# Key Post: Domain Name nightmare warning



## XXXAnother PersonXXX (15 Jan 2003)

I finally took the plunge and got a username registered.

I wanted to take this opportunity to warn people about euphemistically named 'cyber-squatters' (Or more aptly 'complete bastards') 

We've spent the last couple of years promoting our domain name. We have it on search engines, products, stationary, email (which all our customers use for support etc.) We were quite surprised to find on the 13th Jan that a new company was occupying our web domain - with the option for us to buy back it back!

Apparently, our domain name expired on 12th, and this company registered it straight away. We didn't know it had expired because register.ie sent the warning to an email address we don't use.

ICANN provide an arbitration service, whereby you can win back your domain name. The cost of this service: about $1200. The company that now has our domain will sell it back to us for the convient price of $1150 - draw your own conclusions.

We are effectively are being held to ransom, as the domain name is completely meaningless, and no use to anybody (apart from us). 

We simply can't afford this fee.


----------



## harza (15 Jan 2003)

*Domain Name*

This happened to a friend of mine before. No way around it as far as I can see. Either:
1, pay the ransom 
2, get a new domain name and incur costs of new stationary etc. 
3, Take a chance on the cyber-squatters not renewing the domain name on time next year!


----------



## ClubMan (15 Jan 2003)

*Re: Domain Name*

*We didn't know it had expired because register.ie sent the warning to an email address we don't use.*

Don't mean to be smart or anything but surely registering your domain with an email address that you don't monitor was a bad idea?


----------



## XXXAnother PersonXXX (15 Jan 2003)

*Re: Domain Name*



> Don't mean to be smart or anything but surely registering your domain with an email address that you don't monitor was a bad idea?



Well, I'm not perfect... The email address in question had about 3000 spam messages in it.

We forgot that this was the email that we used to register the domain. This is understandable, because once we registered the domain, we had new email addresses. We also didn't know that this scam was in operation, and weren't ready for this.

Anyway, we aren't going to pay these bastards (or the arbitrators - they're obviously making a killing from this scam as well). Looks like we're going to have to start from scratch.

The damage is done with us, but I hope other people learn from our mistakes.


----------



## rainyday (15 Jan 2003)

*Re: Domain Name nightmare warning*

As a technologist, I'm always dissapointed with the all-to-common casual attitude taken to email addresses. Over the Christmas holidays, I emailed one of the leading Irish online insurance brokers regarding my home insurance renewal, using the main 'contact us' email address given on their website. When I got no response & chased them up in January, I got the old 'Ah sure I haven't checked that address for ages' response.

I've no doubt that none of these businesses would take such a casual attitude to their phone or fax machine. Even if the receptionist goes sick, they will make 100% sure that someone answers the phones. By failing to take similar care with their email services, they give a very poor impression of their reliability and responsiveness.


----------



## Tommy (15 Jan 2003)

*Re: Domain Name nightmare warning*

The whole domain name issue is a racket. My own mcgibney.com site spent a week offline last year as register.com had my email address from my former employment recorded as my contact address. 

They would not facilitate me moving to another domain name registrar (a move I had requested long before it came up for remewal) unless I responded to an email sent to that address, or alternatively prepared a raft of legal documentationand sent it to them (which would have taken weeks, at least). Thankfully my former employer graciously allowed me access their system but register.com could really have really messed up my business and left me vulnerable to cybersquatters otherwise.


----------



## XXXAnother PersonXXX (15 Jan 2003)

*.*

I too detest this attitude with email. That's why we make sure that we get back to anyone who emails us on our publicised company email address, gets a response within 24 hours. We don't advertise our defunct email address. Bringing up our webpage would have been sufficent to see our contact details.

We were a customer of register.ie. They must have too many customers.


(you don't get much sympathy on this board!)


----------



## MOB (15 Jan 2003)

*Cyber squatting*

A few questions:

1.   Does the ICANN arbitration procedure not include an ability for the arbitrator to award costs against the loser?

2.  If not, why don't you just sue these people in the courts?   You will certainly be awarded your legal costs if you win, and there is the possibility (admittedly a remote one)that a judge may find their conduct so offensive as to merit an award of punitive/exempary damages against them.

3.   How can they find out so easily that your registration of the domain name has expired?  Is there someone out there who has devised software for tracking down blackmail prospects? (just curious)


----------



## ClubMan (15 Jan 2003)

*Re: Cyber squatting*

*3. How can they find out so easily that your registration of the domain name has expired? Is there someone out there who has devised software for tracking down blackmail prospects? (just curious)*

Quite possibly - I don't know. But to be fair to all reputable domain registration companies notify customer whose domain registrations are up for renewal in good time (as in this case), allowing for easy renewal and avoidance of any cybersquatting problems. Unfortunately if the customer provides inadequate contact details (as in this and Tommy's case) then the domain registration company can hardly be blamed if the registration lapses.

By the way, in my opinion Tommy's description of the domain registration business as a racket is way over the top.


----------



## XXXAnother PersonXXX (15 Jan 2003)

*.*

*1. Does the ICANN arbitration procedure not include an ability for the arbitrator to award costs against the loser?*

No. Even if a case goes through arbitration, sometimes the cyber-squtters still have the domain four months later! It generally takes 2 or 3 months (of lost business) for the arbitration service to run its course.

*2. If not, why don't you just sue these people in the courts? You will certainly be awarded your legal costs if you win, and there is the possibility (admittedly a remote one)that a judge may find their conduct so offensive as to merit an award of punitive/exempary damages against them.*

They haven't done anything illegal. All they've done is register a vacant domain name. BTW, they want $1900 ransom.


Out of curiosity, does anyone here think that this practice is unethical? - or is it all fair game?


----------



## ClubMan (15 Jan 2003)

*Re: .*

*They haven't done anything illegal. All they've done is register a vacant domain name. BTW, they want $1900 ransom.

Out of curiosity, does anyone here think that this practice is unethical? - or is it all fair game?*

Seems to me that this is capitalism in a nutshell. Whether or not it's ethical is a subjective matter.


----------



## Tommy (15 Jan 2003)

*Re: .*



> Unfortunately if the customer provides inadequate contact details (as in this and Tommy's case) then the domain registration company can hardly be blamed if the registration lapses.



Accepted, but what about the case of register.com, where a they (at least used to) forbid their customers from updating their own contact details, in the absence of reams of genuinely complicated and apparently costly legal documentation (based on the US legal system and, for example, necessitating signatures to be witnessed by a US-registered Notary Public)?



> By the way, in my opinion Tommy's description of the domain registration business as a racket is way over the top.


Well, that depends on one's opinion but I base my "racket" judgement on the above and also on my experience with register.com where they charged me $35 a pop for domain renewal and then reduced their price by two-thirds to $12 when I indicated I would go elsewhere in one instance.


----------



## rainyday (15 Jan 2003)

*Re: Cyber squatting*



> they charged me $35 a pop for domain renewal and then reduced their price by two-thirds to $12



Well if this is your definition of a 'racket', i.e. a 2/3rds reduction in price when pressurised, I'm sure there are many brokers, accountants, solicitors, IT professionals, builders, bakers & candlestick makers guilty of racketeering.  



> Accepted, but what about the case of register.com, where a they (at least used to) forbid their customers from updating their own contact details, in the absence of reams of genuinely complicated and apparently costly legal documentation (based on the US legal system and, for example, necessitating signatures to be witnessed by a US-registered Notary Public)?



Do they forbid updating of contact details absolutely, or do they forbid updating of contact details from an email address other than the one originally used to register? If the latter, then this sounds like a security mechanism designed to protect the customer. Without this mechanism, what would stop me registering a free email address like TommyMcG@xxx.com, then contacting them from this address claiming to be you, and taking ownership of your domain.


----------



## zag (15 Jan 2003)

*Who controls my domain ?*

Arising from the above discussion, here are some short notes to help you establish who really controls your domain.

If it is a .ie domain go to www.domainregistry.ie, and click on IE WHOIS associated with support and type your domain name in.  If you try with bankofireland.ie you will see that the three contacts (administrative, technical and zone) are listed as a person who is (presumably) known to Bank of Ireland.  If you look at jurys.ie you will see that they have someone from another company (in this case register.ie) listed as the technical contact.  In this case they would need to convince this organisation to authorise changes to their 'own' domain.

Please note that all domains and organisations above are provided for example purposes and were not chosen as examples of good or bad organisations.  I have no reason to believe that register.ie wouldn't make changes when requested.  There are often good reasons why you would use your ISP as a technical contact.

If your domain is a .com one then go to www.networksolutions.com and click on the whois link at the top right of the page.

Type in your domain and see what comes back.  If the domain is registered with Network Solutions (try nasdaq.com) you will get the contact information back.  If it is registered with another registrar (try dublin.com) you will get details informing you of the correct registrar.  In this case it is register.com.  Go to www.register.com and follow the whois link towards the top left.  Type in dublin.com there and with a bit of link following you find out the contact details again.

If you have a .uk or other domain it just takes a bit more work to figure out where to start, but try google with "registrar .uk" or whatever.

Hope this helps.

z


----------



## Joe Nonety (15 Jan 2003)

*Re: Domain Name nightmare warning*

I thought that the registration of .ie domain names was very strict, that businesses need to provide proof of their company name and individuals had to provide their birth cert in order to register their name and that in any case only Irish individuals and companies could register .ie domains?


----------



## Tommy (15 Jan 2003)

*Re: Cyber squatting*

_Well if this is your definition of a 'racket', i.e. a 2/3rds reduction in price when pressurised, I'm sure there are many brokers, accountants, solicitors, IT professionals, builders, bakers & candlestick makers guilty of racketeering_

Agreed - but have you ever seen a professional drop their price by *two thirds*? And, I never pressurised them. I just sent the relevant communication to them to notify them that I wished to transfer the domain to register.ie - Note that they don't offer this deal when a domain is about to or has lapsed - just when they are about to lose business to a (lower-priced) competitor. Speaks for itself, eh? 


_Do they forbid updating of contact details absolutely, or do they forbid updating of contact details from an email address other than the one originally used to register? _
The former

_Without this mechanism, what would stop me registering a free email address like TommyMcG@xxx.com, then contacting them from this address claiming to be you, and taking ownership of your domain. _

With all respects, I thought that is what passwords are for...


----------



## XXXAnother PersonXXX (15 Jan 2003)

*.*

joe - .ie domains used to be very strict. I remember my brother trying to register sex.ie 9 or 10 years ago. He was refused (even though noone else had it registered)

It's now registered, as are many other generic names.

I wonder how they determined who should get these domain names? (Since it wasn't first come first served)


----------



## rainyday (15 Jan 2003)

*Re: Cyber squatting*

Hi Tommy - I've seen bid/offer spreads drop from 5% to 0% for investment products (though not from the same provider, I grant you). Does that mean we can call the guys who still charge 5% 'a racket'?

Did they have a password-based mechanism for changing their registration details? If yes, why didn't you use it? If no, it seems appropriate for them to restrict changes to users from the nominated email address.


----------



## Tommy (15 Jan 2003)

*Re: Cyber squatting*

_I've seen bid/offer spreads drop from 5% to 0% for investment products (though not from the same provider, I grant you). Does that mean we can call the guys who still charge 5% 'a racket'?_

Not automatically, but if the same provider offers a product or service at 5% and is prepared to drop to 0% when challenged, we can draw our own conclusions...

_Did they have a password-based mechanism for changing their registration details?_

No

_If no, it seems appropriate for them to restrict changes to users from the nominated email address. _

It seems to me that a password-based system should be sufficient for this purpose. After all, they do have a fairly elaborate password system in place anyway (like every other online commercial operation), which people can use to buy, update, monitor, renew and transfer domains.

I was able to terminate my relationship with them, and transfer to another domain provider, using this password-based system, yet they would not allow me change my contact details without reams of legal paperwork. Sounds crazy to me...


----------



## ClubMan (15 Jan 2003)

*Re: Cyber squatting*

_Tommy_ - if I had a bad experience with one accountant and, on that basis, posted to AAM accusing all accountants of being racketeers then I'd imagine that you and others would (rightly) object. If you were not happy with register.com's service you could've gone elsewhere presumably?

Anyway, on the topic of changing domain registration details etc., as with many other things related to technology, there is always a trade off/conflict between security and ease of use, as outlined by _RainyDay_. 

In my experience it's not unusual for people who complain about the hassle introduced by the need for security mechanisms (proper passwords, proper authentication of electronic or other credentials/identities etc.) to bypass these only to complain when they suffer the consequences (such as getting hacked etc.).

*Sorry - this post crossed with Tommy's previous post.*


----------



## Tommy (15 Jan 2003)

*Re: Cyber squatting*

Hi Clubman,

The problems seem to lie with more than one operator - I'll sum up three separate questions to illustrate:

1. Why are register.com's procedures so complicated, apparently self-contradictory, and apparently anti-competitive?

2. Why can't register.ie issue invoices by post and by email at least to their Irish customers) in advance of domains lapsing? - after all they are happy to issue invoices by post after domains have been renewed. If cost is the issue, would an 
extra €1 or 50cent really be noticed in their charges?

(Remember, this was AP's problem - not mine)

3. Why has the ie. domain registry been so awkward and inefficient to deal with in recent years?

The common thread in 1 & 2 above is that domain companies have promoted themselves by trying to scare people about cybersquatting (Have you left it too late... etc) and from the above examples their er, _rather unique_, procedures seem to play into the hands of cybersquatters against the interests of their customers, thus perpetuating the problem.


----------



## MOB (15 Jan 2003)

*Cyber squatting*

"They haven't done anything illegal. All they've done is register a vacant domain name. BTW, they want $1900 ransom."

Actually, they probably have done something illegal.  It depends of course on your domain name, but you may well have intellectual property rights in the name on which they are squatting.  Their squatting may well constitute an infringment of those rights capable of being sued for in the ordinary courts.  Problem is, the cost of mounting a legal action is thousands, and the financial risk - both to you and the squatter - is therefore an awful lot higher.  The arbitration procedure is (relatively) cheap and quick.  But you are entitled to bring a legal action, and if you win, you are entitled to recover your legal costs.   So, if you are determined not to give these guys money, you can threaten to go the route of full legal proceedings, and it then becomes a question of who is going to blink first.  Choice is yours.


----------



## tedd (16 Jan 2003)

*Re: Cyber squatting*

Don't you just love capitalism!

tedd


----------



## zag (22 Jan 2003)

*Re: Cyber squatting*

All,

Just a few notes on this discussion :

1) the entire domain registration lark has a *well-earned* reputation for being a money-making racket.  This does not mean that every company involved in the market is a racketeer.
2) some companies make it *very* difficult to change your details precisely because they know many/most people will give up and either just pay them the money to make the change or else pay them the money to continue providing the service.  I worked for a company who did a lot of registration and we found that changing details for .com domains was inredibly difficult.
3) wholesale .com rates are a fraction of the price that a retail customer pays.  I can't remember the actual amount, but if someone registers 399 vacated domains at $5 a day and one of these pays the $1900 they are in the money.  If two people pay the $1900 they are in even bigger money.
4) beware of sites that advertise domain registration for $10 or something low like that.  You will find a number of things - it will cost you (a lot) to change anything, and it will be a right royal pain to change anything.  When you decide to move your website/email/etc . . . to some local provider you will end up either frustrated or (relatively) poor.
5) there is software/service out there that provides daily lists of domains which expire.  People do use these lists to spot and poach potentially lucrative domain names.
6) as above, many non-technical people may try to find the easiest way to perform some action and then end up snookered at a later date by the compromise they made earlier.  I'm not saying that people bring this hassle and cost on themselves, but I am saying that it is a function of people not reading and understanding the fine print (like charges) before clicking on the big bright button that says "Register now"  In many cases the fine print may not even be there and this is definitely a case of dodgy dealing, but in many cases it is there and people just don't read it.
7) the domain resolution process is there to provide some recourse for people with a grievance.  I'm not sure where people got the idea that it was supposed to be a value for money proposition.  The same applies to bringing a case where someone has crashed into your car and the insurance company aren't interested because there are no witnesses or whatever.  You are free to bring a case, but it might cost you EUR5,000 in legal fees to prove that some dude caused EUR1,500 worth of damage to your car.  It's your choice to take the case or not.

I do sympathise with people who find themselves in this position.  There is no easy way out and due to the global nature of the internet and domain registrations there is also no *easy* legal way to pursue problems for the ordinary punter.

z


----------



## XXXAnother PersonXXX (22 Jan 2003)

*.*

Good summary Zag.

I'd like to add to point 7.
The 'Ransom' is generally marginally cheaper than the arbitration costs. Does this make the arbitration thing a small bit farcical?, at least for small companies or people who can't afford to hand over $$$$ for something they previously got for $35.


----------



## Tommy (22 Jan 2003)

*Re: .*

Thanks Zag for adding some much needed clarity and commonsense into the debate. 

I know that it would be wrong if all complaints such as AP's were accepted unquestioningly but unfortunately the "devils advocate" stuff sometimes goes too far on AAM. People just won't bother alerting fellow users to problems like this if they have to undergo a virtual cross-examination every time, being accused of carelessness and the like. Sadly we're becoming more like Morning Ireland every day...


----------



## Joe Nonety (22 Jan 2003)

*Re: .*

Speaking of domain registration, where is the cheapest place for registering .ie domains?


----------



## ClubMan (22 Jan 2003)

*Re: .*

Tommy - your didactism doesn't alter the fact that some of the contributors to this topic _were_ careless in providing inadequate contact details to the company through which they registered their domains. If I open a bank account but only provide them with the address of the holiday home in the Cayman Islands that I only visit every six months and then find myself overdrawn because they didn't send my statements to my house in Dublin then surely I am the one at fault! :rolleyes


----------



## Tommy (22 Jan 2003)

*Re: .*

Agreed, but that doesn't mean that we have to castigate them for making a simple and common mistake. Another Person freely admitted to making an error of being careless and pointed out to the rest of us the dangers of so doing. There was no need for anyone to "rub it in" as was done. 

Incidentally AP did not grumble about the fact that his domain was de-registered but rather that cybersquatters had attempted to extort money from him.

I followed AP's comment by recounting my own unhappy experiences with domain registrars and again found myself put "in the dock" by people who didn't know any of the facts of my particular case.

I know from other discussions that AP (like myself) has a fairly thick skin and can take most criticism without getting worried about it but I really wonder how many AAM newcomers are put off from posting because of our all-too-regular collective tendency to rush to judgement?

Didactism or otherwise, I think this is a point we should remember.


----------



## Joe Nonety (22 Jan 2003)

*Re: .*

After trying some attempts to register .ie, no matter what website I go to, they still ask for company name, Registered Business Name Certificate, etc. So how can a squatter operate with such stringent restictions?
Are there sites that don't require these details for registration of .ie domains?


----------



## Tommy (22 Jan 2003)

*Re: .*

The stringent (some say over-zealous) governance of .ie domains by IEDR means that cybersquatting is not an issue with .ie domains. A far more liberal regime applies to .com and .net domains, where cybersquatting is a serious problem.


----------



## ClubMan (22 Jan 2003)

*Re: .*

Oh - I meant _didactisicm_ by the way, but my pedantry let me down for once. :lol


----------



## didactic (22 Jan 2003)

*For once?*

Oh - I meant didactisicm by the way, but my pedantry let me down for once


And again,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

I'd check my spelling if I were you  :lol 

I agree though with the statement! Who was it that mentioned the thorn in the eye?


----------



## ClubMan (22 Jan 2003)

*Re: For once?*

Bossiness!


----------



## zag (23 Jan 2003)

*Re: .*

AP - it doesn' really make it a farce.  It is out of the hands of the arbitration people.  No matter what fee they set, the squatters will always set their price marginally below that.  This way, people will be faced with a choice of going to arbitration and risking losing or else paying less than the arbitration amount and being guaranteed to win.

I agree that it is a valuable service to bring this issue to light and I sympathise with your position.  Bringing it to light will hopefully save someone in a similar position some money next time their renewal comes up.

z


----------



## fatherdougalmaguire (30 Jan 2003)

*Where the Hell is My Website?*

Probably a little late but I just came across these on The Register:

Where the Hell is My website?
 Part 1 - The nightmare and the US system
 Part 2 - The UK system and what ICANN should do to be more like it
 Part 3 - A practical guide to making sure you keep hold of your domain


----------



## ClubMan (30 Jan 2003)

*Re: Where the Hell is My Website?*

*A practical guide to making sure you keep hold of your domain*

Points (1) and (2) ... ?

_Make sure you are listed as the Administrative and Technical contact ...

Make sure those contacts are correct..._

:lol


----------



## XXXAnother PersonXXX (30 Jan 2003)

*.*

Clubman - many domain registration companies still 'own' the domain you have 'registered'. You are in effect renting the domain from them. This is especially true if the registration cost seems a bit low.

When you want them to do any admin stuff, you'll get a hefty charge.


----------



## zag (31 Jan 2003)

*Re: Where the Hell is My Website?*

Dougal - thanks for that link.  It sets out pretty clearly why the whole business is ripe for shady dealers and why people who think they own or control their domain find out the hard way when they lose their domain without so much as a warning email.

Essential reading for anyone who relies on their domain for contact or sales.

By the way, it should be pointed out that the Irish system is slightly different and slightly less prone to abuse.  You only ever 'rent' your .ie domain from the .ie people.  You do this through a registrar in a similar fashion to that described in the articles.  However, in the .com and .uk system you can (in theory if you get it all right and do what it says in the articles like ensuring you are the techincal and administrative contacts and have enough technical knowledge) own your domain.  The problem arises when people think they own their domain only to find out that they never owned it and were only paying a registrar to manage it for them.

z

p.s. for reference the term domain refers to the .ie .com .uk .nz type of entity.  Everything else is a subdomain - askaboutmoney.com is a subdomain of .com - remember this and you remember that someone other than you controls a level above your subdomain and you always have to convince them to allow any changes to happen.  If you are the relevant contact for your subdomain then you should have no problem authorising the changes.  If your registrar or hosting company is the contact then you have to go through (and pay) them to make changes.


----------

