« FedEx: They Absolutely, Positively Should Have Gotten it Right the First Time | Main | Can't Navigate Out of a Paper Bag »

Punished by eNom for a Registration Placeholder

by Randy Cassingham                                                                                 Updated! See the End

I'm posting this minutes after my sites came back online. As I was writing this, most of my web sites were offline, thanks to proactive (that is, on purpose) action by enom, the huge domain registrar which provides registration for the "domain names" for more than 8 million web sites. The registrar, of course, I (used to?) use. And here's the unbelivably scary thing I learned while struggling to get them back up: any web site, including yours, can be knocked off the 'net without warning and without notice, and for the most mundane of reasons, by the people you pay for your most basic online service: your domain registration. Even if it's not enom.

Your site is your sole source of income? Too bad. Your site is depended upon by thousands of people for critical information? Tough. You're expecting an urgent e-mail? Shrug. The weekend is coming up? They may or may not be able to help you until Monday -- check back later. We'll see -- the only guy who can help has a long lunch planned.

Have you ever done a whois lookup to get a site owner's address or other contact information, and been stymied? Everyone who has used "whois" has found bad, outdated, fake, or obfuscated information. Then perhaps it probably occured to you why: "I wouldn't want my home address or phone number available to any whacko online!" If you have a web site, and aren't a huge corporation which can shield your private contact info, odds are pretty good you put in a fake address or phone.

If so, you are at severe risk of your site being shut down without warning. You are literally not allowed to supply fake info -- rape crisis centers and shelters for battered women, for instance, cannot put in a fake address or phone number if they want their own domain name. (A PO Box, answering service, etc. is -- as far as I know -- OK, but many don't know of this rule and put in fake info.)

Yet you can bet pretty much every spammer and phishing site has fake info on their domain registration.

How it Happened

Yesterday (8 February 2007), after someone let me know that I hadn't updated the contact info on one of my domains, I took a look at my main sites. Many had old info in the domain registration; some had fake (3030000000) or no ("n/a") phone numbers, some had correct numbers. All had a real e-mail address, an autoresponder pointing to full contact information. And they had been that way for years -- I moved in 2003!

"Yeesh," I said, and I set about updating them, logging in to my control panel at enom. But I didn't really want my direct office phone on my domain registrations. I had planned to get a voicemail/fax number, but hadn't gotten down that far on my to-do list yet, so as I updated the records on my domains with my actual mailing address I stuck in a placeholder phone number, "0000000000", until I could replace it with the voicemail number after I got it. I never got the chance to update it.

Within hours, my web sites started to die -- just yanked offline. There was no "Hey, you need to give us correct information" warning. Obviously I thought there was a server problem, but after making a call to my tech support guy, we quickly learned the site was fine. It was DNS that was screwed up. DNS converts "CrankyCustomer.com" to the actual IP address your browser needs to surf to to get to a web site. DNS is ultimately controlled by your domain registrar -- in my case, enom.

My weird news site This is True (in business online since 1994), was gone. My crazy lawsuits site, which recently issued the most outrageous suits of the year "awards", was nowhere to be found. The Honorary Unsubscribe archive, obituaries of people who have affected our lives, shut down. No one could go to my good jokes site. My cool web sites archive was lost in the ether. Even my weather station -- the only online station in my county, which I've put online so people here can get current weather info, was knocked out. That site also has a special "member area" for the volunteer Emergency Medical Services first responders for my area, and they couldn't communicate.

But it got worse: I founded HeroicStories, but no longer publish it or own the domain (though I still donate hosting for it), and that site was also knocked out. Even one of my domains that has never had "fake" contact info, a word cloud ad site, was killed. Why? Just to punish me?

The Real Problem: You're at Risk Too

If they can punish me, they can punish anyone with a web site, including you. And anyone you help with a web site, like I do with HeroicStories.

Domain registrars do need the ability to shut down sites, such as phishers trying to commit identity theft and worse. But really: is changing my phone number from one that I haven't used for three and a half years to one just as useful on the same level? My registered address is an autoresponder pointing to my real and complete contact info, but they couldn't bother to check. "We have the power, and dammit we're going to use it!" There's no thought to the possible destruction of my 13-year-old business, nor the damage to my customers and six-figure reader base.


It's not just enom -- every registrar can do this. But I fault enom specifically, since they didn't need to take such drastic action without giving notice.

Don't just shrug: if can happen to me, it can happen to you. You can set up redundant servers, redundant disk farms, redundant connectivity, redundant everything -- but your domain registrar is a single point of failure that could destroy your business -- just because someone felt like it. My sites just got back online as I posted this; they were off for 24 hours.

>:-(

Randy Cassingham is the author of This is True and the True Stella Awards, and is the founder of Cranky Customer.

Update!

On 26 February -- more than two weeks later -- I got an e-mail from eNom with this laughable claim regarding one of my domains, http://www.GOOHF.com, which was not one of the domains they deactivated during the first round:

Dear eNom Customer,

This is a message to verify that the current contact information as listed in the eNom whois database for the domain name listed in the subject line is both valid and complete. We have received complaints that the listed information is erroneous. Please respond to this message within the next 15 days to provide valid and complete WHOIS information.

Failure to comply is a direct breach of ICANN policy, as well as the eNom registration agreement, and may result in loss of your registration rights without further notice.

Thank you in advance for your cooperation, and we look forward to your reply.

Regards

eNom, Inc.

"Complaints"?! Plural? I publicly challenge eNom on that. I doubt they have any complaints, let alone more than one. I responded to their message challenging them to produce even one complaint.*

Of course, this is the sort of notice that I've been saying all along that they should have sent the first time -- ping me to check, provide 15 days' of notice, and explain why they are doing it (to ensure compliance with ICANN policy).

So despite the ridiculousness of it, I actually applaud that they are showing progress in their customer service. Now to the next step: adding some intelligence to the equation.

*Within minutes, eNom replied:

The complaints were issued through ICANN, this is merely a verification request. If the current contact details are complete and valid, all that is required is your verification of such. If you verify that the current contact details for this domain are accurate, there is no further action required on your part.

I still find it hard to believe there have been any "complaints", but so be it. I replied again, with "I hereby state: All the information on the domain registration is accurate. Is that what you need?"

They replied, again within minutes: "That is exactly what we need in order to fulfill our obligation with ICANN. Thank you for your cooperation in this matter."

Matter -- apparently -- closed. See how easy that is, eNom? Sheesh.

rc

- - -

Link to this essay from your own web site or blog -- just copy/paste this HTML:

Posted February 9, 2007 3:09 PM |

Comments

Forgive me if I missed that someone may have made this point already, but it seems to me that it would be a better solution and 100% viable that Enom, rather than creating a filter to shut down sites with obviously illegitimate phone numbers, they perhaps could simply deny the submission of a form if it contained an obviously fake phone number? It could even state that the reason for the refusal is that the phone number must be a valid one. They could even have an automated email verification system to ensure that they at least have some means of contacting you before shutting your site down without notice. Don't tell me it can't be done or is impractical. It's been done before.

Posted by: Brent | March 12, 2007 12:23 PM

The best solution in my book is http://domainsbyproxy.com

I use it on more than one of my websites and it totally shields my private information.

Posted by: Kay Davis, Canada | March 22, 2008 5:56 AM

Just a word to spell out one of the oldest adages in the consumer world: "You get what you pay for". The original registrar, Network Solutions, is still the best, as far as I'm concerned. I've never heard of any of this stuff happening there. I had a phone number that was no longer working and an email address that I never logged into for years, while I was battling a major illness. And yet, there were no "complaints". Note, however, that NetSol allows access via an account w/ username and pwd, and I had been renewing the name via login. I did, however, have to reactivate my old email account in order to make changes, or it would have been very difficult (process involving faxing scan of driver's license).

I have been complaining for years about many of these registrar practices, and even sent a letter at one time to the FCC. No response. I think there needs to be an organized consumer effort. Here are some of the things that I find unfair consumer practices:

(*) You spend a long time thinking up your special, snappy-sounding domain name. You spend hours poring over the dictionary, thesaurus, and other literature, and come up with a great name. You go register it. Now, who really "owns" the name? You? Or the registrar? Really what the $35/yr covers, as far as I'm concerned, is the propagation across name servers. It can't be a rental fee for the name, can it, because you thought it up and own it, right? WRONG, because if you are late paying the $35/yr fee, then Network Solutions (or other registrar) can just take it from you. Or, as we have seen, GoDaddy and enom and the likes can take a domain due to "inaccurate" WHOIS info. The only protection you have is to get a trademark on the base part of the name so that nobody else can use it, should the name expire or be taken away, and nobody can register it under any other extensions.

(*) My original complaint to the FCC was about the practice that registrars use of trying to get you to buy/rent the name you so carefully thought up with all other available extensions. You register GreatNameIdea.com, and when you next login to your account at the registrar, they bombard you with messages saying, "GreatNameIdea.org, .net, .info, .tv (etc.) are all still available! Hurry and get them now, or we will sell them to somebody else!" I have always considered this to be a form of a ransom notice, and told the FCC as much. When you are the person who did all the hard work to come up with a creative name, you should own the name under ALL its extensions. One idea would be to separate the name registration itself (perhaps in some government database) from the actual name server propagation service (which is exactly that -- a service). I say that the base part of the name (the part before the dot) belongs to whoever thinks it up (unless they're violating a copyright or trademark) and should not be usable under any other extension. Why should they be able to make money off your good idea? Why should you have to pay to keep this from happening?

(*) The next practice that I don't think should occur is more recent, but just as disgusting (and is the basis for these cancellations due to inaccurate WHOIS info). The domain registrars are allowed to (or simply do, of their own accord -- not sure which) make the WHOIS information public in a big database that they put out. Spammers use this to bombard people with ads. People falsify their info specifically because they don't want to be hounded with emails, phone calls, etc. Now, along comes registrar and says, we can make the info private, but it's going to cost you. This is another form of ransom: we have your information, and unless you pay us, we'll make sure that bad things will happen to it. Is this even legal? My domains are privately owned, and my number is in the "Do Not Call" registry! I believe that the domain registrars should be forced to allow an "opt out", at no charge, from having one's information published.

So these are my complaints, and I believe that they are all valid. What is needed is an organized consumer effort to approach Congress about this, or nothing will ever be done. The power has gone to the domain registrars' heads, and they are abusing it to ransom consumers. It's just not right, especially for small businesses or private owners who have very small budgets!

Posted by: Cindy, Ohio | May 8, 2008 5:16 AM

See all 48 comments...

Post a comment

Read this before posting a comment! Comments are of course the opinion of the poster. All comments must be approved by the site owner before they appear. Only interesting, pertinent comments that have to do with the entry will be approved, and all comments may be edited for brevity, flow, or grammar. Read the existing comments before posting your own to ensure you're not saying something that's already been covered. See this page for more info.

Last, don't waste your time (or ours) commenting on the ads. We know that the context-sensitive ads are often shilling for the very companies we're ranting at, so we don't consider it "ironic"; it's simply how the ad systems work, and "Hey! Look at that!" comments aren't interesting, they're boring. Thanks.