Tell HN: Never search for domains on Godaddy.com

There's a detailed response here: https://www.godaddy.com/garage/godaddy-felons-io-unregistere...

currently discussed at https://news.ycombinator.com/item?id=24523901.

Ted from Namecheap here.

I cannot speak to GoDaddy's practices. However, I can say that for Namecheap, this is not something we would ever even consider doing.

In my experience though, lookups are more complex than most think. We are querying so many different sources to give you availability status, some of which are less reliable than others. For example, with smaller TLDs like .ai or .is, lookups may be less reliable than a well-oiled machine like Verisign, which operates the .com and .net TLDs, among others. As a result, sometimes with a less reliable registry, there can be false positives, resulting in the registrar showing a domain as "available" when it is actually registered.

In addition to registry connection reliability, there are also many different aftermarket sources that registrars often pull from. You know when you see a Premium domain (registered and usually higher priced) in search? That could be coming from any number of 3rd party aftermarket platforms, which also can have varying reliability and/or stale listings.

Lastly, you have to consider that some registrars handle the "drop window" differently than others. If a domain deletes and is removed from the zone, ergo, becoming available again, some registrars have a buffer period before they show it as available again.

It does not appear that Felons.io had ever been registered before, which makes this case pretty strange.

They are a bigtime scammers. Recently was assisting a friend to get access to a domain name which was registered in godaddy. They scammed him for a couple of hundred dollars for contacting the domain owner to get a deal on the domain and eventually nothing happened. Not even a mail was sent on behalf the scammed money as we found that the domain was owned by another friend and eventually got it transferred. He confirmed that he has not received any mail from godaddy's domain buy service since the contact was under privacy protection. Another scamming method to siphon money from people.

To make it more clear, if you need a domain which is registered in godaddy and has privacy protection enabled, please do not pay money to godaddy to broker a deal on behalf of you with the existing domain owner. They take huge sum of money, do nothing and stop responding. It's like giving your hard earned money for free to these godaddy scammers. One of the worst registrars and I don't want to open another can of worms with their really really bad service (hosting, emailing and all such services!)

Back when I was in college, GoDaddy let my at the time close friend break into my account and steal several of my domains, including https://strategywiki.org. This was while I was on an overseas study and couldn't regularly check in. GoDaddy gave me no recourse to dispute.

He had server access because I trusted him. He wasn't supposed to have access to my domain account, and I didn't share my credentials.

I had another friend on the account because I was paying for his domain and wanted to let him administer DNS. They conspired together and were able to leverage this access and the lack of account ACLs to transfer everything away.

This was well over a decade ago.

They never invested in StrategyWiki, so it never realized the vision I had for the site. I had started to pay contributors and invest in content to bootstrap.

This guy came from the MediaWiki purge of video game guides and felt like he owned and deserved the site, despite the fact that I had created most of the original content. He was ten years older, well paid, and threatened me with a lawsuit. I was a college kid and couldn't do anything.

I learned a hard lesson. It's stuck with me.

This sucks and I feel for you. But the sad fact is that domain registrars have been doing this ever since domain names became big business in the 90s.

As a PSA to everyone, you should only ever use whois in a terminal window to see if a domain is available.

It's included with macOS, Windows (?), Linux or any other OS anyone's likely to use. [Edit: a reply says it's not included in Windows. It seems you can download it free here: https://docs.microsoft.com/en-us/sysinternals/downloads/whoi...]

I guess ICANN's lookup tool (https://lookup.icann.org/) is probably more trustworthy than commercially operated ones; it would be a terrible look for them to engage in this practice.

But I always feel much safer using whois in a terminal than any website that can see what I'm searching for.

This is a scummy move. In the industry I work in, we call this front-running and it’s a criminal act. If the same laws applied here godaddy would be looking at a nine digit fine and jail time for whoever thought this is a good idea.

I had this happen as well in the past when researching domain names for a new product.

Pro Tip: Stay the hell away from GoDaddy for everything. I've had the unfortunate task of managing a server hosted with them and it's been consistently awful (ex. I literally cannot upgrade PHP because the VPS doesn't support it and there is no upgrade path without spinning up an entirely new VPS on a different, and of course more expensive, plan). The constant upsells on garbage are basically predatory at this point, too.

Called domain front running

https://en.m.wikipedia.org/wiki/Domain_name_front_running

I faced this ~6 years ago. Someone hired me for a project, at some point he told me some domain names he had in mind, and we looked them up together on Gandi, GoDaddy and other registrars to see prices and what was available. The next day he called me in shock, asking me why I bought the domain and if I'm trying to steal his company, etc (nobody else knew the names). Of course I didn't buy anything, we checked the whois and it was registered for GoDaddy... That was a quite bad experience...

This is just part of a long line of scummy practices by GoDaddy in its history. Bad PR for GoDaddy constantly popped up in tech news sites ~15 years ago, but it was never enough to stop their aggressive marketing. Still, I always wondered why anyone in tech would use them. Y'all know what they're capable of and what they do. Don't support that.

Some TLD registries have policies to prevent registrars from front-running their clients by squat-registering their domain searches.

But, if you're working in a TLD where Freedom<tm> is more important than actual free markets, do your domain checks against the root servers yourself with dig +trace.

I never experienced this, but I did wait too long to buy a domain. After I checked if the domain was available(it was), I started building the website. A month later the domain was bought by someone who eventually made the same thing I wanted to make.

My current process for checking if a domain is available is pretty basic. I first check it in the browser. If Firefox can't find it, then I use the `whois` command. If there is no match for "example.com" then I decide if I want to buy it, before starting to build anything. If I do decide to get it, I go to Hover.com do a final check and press "Add to cart".

These days, for me it's better to spend $15 on a domain that might not get used, than to regret not buying it.

I learned this _years_ ago that Godaddy will steal your name for fun and profit. As the HN comments confirm, there are several shady outfits that do the same thing.

For years, I've gone to ICANN directly to check domain name availability: https://lookup.icann.org/

GoDaddy responded to this thread in the article here: https://domaininvesting.com/godaddy-still-not-frontrunning-d...

> “GoDaddy never has and never will register domain names based on customer searches. This is an unethical and predatory practice that runs counter to our mission of helping people bring their ideas to life online with the best possible domain name.”

And it's free for GoDaddy to do this: https://www.icann.org/resources/pages/epp-status-codes-2014-...

Wow, this is a blast from the past. I know Godaddy got busted doing this years ago. I forget whether they were sued or just hounded with bad P.R. but I thought they promised to clean up their act. I wish I could find the article now, but Google only pulls up stuff from the last year or so.

I have a similar sorry about the scuzziness of GoDaddy. When Apple first announced the Swift programming language at their wWWDC i immediately went to GoDaddy to register every Swift related domain I could think of - learnswift.com, swift-tutorial.com type domains. I added several and in the process of checking out (which used to be like 7 steps as each step along they way they tried to trick you into buying something else), the price of the domains went from $14 each to $2000+ each. They had suddenly realized the value of the domains while they were in my shopping cart and raised the price.

Another GoDaddy sucks story, which happened to me several times before I dropped them. Good luck canceling an SSL certificate - they will still treat it as a valid SSL very that needs to get re-cert’ed every year and they’ll charge you full price, $79, up to 3 months ahead of its expiration! I’m 100% positive I canceled an SSL very and ensured it was removed from my Renewals and of course, they still charged for a renewal.

This happened to me too. I was searching the domain on a variety of tools to make sure it wasn't like, secretly a swear word in another language or whatever, then a couple days later it was registered by GoDaddy. I wasn't sure which tool leaked it, or whether that was actually GoDaddy or their domain holder protection. But it was pretty annoying.

And they registered it for two years.

I used their broker service to buy a really expensive domain via a client (squatter).

They ranted about how it's done totally anonymous and had to do all the communication.

They transferred the domain to us revealing the seller's WHOIS information (email, phone, name, address).

Ended up being someone literally walking distance from me in Washington, DC. So that's some crazy sketch dangerous behavior... I couldn't imagine what would happen if they sold to a really pissed off client. People are crazy over their company and personal names. Like hello incoming pissed off dude who just forked over multiple $xx,xxx to a squatter and now has their address.

Then I couldn't replace the WHOIS information because you needed the seller to confirm via their WHOIS email (GoDaddy support could not understand this / or I suck at explaining).

I almost just called the seller up, but instead finally found out GoDaddy allows you to bypass the WHOIS process with the email of your GoDaddy account.

Disaster. Don't really buy domains anymore but probably Cloudflare or bust at this point.

GoDaddy has been a bad actor for as long as I can remember.

This thread is a good indicator of how/why they keep doing it though. Every time I start to think people have finally caught on an realized how GoDaddy treats customers and potential customers, I see a new case of someone seemingly unaware of their vast history of stuff like this.

We think it is easy to disseminate information on the internet, but in the end it is really hard to really get anything into true general awareness.