Slashdot Mirror
GoDaddy Holds Domains Hostage
saikou writes "There were previous reports of GoDaddy, one of the biggest domain name registrars, attacking Bittorrent sites with frivolous interpretation of their own Terms of Service (that story was resolved), and now similar events unfold with clients of one of Russian domain registrars Majordomo.ru -- GoDaddy has informed them that all 1399 client domains are now blocked (story in Russian) due to 'many of your domain names were
listed in the Spamhaus.org blacklist or were resolving to a name server
or IP address listed in the Spamhaus.org blacklist' with a demand of a neat '$199 non-refundable
administration fee to the credit card on file for your account for each
domain name you wish to reactivate' or $50 for each domain to be transferred out into another registrar.
I am all for fighting spam, but given how unreliable spam black-lists are such actions simply damage the internet. Instead of affecting people that use spam lists to control the inflow of mail to some degree, all users are effectively forced to be black-list clients.
Now all one needs to shut down a site is a few reports of spamming, and the domain (or even better, all domains of a given small registrar) will be suspended."
SpamHaus is one of the most conscientious, well-organized, ethical and reliable lists around. Their SBL-XBL list is nothing short of essential in weighting ham and spam. I don't rely upon RBL information alone when weighting ham and spam, but if I did, I'd use spamhaus and nothing else. I'd agree with poster that RBLs are not all that great a single measure and YMMV, but don't spread FUD about spamhaus. They're great.
Can I bum a sig? I left mine at the office.
Once we allow domain registrars to become the Spam Police, very soon there will be political pressure for them to become the Content Police. It starts with spam and kiddie pron -- content that 99.999% of the world agrees is wrong. I guarantee it won't stop there.
The key sequence to access my Slashdot bookmark in Firefox is Alt-B-S. I don't believe this is a coincidence.
How is this little more then extortion? They have a thinly veiled reason, but let's say the spammers pay up. Their domain is re-activated. What then? How does that stop them from being spammers? This is just GoDaddy grabbing people willy nilly and forcing them to pay for fees they've already paid for.
I just renewed a domain for 2 yrs with them and I sort of regret it. GoDaddy used to be a top-notch outfit. Low prices and no nonsense. These days it's low prices and lots of nonsense. Between the GoDaddy spam, other spammers they support via special arrangements, and their incredibly convoluted ordering and pricing schemes it's no wonder they're starting to plumb the depths of sleaze.
The thing is their prices are so great it's really hard to justify going someplace else. You can pay up to $35 a year at some of the boutique registrars.
The most fucked-up thing about this story is not the blocking of 1399(!) domains, but the fact that fact they CAN be reactivated, if only you pay 199$(!!) for "administration fees". This is not about policing the internet, it's about squeezing more money out of their customers. If this guy pays up, what prevents them from doing the same shit all over again 2 years from now? Hell, I'd like to know what their legal justification is now. Correct me if I'm wrong, but unless they are are hosting the stuff, they have no liabliity here, do they? Huh. I wonder if this can be used as an admissin on their end of being liable for content and actions of domains registered under them? Talk about watching an avalanche begin....
"can't run, can't hide...oh well, return 0"
About six months ago, GoDaddy held 78 (yes, seventy-eight) of our domains hostage. They had all of our sites down (we receive approximately 2 million web server hits per day, about 160,000 unique sessions) for nearly 48 hours while we wrangled control of our domains back.
What was their excuse?
Someone outside of our organization had (for whatever unknown reason, as this is not our business) spammed using ONE of our domains as a the spoofed header-from domain. And yes, we publish SPF records. That wont stop idiots from trying.
Anyway, I personally spent close to one hour on the phone with their "abuse" people (ironic that they consider what we were doing abusive). I explained the situation over and over to no avail. We escalated to their lead "abuse" person. Same story. "Your domain was in a spam and we do not allow this"... When I would try to explain that it was not from us or on our behalf in any way, shape, or form -- we were curtly told "that's not what we've been told."
Now, I had also received the spam complaint. Their "abuse" ("abusive") people were going solely off what was written in this complaint itself. In ALL CAPS, the user cried bloody murder about "I DID NOT SIGN UP AND DO NOT WANT SPAMS FROM THESE PEOPLE"... GoDaddy did not lift one finger to actually investigate the situation and instead took the end users' word for it.
We had to get our lawyers involved. We had to fax them threatening letters. Finally, they so gracefully allowed us to tranfer our domains away from GoDaddy to another registrar for the very low highjacking fee of $50 per domain we were going to transfer.
Again -- this was not a spam from us, for us, or by us. It was a completely third party individual just randomly choosing our domain to spoof.
GoDaddy is a goddamn scam and I hope their company gets burnt someday. It would not surprise me if the spam was created by them for the specific purpose of looting their more deep-pocketed customers through these $50 "re-activation" fees. Month getting slow? Craft up another fake spam. Fuckers.
Sometimes you read the article description, and actually know less than when you started.
This is one of those times.
Sorry you don't like their advertising.
Personally, I use GoDaddy for a domain registrar, and a host in some cases.
The only reason I started was because of their commercials. A tech company willing to have totally gratuitous shots of a chick bouncing her big boobs...well, that's a company for me.
Really- I did move a lot of business there because of the chick with big boobs. I guess that makes me shallow. Or a guy who likes boobs.
You Go Daddy!
No reason to lie.
a company selling $2 domain names is shady!!!
Whats next, are you going to tell me that used car dealers can be less than fully honest? SAY IT AINT SO!
Why? How complex do you think hosting a name <-> IP table is, especially when the basic, long-proven infrastructure costs are spread across tens of millions of domains.
Network Solutions, the other end of the cost scale, has hardly been a model of good registrar behaviour. In fact most people consider them the scummiest, shadiest of the group.
The summary is really unclear (I'm a native Russian speaker, BTW).
Majordomo uses GoDaddy for international domain registrations for some of their clients. GoDaddy has blocked 1399 accounts of Majordomo clients because of spam suspicions.
Majordomo has nothing to do with this extortion scam.
"Now all one needs to shut down a site is a few reports of spamming, and the domain (or even better, all domains of a given small registrar) will be suspended."
This demonstrates a poor understanding of how blacklisting works and how anti-spam actions are taken. Spammers who have actions taken against them usually have thousands of reports against them, from hundreds or thousands of disparate sources, over an extended period of time.
I don't know about the yacht in international waters, but I agree that Spamhaus wreaks havoc on organizations that have done nothing wrong. Our organization has been black listed before too, and it was in error. It finally got cleared up, but it is still damaging.
We stopped using RBL's a long time ago, and have swtiched to something called Securence http://www.securence.com/. It has been much more reliable than RBL's, and keeps the junk from ever getting to our server in the first place. I haven't had a complaint about a false positive since we switched, and it blocks over 100,000 spam/viruses/phishing attempts a day.
I struggled for days and days and all I got was this lousy sig.
That's a shame. I've got a lot of domains with godaddy.com but am testing out other registrars and will be migrating more away. It's not just these sorts of reports, but also their switch to Microsoft IIS for parked domains that bothers me some.
The sad thing is that this sort of thing on their part really won't hurt all that much. How much money would they have made on each of your domains for the next *10* years? $30? I'm basing this on $3 profit ($9 - $6 wholesale cost - maybe it's different for them?) By forcing you to leave they've almost doubled that, and they don't have any work to do to service you for the next 10 years either!
If they could simply extract $50 from every single domain-name-only customer to transfer away they would be *far* more profitable than they are now because there'd be less overhead and work to do.
creation science book
Pay the $50, move your domains, chargeback the $50 and/or file a suit in small claims court.
They'll dispute the filing and keep pulling out parts of their license agreement to counter it. Dispute the agreement as being invalid. When all is said and done, you'll be out a few days of work, GoDaddy will have wasted a ton on lawyers.
(Disclaimer: I am not a lawyer, this is Slashdot, use common sense, this is not advice, you are feeling sleepy...sleepy...SLEEPY...you want to buy me a 50" HDTV.)
Mail Delivery Subsystem to me Jun 15 (2 days ago)
x bl
This is an automatically generated Delivery Status Notification
Delivery to the following recipient failed permanently:
xxxxxxx@frontiernet.net
Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 554 Sorry, your mail server (py-out-1112.google.com[64.233.166.178]) is rejected using sbl-xbl.spamhaus.org. See http://postmaster.frontiernet.net/error.html#sbl-
----- Original message -----
Received: by 10.35.115.18 with SMTP id s18mr2328477pym;
Wed, 14 Jun 2006 21:52:32 -0700 (PDT)
Received: by 10.35.97.6 with HTTP; Wed, 14 Jun 2006 21:52:32 -0700 (PDT)
Message-ID:
Date: Thu, 15 Jun 2006 00:52:32 -0400
From: "John Wasser"
To: "xxxxxxx"
Subject: Re: printer setup repair
In-Reply-To:
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References:
That being said, I'm also on the other end currently. One of the domains I'm hosting has the word "ebay" within the domain name. I never even realized this. The domain name is also a legal, currently registered and operating corporation within the US. It's been in business more than two years. Its line of business has nothing to do with spam, it deals with supplying certain metal goods to large distributors and large end users within the US and elsewhere. It's the type of business where you confirm the customer is a large end user or distributor, and upon doing this, you don't have a problem sending them several thousand dollars in samples, hoping they'll place blanket orders for years into the future. Without having the knowledge on running a mail server, and currently without the resources for a secondary dns on another ip block, it was decided that GoDaddy would be the host for the mail server for the domain.
A few test emails from the business domain, with an email address that is obviously business related (sales@legitdomain, a few others), everything went through without a problem, great. Add email address to invoices, statements, shipping documents, product packaging, start using to communicate with new customers, suddenly a problem. Turns out if the email contains a couple of email addresses within the body, or if the email contains a couple of urls with certain keywords (keywords normally related to some of the customers' business lines), more than two urls, a combination of an email address and a url, and the emails would be rejected. GoDaddy's smtp server wouldn't accept the email for sending. Not that it would bounce, it would outright reject the email.
Trying to get GoDaddy's tech department just to understand what was going on was difficult. Forward the bounce message. There is no bounce message, the smtp server is outright refusing to accept the email as it is being sent. Send the error message of your email client. Email client is KMail. Here's the instructions for Outlook. Email client is KMail. Here's the instructions for Mozilla mail. Email client is KMail. Here's a screenshot of the popup error message you requested. You're using a non-standard email client. Here's the instructions for outlook. Please send me responses in plain text instead of html. Sorry, our email is sent in html. Please don't send me instructions in
That's just the first few attempts to get the email working. Next, we received every excuse known to man for why mail was being blocked. Your domain is blacklisted by the RBLs. No its not. Your domain is blacklisted by Spamhaus. No, its not. Your ip is listed in Spamhaus. No its not. Your ip block is listed in Spamhaus. No, its not. The email domain you are sending your email to is listed in Spamhaus. Are you serious?
Actual email trouble ticket response:
Since the parent comment was written by an anonymous poster, I would like to add that one of our customers was put in the same situation by GoDaddy. His domain was used in a "joe job" (that is, someone sent out a spam with nonexistent addresses from his domain as the From: header in their spam emails.) He called us (his web hosting provider), furious, wanting to know why his domain name was down. We had received spam complaints as well, but since the spams were not from him and were not advertising his product (he runs a legitimate business that does not use email marketing), we did not shut him down. However, when running a quick WHOIS check on his domain, I noticed that GoDaddy had set his name servers to NS1/NS2.SUSPENDED-FOR-SPAM-AND-ABUSE.COM. This was well over a year ago and since then, I have urged all of our customers to switch away from GoDaddy. Some of our customers have responded, "But I don't spam anything!" Of course you don't. It doesn't matter. If any spammer sends out spam with your domain as the From address, even if you had nothing to do with that spam, and it gets reported to GoDaddy, your domain is toast.
For what it's worth, we use eNom and have never had any problems with them. If you host more than a few domain names, get an eNom reseller account (many providers offer them for free) and pay the same price as GoDaddy. I recommend them highly; we have several hundred domains with them right now.
Simpli - Your source for San Jose dedicated servers and colocation!
Lindsay Ashford, a promient memeber of the Paedophile community was once registered with GoDaddy until they started to yank his chain and play games with him using Section Seven of their Domain Registration Agreement--specifically the bit about morally objectionable activities. Lindsay was given 24 hours in which to move the site (which he began to do) only to be informed via email the change over was blocked from GoDaddy's end without explaination. The strange thing is while there was never any child porn or illegal content on puellula.comand GoDaddy never explained their actions, the site was also home to many racists and extremists hate sites that were apparently never a problem. It finally took a complaint from Lindsay to ICAAN before the domains were finally restored to him!
GoDaddy is run by people who see no evil in groups such as: Skinheads, Hammerskins, Aryan Nations, White Camelia Knights of the Ku Klux Klan, Ku Klux Klan all whom were still registered with GoDaddy as of roughly this time last year. Given the legal wrangling it took to get the company to turn over the domain names to their proper owners, why would anyone be surprised when they decide to dip into the extortion racket?
Do yourself a favor and find a domain register who is willing to take care of their customers and isn't run by a bunch of racists who think we haven't done enough torture on the Guantanamo Bay prisioners!
--I*Love*Green*Olives
There are nights when the wolves are silent and only the moon howls. --George Carlin
I have a domain with them, and suddenly stopped receiving any email for a few days. So I contacted them to findout what was going on, they said it appeared I was using the domaing for sending SPAM and they have launched an investigation to evaluate the content of the emails sent. I was confused so I looked into it and saw that the SMTP mail forwarding was open on my server and a spammer started using the account. GODADDY by default sets this as PUBLIC. So I contacted them to tell them what was going on and they told me my account might be suspended if I violated TOS. I explained I send around 3 emails a month on my account, and what had happened, but they just kept responding that it is being investigated. At the time I didn't know what was going on, but now I get it. I will be forwarding all my domains registered with back to Network Solutions, I am not a fan of sleezeball operations and extortion.
I varies for each type of top level domain. A .COM/.NET/.ORG is around $6.25 per year per domain + a .25 ICANN Fee. For other domains like .tv it can be as high as $50. Different bodies control different TLD's and they control the pricing for each.
Since the article is heavy on claims and light on the basis for those claims, I thought I'd dig in to it a bit. Turned out to be a difficult. I couldn't find the registration agreement via Godaddy's web page. I had to search Google for it.
o w_doc.asp?se=+&pageid=REG_SA
http://www.godaddy.com/gdshop/legal_agreements/sh
Section 7 is the one that deals with spam. Here's what it says:
7. restriction of services; right of refusal
You agree not to use the services provided by Go Daddy, or to allow or enable others, to use the services provided by Go Daddy for the purposes of:
* The transmission of unsolicited email (Spam).
* Repetitive, high volume inquires into any of the services provided by Go Daddy (i.e. domain name availability, etc.).
If You are hosting Your domain's domain name servers ("DNS") on Go Daddy's servers, or are using our systems to forward a domain, URL, or otherwise to a system or site hosted elsewhere, or if You have your domain name registered with Go Daddy, You are responsible for ensuring that there is no excessive overloading on Go Daddy's DNS systems. You may not use Go Daddy's servers and Your domain as a source, intermediary, reply to address, or destination address for mail bombs, Internet packet flooding, packet corruption, or other abusive attack. Server hacking or other perpetration of security breaches is prohibited. You agree that Go Daddy reserves the right to deactivate Your domain name from its DNS system if Go Daddy deems it is the recipient of activities caused by your site that threaten the stability of its network.
You agree that Go Daddy, in its sole discretion and without liability to You, may refuse to accept the registration of any domain name. Go Daddy also may in its sole discretion and without liability to You delete the registration of any domain name during the first thirty (30) days after registration has taken place. Go Daddy may also cancel the registration of a domain name, after thirty (30) days, if that name is being used in association with spam or morally objectionable activities. Morally objectionable activities will include, but not be limited to: activities designed to defame, embarrass, harm, abuse, threaten, slander or harass third parties; activities prohibited by the laws of the United States and/or foreign territories in which You conduct business; activities designed to encourage unlawful behavior by others, such as hate crimes, terrorism and child pornography; activities that are tortious, vulgar, obscene, invasive of the privacy of a third party, racially, ethnically, or otherwise objectionable; activities designed to impersonate the identity of a third party; and activities designed to harm minors in any way. In the event Go Daddy refuses a registration or deletes an existing registration during the first thirty (30) days after registration, You will receive a refund of any fees paid to Go Daddy in connection with the registration either being canceled or refused. In the event Go Daddy deletes the registration of a domain name being used in association with spam or morally objectionable activities, no refund will be issued.
Okay, so there are some pretty nasty things in there. One thing I don't see is where they say they'll hold on to the name, refuse to let you transfer it or charge you an extra fee. In fact, they're quite specific: If you spam, they cancel the registration. Period.
I also read the supposed letter from godaddy at http://majordomo.ru/about/letter.htm . Maybe its just me, but the letter smells false. That's not the careful legal language I would expect from a company Godaddy's size faced with this sort of situation. I'm not discounting the possibility that its real, but it smells false. If I saw that letter in my inbox, I'd suspect phishing.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
So who's a good, low-cost registrar with no relationship to GoDaddy?
Since I'm serious, please don't respond with "Network Solutions".
Tech Public Policy stuff
...by far is DirectNIC.
$15 and no bullshit.
To me they are like the Google of registrars - "do no evil".
They even are based out of NOLA and had very little if any downtime during Katrina. You can read about it and see damage to their building here:
http://interdictor.livejournal.com/
Libertas in infinitum
This isn't the equivalent of a property owner evicting a tenant for drug violations, this is the equivalent of a property owner evicting every tenant in one of his buildings because one tenant is dealing drugs.
Tech Public Policy stuff
Dreamhost is only a dollar more per year, and includes privacy guard as a base-level feature (which costs $1/year on GoDaddy), so they're arguably the same price.
Rob
And they respect the privacy of your information, too.
--- Grow a pair, liberals... stop letting the Republicans bully you!