GoDaddy Holds Domains Hostage

saikou writes "There were previous reports of GoDaddy, one of the biggest domain name registrars, attacking Bittorrent sites with frivolous interpretation of their own Terms of Service (that story was resolved), and now similar events unfold with clients of one of Russian domain registrars Majordomo.ru -- GoDaddy has informed them that all 1399 client domains are now blocked (story in Russian) due to 'many of your domain names were listed in the Spamhaus.org blacklist or were resolving to a name server or IP address listed in the Spamhaus.org blacklist' with a demand of a neat '$199 non-refundable administration fee to the credit card on file for your account for each domain name you wish to reactivate' or $50 for each domain to be transferred out into another registrar. I am all for fighting spam, but given how unreliable spam black-lists are such actions simply damage the internet. Instead of affecting people that use spam lists to control the inflow of mail to some degree, all users are effectively forced to be black-list clients. Now all one needs to shut down a site is a few reports of spamming, and the domain (or even better, all domains of a given small registrar) will be suspended."

Shows what you know

[AlphaSys]

SpamHaus is one of the most conscientious, well-organized, ethical and reliable lists around. Their SBL-XBL list is nothing short of essential in weighting ham and spam. I don't rely upon RBL information alone when weighting ham and spam, but if I did, I'd use spamhaus and nothing else. I'd agree with poster that RBLs are not all that great a single measure and YMMV, but don't spread FUD about spamhaus. They're great.

Very dangerous precedent

[Anon+E.+Muss]

Once we allow domain registrars to become the Spam Police, very soon there will be political pressure for them to become the Content Police. It starts with spam and kiddie pron -- content that 99.999% of the world agrees is wrong. I guarantee it won't stop there.

Re:Very dangerous precedent

[Halo1]

Actually, you need some level of self-policing to curb the problem if you want to demonstrate that laws are not necessary. Why should a domain name registrar be less responsible for spammers than hosting ISPs? Especially, since spammers nowadays often host their sites on hacked Windows boxes, with the DNS switching from one machine to another all the time (thus making the domain name their most important asset).

Re:Very dangerous precedent

[eneville]

If GoDaddy wants to make a stand they should alter their TOS to that effect BEFORE blocking domains. If they block the domains there should not be an extortionate fee to release it. The domain is neutral in this, the abuser should, although they are wrong, not have to pay GoDaddy in this way.

Re:Very dangerous precedent

[X0563511]

Yes. The registrar has no business doing anything but the following:
OK, your bills are payed. Now when people type A, A is resolved to IP B instead of C (a parking page)

It's the responsibility of law enforcement to enforce law. But, in your own argument, the site is hosted in an anarchistic country. We (and whatever country the registrar is based in) have NO BUSINESS imposing law or right/wrong on another sovergn country OR IT'S CITIZENS OR BUSINESSES. We can yell/scream/make noise/threaten as much as we want, but we cannot enforce our views on them.

Extortion

[aussie_a]

How is this little more then extortion? They have a thinly veiled reason, but let's say the spammers pay up. Their domain is re-activated. What then? How does that stop them from being spammers? This is just GoDaddy grabbing people willy nilly and forcing them to pay for fees they've already paid for.

Re:Extortion

[neoform]

Exactly, I had one of my domain names held hostage by them about 5 months ago. They told me they had received a complaint about spam for my domain and so I was required to pay $199USD. I told them to fuck off and wanted to transfer the domain to netsol, but godaddy REFUSED to allow me to transfer without first paying them the $200. I took me more than a month of yelling at their 'managers' on the phone who didn't give a shit about ICANN regulations before they allowed the transfer.

Godaddy's policies are terrible, they will do anything to make extra money.

So Sad

[PingXao]

I just renewed a domain for 2 yrs with them and I sort of regret it. GoDaddy used to be a top-notch outfit. Low prices and no nonsense. These days it's low prices and lots of nonsense. Between the GoDaddy spam, other spammers they support via special arrangements, and their incredibly convoluted ordering and pricing schemes it's no wonder they're starting to plumb the depths of sleaze.

The thing is their prices are so great it's really hard to justify going someplace else. You can pay up to $35 a year at some of the boutique registrars.

"Hostage" is just the right word

[jiggerdot]

The most fucked-up thing about this story is not the blocking of 1399(!) domains, but the fact that fact they CAN be reactivated, if only you pay 199$(!!) for "administration fees". This is not about policing the internet, it's about squeezing more money out of their customers. If this guy pays up, what prevents them from doing the same shit all over again 2 years from now? Hell, I'd like to know what their legal justification is now. Correct me if I'm wrong, but unless they are are hosting the stuff, they have no liabliity here, do they? Huh. I wonder if this can be used as an admissin on their end of being liable for content and actions of domains registered under them? Talk about watching an avalanche begin....

GoDaddy did this to us, too!

About six months ago, GoDaddy held 78 (yes, seventy-eight) of our domains hostage. They had all of our sites down (we receive approximately 2 million web server hits per day, about 160,000 unique sessions) for nearly 48 hours while we wrangled control of our domains back.

What was their excuse?

Someone outside of our organization had (for whatever unknown reason, as this is not our business) spammed using ONE of our domains as a the spoofed header-from domain. And yes, we publish SPF records. That wont stop idiots from trying.

Anyway, I personally spent close to one hour on the phone with their "abuse" people (ironic that they consider what we were doing abusive). I explained the situation over and over to no avail. We escalated to their lead "abuse" person. Same story. "Your domain was in a spam and we do not allow this"... When I would try to explain that it was not from us or on our behalf in any way, shape, or form -- we were curtly told "that's not what we've been told."

Now, I had also received the spam complaint. Their "abuse" ("abusive") people were going solely off what was written in this complaint itself. In ALL CAPS, the user cried bloody murder about "I DID NOT SIGN UP AND DO NOT WANT SPAMS FROM THESE PEOPLE"... GoDaddy did not lift one finger to actually investigate the situation and instead took the end users' word for it.

We had to get our lawyers involved. We had to fax them threatening letters. Finally, they so gracefully allowed us to tranfer our domains away from GoDaddy to another registrar for the very low highjacking fee of $50 per domain we were going to transfer.

Again -- this was not a spam from us, for us, or by us. It was a completely third party individual just randomly choosing our domain to spoof.

GoDaddy is a goddamn scam and I hope their company gets burnt someday. It would not surprise me if the spam was created by them for the specific purpose of looting their more deep-pocketed customers through these $50 "re-activation" fees. Month getting slow? Craft up another fake spam. Fuckers.

Re:GoDaddy did this to us, too!

[coop0030]

This happened to me with 10 domains. They held me hostage unless I paid some ridiculous amount.

They claimed we were spamming AOL domains, and we were not! It was a third party. They wouldn't even send me a copy of the spam emails. They would not listen to reason, or anything. It was the worst feeling being held hostage like that.

I didn't have lawyers to help me (couldn't afford them). You were lucky.

Godaddy is a scam, and an extortionist. I hope this story spreads all over the internet.

WTF?

[Some+guy+named+Chris]

Sometimes you read the article description, and actually know less than when you started.

This is one of those times.

Re:Odd.

[bigman2003]

Sorry you don't like their advertising.

Personally, I use GoDaddy for a domain registrar, and a host in some cases.

The only reason I started was because of their commercials. A tech company willing to have totally gratuitous shots of a chick bouncing her big boobs...well, that's a company for me.

Really- I did move a lot of business there because of the chick with big boobs. I guess that makes me shallow. Or a guy who likes boobs.

You Go Daddy!

Re:a company selling $2 domain names is shady!!!

[ergo98]

a company selling $2 domain names is shady!!!

Whats next, are you going to tell me that used car dealers can be less than fully honest? SAY IT AINT SO!

Why? How complex do you think hosting a name <-> IP table is, especially when the basic, long-proven infrastructure costs are spread across tens of millions of domains.

Network Solutions, the other end of the cost scale, has hardly been a model of good registrar behaviour. In fact most people consider them the scummiest, shadiest of the group.

Re:Uh... what?

[Cyberax]

The summary is really unclear (I'm a native Russian speaker, BTW).

Majordomo uses GoDaddy for international domain registrations for some of their clients. GoDaddy has blocked 1399 accounts of Majordomo clients because of spam suspicions.

Majordomo has nothing to do with this extortion scam.

Re:Wrong.

[therblig]

We were bitten by Spamhaus not for our actions, but for the action of an individual with an open relay occupying an adjacent IP address range. Spamhaus blocked the entire thing. I emailed them our domain whois and the snobby little bastards at Spamhaus brazenly told me that we were indeed the spammer and that we need to "clean up [our] act" before they would do anything. They went on to talk about "spam payloads"... WTF?!

I don't know about the yacht in international waters, but I agree that Spamhaus wreaks havoc on organizations that have done nothing wrong. Our organization has been black listed before too, and it was in error. It finally got cleared up, but it is still damaging.
We stopped using RBL's a long time ago, and have swtiched to something called Securence http://www.securence.com/. It has been much more reliable than RBL's, and keeps the junk from ever getting to our server in the first place. I haven't had a complaint about a false positive since we switched, and it blocks over 100,000 spam/viruses/phishing attempts a day.

More profitable for you to leave than stay...

[mgkimsal2]

That's a shame. I've got a lot of domains with godaddy.com but am testing out other registrars and will be migrating more away. It's not just these sorts of reports, but also their switch to Microsoft IIS for parked domains that bothers me some.

The sad thing is that this sort of thing on their part really won't hurt all that much. How much money would they have made on each of your domains for the next *10* years? $30? I'm basing this on $3 profit ($9 - $6 wholesale cost - maybe it's different for them?) By forcing you to leave they've almost doubled that, and they don't have any work to do to service you for the next 10 years either!

If they could simply extract $50 from every single domain-name-only customer to transfer away they would be *far* more profitable than they are now because there'd be less overhead and work to do.

I abhor the IRS, but would still say yes

[Mostly+a+lurker]

Are you saying that the worst murderous mobsters can operate massive criminal enterprises on a website hosted in an anarchistic country and their registrar should be prevented from denying them service?

Some people may have valid reasons to access government sites.

Simple solution

[Joe+U]

Pay the $50, move your domains, chargeback the $50 and/or file a suit in small claims court.

They'll dispute the filing and keep pulling out parts of their license agreement to counter it. Dispute the agreement as being invalid. When all is said and done, you'll be out a few days of work, GoDaddy will have wasted a ton on lawyers.

(Disclaimer: I am not a lawyer, this is Slashdot, use common sense, this is not advice, you are feeling sleepy...sleepy...SLEEPY...you want to buy me a 50" HDTV.)

Spamhaus blacklisted Google GMail. :-(

[JohnWasser]

Mail Delivery Subsystem to me Jun 15 (2 days ago)

This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

        xxxxxxx@frontiernet.net

Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 554 Sorry, your mail server (py-out-1112.google.com[64.233.166.178]) is rejected using sbl-xbl.spamhaus.org. See http://postmaster.frontiernet.net/error.html#sbl-x bl

    ----- Original message -----

Received: by 10.35.115.18 with SMTP id s18mr2328477pym;
              Wed, 14 Jun 2006 21:52:32 -0700 (PDT)
Received: by 10.35.97.6 with HTTP; Wed, 14 Jun 2006 21:52:32 -0700 (PDT)
Message-ID:
Date: Thu, 15 Jun 2006 00:52:32 -0400
From: "John Wasser"
To: "xxxxxxx"
Subject: Re: printer setup repair
In-Reply-To:
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References:

Re:Spamhaus blacklisted Google GMail. :-(

[SD_92104]

As it should -- Gmail isn't passing on the X-Orig mailer field, which is why they got spamlisted.

Cool - now non-standard headers (the X- prefixed ones) are all of a sudden required? Interesting interpretation of standards...

I will back this up.

[SlashChick]

Since the parent comment was written by an anonymous poster, I would like to add that one of our customers was put in the same situation by GoDaddy. His domain was used in a "joe job" (that is, someone sent out a spam with nonexistent addresses from his domain as the From: header in their spam emails.) He called us (his web hosting provider), furious, wanting to know why his domain name was down. We had received spam complaints as well, but since the spams were not from him and were not advertising his product (he runs a legitimate business that does not use email marketing), we did not shut him down. However, when running a quick WHOIS check on his domain, I noticed that GoDaddy had set his name servers to NS1/NS2.SUSPENDED-FOR-SPAM-AND-ABUSE.COM. This was well over a year ago and since then, I have urged all of our customers to switch away from GoDaddy. Some of our customers have responded, "But I don't spam anything!" Of course you don't. It doesn't matter. If any spammer sends out spam with your domain as the From address, even if you had nothing to do with that spam, and it gets reported to GoDaddy, your domain is toast.

For what it's worth, we use eNom and have never had any problems with them. If you host more than a few domain names, get an eNom reseller account (many providers offer them for free) and pay the same price as GoDaddy. I recommend them highly; we have several hundred domains with them right now.

GoDaddy Has a History of These Things...

[I*Love*Green*Olives]

This isn't the first time GoDaddy has arbitarily done things like this....

Lindsay Ashford, a promient memeber of the Paedophile community was once registered with GoDaddy until they started to yank his chain and play games with him using Section Seven of their Domain Registration Agreement--specifically the bit about morally objectionable activities. Lindsay was given 24 hours in which to move the site (which he began to do) only to be informed via email the change over was blocked from GoDaddy's end without explaination. The strange thing is while there was never any child porn or illegal content on puellula.comand GoDaddy never explained their actions, the site was also home to many racists and extremists hate sites that were apparently never a problem. It finally took a complaint from Lindsay to ICAAN before the domains were finally restored to him!

GoDaddy is run by people who see no evil in groups such as: Skinheads, Hammerskins, Aryan Nations, White Camelia Knights of the Ku Klux Klan, Ku Klux Klan all whom were still registered with GoDaddy as of roughly this time last year. Given the legal wrangling it took to get the company to turn over the domain names to their proper owners, why would anyone be surprised when they decide to dip into the extortion racket?

Do yourself a favor and find a domain register who is willing to take care of their customers and isn't run by a bunch of racists who think we haven't done enough torture on the Guantanamo Bay prisioners!

--I*Love*Green*Olives