Punished by eNom for a Registration Placeholder

by Randy Cassingham                                                                                 Updated! See the End

I'm posting this minutes after my sites came back online. As I was writing this, most of my web sites were offline, thanks to proactive (that is, on purpose) action by enom, the huge domain registrar which provides registration for the "domain names" for more than 8 million web sites. The registrar, of course, I (used to?) use. And here's the unbelivably scary thing I learned while struggling to get them back up: any web site, including yours, can be knocked off the 'net without warning and without notice, and for the most mundane of reasons, by the people you pay for your most basic online service: your domain registration. Even if it's not enom.

Your site is your sole source of income? Too bad. Your site is depended upon by thousands of people for critical information? Tough. You're expecting an urgent e-mail? Shrug. The weekend is coming up? They may or may not be able to help you until Monday -- check back later. We'll see -- the only guy who can help has a long lunch planned.

Have you ever done a whois lookup to get a site owner's address or other contact information, and been stymied? Everyone who has used "whois" has found bad, outdated, fake, or obfuscated information. Then perhaps it probably occured to you why: "I wouldn't want my home address or phone number available to any whacko online!" If you have a web site, and aren't a huge corporation which can shield your private contact info, odds are pretty good you put in a fake address or phone.

If so, you are at severe risk of your site being shut down without warning. You are literally not allowed to supply fake info -- rape crisis centers and shelters for battered women, for instance, cannot put in a fake address or phone number if they want their own domain name. (A PO Box, answering service, etc. is -- as far as I know -- OK, but many don't know of this rule and put in fake info.)

Yet you can bet pretty much every spammer and phishing site has fake info on their domain registration.

How it Happened

Yesterday (8 February 2007), after someone let me know that I hadn't updated the contact info on one of my domains, I took a look at my main sites. Many had old info in the domain registration; some had fake (3030000000) or no ("n/a") phone numbers, some had correct numbers. All had a real e-mail address, an autoresponder pointing to full contact information. And they had been that way for years -- I moved in 2003!

"Yeesh," I said, and I set about updating them, logging in to my control panel at enom. But I didn't really want my direct office phone on my domain registrations. I had planned to get a voicemail/fax number, but hadn't gotten down that far on my to-do list yet, so as I updated the records on my domains with my actual mailing address I stuck in a placeholder phone number, "0000000000", until I could replace it with the voicemail number after I got it. I never got the chance to update it.

Within hours, my web sites started to die -- just yanked offline. There was no "Hey, you need to give us correct information" warning. Obviously I thought there was a server problem, but after making a call to my tech support guy, we quickly learned the site was fine. It was DNS that was screwed up. DNS converts "CrankyCustomer.com" to the actual IP address your browser needs to surf to to get to a web site. DNS is ultimately controlled by your domain registrar -- in my case, enom.

My weird news site This is True (in business online since 1994), was gone. My crazy lawsuits site, which recently issued the most outrageous suits of the year "awards", was nowhere to be found. The Honorary Unsubscribe archive, obituaries of people who have affected our lives, shut down. No one could go to my good jokes site. My cool web sites archive was lost in the ether. Even my weather station -- the only online station in my county, which I've put online so people here can get current weather info, was knocked out. That site also has a special "member area" for the volunteer Emergency Medical Services first responders for my area, and they couldn't communicate.

But it got worse: I founded HeroicStories, but no longer publish it or own the domain (though I still donate hosting for it), and that site was also knocked out. Even one of my newer domains that has never had "fake" contact info was killed. Why? Just to punish me?

The Real Problem: You're at Risk Too

If they can punish me, they can punish anyone with a web site, including you. And anyone you help with a web site, like I do with HeroicStories.

Domain registrars do need the ability to shut down sites, such as phishers trying to commit identity theft and worse. But really: is changing my phone number from one that I haven't used for three and a half years to one just as useful on the same level? My registered address is an autoresponder pointing to my real and complete contact info, but they couldn't bother to check. "We have the power, and dammit we're going to use it!" There's no thought to the possible destruction of my 13-year-old business, nor the damage to my customers and six-figure reader base.

It's not just enom -- every registrar can do this. But I fault enom specifically, since they didn't need to take such drastic action without giving notice.

Don't just shrug: if it can happen to me, it can happen to you. You can set up redundant servers, redundant disk farms, redundant connectivity, redundant everything -- but your domain registrar is a single point of failure that could destroy your business -- just because someone felt like it. My sites just got back online as I posted this; they were off for 24 hours.


Randy Cassingham is the publisher of This is True, the curator of the popular joke site, Jumbo Joke, and is the founder of Cranky Customer.


On 26 February -- more than two weeks later -- I got an e-mail from eNom with this laughable claim regarding one of my domains, http://www.GOOHF.com, which was not one of the domains they deactivated during the first round:

Dear eNom Customer,

This is a message to verify that the current contact information as listed in the eNom whois database for the domain name listed in the subject line is both valid and complete. We have received complaints that the listed information is erroneous. Please respond to this message within the next 15 days to provide valid and complete WHOIS information.

Failure to comply is a direct breach of ICANN policy, as well as the eNom registration agreement, and may result in loss of your registration rights without further notice.

Thank you in advance for your cooperation, and we look forward to your reply.


eNom, Inc.

"Complaints"?! Plural? I publicly challenge eNom on that. I doubt they have any complaints, let alone more than one. I responded to their message challenging them to produce even one complaint.*

Of course, this is the sort of notice that I've been saying all along that they should have sent the first time -- ping me to check, provide 15 days' of notice, and explain why they are doing it (to ensure compliance with ICANN policy).

So despite the ridiculousness of it, I actually applaud that they are showing progress in their customer service. Now to the next step: adding some intelligence to the equation.

*Within minutes, eNom replied:

The complaints were issued through ICANN, this is merely a verification request. If the current contact details are complete and valid, all that is required is your verification of such. If you verify that the current contact details for this domain are accurate, there is no further action required on your part.

I still find it hard to believe there have been any "complaints", but so be it. I replied again, with "I hereby state: All the information on the domain registration is accurate. Is that what you need?"

They replied, again within minutes: "That is exactly what we need in order to fulfill our obligation with ICANN. Thank you for your cooperation in this matter."

Matter -- apparently -- closed. See how easy that is, eNom? Sheesh.


« FedEx: They Absolutely, Positively Should Have Gotten it Right the First Time | Home | Can't Navigate Out of a Paper Bag »


It seems to me that you were not prepared to do the simple task you set out to do. You supplied information that was obviously false and were caught. You are trying to rationalize your behavior with the existance of pointers and the extreme response from your doimain registrar.

Yes, the response was extreme and without appropriate notice
Yes, the existing information was not valid.
Yes, autoresponders point to information that is current.

Notwithstanding all that, you showed up for the test without two sharpened #2 pencils.


I already acknowledged that. So your contention is that you disagree, and if I make any mistake whatever, that justifies their extreme behaviors. May you never do anything at all wrong in your entire life. -rc

Perhaps the autoresponder didn't work because the domain on it had been pulled. Wonder how that could happen? Lol.

Would probably depend if the autoresponder address is monitored. Wondering if they sent notification from a dead email to stop that being caught for spam (then get cranky if you try same thing).

On the other hand I've had to use Nominet over here to remove a cyberSquatter. Apparently nothing in rules about registering thousands of domains to sell on, but there were issues with the contact info. However the squatter was given 3 notifications over a 45 day period to resolve the issue. Even sitting at the sharp end of this one I still considered it fair and just to be given the opportunity to fix his error.

I know it doesn't apply to all your sites, but for personal non-money making domains there is the option to hide contact info, which I have set up on all my home ones.

We have been logged out of our enom account for two month now and getting help form support has proven be to rather very difficult.

It's just too difficult and frustrating to get help from Enom Support.

Post a comment

Read this before posting a comment! Comments are of course the opinion of the poster. All comments must be approved by the site owner before they appear. Only interesting, pertinent comments that have to do with the entry will be approved, and all comments may be edited for brevity, flow, or grammar. Read the existing comments before posting your own to ensure you're not saying something that's already been covered. See this page for more info.

Last, don't waste your time (or ours) commenting on the ads. We know that the context-sensitive ads are often shilling for the very companies we're ranting at, so we don't consider it "ironic"; it's simply how the ad systems work, and "Hey! Look at that!" comments aren't interesting, they're boring. Thanks.