I wanted to take this time to talk about a common scam that is used to attempt to take over your domain, and also how to counter this attempt. There are many scams to scare people into transferring their web domains, and sadly, it works or they would stop, especially after penalties and orders from the FTC. In this article, I will help you to understand how to protect your domain from scammers.
I was thinking over the article that I could write for today when I received a wonderful letter in my mail box. The letter was from Domain Registry of America and they were announcing that this domain was ‘due to expire in the next few months’ and that if I switch today, I would ‘take advantage of our best savings’. The note says that if I renew the domain, it would be $35, which is a sad joke being that my domains (Yes, Murhost is a domain administrator) cost $12.50/yr with optional privacy ($10/yr). The letter went on to say that:
Failure to renew your domain name by the expiration date may result in the loss of your online identity making it difficult for your customers and friends to locate you on the web.
At least they now announce that the notice is not a bill (they used to show like they were a bill). They do say that you have the choice of registrars….though I am not sure why you would pay inflated prices for scrupulous service!
Lets go ahead and talk about these scams a little more.
Who Is the Target?
I am not sure how they determine who gets these letters. In my experience, they usually go to people that can confirm are elderly, religious groups, or people in small, non-tech businesses. I personally believe that these targets are selected due to the fact that people in these settings are likely ignorant about how domains work and what their rights are. It is very frequent that I get requests to look over one of these letters that is received by a church, ministry, or friend. If you are unsure about a letter you receive, contact your registrar, or you could email it to me and I will advise you what it is, or else look at the information on the Domain Names Scam website.
What Are Your Rights?
First, we need to understand registrars and administrators. A registrar is a company that actually processes and holds a domain for the period of time that you pay for. A domain is never ‘owned’ in a sense, but rather, it is ‘rented’. When a regular customer goes to a website to get a web domain, they are actually purchasing the domain from an Administrator. The administrator in most cases profits a little bit off the sale of the domain, and they in turn register the domain from the registrar where they have an account from.
Now, it is true that in most cases, you do not need to have your domain registered from the place where your website is hosted at. There are exceptions to this ruling, particularly a company that offers free hosting in exchange for a domain purchase. Most companies, including Murhost, when a hosting account is created, you can register a new domain, transfer a domain, or just point the domain. Pointing the domain means that it is managed from another company. What Domain Registry of America is doing, is trying to get you to transfer your domain to them at an extra fee. This is a mistake, especially since many hosting companies offer a free domain with a hosting package.
What Can You Do?
If you have received this letter, you might be wondering, ‘how did they find me?‘ When you register a domain, you are required by an international agreement to have up-to-date contact information. These companies sort through websites, and when they find a good target, they do a domain check somewhere like WhoIs lookup. If they find that the domain has the persons personal contact info, they add that domain to the marketing list which automates sending of messages a few months before expiry. The hope is to rope people into transferring where they make money on price gouging.
So what can you do? Most domain administrators have privacy protection for around $10. You might get protection directly from the registrar, or you might get it from the administrator. What happens with protection is that although you have the contact info up to date, it is always hidden while privacy is activated. When a WhoIs search is conducted, you will see either the administrator contact information or the registrar contact information. This will block the majority of these scams, but I did have the case where a ministry received the letter based on contact information on the website.
The bottom line is to be careful. If you are not unhappy with your registrar, ignore any such requests. If you are unhappy with your registrar, search for a better one and ask your friends. Do not reply to unsolicited letters to transfer your domain.
Any questions, let me know in the comments!