GoDaddy Holds Domains Hostage

saikou writes "There were previous reports of GoDaddy, one of the biggest domain name registrars, attacking Bittorrent sites with frivolous interpretation of their own Terms of Service (that story was resolved), and now similar events unfold with clients of one of Russian domain registrars Majordomo.ru -- GoDaddy has informed them that all 1399 client domains are now blocked (story in Russian) due to 'many of your domain names were listed in the Spamhaus.org blacklist or were resolving to a name server or IP address listed in the Spamhaus.org blacklist' with a demand of a neat '$199 non-refundable administration fee to the credit card on file for your account for each domain name you wish to reactivate' or $50 for each domain to be transferred out into another registrar. I am all for fighting spam, but given how unreliable spam black-lists are such actions simply damage the internet. Instead of affecting people that use spam lists to control the inflow of mail to some degree, all users are effectively forced to be black-list clients. Now all one needs to shut down a site is a few reports of spamming, and the domain (or even better, all domains of a given small registrar) will be suspended."

So Sad

[PingXao]

I just renewed a domain for 2 yrs with them and I sort of regret it. GoDaddy used to be a top-notch outfit. Low prices and no nonsense. These days it's low prices and lots of nonsense. Between the GoDaddy spam, other spammers they support via special arrangements, and their incredibly convoluted ordering and pricing schemes it's no wonder they're starting to plumb the depths of sleaze.

The thing is their prices are so great it's really hard to justify going someplace else. You can pay up to $35 a year at some of the boutique registrars.

Odd.

[beavis88]

GoDaddy is usually pretty good about pointing out BS like this (eg bogus .eu "registrars", companies taking advantage of domain registration cancellation grace period, etc). I don't much like their style of advertising, but otherwise, they have been a great company to deal with on my personal domains. I'm looking for a place to migrate my business domains as well; this story has given me some second thoughts...

GoDaddy did this to us, too!

[Anonymous Coward]

About six months ago, GoDaddy held 78 (yes, seventy-eight) of our domains hostage. They had all of our sites down (we receive approximately 2 million web server hits per day, about 160,000 unique sessions) for nearly 48 hours while we wrangled control of our domains back.

What was their excuse?

Someone outside of our organization had (for whatever unknown reason, as this is not our business) spammed using ONE of our domains as a the spoofed header-from domain. And yes, we publish SPF records. That wont stop idiots from trying.

Anyway, I personally spent close to one hour on the phone with their "abuse" people (ironic that they consider what we were doing abusive). I explained the situation over and over to no avail. We escalated to their lead "abuse" person. Same story. "Your domain was in a spam and we do not allow this"... When I would try to explain that it was not from us or on our behalf in any way, shape, or form -- we were curtly told "that's not what we've been told."

Now, I had also received the spam complaint. Their "abuse" ("abusive") people were going solely off what was written in this complaint itself. In ALL CAPS, the user cried bloody murder about "I DID NOT SIGN UP AND DO NOT WANT SPAMS FROM THESE PEOPLE"... GoDaddy did not lift one finger to actually investigate the situation and instead took the end users' word for it.

We had to get our lawyers involved. We had to fax them threatening letters. Finally, they so gracefully allowed us to tranfer our domains away from GoDaddy to another registrar for the very low highjacking fee of $50 per domain we were going to transfer.

Again -- this was not a spam from us, for us, or by us. It was a completely third party individual just randomly choosing our domain to spoof.

GoDaddy is a goddamn scam and I hope their company gets burnt someday. It would not surprise me if the spam was created by them for the specific purpose of looting their more deep-pocketed customers through these $50 "re-activation" fees. Month getting slow? Craft up another fake spam. Fuckers.

unreliable?

[Gary W. Longsine]

" I am all for fighting spam, but given how unreliable spam black-lists are such actions simply damage the internet. "

Assuming the problem referred to in the article summary is that of false positives, I think "unreliable" is really a misleading term to apply to the blacklists. Some of them are relatively reliable at their intended purpose--helping people reduce spam by blocking sources of spam.

The problems with false positives are really an externalized cost [wikipedia.org], which accrues largely to innocent and not-so-innocent third parties, since sometimes spam originates from IP addresses or domains where other legitimate traffic exits (innocently) but sometimes the owners of those domains are supporting the spam activity directly (not so innocently). Of course, some of the costs of blocked legitimate traffic accrue to the user of the spam list, but those folks are making a trade-off and pretty clearly feel the benefits to be worth the annoyances.

Regarding the central thesis that taking actions like these "damage the internet," may I suggest that in fact the odds of "damage" to anyone are probabaly quite low, assuming that the Registrar does proper due diligence before taking such actions. They should not take the mere presense on a blacklist as gospel, but should check the domains directly themselves.

I'm also amused at the likely effect of the "fee for restoration of service". Ticked-off innocent users will be unfairly charged, and are likely to complain very loudly. Such users will probably receive an apology from a help desk worker, and free restoration of service. Guilty users are financing their operation with stolen identity and credit cards and will probably just pay the fee using ill gotten booty. (Aaaarh, Matey! Make 'em swab the poop deck instead! [stanford.edu])

Too drastic measures

[skoval]

Working at hosting provider's support in Russia I often had to inform clients by sending e-mail's to often not valid addresses about abuse reports. Basically I get no resonse until their site has been blocked. But sometimes we even couldn't do that if abuse was for domain resolving to our customer's server.
Blocking ip's at registrar's layer for me is more preferable, but procedure of unlocking a domain is a bit frightening although. Mainly because of the response time.
And blocking so many domain names is unacceptable at all.

Re:Very dangerous precedent

[X0563511]

Yes. The registrar has no business doing anything but the following:
OK, your bills are payed. Now when people type A, A is resolved to IP B instead of C (a parking page)

It's the responsibility of law enforcement to enforce law. But, in your own argument, the site is hosted in an anarchistic country. We (and whatever country the registrar is based in) have NO BUSINESS imposing law or right/wrong on another sovergn country OR IT'S CITIZENS OR BUSINESSES. We can yell/scream/make noise/threaten as much as we want, but we cannot enforce our views on them.

Re:Extortion

[neoform]

Exactly, I had one of my domain names held hostage by them about 5 months ago. They told me they had received a complaint about spam for my domain and so I was required to pay $199USD. I told them to fuck off and wanted to transfer the domain to netsol, but godaddy REFUSED to allow me to transfer without first paying them the $200. I took me more than a month of yelling at their 'managers' on the phone who didn't give a shit about ICANN regulations before they allowed the transfer.

Godaddy's policies are terrible, they will do anything to make extra money.

Re:Very dangerous precedent

[Anon E. Muss]

You seem to have forgotten to indicate any reason why you would see this as acceptable.

I didn't forget -- I just thought it was obvious. For the benefit of the slow learners in the class, I'll repeat myself: Domain name registrars should not get into the content policing business. Today it's spam, which everybody agrees is terrible and should be stopped. Tomorrow it will be with some other type of disfavored content.

Why would you force registrars to act according to your will?

I see it the other way around -- the registrar is trying to force their will on me. GoDaddy is making a value judgement based on the content associated with the domain name. By disabling the name, they are removing my ability to access that content (yeah, sure, I could do it by IP address, but we have DNS for a reason).

Re:Very dangerous precedent

[NickFortune]

If you want to enforce that registrars cannot impose restrictions on their clients...

I rather read that as GoDaddy imposing restrictions on the clients of another registrar. That hardly seems like behaviour we would wish to encourage.

...then what kind of slippery slope are you encouraging?

Speaking of slipperly slopes, GoDaddy stand to make almost 300k from this stick up. I mean, it isn't as if this is going to solve anything, and it isn't as if GoDaddy are blocking them unconditionally. They're just saying "we want a slice of you're ill gotten gains or we drop all your packets.

The thing is, if we let this pass, that gives lots of registrars an incentive to start eforcing the law as they see it, and for material gain. That's going to encourage them to define ill-doing on the net loosely, since they get tp shake down more nets

Are you saying that the worst murderous mobsters can operate massive criminal enterprises on a website hosted in an anarchistic country and their registrar should be prevented from denying them service?

You're either trolling, or else you're taking way too much for granted here.

For example it's far from clear that murderous mobsters are involved, let along the worst sort (unless you define unsoilicited junk email as being identical to the unlawful taking of human life, that is). The criminality is open to question too since spamming is not (sadly) universally illegal.

And that's just the domains registered to MajorDomo.ru. GoDaddy are demanding money with manaces from all those domains. Unless Majordomo have some weird negative vetting process for thier clients, then the chances are that not all of them are crooks.

I can't see how GoDaddy have any ethical justification for their actions here, and I can't think of a single pargmatic reason why we should condone their behaviour

Simple solution

[Joe U]

Pay the $50, move your domains, chargeback the $50 and/or file a suit in small claims court.

They'll dispute the filing and keep pulling out parts of their license agreement to counter it. Dispute the agreement as being invalid. When all is said and done, you'll be out a few days of work, GoDaddy will have wasted a ton on lawyers.

(Disclaimer: I am not a lawyer, this is Slashdot, use common sense, this is not advice, you are feeling sleepy...sleepy...SLEEPY...you want to buy me a 50" HDTV.)

Re:GoDaddy did this to us, too!

[Britz]

So if someone fakes my email address in their spam I get burnt for it? I have some 3-letter email addresses that I registered way back then with what has now become one of the largest free internet mail providers in Germany. Nowdays I get a lot of returns on those, because spammers tried to spam an email address that does not exist any more faking my email address as theirs and the server is requiered to send an error message.

Glad I am not with godaddy. Otherwise I should delete those accounts.

Even worse if I had a popular domain name.

Would they block hotmail.com too, because they send so much spam?

Anecdote: Godaddy Has Impressed Me

[Apple Acolyte]

I'm going to have to go a bit farther in researching this matter than reading the headline, but my tendency is to give Godaddy the benefit of the doubt. That choice has been influenced by unfortunate events that gripped my father's organization. A year ago some former members of my father's organization decided to end their affiliation with us, except that they chose to attempt a hostile, unlawful takeover instead of forming a separate entity. This minor faction concealed considerable resentment for us prior to the break-away, and they believed that they would be able to easily compel us to acquiesce and hand the corporation over to them. Settlement would not come easily. Long story short, after a year long legal battle and a year's worth of high-priced lawyer fees, the other side got crushed in a pre-trail ruling and had to begrudgingly accept our (relatively) generous terms.

Now here's the Internet angle: A few months into the conflict, they started targeting our web hosts and domain registrars with unlawful DMCA notices and other underhanded legal tactics. We had been advised by one of our attorneys to go with Network Solutions instead of the smaller registrar we had been with since our domain's original creation; we chose to take the legal advice despite my grave misgivings. Predictably enough (given the myriad of horror stories about the company), Network Solutions locked down our domain on the basis of the opposition's lawsuit and refused to unlock it until the termination of legal proceedings. Plus, our domain was locked down while its DNS record pointed to a hosting company that also denied us service. It was terrifically devastating to effectively lose our domain and site for that period, as it had been our official domain since 1996. As for Godaddy, once our site got taken down indefinitely we transferred over to one of our secondary domains that was registered with Godaddy. Godaddy never took action against that domain - we never even got notice from them about the mater despite the fact the opposition obviously attempted the same maneuver against Godaddy that it used on NetSol. The only troubling thing about Godaddy's service was an automated message sent to us concerning an illegitimate challenge to our DNS contact information. Notably, the message claimed to give us only a few days to respond to the challenge before Godaddy would take action, which could have included registration deletion. We were able to take care of that issue with one phone call, and we were even given an unusually candid apology for the previous notice. Nonetheless, that experience was disconcerting. Despite that occurrence, Godaddy did not falter for us even in those adverse conditions, so I'll be staying with it unless and until it no longer merits my appreciation. (And for less important domains, I use the slightly cheaper 1and1.)

Spamhaus blacklisted Google GMail. :-(

[JohnWasser]

Mail Delivery Subsystem to me Jun 15 (2 days ago)

This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

        xxxxxxx@frontiernet.net

Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 554 Sorry, your mail server (py-out-1112.google.com[64.233.166.178]) is rejected using sbl-xbl.spamhaus.org. See http://postmaster.frontiernet.net/error.html#sbl-x bl [frontiernet.net]

    ----- Original message -----

Received: by 10.35.115.18 with SMTP id s18mr2328477pym;
              Wed, 14 Jun 2006 21:52:32 -0700 (PDT)
Received: by 10.35.97.6 with HTTP; Wed, 14 Jun 2006 21:52:32 -0700 (PDT)
Message-ID:
Date: Thu, 15 Jun 2006 00:52:32 -0400
From: "John Wasser"
To: "xxxxxxx"
Subject: Re: printer setup repair
In-Reply-To:
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References:

Re:this is ....

[AuMatar]

THe problem comes when you have multiple customers. Its fine for you to say your VOIP is more important than your torrent. Its not ok for your VOIP to be given priority over my gaming- we're paying the same amount, you have no right to higher priority. Not to mention that it would be pointless to try- people would just start wrapping other traffic over whatever the highest protocol is.

Re:Spamhaus blacklisted Google GMail. :-(

[Wavicle]

This "evidence" appears to be fabricated. The IP address 64.233.166.178 is in fact not listed on Spamhaus at all:

The fact that it isn't listed NOW does not mean it wasn't listed THEN.

I have had spamhaus block email from yahoo too. It has been for me quite a conundrum deciding if the the false positives spamhaus gives outweigh the true spam it blocks. They do generally fix these within a couple hours, but it is really frustrating that during those couple hours, all email going to my mail server from yahoo is getting bounced because someone or something at spamhaus caught someone sending spam.

Re:This story is pure bull-crap.

[saikou]

Funny but your comment seems to be a typical response from anti-SPAM vigilante that prefers to blacklist everything, no matter what the real situation is.
I included in the article link to black list of Google mail relays. Would you like your Google mail be blocked because someone claims that Google is a safe haven for spammers as it "either sent mail to our spam traps or we received reports from our members of spam"?
Oh, I forgot. You work for an ISP so you don't care. But it would be interesting to see your reaction if your whole subnet gets blocked because ISP on the adjacent net got flagged as "does not react to SPAM reports" and block list would escalate original listing to a bigger subnet. I am sure you have enough time and money to quickly move to another upstream provider in a blink of an eye. Or somehow magically clean up your particular subnet over typical "Oh, but you're too close to spammers, you must be spammer yourself!" battle cry.

This particular article was about GoDaddy relying on Spamhouse for deciding what accounts to block until $50/$199 fee is paid. There are tons of discussions about black list reliability and false positives. Primary difference with spam flagging/blocking is users chose to do it. But here someone else made the decision and demanded payment.

Would you like Google.com to suddenly disappear from the DNS because Spamhaus flagged some of their IPs as "sending spam"? I am sure you would.
 

Re:Very dangerous precedent

[Anonymous Coward]

Hopefully I can provide a little insight into how GoDaddy "thinks" since I worked there for a couple of years. The entire company is micromanaged by the CEO Bob Parsons. You could replace "GoDaddy" in the article with "Bob Parsons" and be entirely correct. If GoDaddy does something, it's because Bob made it so.

If you've seen Bob on TV he comes off as likable and personable character. In person, he's a lot different. He's a pretty angry guy who rules by fear. I left GoDaddy for a better opportunity, but I did see a ton of people get let go for arbitrary reasons. We had something like a 300% turnover while I was there (not including the call center). I know that he has pissed enough people off that they take physical security very-very seriously for a relatively small outfit. I'm not talking about securing the servers, I mean a dozen guards (for two entrances), metal detectors, random bag and car inspections and a card entry system that makes it a challenge to just get to a bathroom.

Bob's a hard-core ultra-conservative Republican. Pro-Bush all the way. Do you remember the NBC(?) footage of the unarmed, incapcitated enemy combatants being shot at that mosque in Iraq a while back? Bob came right out and publicly praised the marines in his blog. He later toned down his language, but it is something to keep in mind when thinking about how GoDaddy justifies charging $199 to get back a $6.99 domain.

This all being said, I still purchase all my domains from GoDaddy. They are cheap and customer service is good -- but there is no way in hell that I would post this non A/C.

Re:a company selling $2 domain names is shady!!!

[Anonymous Coward]

What uninformed people. Registrars have to pay $6/domain. Selling domains for $2 is selling them at a *loss* of $4 each. No way to stay in business doing that unless you're making it up somewhere else.

This little episode reveals one of the ways they're making up the loss.

the problem isn't spamhaus

[alizard]

It's godaddy using spamhaus for purposes no sane person would believe is a good idea. AFAIK, there's no way a domain service provider can check in advance whether or not any given domain name applicant is or is not a spammer, anyone on the ROKSO list can use a fake business name in order to get a domain.

Gaming what godaddy's doing to unjustly shut down a domain (or in this case, 1399 domains) is just too easy.

Imagine having a legitimate website and having it shut down because godaddy has shut down your domain service provider. There are probably several hundred Russians in that position right now.

Best registrar...

[SonicSpike]

...by far is DirectNIC.
$15 and no bullshit.

To me they are like the Google of registrars - "do no evil".

They even are based out of NOLA and had very little if any downtime during Katrina. You can read about it and see damage to their building here:
http://interdictor.livejournal.com/ [livejournal.com]

Re:GoDaddy did this to us, too!

[Anonymous Coward]

You should have just stopped threatening them, and just sued them into oblivion for lost revenue and punitive damages, and loss of potential revenue. Just check Go Daddy's SEC filings for their Gross revenue and triple that. I'm sure your accountants and lawyers could work a little magic and make your proposed number look legit.

Re:a company selling $2 domain names is shady!!!

[tarpy]

"(And just because your TOS has a clause allowing you to do so doesn't make you not-evil..)"

Um, why? Seems to me they're telling you what they'll do, and then they go and do it. One assumes you agreed to the TOS and service contract, so, how, exactly is it evil? Bad business practice, yes, evil, no.

Re:Shows what you know

[UnrepentantHarlequin]

Will GoDaddy reimburse the fee that you shouldn't have had to pay, should it be shown that your domain was not being used nefariously? I somehow doubt it.

I wouldn't doubt it in the least.

As it happens, I'm a GoDaddy customer. I've also dealt with Network Solutions and MelbourneIT. GoDaddy stands head and shoulders above both of those big-name, big-rep registrars in terms of service, value for the money, and especially ethics. It wasn't GoDaddy who refused to give Panix their domain name back when it got jacked due to Melbourne's own sloppiness. GoDaddy doesn't send out fake "rewnewal" notices for domains owned by other registrars. And it certainly wasn't GoDaddy who tried to convince us SiteFinder was for our benefit. I'm not saying GoDaddy is a bunch of saints -- they're not, they're a bunch of businessmen -- but they're head and shoulders above the competition, ethics-wise.

They're also the only registrar I know of, and one of the damn few businesses of any type, where you can go yell at the big cheese personally. Bob Parsons and I have exchanged words a time or two via his blog. I suspect if I called up GoDaddy and wanted to talk to him, they'd put me through.

Oh, as to how they can sell domain names below cost: The actual offer is a domain for $1.99 when you buy a non-domain product, such as a hosting contract. They make money on that in exactly the way the Friendly's down the street from me is making money off a free ice cream sundae when you buy a chicken platter. Nothing shady about that, just a "buy a big thing, get a little thing cheap/free" deal like millions of other businesses offer every day. They make their money off of regular priced domain names (not much each, but their volume is incredible) and all of their other products and services, from software to hosting.

No, I don't work for GoDaddy, I'm just one of their customers. All the money flows from me to them, not the other way around. But I just got sick of all the speculation, insinuations, baseless assumptions, and general-purpose bashing from uninformed people who know nothing more about GoDaddy and its business practices than what they read in Slashdot comments.

I don't read Slashdot much anymore, and this kind of thing is one of the reasons why. Come on, guys, we're better than this. Or at least we used to be.

Re:Shows what you know

[Achromatic1978]

Okay, I /personally/ own 12 domains through GoDaddy. I own two through Melbourne IT. I know technical staff at Melbourne IT, too, and know more about the Panix calamity than most people here do.

But what amuses me about this is that you have the idea to berate people for attacking GoDaddy for this, on the grounds that "they're not as bad as other registrars", and that you defend the ethics of a company arbitrarily deciding that your domain is being used for nefarious purposes, /on the basis of/ one of their resellers having sold other domains which were used for nefarious purposes, and charging a $200 fee to allow you use of your own domain, regardless of whether or not you actually did something wrong. That's not even remotely ethical, and is not any more defendable because you could personally yell at Bob Parsons, or because it wasn't GoDaddy who decided to push unresolving domains to their service.