DMCA strike. But then other IPs associated with the domain would still work fine.

That said, yes, their abuse team is rather trigger happy. I've had disagreements with them, too. They can be VERY German ;) But in general, calling them on the phone can fix these cases within minutes.

yes, they turned off the domain (macupdater.net) because one app-vendors of an app listed wasn't happy that we advertise their app for free. they cited trademark issues and contacted the host hetzner instead of us (grrr!). and hetzner just turned off the whole domain without contacting us first. the very same domain was also used as an app-backend service, thats why we got hundreds of complaints in a very short time.

i think giving 2 days before turning anything off would be sensible. 1 day would still be ok. but turning it off immediately without even giving a chance to reply is not acceptable. especially since anyone can send a trademark complaint without providing any evidence. so, if you want to do some domain sniping, look for businesses hosted on hetzner and watch them go down...

Your reply doesn't really include the technical details to know what really happened.

Did they start sending NXFAIL for DNS requests for that domain? That's what "turning off the domain" means. But in that case, API access via IP would continue to work without issues.

Or did they start blocking traffic to the IP that you had associated with the domain? In that case, the domain would continue to work, you just need to switch the IP.

Based on your information so far, I wouldn't know what to do to repair it. I'm not surprised that others were unable to help, too.

It really depends in which way they complained to Hetzner. Write a stern email? Hetzner could forward it to you and give time to respond. Preliminary injunction (not uncommon in trademark cases), they'd have no choice in that matter.

Generally, I would recommend not hosting APIs on the primary domain for exactly that reason - it's too easy to be hit with some sort of complaint and have that domain cut off (DMCA, preliminary injunction, SPAM complaint against your mail server, shitty host, ...).

> Write a stern email?

exactly what happened. so not even the slightest reason for an immediate reaction

> recommend not hosting APIs

yes! we learned the hard way :)

May be you should tell me which App is that so I could blacklist it just in case I may get sued.

I always separate domain hosting from server hosting, to limit the scope of the outage. If there is a problem with the DNS, I can switch to a different domain for the server. If there is a problem with the server, I can switch to a failover server under the same domain.

> I can switch to a different domain for the server.

Sure you can do that for some internal/private service. But how can you do that when you have a public user base who expects a service at foobar.com which has DNS issues?

You can’t, unless you build fallback domains into the protocol. But at least you can inform your users about the fallback domain instead of having to just shrug your shoulders.

Hi OP, I'm sorry to hear about your experience there, and I appreciate you warning people.

I was not aware of their abuse policy when I was forced to move my services from another unprofessional provider. I had settled on Hetzner. I'm glad you said something.

Over the last few days I've reached out to them for further clarification on their policies, and over those (multiple) communications there were enough professional red flags that its become clear they can't be considered for any future hosting of production or professional services.

Initially, I was stonewalled with: --- Thank you for reaching out to us directly to clarify this matter.

In accordance with German law, we are not permitted to disclose internal information to third parties or to review or verify the content of any potential abuse reports. As a matter of fact, we neither can confirm nor deny what is described in that thread. We want to assure you that our abuse team handles cases with care and sets reasonable deadlines and measures based on the gravity of the allegation.

---

I asked about what processes and controls they have in place to prevent fraud, and the written policies and timetables, and they didn't appear to understand English well enough to answer, they thought I was talking about other common forms of abuse rather than fraud.

As a customer, they were unable to provide me with any kind of written policy, adversarial response schedule, or other controls commonly needed to mitigate fraud.

No details or specifics on their policies, other than what they refer to as 'reasonable' time tables based on the allegation which are not clarified further.

It appears they consider multiple complaints more severe regardless of the legitimacy of the claims which they don't appear to evaluate prior to shutdown, and their Abuse Team decides on a case-by-case basis what actions are to be taken, and the response times allowed.

As a result, it appears this provider has an unreasonable amount of counter-party risk associated with it. Any company could file a claim, and hold your business hostage (as OP described).

What's worse, if they suspend or terminate your account as a result without notice; any monitoring that might have alerted you so that you could respond more quickly would likely not function correctly and fail silently without a cross-platform investment.

Hetzner is a budget server host as is OVH, and which you shouldn't assume a professional service. You get access to a server, free hardware replacements and a network, that's it. It cheaper and easier to mitigate any issues by slamming the power switch and than notifying you.

Folk ask why I colo. And the why is because it's my hardware. If my host is to touch my kit without my permission or a subpoena they'll get slapped with a solicitor.

Anecdotally, we herited a ovh dedi infrastructure when signing a new client and tbh its been going swimmingly. I think the Incident made them really up their game.

That doesn't solve the issue of making a domain unresolvable if the registrar chooses to do so like the case in here, or does it?

It can. By becoming your own registar. Granted that costs $$ but solves the problem of if a register is deciding to axe you.

Is that still $350k minimum?

If that were it then there wouldn't be a problem. You don't even have access to the server you paid for.

What about their hosting? Do you use that and encountered any problems ever?

We just tried their cloud offering and idk if that's new to them and still in "beta" but you are limited to the amount of VMs you can start because "your account is new" and I have not found a way to open a channel of communication where you can lift that. Other than that their prices are hard to beat

My experience with small-scale hosting for a few years there (on an enterprise user account) met no problems - but, also, we met no technical problems requiring interaction with support staff.

Central providers should never have the ability to hold your business hostage for any reason.

It's for this reason that people are losing massive amounts of trust in them, yet they seem to be the only viable option for most.

The concept of grace almost doesn't exist in business, and the idea that customers are valuable is all lipservice.

It would be foolish for me to make any judgements based on anecdotes I find in comments, but this is actually quite worrying to me since I have been recommending Hetzner to people who trust me. (Based on having used them for a few years).

So I guess what I really need to understand is whether this is a typical response or if there is more to the story that I don't understand/see.

If you are no longer using Hetzner, which other vendor(s) are you using?

Their uptime on their 'Robot' 'Storage Box' is also complete and utter shite in my experience. Reading that they plan on hiking the prices due to the cost of electricity, I'm strongly considering cancelling it entirely as it's used for off-site backups.

It sounds to me like you failed to renew your domain on time, and missed the grace period. Redemption grace period is not a fine, it’s a normal period of the lifecycle of a domain name during which they (the registry, via the registrar) give you a last chance to get your domain back. This is well documented and part of the conditions you accept and need to understand when you rent a domain.

You said you had another payment mean, but they’re likely not allowed to use it without your approval. If you missed the email requests for approval, they couldn’t renew and you legitimately lost your domain.

The annual contact accuracy check (WDRP) usually doesn’t result in deletion but suspension, so something sounds fishy here. Maybe it came at the same time as the renewal (which makes sense) but I’m pretty sure it’s not the direct reason for deletion of your domain.

However the above is true only for gTLDs, not for ccTLDs. What’s the TLD of your domain?

(Disclaimer: working for another registrar, GoDaddy has some shady practices but they still abide by ICANN rules which would prevent them to delete a domain just because of a WDRP)

>working for another registrar

I ask this every time I see people who work within Domain Name industry on HN.

What is happening to .Web?

I don't know the full details but AFAIK there's still a dispute between Verisign (.com, .net) and Afilias (.info), they both accuse each other of cheating at the 2016 auction.

You can find most of the drama here: https://domainincite.com/tag/web

This should be the top comment. That was the question I had when I was reading OP's complain.

Godaddy is the worst. Apparently if you ever decide to move your domain out of GoDaddy(which has alot of dark patterns to discourage you), they will remove whois privacy protection(which they charge you for) until transfer is completed. It gives bots/scrapers enough time to get that information(ICANN requires you to provide accurate personal information with email, phone number, name, and address) and your private info is ripe for abuse.

It's like a punishment for moving away from them.

TO AVOID THIS FOLLOW THESE STEPS:

1. Get authorization code for transfer from GoDaddy

2. Put that in the host you want to transfer to (This will start your race against time). I suggest you use cloudflare since the transfer is fast.

3. Go to GoDaddy and approve transfer immediately (GoDaddy hides this option to delay the process intentionally, follow the video to find this option).

4. Your details will become private again if your new host support whois privacy.

Here is a video(starts at 8:18) to do all 3 steps back to back: https://youtu.be/81LtL2ZvD38?t=498

I’ve had a domain (at Godaddy) for 28 years with no privacy protection and no particular problems from bots/scrapers.

As they said, this is when you transfer out of GoDaddy...

Is there any way to avoid this?

You can reduce chances of this by acting fast. Follow these steps:

1. Get authorization code for transfer from GoDaddy

2. Put that in the host you want to transfer to (This will start your race against time). I suggest you use cloudflare since the transfer is fast.

3. Go to GoDaddy and approve transfer(GoDaddy hides this option to delay the process intentionally, follow the video to find this option).

4. Your details will become private again if your new host support whois privacy.

Here is a video(starts at 8:18) to do all 3 steps back to back: https://youtu.be/81LtL2ZvD38?t=498

It has been over 10 years since I had to last deal with GoDaddy. I called it trash (to put it mildly) back then and have encouraged many to move out. Glad to see they are still the same if not worse.

At least in the past they would “kite” or “taste” the domain - register it and then cancel before the grace period - so it was no cost to them. It’s been a while since I’ve looked into that space and don’t know if that’s still a common practice.

It should be noted that GD had a kiting operation, but then paused it, after which the original owner publicly decried the practice very publicly. The company has since been sold and I would wager that the opportunity was too profitable to ignore.

Source: I built the analytics system for parked domains that was used for pricing early GD domain auctions as well as the initial integration with Adsense for domains.

To change pending delete status costs them nothing.

I have no love for GoDaddy, but honestly, it sounds like you failed to renew your domain because your credit card was expired and their renewal warnings probably went into your spam folder the same way their most recent one did.

Sucks to say, but this is kind of on you. In general with any company, having a secondary payment method on file doesn't matter because autopay is only enabled for one (this is a feature, not a bug). And if their e-mails went to your spam, that's ultimately your problem as well (domain registrar e-mails are critical, you need to whitelist those).

I find it extremely unlikely that there were "no further emails or announcements" -- registrars are generally desperate to have you keep renewing, and will repeatedly send you e-mails if autopay fails. (Intentionally allowing GoDaddy domains of mine to expire in the past probably sent me 10-20 warning e-mails each, often daily.) But if your spam folder autodeletes messages after X days you can't find those either.

In any case, GoDaddy didn't cancel your domain -- you let it expire. And the €150 isn't a fine, it's a redemption fee which is standard with any registrar to recover a cancelled domain. With any registrar if you let your domain expire, it's going to get expensive.

This happened to me on Hover. The fishy part is if you say you won’t pay it and bargain it magically goes down to 50-90 usd. That makes me think they have control over the price and take a hit just to secure the lower amount.

I would not trust any of the registrars, not even Hover.

The 180 fee is a godaddy fee not a government fee. Other companies may charge a premium but many do not.

As far as I can tell from Googling, the €150 fee is something Verisign charges GoDaddy for domain redemption -- €150 is the rate for .com names, other TLD's have different rates.

So no, it doesn't appear to be a GoDaddy fee at all. It appears they could charge a premium on top of that, but they don't appear to be doing so in this case (assuming it's a .com).

(But correct that's it's not a government fee either.)

Redemption fees are set by the registry, not the registrar. Of course the registrars apply their standard markup but I don't know of a registrar that will add an unreasonable markup to the already prohibitive restore prices.

> That makes me think they have control over the price

Well yeah, registrar is a business, of course you have some say on the price you sell your domains... But there's a base price that is set by the registry behind the registrars

As an example, the .com is sold by Verisign (the registry) around 9 USD for the create/renew, but around 50 USD for the restore, depending on the negotiated price between the registrar and Verisign. So basically no registrar will allow you to restore a domain in redemption period for less than 50 USD.

GoDaddy has been rotten since the beginning. When I was in high school I had some domains and servers through them and GoDaddy shut them down because they thought I was using pirated software, which was a complete load of bullshit. Without warning, they obliterated all of my sites, storage and all. This was back in 2007.

One of my friends recently told me he searched for a domain through GoDaddy. I immediately cringed and told him he'd better get that domain on NameCheap ASAP if he really wants it. He went back to look for that domain and GoDaddy bought it and decided to charge over $1000 for it. The original price was peanuts.

GoDaddy shouldn't be used under any circumstance. If you do, you'll get F'd in the A.

GoDaddy is really a dishonest company. Please do yourself a favor and avoid them. Things I've personally experienced:

* The purchase of webfaction w/ a promise to migrate sites to a new host. They promised for over a year to do this migration and then 30 days before shutdown told me they could not migrate and to figure it out.

* Domain name sniping. Never ever use godaddy to search to find a domain. They will just steal anything you search for if you don't immediately claim it.

The Webfaction situation was so weird. You have a very customizable, powerful, idiosyncratic shared hosting service that's going to be basically impossible to migrate to any other hosting provider. And it gets bought by GoDaddy of all people? And the plan is to migrate users to normal GoDaddy shared hosting? I wonder if they gained even a single user from that purchase. For me, the idea of switching to GoDaddy was a complete non-starter.

For anybody not familiar, WebFaction was “shared hosting for nerds”. The control panel gave you a lot more power than most shared hosts did, you had SSH access, and you could spin up servers for pretty much every web programming environment going with a couple clicks. When Godaddy bought them they transferred everybody onto bog-standard and much less flexible Godaddy shared hosting, and everybody who was using a less-common web stack was dropped.

I’m still cheesed about it, and more than a bit confused. Godaddy had and still doesn’t have any of the value prop that webfaction did. Godaddy didn’t integrate the WF technology or customer base in any meaningful way… so what was the point? Was it an aquihire?

To me, this kind of acquisition speaks of anti-competitive behavior. They didn’t want the product or people; they just didn’t want to compete with them.

could we make them loose a lot of money by making bots to search for all kind of useless domains?

They don't actually have to pay for it by using "domain tasting" which gives them the option to grab the domain for up to 5 days. https://en.wikipedia.org/wiki/Domain_name_front_running

I use Dynadot, and they actually pass the "domain tasting" on to the customer: you have a couple of days to cancel your domain registration for a full refund.

As a customer, I highly recommend Dynadot (low prices like NameCheap, but a nicer interface - I tried both registrars when I switched my domains away from DreamHost).

So just wait 5 days to register?

They re-register

Not really, no, because IIRC registers can "return" a domain within a period of time for free or nearly no cost.

Not really. They're a registrar, those domains do not cost them a lot to hold.

Is Namecheap better?

My domains are currently split between the two

Might as well move my stuff over if it means avoiding things like this

Had a horrendous experience with NameCheap where they basically stole my domain and some of my money after freezing my account and insisting i do a cam show with my credit card on some random site (not their domain) that had privacy guard up.. They are also not so 'cheap' any more. I'm using NameSilo and PorkBun, so far not bad.

I used to host all my domains with NameCheap and moved them all off after a run in with their customer service, who I found to be really arrogant:

NameCheap send out their reminder emails telling you a domain is about to expire in the format: "Your domain <somedomain.com> expires on MM/DD".

Several times I had domains expire or almost expire because, being in Europe I naturally read 'MM/DD' as 'DD/MM' which, under certain circumstances looked like a domain was expiring several weeks in the future, when it was expiring imminently.

I emailed NameCheap customer service on a couple of occasions about this. Pointing out that, for their customers outside the US, their expiration notice emails were liable to be mis-read and I suggested they either use 'DD/MM' when emailing customers in Europe or --even better- just spell out the month name, so there's no possibility of confusion.

The first time I got no response at all. The second time, I got an email back from NameCheap Customer Service saying "We're an American company. We use American date format"

So I thought 'Fuck you then. You'll not be wanting non-American customers, in that case.' and immediately transferred all my domains elsewhere.

I'm currently using gandi.net. Not as cheap as NameCheap but no complaints so far.

Oh. And to address something raised by the OP: there's no way you should have to pay $150 [or anything for that matter] to revive a domain that expired the day before. I'm not sure what the grace period is. But, in the past, I've renewed domains that had expired a week or more previously and never had any problem. Nor have I ever had to pay any 'fine' for doing so.

GoDaddy are shysters. I'm actually surprised someone fitting the HN demographic uses them. I thought their reputation was pretty well known in techy circles and most savvy people actively avoided them.

> The second time, I got an email back from NameCheap Customer Service saying "We're an American company. We use American date format"

I'm guessing that's a low level person and they closed it with that.

There's a post here where the CEO wrote how they had about 1000 people in Ukraine being affected by the war.

Found it, https://news.ycombinator.com/item?id=30506813

I've stumbled upon them a couple of times before.

NameCheap doesn't "steal" domain names, they're just a domain name registrar. They may locked your account, but they can't (and won't) steal domain names.

It sounds like someone may have gained access to your account or there may have been some other issue. It's usual for them to have ask for video proof that you're the domain owner.

>It's usual for them to have ask for video proof that you're the domain owner.

Putting aside the fact that it is just an insecure and undignified way of transferring data. Why not host the 'video proof' site on namecheap domain? so you know who's watching. And why not ask for photo ID instead of credit card? I mean anyone can send an email "go to [whatever] domain and show me your credit card, or I'll stop your [whatever] service" and NameCheap users will be conditioned into falling for this scam. Its reckless and unprofessional.

And i don't know how else to define took some of my money and registered a domain.. then kept it cause that's what happened. You have a deadline to do your cam show, which is shorter than the time their support service takes to answer an email about your concerns; After that you lose some of your money and your domain.

as long as you are not russian[0], today. Maybe tomorrow they will discriminate your country.

[0] https://www.namecheap.com/support/knowledgebase/article.aspx...

Some people may consider this a reason to continue to support them.

I prefer my domain name registrar to be neutral instead of political, thanks. What's next, bash refusing to run if your locale is ru-RU?

There's no "neutral" here, just different flavors of political. Indifference to and support of a war of aggression are both legitimate political positions. But they are unavoidably political positions.

At this point, there are 5000+ dead Ukrainian civilians. If at this point you are more concerned about Russian citizens buying domains names from one vendor than you are about Ukrainian civilians getting blown up, that's in no way a neutral position. Similarly, you and Namecheap both have freedom of association. Their using it to enhance sanctions against Russia is exactly as political as you using it to boycott them for their choice.

They have 1700 employees in Ukraine (https://www.namecheap.com/careers/ukraine/) maybe you would feel differently if your country was invaded.

Some reactionary, short-sighted, and young / inexperienced people, yes. One shouldn't be punished simply for being the resident of a certain country.

Not being allowed to use a particular domain registrar is no punishment that I'm aware of. Particularly when said registrar's main offices are in the country being occupied.

Their policy on exceptions seems pretty reasonable.

    Are there any exceptions?

    Yes, we continue to provide services to:
      all anti-war media, protest resources and any type of websites that are helping to end this war and regime;
      Russian citizens who are not Russian residents and don't support this regime in any way;
      independent journalism;
      non-profit organizations.

But I guess people who support Russia's genocidal attack on Ukraine are still going to be salty.

I, personally, lost trust to all domain registrars and just moved domains to the local registrar in my country. At least I can visit their office with my government ID and talk to them face to face if the need arises. Or even sue them. Too much issues with those international companies, they treat their clients as some disposable kubernetes pods. Yes, my local registrar has lame console from 90-x, but it works anyway.

> moved domains to the local registrar in my country

can you explain what you mean by this? how do you find the "local registrar" for a company, what does that even mean?

Registrar is a company which registers domains for me. Local registrar is the company which is located in my country.

I've used them for almost a decade and never had an issue. Haven't used their support in years but they had live chat support that was actually helpful.

Namecheap is good. I've been using them for many years, no complaints.

Same. I've been using Namecheap for around 10 years and have never had a bad experience.

See this thread before deciding: https://news.ycombinator.com/item?id=30506581

I use porkbun.com myself, the process and prices are lovely.

Porkbun is great - their live chat support in particular was really great to me recently when I was trying to recover a domain. They could've tried to upsell or pressure me in to paying the (extortionate) recovery fee but they didn't and instead advised me on the process/when I'd be able to register at normal price

Namecheap… I tried to register a five letter domain [.com] and got a notice that the domain is of high value, and that the price would be higher. The domain name was entirely created by me. Therefore I consider that they stole my intellectual property, by preventing me from registering it.

Dealing with domain registration nowadays is a dreadful experience. The system is completely broken.

Are you sure it was Namecheap that was selling that domain for a higher price or someone else listing it and trying to sell it. I'd expect most if not all short and pronounceable .coms to be taken. Some other registries (not registrars) do sell premium domains for a higher price themselves - i.e. ccTLDs are entirely up to the corresponding country and the new gTLDs also don't have as many restrictions on what the owner can do with them (e.g. they don't have to sell you domains at all).

If you actually have a trademark to the domain name then you can try the ICANN dispute process. If your entire claim is that you thought of the domain name but someone else bought it the good luck.

Are they still charging for SSL? Last I checked, they made it as hard as possible to use letsencrypt, and had a rather deceptive "Free SSL if you buy a domain!" promotion that doesn't actually include a cert.

How exactly do they make it hard to use Let's Encrypt? The HTTP challenge just needs the A/AAAA records that your web server needs anyway and for the DNS challenge (only really needed for wildcard certs) they do seem to at least support using your own name servers (as do most registrars): https://www.namecheap.com/support/knowledgebase/article.aspx...

By not integrating with it, or even having an article on how to set it up yourself. When something is effectively free, and a lot of your competitors offer it for free, and your website says you offer it for free, but you actually charge for it, that's just BS. Reminds me of those wireless providers that kept charging outrageous rates for SMS right up until the very end.

I haven't had issues with let's encrypt with them in the last 2 years, though I do recall seeing free SSL promotions and never a certificate.

The "free SSL" meant adding your domain as a sub of theirs, i.e. https://yourdomain.namecheap.com. I fell for it and was pretty salty to see how much they charge and the lack of a letsencrypt integration.

And on that note, Letsencrypt has a helpful list of hosting companies that automate the process for you: https://community.letsencrypt.org/t/web-hosting-who-support-...

Namecheap also goes through user searches to pick up domains for their premium offerings, at least 10 years ago. Not actually sure where it’s ”safe” to search for free domains when you are still undecided.

Nowhere is safe. Make an offline list ahead of time, try each domain one by one, and register them the moment you've confirmed they're available. Save your payment details to your registrar so you minimize the time between the search and registration.

I recommend Dynadot, just as cheap, but better interface, and the one customer service interaction I had was good.

I've had much better experiences with namecheap.

If anyone is looking for an alternative provider: I have been using Gandi (gandi.net) for years. Zero complains so far.

Used gandi for forever, then they had a major hardware issue and lost customer's data and kinda was rude about it: https://news.ycombinator.com/item?id=22001822 - so I decided to move my business elsewhere.

Where is 'elsewhere'?

I'd heard great things about Gandi from colleagues, and used them for years, but at USD$16.59 per year per .com domain they're relatively expensive for larger numbers of domains. Namecheap has been my go-to more recently, and I haven't had any issues with them.

I actually find the prices somewhat reassuring. They're not trying to make their margins through dark patterns and upsells, they just ask for it up front.

I can see how it'd start adding up with too many domains, but at my level the trust is more comfortable.

True. Prices are higher than of competitors. In my case, since I don't have many domains, paying between $10 and $20 per domain per year doesn't make much of a difference.

Honestly, I switched from Gandi to Cloudflare the second I could, Gandi has been okay but pretty expensive where it didn't seem necessary especially for just a domain and nothing more. I have had no issues with Cloudflare as my registrar.

I've only recently been using Cloudflare and noticed they do registrar and DNS hosting, I might transfer to them later if it's worth the hassle. I'm currently using namecheap.

https://www.cloudflare.com/products/registrar/

I tried to buy a domain through Gandi, and my bank cancelled the card I used because they thought it was a fraudulent purchase.

I don't know if they get a lot of chargebacks against them, or if it was just a fluke, but I haven't tried again since.

Are you from outside France? I had a charge to them blocked years ago but haven't had any trouble since. I suspect an out-of country charge raises red flags in bank fraud departments.

I can always find something to complain about (tiring change of user credentials a few years back). But Gandi are on a completely different level from their competition; philosophy, technology, and support are all the best. - Happy customer for over a decade.

I find all the gandi recommendations interesting. Issues with Gandi canceling my friend's registration with no warning pushed me to choose namecheap. Which has been problematic for some people as well, from the sound of it.

Same with namecheap.com (Ukrainian company)

They're American with some offices in Ukraine for support, etc..

"Some offices" understates it a bit, just under half their workforce is in Ukraine according to their careers pages.

EDIT: I misread it, it's most of their workforce.

Wow, 1700 teammates in Ukraine vs 40 in the US (according to their site). Didn't know it was such a stark difference.

How is that you even need 1700 people to run a domain registrar?

Oh, I misread the page! I thought it was 2000 in the US, but that's the year their offices were established. That means the large majority of their workforce is Ukrainian.

Terrible service, terrible support. Happy it worked for you, but advice is to stay away as far as possible.

If it's ukrainian company it doesn't mean their service is any good

They are based in Phoenix, Arizona, but yes, we've also been using them for years for production stuff and never had issues.

Thanks, will move my only domain from there.

If you're Russian...they may have already done it for you.

Namecheap has a large Ukrainian workforce but is incorporated in the US and also has employees in many other locations around the world. The company cannot be seized by Russia, and I trust them to take appropriate measures to lock out their Ukrainian offices if the cities fall. In the meantime, I'll stick with Namecheap precisely because they employ a lot of Ukrainians.

Agreed. I've been using Gandi as my domain registrar of choice for years now. No complaints.

10+ years at gandi. Never any problem. Super tech savvy support. Can only recommend.

I switched to Dynadot years ago since they hosted wikileaks. If figured if they could handle that domain they could take care of anything of mine. Nice interface, never any issues.

Google domains is great. I hate to feed the monopoly but they do everything right. Auto-renews every year, lots of reminders.

I considered them a while ago, but Google has become a bit infamous for terrible/nonexistent customer service (even for paid customers), as well as random indiscriminate suspensions. Not a great combo. Don't wanna try my luck.

(But then again, I ended up getting a .dev domain at a different registrar, so I guess I'm screwed either way)

I would not use Google for anything that I wouldn't be OK with getting cut of without notice and recourse considering how infamous their customer support (or lack thereof) is.

> Auto-renews every year, lots of reminders.

That's pretty standard with any half-decent registrar.

I've been using Gandi for ~7-10 years with nothing but positive experiences as well

Familly domain name is at Gandi since 1999, no issue so far.

Gandi was founded in 2000?

1999 according to wikipedia. And I did not came up with this year, it's what is written on the domain name.

Ah yes, GoDaddy. They killed my favorite webhost, Media Temple. In the mid 2000s & 2010s (mt) was just about the Apple of webhosts. They had an amazing shared server infrastructure—the grid—that was user friendly and was a great introduction to being a web creator on the internet.

Then GoDaddy bought them, and did nothing useful with them. Nothing. I kinda sat with MT since it was easy to be complacent, but my feathers were ruffled recently once I noticed that GoDaddy started transferring my domains around to start raising my renewal prices. Shady as hell.

I've started to jump ship, but it's not a one click and be done with it process.

Ah man I remember Media Temple. Seeing that little MT logo on a website was like a badge of honor, they were that well regarded.

Yeah, GD certainly killed the culture, quickly too. MT was a magical place to work before GD, thankfully most us benefitted to some degree with the GDDY IPO before promptly leaving.

The domain industry is somewhat split between two very different kind of markets. One is where registries like godaddy will put the fee to be about as close to the cost of the upstream registry, where the profit is generated by other services and ties in. The moment a customer send in a support ticket, or worse, call support, then that customer is costing them more than any generated profits. Google and Facebook are likely earning more profit per "free" user than godaddy get from a domain name.

The other market is generally focused on brand protection and domain portfolios, through they tend to be open to private customers as long they are willing to pay the general much higher price. The margin here means that they want to keep their customers, and good support and proactive relation is an effective way to engaged with customers rather than being a pure cost center.

My general recommendation is to use the cheapest one when holding domain names for future projects, and use the second one for anything which would cost you a lot of money and time if things goes south or the registrar do something stupid like in this case.

(disclaimer/context, I work at a small local registrar and I regular hear about this kind of events)

The reason I don't mind paying more for iwantmyname or DigitalOcean is that their support actually, for-realsies works. Now I'm not scraping by to feed myself, and if I were this may be a different story, but I just do not understand why people ever sub-optimize their future happiness in order to save $3 a month or something silly like that.

Edit: And if you have to take the cheaper option, at least go with Namecheap. They're a lot better than GoDaddy and at a similar price point.

What are some examples of the more expensive type of registrar? name.com?

Don’t look to large, well-known registrars. I would suggest that you look for local registrars in your area. The TLD registry for your country/area usually has a list of the authorized registrars, so you can simply search that for entities with a local address.

Disclaimer: I work at such a small registrar, but you are not in our target market.

+1 vote for Namecheap, for folks looking for a registrar. There are several good ones, Namecheap is just the one I like.

Not sure how valid my case is, but in March Namecheap gave me (and thousands other Russian-based clients) a week to migrate before they ban me. The fact that I relocated to another country did not matter.

It's been discussed here at HN too: https://news.ycombinator.com/item?id=30504812

Even if I was affected, I'm not sure I'd want to continue relationship with them. Anyway, user of name.com now, so far so good.

(P.S. Might need to say that I support Ukraine in this horrible conflict, I just happen to hold a Russian passport)

Namecheap says it only applies to Russian residents, not citizens. Did they fail to make that exception for you?

I transferred from GoDaddy a few years back. I got tired of the constant attempts to up-sell me for services I didn't want. I went to namecheap and have been happy with their services so far. The UI is clear and pretty easy to use. They also support MFA for added security (GoDaddy did not at that time).

I've been playing with cloudflare recently, and just realized they also do domain registration and DNS hosting. I might seriously look at switching to them depending on hassle and potential benefit. But I usually like having dedicated registrar/DNS that is uncoupled from hosting.

https://www.cloudflare.com/products/registrar/

Namecheap has been excellent. They automate a lot of things, and make it clear (with real grace periods) when things go wrong.

I've yet to have any issues with them.

The problem with these kinds of comments is, most people who use godaddy probably haven't had issues with them either. If 10% of users have their domain terminated for bullshit reasons -- which would be a ridiculously unimaginably high fraction -- 90% of users would still say "I have yet to have any issues with them".

In the early days GD was run by evangelicals and they had no compunction against canceling a domain for religious reasons. It amazes me that they managed to whitewash their image be among those who should know better.

The absurd commercials they put out (with the "uncensored" version on their website) probably helped that.

Relevant discussion: https://news.ycombinator.com/item?id=30504812

They're the registrar for MANY spammers and scammers, and provide hosting for plenty of them. They used to respond to abuse complaints; now they just drop complaints sent to their abuse address.

That doesn't make them any worse than, say, GoDaddy, but given enough time, they'll probably end up just as bad.

I'd also stick with Namecheap as it does what it actually says and is a very good registrar overall.

Really happy customer of theirs, after hearing good things on HN.

I've never been able to move to namecheap because they don't support DNSSEC on .eu domains (last asked in 2021). I do hear good things though.

Note on recommendations of namecheap in this thread. My experience with namecheap is very bad too. They also send emails like godaddy saying if you don't respond in a short time(24 hours) your domain will be revoked. Related experience: https://news.ycombinator.com/item?id=14139288 I moved my domains from namecheap to gandi.net and so far no problems. I would avoid namecheap like the plague for any large site.

ycombinator uses gandi.net too.

[Edit] Added 24 hours to short time

We also had a problem with namecheap threatening to turn off one of our production domains unless we immediately removed a page hosted at a particular URL. Apparently they had received a complaint from a third-party anti-phishing company [1] which said we were hosting a phishing page at that URL. It was a complete false alarm as we were definitely not hosting a phishing page! This would have been obvious to any human actually looking at the page. However, when we tried to argue this with namecheap support, they informed us that the only way not to have our domain promptly shut down was to either remove the page OR get the third-party company to confirm to namecheap that our page was not a phishing page (!). In other words, they would not even look at the page themselves and use their common sense to confirm it wasn't a phishing page. We briefly tried to contact the third-party company, but we were not able to get any sort of response from them at all. So we just took our page down. Namecheap support then confirmed that we would not be losing our domain this time, but shockingly followed up that if they received a single further complaint that our entire account would be shut down permanently as they have a single-strike rule. We promptly migrated our ~50 domains to another registrar.

[1] These companies are hired by organizations like banks to scour the web for phishing sites and have them shut down by reporting them to their hosting providers and/or domain registrars. Obviously our legitimate page was incorrectly flagged by whatever algorithm the company used.

Do you run any type of ad network on your site? The hijacking can be rather targeted (geo, device, time of day, etc..) such that you could never recreate on your own.

I still see this occasionally on otherwise innocuous sites.

Other 3rd party JS can still cause it, but ad networks are the most common.

No, there were no ads anywhere on the domain in question.

There was text on the page that matched the name of a large financial institution. My suspicion is that this caused the problem.

To save you a click, “short time” for NameCheap = 24 hours, not 2.

Didn't realize that might be annoying... I added 24 hours to the comment.

Not annoying, just thought it was interesting to surface since otherwise readers might’ve assumed they gave you 2 hours notice. (Thanks!)

I've also had a similar issue where gmail filed namecheap's domain notification emails into "spam" leading to a domain expiring; I don't know whether that's really an issue with namecheap or with gmail's spam filter, though.

It feels like we can find experiences like this one on any registrar.

Any company really.

I'm always amazed to find techie people that don't use something at least as good as https://dnsimple.com/.

I've been using them since 2011 and have not had a single issue.

In fact, they have just kept on progressively getting better!

Problem is companies change.

Godaddy was at one point ok to use.

Namecheap is popular but there are warnings about them now in this sub too…

You can make an informed and good choice, and years later you have a bad registrar.

GoDaddy has always been a bad choice — poor reliability, customer service, rarely even the cheapest. People used them because they advertised a lot — I’ve known multiple guys who literally said they based that decision on the hot women in their ads! – but they’ve also had a bad reputation in the serious tech community since the turn of the century.

I’ll also note that 100% of the clients I’ve inherited who used them had less than a single nine of uptime annually. Their shared hosting, file storage, etc. would just stop responding and nothing would appear to happen until someone called support.

> always

Not from what I remember. They were well thought of / recommend many many years ago.

Might be a community thing. Going back to the early 2000s in my experience they were used as a cautionary example of bikini marketing over technical merits.

Probably "They were well thought of/recommend" is just hearsay for "Somebody recommended them only because they saw an ad".

> Godaddy was at one point ok to use.

What year are we talking? I'm not aware of this ever being true.

They're a little pricey for just DNS, which makes me wonder how much they charge for domain registration. It'd be nice if they gave pricing on their web site.

Since we're weighing in with anecdotes; I recently had a terrible experience with Cloudflare due to a payment issue (not as bad as OP's Godaddy experience).

My card on file expired, and I missed the emails CF sent due to not being well for a few days.

5 days after the first payment issue, my whole (long time paid-for) Cloudflare account was downgraded to the free version and any configuration for features only available on the paid version were irretrievably reset and lost.

The auto-downgrade is somewhat understandable, though I still think 5 days is not much notice for removing a chunk of security measures from my site.

But what really annoyed me is that after sorting the payment issue, there was absolutely no way to restore my account configuration to how it was before. Every single feature that I had configured as part of my paid plan (ie. features not available in the free plan) had been turned off and/or reset to defaults.

So though I'd solved the payment issue, the configuration of my account was totally messed up, and security features were changed all over the place. I was told by the usual copy+paste canned response from "support" that there is no way around this.

I'm kind of appalled by this. This resetting of my security configuration combined with the really short 5 day period is very aggressive. One or the other would be annoying. Both together is just unacceptable.

I know, I should have the configuration stored as code somewhere. I will be doing that moving forwards (if I stick with Cloudflare at all which is now in question).

This is a $20/month account (one of multiple that I pay for) but I've also brought Cloudflare a significant amount of business over the years. Across multiple paid accounts at various levels, and numerous referrals. I'm now seriously reconsidering my heavy adoption of their services across all my client projects. (For this, and a few other reasons).

@ejcx

tagging a cloudflare employee that I came across on HN if they can help you look into this.

May be Cloudflare can provide a way to export settings because even I use them extensively and this issue sounds like a nightmare.

Thanks a lot.

Thankfully I’ve pretty much dealt with sorting out the configuration now.

The remaining point of contention for me is more that this is a terrible way to treat customers, not to mention the security implications of automatically removing a bunch of security features after such a short notice period!

Such a lot of disruption and bad feeling for the sake of 5 days of an expired credit card.

Back when I was in college, some "friends" of mine stole one of my first successful websites, StrategyWiki.org by transferring the domain into their own account.

GoDaddy did nothing to help. I've posted about this before, and like to bring it up everytime people mention bad GoDaddy customer service.

https://news.ycombinator.com/item?id=24507411

Did you file an ICANN complaint (I didn't lookup their specific policies on this specific dispute type) or small claims court or police report over this issue?

I wish I'd have thought of that at the time. I was intimidated by the guy that stole it. He was ten years older, had steady income, and came from a family of lawyers.

It's long ago history now, but a good lesson learned.

Your experience is not unique, OP. One of the happiest days of my digital life is when I finished moving 100s of domains from GoDaddy to Namecheap.

I have used GoDaddy in the past and thankfully did not have these kinds of issues. That said, I've heard many similar (or worse) horror stories about them. Around 4 years ago I switched everything over to Google Domains. Been extremely happy with the service and find the UI and configuration process much more user friendly.

I like Epik domains; their brand is based around keeping your domain up no matter what (although that's more along the lines of legal fights; like I think they've hosted domains for torrent sites and things of that nature). I've had good experiences with their customer service and billing though

Do not ever, and I mean EVER, host anything on GoDaddy. They're a terrible business and they don't give a damn about you. Use a more personal provider like Porkbun, they're amazing and easy to reach. They also don't charge you for late payment on an expiring domain. GoDaddy is ruining WordPress as well, by buying out all even remotely profitable companies and sticking the GD logo on them. This creates a massive monopoly - just like they had for YEARS on domain registration. GD is too big to care, move out now!

Similar thing happened to me. Except they sold my domain of 8+ years to a porn service provider within 24 hrs. Explain that one to your customers. I no longer do business with Godaddy.

Did you file an ICANN complaint or small claims court or police report over this issue?

What was the domain name?

TL:DR If you have a domain with Godaddy, move on to a proper service.

Depending on what you need, https://dnsimple.com seems to have a good reputation, I also see a bunch of people spreading their risk by putting DNS on one big (cloud) provider and all other services on other providers. This means that while Cloudflare does DNS registration now, you might still want to use Cloudflare for your DNS zone and something else for registration. That said, Cloudflare still has a good reputation (for paying customers!).

The idea behind that is the (generally) low fee of DNS registration is easy to monitor/check and maintain, so if all else fails you at least retain your domain name as an identity which is generally the foundation to everything else. While it might suck to lose the contents of a mailbox or a website, if you still retain the DNS registration you can always re-create.

Other service providers that don't structurally screw your DNS over (re-including the ones I mentioned):

  - AWS
  - Cloudflare
  - Leaseweb
  - Rackspace
  - transip
  - OVH
  - dnsimple

Those are the ones I have used (and most of them currently use) myself, but there are others that do domain registration and seem to come recommended by others:

  - GCP (Google)
  - EasyDNS
  - porkbun
  - Microsoft
  - Hetzner
  - key-systems GmbH (usually via one of their partners)
  - Scaleway

Most of them I do have some personal experience with (for what it's worth... we're just strangers on the internet here after all), but I never really had to do any long-term (10+ years) DNS registration with them.

If you are in an ITAR area, conflict region or trade sanctioned region, none of this will help tho.

Which one do you recommend? Namecheap literally kicked me out (with 1 month deadline to transfer my domain) because I happen to have wrong passport color.

Cloudflare, if they support the TLD you need. My personal domain is a .cx which they don't support, so I stick with Namecheap for the time being.

I have had my domains hosted at EasyDNS for almost 20 years, and have never had the smallest problem with them. Rock solid, reliable DNS, and excellent customer service. The founder is still running the company, and he is both a free speech advocate and a stickler for due process, so no worries about getting kicked off at a whim.

Porkbun never fucked me over. They seem legit and not overly scummy.

Porkbun

How does having the wrong passport color equal being kicked out?

Most of Namecheap's employees are in Ukraine, and they decided to block Russian users after the invasion: https://www.namecheap.com/support/knowledgebase/article.aspx...

It's a euphemism for trade restrictions.

Namecheap is Ukrainian. Possibly parent has a Russian or Belarusian passport.

Namecheap is not Ukrainian, it's headquartered in Phoenix, Arizona.

Ah, thanks. With all the weirdness going on, I wasn't sure we weren't talking immigration.

Igor is a popular Russian name

Opensrs/Tucows

Cloudflare now has a registrar service FYI: https://www.cloudflare.com/en-au/products/registrar/

About a year ago I helped a friend transfer all her domains from GoDaddy to CloudFlare. Her card got jacked so she ended up in the same scenario of no available payment method.

Except with CloudFlare, she didn’t notice it was lapsed until they modified her DNS. The domain was in REGISTRAR HOLD state. We couldn’t do anything via the UI. Reaching out to CF support had a misfire, because the first support rep thought it was about CDN not Registrar. A couple of polite emails (and like 60 days) (she did not make it a priority to resolve) later, the domain was restored. I was kind of surprised because I thought some kind of ICANN hammer drops right about 60 days and forces an auction.

Anyway, my highest accolades for registrar go to CloudFlare.

> Except with CloudFlare, she didn’t notice it was lapsed until they modified her DNS.

> Anyway, my highest accolades for registrar go to CloudFlare.

Er. Is that really the conclusion here? Did you mean to mention that they sent her a warning email in advance and she just missed it? Because the way you've written it makes it sound like CF still screwed up but made it possible to eventually recover.

So far I haven't read or heard about CF being part of horror stories like this one but apparently their support is incredibly slow, whether systemically neglected or over-encumbered. There was recently a Tell/Ask HN story about how they had taken days to repair a domain suddenly becoming unresolvable because of something relating to CF's own infrastructure. I have acquaintances who on two separate occasions, despite being on thousands-of-dollars-per-month terms with CF, have had support errands run for months without a single update on the support ticket.

I just recently migrated all (4) of my domains from google domains to cloudflare. Some of them (.cafe) because it was 50% cheaper (20ish bucks instead of 40) and others (.com) because even through the price was ~ the same ($9ish vs 12) I still wanted to decrease how load-bearing my google account was.

The transfer was quite smooth. It was easy to turn off the cloudflare "protection" (my sites don't need it (yet?) and I didn't want to have to think about it, the threat model, tls stuff, etc). And so far no problems.

GoDaddy isn’t great but they send multiple emails for domain renewals. I have a hard time believing they only sent one email in this case.

I don’t love GoDaddy, but I recently had a payment issue like OP and they notified me several times in the month leading up to my domain entering the grace period. I didn’t see and/or ignored those emails until my domain entered the grace period (and my domain stopped working) so I had to contact customer support. I didn’t have a penalty for renewing while in the grace period (.com in the US), but the support agent was fast and helpful. It was totally on me.

Of course, these emails may not have been delivered to OP for one reason or another. If that’s truly the case, it could be a technical error on GoDaddy’s side, or a filtering/mail issue on OPs side.

My favorite domain registar is https://www.inwx.com/en. They are very cheap for .de domains which I mostly use, they have an API and they offer dyndns as well as a mail service that is hosted by them (although that's a bit pricey in my opinion.

...never use GoDaddy. They are a shambolic organization, and their reputation is both well earned, and insufficient to really describe how abysmal they are. And even though the root of their gobshite culture, founder Bob Parsons, is long gone to go do 'philanthropy', they have stayed the same since.

Gandi, Porkbun or Namesilo. Been using all three of them for years and never went back to GoDaddy or Namecheap.

Godaddy competitor here.

This doesn't sound right for a few reasons.

First Godaddy manages a massive amount of domains. For them to be doing anything like this would really defy common sense. They'd be hit with tons of complaints and importantly so would ICANN. AND ICANN (from our experience) will send out a notice (which creates paperwork for us) on any complaint literally for any reason. You have to respond to it so they clear the complaint. It's a pain and separate from any other reason a big incentive to not have people complain to ICANN (which can happen even if you are not at fault). ICANN also audits from time to time and they will pick a number of domains and make you show logs that you have sent out notices. (But my initial point is the more important issue).

Further ICANN requires that registrars send out multiple email notifications. They specify a number (I think it's about 4 or 5). So it doesn't make sense (especially for Godaddy) that this could have happened '1 notice 2 hours to respond'. And only a single notice.

As far as the cost, registrars are charged by the underlying registry (.com/.net .org .info) to bring a domain out of redemption. That charge is about 4x roughly what a .com domain costs for a year so it's not trivial. Then that charge is marked up by most if not all registrars. Our fee is less than what is stated here but it's not nominal either.

Separate I have a few of my own domains at Godaddy (and some other registrars) 'just because'. I always get plenty of notices from them it's almost annoying.

One last point. ICANN requires a domain to be put on hold prior to going into redemption. There is no doubt that Godaddy is doing this. As such your first notice of domain not working would be it's on hold not it's in redemption (and set to delete). Seems that this domain was not being used by the OP and they didn't pay (which they acknowledged) and it was deleted and they didn't notice it was on hold (specifically to get domain owners attention). I don't know what the 'off hold' fee is that godaddy charges my guess is it's less than the redemption fee.

GoDaddy is a scam. I paid for a domain name but never got it. Support ignores me, for their own benefit of course. They kept the money

Been a user of gandi.net for over a decade. The only problem I have with them is not even their fault: My credit union will not allow me to pay gandi with their card services because they're a foreign company (gandi is based in France) and it looks like fraud. To work around this, and still use those card services, I have to contact my credit union every time I want to transact with gandi. Instead, I use paypal...though I'd rather not be forced to. I think gandi might have more payment options now, so I might be exploring that soon as I need to renew one of my domains.

I can second Gandi as a decent choice. Also been with them over a decade and in that time multiple hosting companies (got trolled into) booting one of my services or handled some complaint unprofessionally. Never Gandi: They forwarded complaints promptly, only making sure it was being handled, overall acting very professionally.

Hetzner nullrouted me twice and once gave me a few hours to pack my things before they'd shut down and wipe servers I had with them. Overall there seems to be little company policy here: You never know which treatment you're gonna get. Sometimes they forward complaints, sometimes they take 'enforcement' upon themselves. Always a good idea to hedge one's bets with Hetzner, so you can enjoy their relatively cheap offers without being crippled when they decide to take you offline over whatever. I only spent like 20k EUR with them over the years, so I can't speak for how they'd treat bigger fish.

This happened to me, I paid their high grace period fee, but then for some reason they cancelled the transaction and now my domain is owned by some third party domain hoarder. So I'm never getting it back :(

No clue who the best registrar is these days, but I've had nothing but good experiences with Google Domains.

All others I've tried have had unintuitive interfaces that make me want to scrape my eyeballs out.

GoDaddy the worst among them.

I would never dare using Google for something as critical as a domain name. Even if they're legit, the minute you have a problem you can be sure you'll never have an answer other than "We identified an issue on your side. Case closed, don't use our services again."

I've started using Cloudflare's domain register services, and have no complaints so far. I've also used Gandi in the past and they've been good (although a bit more expensive).

Seconded cloudflare - basically at-cost registrations, and I already use them for CDN on most domains, so it was a no brainer.

Only downside is their new registrar doesn't support many new-TLDs, so it's a bit of a hybrid setup for some domains.

I’ve read so many godaddy horror stories, im really quite baffled that in 2022 people still rely on them.

Question: how quickly can you (and everyone else who has a domain registered with Godaddy) transfer your domain to another registrar?

All the admin probably takes an hour at most; it's an automated process with some identity verification, and most registrars loooove to have you as a customer so they want to make it as easy as possible for you.

There may be a mandatory waiting period.

And finally, there's DNS caches; if you know a migration is upcoming, it's worthwhile setting the TTL to a lower amount.

If you're doing it right, your registrar doesn't run your DNS, so there's no DNS migration. Of course, if your registrar is also doing DNS, email, and web hosting for you, it's messy.

For this poster, I don't think they can migrate to a different registrar while their domain is in the 'redemption' period, and they may not be able to migrate within some time period (30 days?) of renewal, either.

I can't/can believe this and they make it seem like its a normal practice from your story. Pretty awful.

I left GD years ago after this - https://science.time.com/2011/04/04/godaddy-ceo-on-shooting-...

Not only did I hate their interface like you mentioned. Their customer service always sucked too. I moved a lot of TLDs off of there at my old job. Happy to say all the other companies I have used have been above and beyond better than GoDaddy.

Do some research and you'll find some great deals out there. Cloudflare, Hover, NameCheap offer great services IMO. Never had any issues with them.

One of the first things I learned in my career was to never use Network Solutions for anything. Not too long after that I learned to never use GoDaddy for anything.

Network Solutions was at least 'good' at one point in time, or at least one of your only options. What did GoDaddy ever do?

> What did GoDaddy ever do?

They got a big marketing campaign first. And as a consequence, it looks like they inserted their brand into people's mind forever.

Now it doesn't matter how many shitty things or outright crimes they do, people always find some excuse to keep giving them money.

Godaddy has a very poor reputation and has a history of scummy practices. Namecheap never gives me any problems. But beware, they've recently allowed politics to surpass customer service and satisfaction (threatening to shut down domains due to their country)

Nearlyfreespeech.net is a potential choice (not for everyone, but the HN audience seems apt)

I started using hover after they sponsored a podcast I like. They've been pretty pleasant to work with but I only use it for my podcast. Not sure what they're like to deal with as a business hosting a production website.

Hover pulled the same stunt on me. After bargaining the price went from 150 to 90 usd.

Would not trust Hover after that. They will just as likely to make you pay as any other registrar.

Edit: btw, Hover also has your phone number, so if you don’t reply to your email in time they could just as easily send you an sms. Of course they don’t do that, and rather wait it out so you have to pay.

Hover is magnificent, they're even a company with a very long pedigree — they were the Tucows shareware server back in the late-nineties.

I'm surprised not to see more love here, they're impeachable IMHO

I've been using Hover for years and have never had any problems.

If you have a domain with Godaddy, you are going to get screwed. First, by their terrible service. Eventually, by their terrible policies. It's nice of you to provide an example. Now migrate to a decent registrar.

Why are you even using GoDaddy?

I've always thought their target audience was non-technical users that like their Superbowl ads. Everything they offer can be had for cheaper and with better support elsewhere.

I recently (<1mo) moved my educational nonprofit out of GoDaddy (email, web servers, domain registration) to CloudFlare (domain), SiteGround (hosting), and Google Workspace (free for nonprofits) and man, it feels great! Just being able to assign multiple administrator users with separate logins and all enforced 2FA is worth it alone. With GoDaddy, we had to have 1 shared account and it was always challenging to coordinate logging in because only 1 person could have 2FA on their phone.

I moved all of my domains to NameSilo.com many years ago (about 8 years ago?). Originally I had all of my domains in Godaddy and Namecheap but I wasn't happy with them.

Was this a specific top level domain for citizens of a specific country? It sounds like they are in a weird (and badly handled) compliance mode given the fine passed to you

This is the worst domain name provider I've used, and I have experience with several. I moved away from them several years ago.

I had a similar experience with Name.com though I was given like a week to respond and completely missed the email as well. Cost me similar to get my .at domain back from the breach, and had to go back and forth with support over a couple days because they had trouble getting it back.

jfc.. what utter horseshit; I'd say transfer the domain and apply for a charge back on the fee.

Were you not advised of th4 expiration date of your domain during renewal?

Take responsibility for your mistakes.

I've moved everything away from GoDaddy to Cloudflare at this point. There are a few domain extensions that they don't support yet, so I moved those to Namecheap instead.

As soon as possible though, everything is going to Cloudflare. It simplifies my life.

Reminds me of CenturyLink (Lumen) residential internet service. If you forget to update the expiration date of your credit card the first “notice” they send you is to just cut the connection and leave you to troubleshoot in the dark.

Lots of dark patterns at domain registrars in general. Just had to deal with Network Solutions and it was like navigating a series of expensive traps just to do something that should have been trivial.

What TLD was the domain on?

Did they gave a reason why they give people 2 hours to respond?

1 hour seemed like too little.

Today I learned for the 7th time, never to go with Godaddy.

I've never had this issue with Google Domains.

I use iwantmyname, they're excellent and originally a Kiwi company (now owned by a UK company).

Any suggestions for more enterprisey domains? AWS & Route 53?

I'd definitely throw my vote in for Route53. I've been using it as my registrar for... nearly a decade now? across a half dozen companies and personally without any issues or complaints.

You're getting the benefit that AWS isn't just a registrar they're... AWS. Their processes around accounts and support and such are all designed around much higher value and higher impact accounts (many entire businesses would go away if all their compute + storage were suspended). Low margin domain registrations isn't really their business, so they're not trying to cut security/support to make it viable. From $4k/yr accounts to $450k/yr accounts, I've never had an issue getting in touch with support and having someone empowered to resolve my issues.

That said, I'm assuming from "enterprise-y" that this isn't anything that would be remotely near violating their AUP. I haven't heard of much real enforcement outside of people who were very blatantly malicious actors, but I'm sure if I don't mention it someone will come along and point out one of the newsworthy account suspensions that have happened.