I also ran into a problem with GoDaddy when trying to transfer a domain name that was protected by Domains by Proxy. I first got a notification that I needed to enter into a new agreement, so I did. Then I got a notification that I needed to cancel my private registration, so I did. Then I got this:
"The transfer of MYDOMAIN.ME from Go Daddy to another
registrar could not be completed for the following
reason(s):
Express written objection to the transfer from the
Transfer Contact. (e.g. - email, fax, paper document or
other processes by which the Transfer Contact has
expressly and voluntarily objected through opt-in
means)."
So it looks like they're auto-rejecting domain transfers if you're using Domains by Proxy?
This happened to me, as well. It took me forever to disable the Domains by Proxy stuff. I must have had 35 different DBP accounts that held all my domains. There's no simple way to get the login information for the DBP accounts, either. It was a 4-step process for each of those 35 accounts.
And, here I was thinking I was the one doing the punishing. GoDaddy put me in my place.
Personally I think this should be considered a violation of their agreement with ICANN. There is nothing wrong with providing privacy protection on Whois data, but they should not be rejecting transfers nor should they be blocking legitimate email delivery.
They are locking you in. Either you turn off whois privacy, making your name forever connectable to the domain thanks to such databases as whois.sc, or you stay at GoDaddy. Forever.
I transferred two domains away from GoDaddy that were protected by Domains by Proxy. They did require that the WHOIS guard be dropped, even though both registrars offered a WHOIS-protecting service.
It did feel like GoDaddy was moving the goalposts.
Since I had no deadline and no feeling of urgency, I just allowed the entire process to play out naturally. There were periods when I was busier elsewhere and didn't press the issue for a month or two at a time, but I spent the better part of sixteen months getting both transfers completed.
Update: I bought a standard membership to DomainTools to see if the info ever leaked. It looks like the patient approach paid off, and that the exposed WHOIS info was not crawled during the transfers. Taking the time to make sure both ends of the transfer were prepared was worth the effort, but I think it's probably luck that kept the info from being picked up.
Yeh, This has been the case for a while. It is because they cannot verify the owner, as the whois info is hidden behind DBP.
I've been trying to cancel my DBP subscriptions, to return my details to whois and transfer the domain. They don't make it easy.
I lost my account details, and am trying to retrieve my account. I filled in their form and attached my drivers license scan ... got an email today saying they need a scan of some ID :/
Same happend to me. I had to login to DBP (same username and password as GD), cancel the protection, than ask my new registrar (Gandi) to restart the transfer. It seems to have worked, at least now I am in the 'waiting period' for the transfer to finalize.
Devil's advocate here: The idea that godaddy appears to be intentionally stalling transfers is pure speculation. Not saying that they're incapable of doing it, but that whole "don't attribute to malice" thing.
Let's not turn this into another ugly internet lynch-mob. Just move your domains, and be done with it. Namecheap (and others) look like they're more than happy to help out all their new customers.
after updating contact information, 'resetting' the 60 day no-transfer-out rule
I feel dirty saying this, but I'm with GoDaddy on this one. It might be a violation of ICANN regulations, but it's also a really important step for protecting against domain hijacking.
Nothing good ever came from Godaddy and nothing good ever will come from Godaddy.
This "feature" didn't do anything to prevent the theft of css-tricks.com[1] and other domains, because why should someone who wants to steal a domain first change the contact information. Two-factor authentication would provide real protection, but that is $25/year at Godaddy.[2] It's like mobile phone carriers: They have the technical means to block stolen phones from ever accessing the network again, but why would they do that, since every stolen phone equals a new sale?
No other registrar feels it's necessary to impose a 60-day lockout. Perhaps it adds the feeling of a tiny amount of extra "security" to an already secure process - but 60 days is ridiculous.
There is no way to shortcut this procedure if you are the legitimate domain owner. If you use a privacy guard to avoid publishing your name/address, then you will run into this issue:
You aren't allowed to transfer your domain away while the privacy guard is in effect, so you'll need to change your contact information. Bam! This triggers the instant 60-day lockout, during which time your full contact information is visible.
Domain registrars have a long history of making transfers hard. Godaddy isn't the only registrar to do stuff like the 60 day lock. I just wrote up a piece on my blog yesterday about this very subject - http://www.byte.org/2011/12/26/evolving-the-domain-experienc...
As I recall, they also had a history of tricking people into updating their contact information shortly before the name in question was due to expire, forcing the owner to stay with GoDaddy.
I really disagree, as someone who has done domain names professionally for almost a decade. How many registrants are going to notice their whois info changed? Nothing changes with whois info in terms of functionality. 60 days, no big deal.
Besides, if I already have your account compromised, I probably have your email, that's how they are linked in the first place. It wouldn't be too hard in most systems to just initiate the transfer and hide that info from the user, or simply lock them out of their email. You think their domain registrar is the first place they will call when their email stops working? HELL NO. They have bigger concerns.
They are using a special email address for whois stuff? How often you think they check that? Most people, not all that often. If I didn't subscribe to updates on my whois info from a third party, I wouldn't notice either, and it's my damn job.
We can't implement mindless policies to 'protect' people from themselves unless there are real tangible benefits to it and it's not simply self-serving. Of the major registrars, GoDaddy is the only one I know of implementing this policy and they've been hijacked numerous times. Their whois privacy even had a hole in it for years that is now fixed. It's not stopping the hijackings. Other registrars without that policy have better track records preventing domain hijackings.
I got screwed by this rule once, when a guy who was supposed to transfer a domain to me naively changed the contact info before trying to transfer it. It was infuriating, but I came to this same conclusion. It doesn't appear to be malicious, and I can see it really helping some people out.
What's the motive to make this process painful? Would people really say Oh screw it, I'll just stay with GoDAddy? Ive never transferred a domain before so I don't know what the process or delay is normally like
This is standard practice to increase the friction of unsubscribing. How many clicks does it take you to logout of Facebook or Google...and see if your grandmother could even figure out how.
Two clicks. Google is easy: click your name, click sign out. Facebook is slightly harder: click the menu triangle in the upper right hand corner, click sign out.
Most people won't understand it is 'go daddy' hijacking the process and may get frustrated by delays. One guy in this thread thought it was a name cheap problem, for example.
> Would people really say Oh screw it, I'll just stay with GoDAddy?
Yes, actually they would. Or more likely, they intend to, only have small time slices and take weeks or months longer to leave.
Aggregated across millions of subscribers, and this adds up to big $$$, some of which can pay a high-priced spokesmodel to defray a large amount of the downsides.
Yes, people would. Obviously, the people who are really adamant about switching away won't be deterred by this, but there will be a lot of people who are less forceful about it who might well just give up if it's too hard.
What do you expect? "Our spies among GoDaddy's top executives have discovered…"? "Our team of highly trained accredited psychics has been informed by the spirits that…"?
NameCheap is no more capable of knowing GoDaddy's inner workings than we are. They can only tell us what they're seeing and draw logical conclusions from those things.
In the domain industry, that's par for the course. You can almost never get 'proof' of what they are doing. You can just see patterns and changes. You can hypothesize based on trying something again and again, manipulating the inputs and seeing what changes. Sounds a bit like a science experiment? Often seems that way. There's a ton of NDAs going to all sorts of people and companies to do different stuff. The inner workings of a lot of stuff is never legally allowed to be talked about publicly. So you end up with this type of hypothesis.
The actual transfer process can be nearly instant given the EPP code and the registrar's permission. What happens in between is somewhat fuzzy and I am not sure there are clear rules on how each company handles it. The longest I've seen (that I recall) is 7 days, but I could be wrong.
I have nothing to do with any domain name company or interest, beyond being a consumer (as many here) of a company not related to any in the story. I endorse samlev's caution. Given past history with GoDaddy, I'm willing to believe they're not being above board, but I'd like more evidence before I join the lynch mob.
Let's be a bit less in a hurry to sling around accusations of astroturfing, OK?
No, I have to side with newobj here. People protesting "internet mobs" seems to have become some sort of strange meme over the past few days/weeks. I don't know where the idea came from, but I've been seeing it exclusively used against anti-SOPA/godaddy people. And I am seeing it primarily from accounts that are younger than 2 or so months.....
Seriously people, this isn't medieval mob justice. We're not burning down a widow's home. Worst case scenario if we're wrong is a few stock tickers dip for a few days. Cut it out with this "omg mob justice" shit.
Well. You got me. I'm a big corporate shill for GoDaddy. I've been sent here to turn popular opinion back in their favour.
Good going, detective, now that you've outed me, I'll lose my job, and who will feed all of my 58 children?
Seriously, though, I have no connection with GoDaddy, I'm just very sceptical of the "GoDaddy will attempt to repair their reputation by actively making life harder for people who already don't like them" idea.
Sure, they may well be playing games to attempt to make it too hard for people to leave, but I think that it's much more likely that they have rate-limiters, and anti-spam/fraud protection working against mass migrations away from their service. If that's the case, I can't see them being in any particular hurry to fix the problem (or to even see it as a problem), but that's not the same thing as actively slowing down the process.
They have nothing really to gain by being malicious at this point, and plenty to lose (internet lynch mobs being easy to rile, as they are). Let's just put the pitchforks down for a little bit until we're certain that GoDaddy is really deliberately throwing spanners in the works.
Once you're certain of that, then by all means, go hog wild with your iNoose and your PitchFork 2.0. Until then, keep an eye on it, but let's not jump to stupid/hasty conclusions.
Their whole sales process is designed to make you buy more and spend more time looking at their products than you need to. Why is it hard to believe they wouldn't do the exact same thing to the leaving process? They've clearly mastered it.
I know you weren't sent by GoDaddy. Which makes your contribution to the discussion all the more baffling. You're advocating for them for free? I suppose every hot button issue has to have its apologists...
I'm not jumping to any conclusions. I could very easily see by way of whois lookups that 4/5 of my domains had their contact records REMOVED from the whois entry, and stuffed off in a supplemental url provided in the whois record, which required a captcha defeat in order to access. This simply doesn't follow the ICANN whois spec.
I'd say you're doing a lot more speculation than the people on this thread who have been impacted by GoDaddy's ongoing slimy behavior.
I wonder if GoDaddy's WHOIS server is just applying rate limiting. I suspect their transfers are spiking after the SOPA aftermath. Namecheap's servers might have been sending a fairly consistent level of WHOIS queries that would not be anomalous but after the coupon and lots of press about Namecheap that threshold might have been exceeded several times over.
Now GoDaddy should have cleared up the WHOIS throttles by now. But I can understand there being a temporary issue with mass transfers like this.
Some definitive, unbiased proof of this needs to be seen before I can join the lynch mob. I have no doubt that GoDaddy is desperate and/or inept enough to do something like this but I also can't take their competitor's word for it.
Same. I hate hate hate GoDaddy, but Namecheap assuming malice in this case might blow up in their faces, and honesty, just for speculating (with a pretty sure-sounding tone) that GoDaddy is doing this on purpose, I hope it DOES blow up in their faces. This is really just dirty business.
Move to name.com instead because they don't practice this type of distasteful PR.
They do provide some details about the abnormalities:
"Specifically, GoDaddy appears to be returning incomplete WHOIS information to Namecheap, delaying the transfer process. This practice is against ICANN rules."
I hear that name.com forces a wildcard DNS entry if you use their DNS servers so that any unregistered subdomain points to a "domain parked" or similar squatter-esque page. This is completely awful and should be enough to bring a lot of heat to name.com directly. Definitely much, much worse than misassuming bad intentions.
Then they're telling the truth. What if they're making assumptions with the same zeal for finding wrongdoing on GoDaddy's part as a hyperactive child has for finding more chocolate in the garden on easter?
Justification for acting like a dick can't be post-dated. You are either justified in making statements like namecheap did, or you're publicly naming and shaming on an unproven hunch. Either namecheap should show their cards and say "we know they're slowing us down, and here's proof", or they should try to be a little bit more professional with their public statements.
I know that this is an exciting time for everyone involved, but seriously, this is starting to play out like a school-yard drama.
Then that sucks for GoDaddy, but what I'm getting at is that they should make a call to GoDaddy engineering and say "Hey, what's up with this, are we being throttled or something?". The risk/benefit for this type of thing just doesn't work in favor of Namecheap. Posting what they did, if GoDaddy is indeed dragging their feet on purpose, they'll be able to say "we told you so!" which isn't worth much. If GoDaddy is NOT intentionally delaying this and GoDaddy comes out against this, Namecheap gets a lot of bad PR, and rightly so.
If they just said "we're having issues with transfers in from GoDaddy right now, we've contacted them about the issue and are waiting to hear back, and we'll update you with any of their responses and/or progress on the matter", I'd be much more impressed. It seems that they're trying to kick GoDaddy while they're down instead of working to actually resolve the issue for their clients.
Conversely, the mobs are already upset about bad behavior on GoDaddy's part. If Namecheap is right, this story gets even bigger and makes things even worse for GoDaddy.
If they're wrong, well, everyone is pissed at GoDaddy anyway, so this angle fades quietly from view.
GoDaddy has responded to the allegations from namecheap at TechChrunch, saying that the blocks were part of standard practice to limit the volume of Whois queries from a single IP, which is apparently common practice, unless the registrar is notified that there may be a large number of queries. [1]
If this is indeed true, then it seems namecheap are trying to score cheap PR points, although they have responded saying they attempted to reach out to GoDaddy.[2]
I'm inclined to believe that namecheap did try to reach them, although I'm not sure that they are above trying to slam more bad press onto GoDaddy....
NC is an enom reseller, so I'd guess that all of enom would be affected as well. Nothing on the eNom status page, so not sure... http://www.enom.com/registrynews.asp
I finally was able to get my domains transferred to Namecheap today. It's one of those "I never liked GoDaddy anyways" kind of things and the entire SOPA ordeal finally pushed me to it.
If the (alleged) issue is that GoDaddy is throttling WHOIS lookups, does using [http://help.godaddy.com/article/3681](GoDaddys Export Lists tool) and including WHOIS info help? Or are the "real-time" lookups required by a new registrar?
I moved all my domains from GoDaddy and one of them had trouble doing the whois information. I did it myself and it in fact did look different from my others. It could have just been the difference between a .org and a .com, but I entered in the epp auth code with the transfers and it helped it along.
I just got the e-mail from GoDaddy to ask if I wanted to allow or decline the transfer. I'm glad that got resolved. That was my one to test that I was doing things correctly before I moved about 20 other domains off GoDaddy.
I kicked off migration of my only 3 GoDaddy domains to namecheap last night. One .net, one .com and one .cc domain. None had any kind of whois protection or anonymisation.
The .net and .com migrations went very quickly and smoothly. Within two hours I had the confirmation e-mails from both namecheap and GoDaddy, and within 4 hours the migration was complete.
The .cc domain took a little longer, as when I started the move with namecheap it didn't seem to want an EPP code for a .cc domain, but then later changed its mind and asked me to enter one. I entered the code within 2 hours, and 8 hours later the migration was complete.
GoDaddy's goodbye was actually pretty professional;
===================================================================
SORRY TO SEE YOU GO. WE'LL ALWAYS WELCOME YOU BACK.
===================================================================
Dear Colm MacCarthaigh,
We're sorry you transferred your domain name(s) away from GoDaddy.com.
We are committed to providing quality services and products and hope
that we met your needs.
If you feel your transfer was in error, or if you have changed your
mind, please contact our 24/7 sales department at (480) 505-8877.
They'll assist you in transferring your domain name(s) back to us.*
Keep in mind that we continue to offer low prices and $7.49 transfer
rates on some domains.
Sincerely,
Go Daddy
P.S. Visit GoDaddy.com (http://www.godaddy.com/default.aspx?prog_id=GoDaddy&isc=gdbba1365)
and SAVE 15%* off your order of $50 or more. Just use source code
gdbba1365 when you check out to get your special savings. Start
shopping now at GoDaddy.com or order by phone at (480) 505-8821.
*Please note that ICANN's Transfer Policy may prevent you from
transferring your domain name within 60-days of a transfer.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*Not applicable to ICANN fees, taxes, shipping and handling, sale
priced domains and transfers, bulk domains and transfers, premium
domains, Sunrise/Landrush domain registrations and pre-registrations,
memberships or maintenance plans, additional disk space and bandwidth
renewals, additional email addresses, Search Engine Visibility
advertising budget, Managed Hosting, custom page layouts, brand identity
services, Go Daddy branded merchandise or gift cards. Discount
reflected in your shopping cart - cannot be used in conjunction
with any other offer, discount or promotion, or in connection with
special partnership discount programs. After the initial purchase term,
discounted products purchased with special offer discounts will renew
at the then-current renewal list price.
Copyright (C) 2011 Go Daddy All rights reserved.
A bunch of my transfers appear to have been delayed because Namecheap themselves have not generated the initial authorization email to begin the tranfer process. The ones for which they did generate the email (about 1/4 of my transfers) went through fine with no delays from Godaddy. Not sure what's going on (I sent an email to support about 4 hours ago but have no response yet), but so far I'm a little underwhelmed by their service.
If I were a registrar, I would have rate-limiters on domain info downloads to prevent harvesting by spammers. And those rate-limiters would be set so as not to interfere with normal demand, but might be tripped if, say, everyone tried to transfer out their domains all at once.
Just sayin.' Never ascribe to malice what can adequately be explained by reasonable engineering heuristics...
Not allowing other registrars access to WHOIS is against the rules, regardless of what you think makes sense for spam prevention. If they have such a filter, it needs to go away.
Hey Namecheap, since I know you're on here (Anthony?): did you try contacting some engineering folk at GoDaddy to try to resolve this delay for your clients? I hope you already have, and that they told you to sit on it, given the tone of your last blog post.
If you're just slinging non-verified mud at a competitor, kicking them when they're down instead of focusing all your effort on actually fixing this, how are you better than GoDaddy and why would a potential new client choose you over them if you're both shady?
Amusing that you'd hope that GoDaddy would continue screwing their (soon to be former) customers because they don't like that a competitor thinks they're playing dirty pool.
....what? My point was that it seems like Namecheap is just making efforts to blame GoDaddy instead of efforts to actually fix the problem. I hope GoDaddy dies in a fire. I hope everyone gets away from them ASAP and I hope they get out of the domain business after that (it'd be great to at least see ICANN call them out on it and fine them or something.)
As I see it, the more GoDaddy fights and does stupid things, the more it increases the Streisand effect and the more people will become aware of how awful they are.
