When I first started buying domains, I used GoDaddy because someone recommended them and they had a sale. Their website was more complicated than it needed to be, and everything loaded very slowly. When I tried Namecheap next, I found out it didn’t have to be that way.
Namecheap is less expensive, and offers free privacy protection with every domain purchase, transfer and renewal, and has a really nice control panel for managing domains, and a super spam filter that changes your random fake email address in who is as often as you like (up to daily). It’s all straight-forward, economical, and so far not a hint of a problem. I was content to just transfer my domains as they expired over to Namecheap, and chalk to GoDaddy experience up to lessons learned.
Until GoDaddy refused to release one of my domains. Here’s how it happened.
Last January, I registered two domains, a day apart from each other, with privacy protection. I supplied different email addresses with each of them. Later in the year, one of those email addresses became invalid, so I carefully changed it everywhere on the web I had used it. Including GoDaddy. But not including their sister company, DomainsByProxy. I didn’t realize I needed to use a separate control panel to do that, and I got no email notification about it. Interestingly, if you call GoDaddy and ask how to get in touch with DomainsByProxy, they say, “You’re talking to them – it’s the same”. But not when it comes to your customer information.
Do you know what the procedure is for changing your email with DomainsByProxy? You have to fax (on a totally unsecured line) a photo government ID with your current address along with a form to prove you’re you. Now, what’s the point of keeping your identity off WhoIs if you’re going to fax your driver’s license willynilly to whatever person at their office – assuming you don’t accidentally dial somebody else – looks at it? Does GoDaddy/DomainsByProxy take responsibility for employees who might use license numbers to rig up a sweet little identity theft scam? That’s a rhetorical question: of course they don’t.
And I’d a lot rather lose a domain than thousands of dollars due to identity theft. Add to this the problem that I don’t have a government photo ID with my current address – my state is one of those brilliant ones that just sends you a sticker when you move, instead of a whole new ID. At no point was there ever any way I could have changed my email address with DomainsByProxy without buying a passport I don’t need. And if I had bought the passport, I’d have been forced to expose it insecurely and put at risk my legal identity. And that’s my major complaint.
So the one transfer – of the domain where I never used the eventually expired email address – went through just fine. But for this one, I wasn’t receiving the email to confirm the release of the domain because it was going through the old email that DomainsByProxy had, instead of the new one that GoDaddy had had for months. I eventually managed to log in to my DomainsByProxy account using the email address on the domain that did transfer, and turn off privacy for the domain, which eliminated that problem.
But in making that change, I triggered another little security feature GoDaddy employs to prevent
you from transferring your domain away from them terrorists from stealing your domain: you can’t transfer a domain if any changes have been made to it within the last 60 days.
Excuse me? It’s my domain. GoDaddy is satisfied that I’m me on the one domain. But they’re going to “protect” my other domain from myself? And is there a human being in the entire company who can override this system when it’s so obviously not needed in a particular case? No. And if I let the domain expire with GoDaddy, they have something where they keep your domain name reserved 60 days after expiration, so you can’t just buy the domain through some other company. That’s interesting, isn’t it? Reminds me of… oh, I don’t know. Squatting?
The one domain is happily transferred to Namecheap, where it’s privacy protected for free and already the spam has stopped overnight. But I was forced to renew the other domain with GoDaddy, all because in their alleged obsession with security, they provide no secure way for a customer to change email addresses. Could they give me a discount? Oh, hell, no. Naturally, even though I paid for a year, I will be transferring the domain to Namecheap as soon as GoDaddy’s craptastic system allows. This morning, of course, I got an email thanking me for being a loyal customer and offering me a discount on any domain renewals.
I promised GoDaddy’s customer service reps some bad publicity, and here it is. Do yourself a favor. When a company tells you everything they’re doing is for your security and everybody does this, then offers you nothing but insecure ways to make changes, don’t buy the hype. There’s something else going on there. When I first started out, I bought 3 domains through the hosts I hosted them with, having no idea you could do it all separately. When I transferred those domains to Namecheap, I had no problems. Every domain I’ve ever transferred from GoDaddy has been a hassle – and never quite the same hassle – they define so many things as problems that it’s easy for them to “deny” transfer requests.
This is not something all registrars do, and I don’t believe for a second it’s for my security. It’s just GoDaddy. Don’t let them tell you any different.