Domain Name Horror Stories For Halloween

By Mike Maddaloni on Sunday, October 30, 2022 at 09:26 AM with 0 comments

photo of Halloween zombie graveyard

There's no better preparation for Halloween like good horror stories. A few years ago I shared some spooky stories of Web site content horrors. So forget getting trapped in a car and hearing scratching sounds on the roof, as these stories of misadventures with domain names will certainly curdle your blood! Names have been changed to protect the innocent... and frightened.

Gone Killin'

Preparations were going well for the launch of the new Web site. In our weekly meeting we agreed we could confidently schedule a launch date and all marked our calendars. When launching a new Web site with different hosting than the current site, changes are required to the domain name settings (DNS) of the domain name. In the case of this client, the domain name was managed by their current hosting vendor. Knowing this at the beginning of the project, I tried to convince the client to transfer the domain name to their own domain registrar account. Sadly, my advice was not heeded, and that decision almost came back to haunt them.

With the date in hand I contacted their current vendor, who was aware of the project, told him the date and asked for confirmation he could make the necessary DNS changes on the launch date. He acknowledged, though I left the call with a queasy feeling, one I felt after most conversations with their vendor. It was a combination of what he said and how he said it - always very casual and somewhat dismissive. "Yea, I can do that" with someone whom I've yet to have a track record with doesn't give me a lot of confidence, but it's the best I can work with. I decided to send multiple reminders leading to the launch, all of which he responded to in the affirmative.

On the launch day I contacted their vendor with the DNS change information – I sent an email and followed up with a call that went right into voicemail. The email had a read receipt request I never got. I gave it about an hour, and then called again, and got the same voicemail. In the interim, several times I checked if he just made the DNS changes and failed to reply to me, which wasn't the case either. I then called the client to tell them the situation. They were prepared for this as I had shared with them my gut feel on their soon-to-be ex-vendor. They then gave me his mobile number – he was a small operation - and I called, again with no answer. This was followed by a text message and another call, which was answered.

In short, he forgot he had to do this and since it was a nice day out he decided to go fishing. Where he called from had poor service plus he did not have a computer and as he was out on a lake. But he said he would be able to take care of it later in the day, the time depending on how well fishing was going. After I hung up I decided I still needed my phone and throwing it across the room was not prudent. I called the client back and told them my news, to which they reluctantly accepted as we both knew we were at his mercy.

Later in the evening he made the changes though he did not call to tell me he did it. In subsequent days, after the shiny new Web site was up and running, I later facilitated the client transferring their domain name away from this scary vendor.

Frankendomain

As I monitor domain names and Web sites for my clients, I was alerted a Web site went down, and upon further review I found the domain name had expired. Unfortunately this is a common occurrence, but one that can be quickly remedied by logging into your domain registrar account and renewing the domain name. That is, if you can log into it.

Right away I emailed and called the client and advised them of this, and offered my help. Later I heard back from them that they were not able to login, as their domain registrar account was challenging them with two-factor authentication and it was trying to text the code to the previous head of the firm who was let go under less than acrimonious circumstances. After that leader had left, nobody bothered to change the contact information on the domain registrar account, and thus their peril.

The quickest way to resolve this issue was to get a hold of the previous leader and ask them to send an authorization code when texted to them. The chairperson of the firm tried this to no response (maybe as they were the one who let go that person had something to do with it?). What to do next?

Following that failed Plan A, Plan B was to contact the domain registrar, explain the situation and submit payment over the phone so the Web site would come back to life, then try to retrieve the login account later. For some strange reason I was never able to understand, they wouldn't take payment over the phone - we weren't trying to take over the domain name, just reactivate it. They said the only real Plan B was to reclaim the account.

Reclaiming a domain name account is something I personally have been through too many times myself, as it is a straightforward but long, arduous process of submitting paperwork proving who you are - individually and as an organization. This typically requires items like a copy of your driver’s license, IRS EIN letter which lists your tax ID number, articles of incorporation, state or federal licensing information, et. al. With this proof, you should be able to get back the account within a few weeks. Yes, weeks - which meant the site would be down that long.

But there was a wrinkle, a huge, ginormous wrinkle - the firm did not have a copy of its IRS EIN letter. They knew their EIN number, but didn't have "proof" of it in their vital records file (well, I never asked them if they had such a file, as I did when I had my own business, but I digress). They then contacted the IRS in order to get one. Now here's where the ginormous part comes in - this was June of 2020, the country was in the midst of lockdowns, the IRS was working remotely and not issuing anything in paper form or digitally for that matter. In short, the firm was not able to prove who they were!

After learning this, I contacted the domain registrar myself, explaining the situation and asking if we can simply make a payment. They refused. What? I was pissed. I won't say what I said to them, but it wasn't civil. I slammed the phone down and vowed bloody revenge. But we still had a domain name to deal with, and it was getting close to the 30 days after it expired. Why was this important? At the 30-day mark the domain name would be listed for auction by the registrar as an abandoned domain name, and 15 days later it would go up for auction.

Thus Plan C was crafted to "win" the domain name auction and get the domain name back. Yes, it meant a month and a half of the Web site being down. Sure, we could have gotten a new domain name and started over, but then search history and SEO gained over the years would be lost. Plus I have never, EVER lost a domain name and was not about to now, lockdowns be damned! I explained all of this to the chairperson of the firm, who agreed with the approach and authorized the expense.

Daily I monitored the domain name until the auction took place, and let the games begin. I previously registered as a bidder with the registrar, and then entered the auction with a low entry bid. I forget the set duration of the auction but it was maybe 30 minutes to an hour. As the domain name was a longer, unique name, I did not expect many if any additional bids. Interestingly with about 10 minutes left in the auction a few additional bids came in, which I quickly outbid. Some registrars have been accused of having staff bid in active auctions to drive up prices, but I don’t know if this was the case here. In the end I "won" the auction with a high bid of around $30, but with all associated fees it went just over $100. Within a day I had the domain name in my personal account at that registrar and the Web site was once again alive.

After the 60-day transfer hold following the auction I transferred the domain name back to the client, but in a new registrar account with a different registrar with their new and accurate contact information. Where the registrar that refused to help gained from the auction process, they lost a customer for life.

Deconstructing Domain Name Horror Stories

The tales told here were indeed scary, but in both cases certainly avoidable. You should always have your domain names in an account you control. Setting a couple of calendar alerts and verifying the login and contact information on a domain registrar account semi-annually is the largest hurdle. Logging into the account and setting a domain name on auto-renew and verifying the credit or debit card will not expire before the auto-renew date will ensure the annual renewal happens. You can even extend the registration out a decade so you don't have to pay for a while. All of these steps will ensure you have no domain name skeletons in your closet.


This is from The Hot Iron, a journal on business and technology by Mike Maddaloni.


Did you enjoy this? Subscribe to The Hot Iron by RSS/XML feed or Read by Email

Domain NamesStrategizeTechnology • (0) CommentsPermalink