SOHO : Small Office Home Office
Freeware - Opensource software tips, tricks, tweaks & fixes for managing, securing, improving the performance of SOHO Desktop, Laptop, Networks

Sunday, November 15, 2009

10 things you MUST know before you register a domain name with anyone

10 things you MUST know before you register a domain name with anyone

A domain name insider speaks out and blows the lid off of the hidden "gotchas" domain registrars use to leverage your domains, your traffic and your money to their advantage.

General practice tricks

1. "transfer-out" fees
Buried in the fine print of a registrars' "Terms of Service" will be a hidden fee authorizing them to charge your credit card a "transfer-out" fee if you move your domain to another registrar. Often times, this transfer-out fee is 2 or 3 times the cost of the original registration.

This practice violates the ICANN policy on domain transfers. In most cases if this happens to you a simple call to your credit card company will have the charge reversed, if you notice. Registrars who use this practice play the numbers game as many will not.
2. the fine print from hell
Most people (read: nobody) actually reads the long, odious Terms of Service for anything they buy online. Some registrars bury truly chilling things in these terms like the aforementioned "transfer-out" fees and in one mind-boggling case a "power-of-attorney".
3. "Pay-as-you-go":
This is where you make a multi-year interest-free loan to the registrar. It works like this: You register a domain with them for example, 5 years (perhaps to obtain a discounted rate), you expect your domain name to be registered for 5 years. Think again, some registrars will pay the registry for 1 year and pocket the rest of your money.

Then for the rest of your five year term they'll renew each year for one year. Usually this is coupled with a strict "no-refunds" policy, so an odd situation occurs: they stand to make more money from your original registration if they lose you as a customer before your full 5 years are up, so providing poor service to the point where you leave actually adds to their bottom line.

You can use a Free whois lookup tool like EasyWhois to verify the real expiration date for your domain. It should match up with the number of years you paid your registrar for.

Whois database scams

4. whois edit fees and locks
Every time you register a domain name, the details of that domain registration must be published in a publicly accessible database called Whois.

One of the functions a registrar is supposed to be providing to you is the ability to change those whois records. Some registrars (especially the bargain basement outfits) register your domain for a dirt-cheap price and then ding you with an "administration fee" when you want to edit your Whois record.

Some others may also "lockdown" your domain for 60 days everytime you make an edit to your record, preventing you from moving the name out to another registrar.
5. premium whois privacy services
Because your domain record is public for all to see, some registrars want to upsell you to "privacy services" or "whois masking", "private registration", where they put their own info in the whois record instead of yours.

The important thing to know here is that in the eyes of the domain Registry to which all the Registrars interact, and the Registry's oversight body (like ICANN, or in Canada, CIRA), whoever is listed in the domain whois record as the domain Registrant is the legal owner of the domain name. Keep that in mind, if you use a service like this, they own the domain, not you, notwithstanding whatever contract or Terms of Service you enter into with them to "own" this name on your behalf. If it lands in a dispute proceeding it will be an open and shut case: they own the name.

Taking it one step further, some "privacy" services will get you to sign up for the whois privacy service and then they turn around and happily offer to sell your true data to anybody else who cares to pay for it.
6. mining whois and domain slamming
Because all the data is there for the taking, spammers and marketers "mine" the whois database and harvest registrant data including addresses, fax numbers and email addresses. This is a real problem, and there have been very slow moving Whois database reform processes creeping through ICANN as well as CIRA in Canada.

In the meantime though, people may wonder why is it that shortly after they register a domain name, they start getting all kinds of marketing spam in their mailbox. This is because their email address is being harvested by robots from the Whois database. There is a free service to protect your email address called

The variation on this is some registrars (and there is one outfit who is particularly notorious for this) which is mining the whois database for registrant information, and then mailing out what look like renewal invoices for either those domain names or variations of them.

Unsuspecting recipients think they've received a renewal invoice on their domain and then remit payment, initiating a domain transfer without realizing it. Surprise, you've been slammed. In the worst cases your website and email comes crashing down as your DNS services terminate with your old provider.
Domain lock-in
(a.k.a You can check out any time you like, but you can never leave)
7. the registrar-lock
There has historically been a real problem with "domain slamming" (see above) and unauthorized domain transfers, so the "registrar-lock" was created to protect a domain against this. If the registrar lock is set, nobody can transfer your domain away from you. This is actually a good thing and best practices include having this set for all your domains. The sharper registrars enable it by default when they register or transfer a domain for you.

Alas, this lock can become a real problem for you if it is turned on and the registrar will not turn it off, or give you the ability to turn it on or off yourself.
8. the domain auth-code
Some of the Top-Level-Domains (TLDs) run on a protocol called "EPP" and to further guard against unauthorized transfers, a domain must have an 8-character auth-code supplied before it will transfer. Current examples are .BIZ, .INFO and .ORG. The current or "losing" registrar holds this code. You need it if you want to move your domain away. Hopefully they will give it to you.
Traffic and monetization scams
9. domain parking
You may not know this, but domain parking is big business. You know, when you click on a link somewhere or make a typo entering a web address and you wind up on some crapola "search page" optionally throwing up a million pop-up ads? That is a parked domain and the larger players can park thousands of domains and make literally millions of dollars "monetizing" them via domain parking.

You know who has access to thousands of domains? Domain registrars. Some of them offer domain registrations and rock bottom prices just so they can monetize the parked names. This may not bother you, but some people don't realize they're paying for something their registrar then uses to generate more revenue for themselves.

(Update: since the time of writing one registrar in particular rolled out a "Make money from your domains' parked pages" initiative, which surprised me since I knew them to be one of the biggest parked page monetizers around - they make millions per month monetizing their customers' parked domains - until I looked at the details: Packages start at 3.99/month. They are actually charging their customers for domain parking monetization. What audacity. If you actually have a domain that's actually worth something parked, take it to a parking service. They pay you to park your pages. Not the other way around).
10. "free" URL Forwarding
Some people may wonder why the price ranges vary so much for domain registrations and what the difference is between somebody who offers everything but the kicthen sink for $2/year while others charge more than 10 times that much for basic DNS and URL forwarding.

Well the low cost one often has other tricks up their sleeve for making money, either by adding your domain to their parked pool (above) or in this case, they offer "free" URL forwarding for your domain, and then sell pop-up or pop-under advertisements on your domain. You know, those things people like so much.
Bonus item:
11. Domain Front Running
This is where a domain registrar or an intermediary (like a domain lookup site) mines the searches for possibly attractive domains and then either sells the data to a third-party, or goes ahead and registers the name themselves ahead of you. In one case a registrar took advantage of what's known as the "grace period" and registered every single domain users looked up through them and held on to them for 5 days before releasing them back into the pool at no cost to themselves.

Again, there are domain lookup sites like EasyWhois which have a "Guaranteed No-Frontrunning" lookup policy.

There are many gotcha's in the arcane and Kafkaesque world of domain name registrations. There is no free lunch, the rock bottom priced domain registrar has other plans to boost their revenues and at the end of the day a good rule of thumb is....
You get what you pay for
So if you want to register your domain with a registrar who doesn't play any of these games, a domain registrar who:

* never hides any fees
* pays the registry for the same number of years you order, up front
* gives you direct, unfettered access to your whois records, your registrar locks, your auth codes and even total control over your domain's DNS settings like hostname records, mail exchangers and nameservers
* offers a free whois email privacy service and will never sell your data to a third party
* who doesn't "monetize" your domains
* who never "front runs" prospective domain searchers
* a domain registrar who answers the phone and basically doesn't try to upsell you or sell you a bunch of services you don't need or want, who is courteous, professional and has over 10 years experience providing rock solid domain and DNS services...

Then you want to be dealing with these guys :


No comments:

Post a Comment