[oneJob]

Noooooo!!!!

None of those. I go with Gandi.net

Check them out. They are good people and give back. Never anything but great experiences with Gandi.

You'll get a free year of ssl certificate and 50% off hosting. But, to really do it on the cheap, get a BeagleBoard Black and a free micro instance with AWS to route traffic to the BBB, which you just run at home. One time cost of 35$ish plus domain registration costs.

Also worth noting, going with a company like Gandi over GoDaddy has many non-immediate and intangible bennifits. A simple Google search on customer problems and company practices of GoDaddy should provide lots of material. In the long run, you don't want to have to be dealing with headaches surrounding domain registration. At all. That should be fire-and-forget. Pay the extra $5 or $10, you'll save yourself plenty of frustration and extra admin time going with the right registrar.

[dangrossman]

I would never register a domain name with Gandi. They essentially reserve the right to terminate your service if anything on your site is morally upsetting to them. Given most registrars have no policies about what you host on your domain except that they'll comply with court orders, why would you give the right to police the content of your site to Gandi?

Given almost every site has some kind of UCG -- forums, comments, reviews -- it's impossible to guarantee compliance with Gandi's service agreement. Hacker News could not be hosted on their service given the content of some of the discussions here.

-------------------------------------------

> You acknowledge and accept that, in accordance with Our Ethics the use of any of Gandi services associated to Your Gandi Account:

> * it is expressly forbidden for use in any way that engages or participates in practices that are deviant, abusive, illegal, or prejudicial; and

> * must be appropriate to the age and sensibility of each of the persons that any of the Content is destined for, directly or indirectly, published or made available to via the technical solutions used

> ...

> You acknowledge that the following elements are considered as constituting material breaches of Your contractual obligations:

> * if We are made aware of, or discover that You provide, or are engaged in, in any way, directly or indirectly, through Our services:

> * any provocation or encouragement to commit crimes or offenses, and particularly crimes against humanity or encouragement of racial hatred;

> * activity or Content of racist, xenophobic, or negative character;

> * activity or Content of pedophile character, or that is liable to constitute or be associated with, either directly or indirectly to it;

> * child pornography, or the trivialization of such acts or encouragement of violence, suicide, or the use, production, or distribution of illegal substances, or acts of terrorism;

[cdvonstinkpot]

I love Gandi, but now I'm not an ethical edge case, either. They provide everything I need, at a more than fair price.

However-

I do use 97Cents.net for early stage projects where there isn't production traffic involved. Gandi simple hosting product works well, too. I haven't had the chance to test it w/ significant traffic tho.

[soulshake]

Hi, AJ from Gandi here. To my knowledge, we don't shut down anything unless we are required to by law or there's spamming involved.

[dangrossman]

Would you buy a car from a dealer that required you to sign a contract stating they could take your car back if you carry a passenger who says something racist? Would you do so even if they promise they don't enforce that clause, when there's ten other dealers in your town that don't make you sign anything like that?

[soulshake]

[Speaking for myself, not Gandi, and IANAL] To answer your question, I'd probably read the contracts of the other dealers, find their clause saying they reserve the right to take the car back for whatever reason they damn well please, sigh in helpless frustration at the state of contract law, and make my decision based on all available factors, including the actual experience of other people who purchased cars from that dealer.

[computer]

I too use Gandi, but am not as happy as I used to be with them.

I bought a domain from them a while back with private registration; a few weeks later I found out that private registration was not available for that TLD, and my details were publicly visible, making the domain unusable to me. I emailed Gandi, and they told me there was nothing they could do; they were not willing to refund my money, even though their site said private whois was possible for that TLD.

[soulshake]

Hi, AJ from Gandi here. Do you have the ticket number from the subject line of the support email? If we made a mistake like that, we should make it right.

[computer]

Please see #4837764.

[soulshake]

Thanks. I just looked at your situation, and you're right, that was our mistake. I took action and replied to your ticket with details; hope that helps.

[computer]

Thank you!

[thaumaturgy]

I had a terrible recent experience with Gandi, bad enough that after transferring a handful of client domains to them from GoDaddy, I turned around and transferred them to another registrar at my own expense.

Gandi support is worse than useless. They have no idea what they're doing, they can only read from a script, and the only way to contact them is by email with a nice long turnaround time. Even the tiny little registrar I've used for over a decade (who I don't otherwise recommend because of other big issues they have) has a phone support option and staff with functioning brains.

[soulshake]

Hi, AJ from Gandi. That sounds terrible, and not like us at all. Do you think you could provide the ticket number from the subject line of the support email so we can investigate further? For the record: we can provide a callback upon request, and we have live chat support as well.

[thaumaturgy]

Hey AJ -- if you're "Alexis J" from support, I think you and I exchanged a couple of messages on this issue: #5926006. It was a little messy:

1. I was using Gandi for, I think, only the second time, and I initiated the account creation process from a domain transfer (account #1).

2. During the account creation process, I think there was a small field labeled something like, "Create a new Gandi handle", which to me sounded like a pretty good idea: I could create something more memorable for my client rather than a random-numbered GANDI- account, so I used the shortened form of my client's primary domain. This created account #2.

3. What actually happened was that both account #1 and account #2 were created, account #2 was an ordinal number away from account #1 (so, SS00003 and SS00004 for example), and the password was clobbered on account #1.

4. I then signed in to account #2 to look at the domain transfer status and found that no domains were listed there. Odd. So I tried signing in to account #1 and couldn't, and I don't remember why but the password reset function wasn't working (I probably wasn't receiving the emails).

At this point I thought the UI was a little confusing but it wasn't a big deal. I've dealt with almost exactly this same issue with GoDaddy and it just took a phone call and they sorted it out in a few minutes. I was less happy to realize you don't have a phone support option, but that's on me -- I should've checked that first. I refuse to use live chat because my experience with that has been universally bad; live chat always gets shunted to support people that are restricted to a script and can apologize a lot but never actually fix anything.

5. So I started a support request and was polite at first, explaining the situation. What I got back was a request for "company documentation establishing you as a representative of the company [...]" and "articles of incorporation, and a scan copy of the government issued identification of one of the signing parties on said document".

6. That got a slightly less polite response from me saying that under no circumstances would I burden my client with a paperwork request over this, and reiterating again that it should be clear that I created both account #1 and account #2, that my credit card and billing information was used to pay for the process, that I successfully initiated a transfer of four different domains, and that I thought this should be reasonable and sufficient evidence of access on their behalf.

7. After that there were a couple of more exchanges between Dante A. and Alexis J. and me; Dante wrote a polite long email repeating that there was no way for Gandi to confirm that I created account #1 and giving me a tip for using Gandi in the future, and Alexis J. chimed in to say that Gandi doesn't retain payment information "for security reasons".

At this point I was slightly horrified at the experience, especially in the context of having received significantly more useful support from GoDaddy of all places in the past for almost exactly this same issue (merging two accounts). I couldn't imagine sticking a client with this kind of support. I have to navigate support channels for lots of different companies on a regular basis, that's part of my job, and it's unusual for me to get completely stymied by support anymore.

It didn't help that all four domains were close to expiration and that one of them appeared to have a transfer problem but you couldn't give me any information on the transfer status of that domain. I was left with one of two choices: either wait and see if the domain transfers first or expires first, or try to initiate an immediate transfer with another registrar and potentially complicate matters even further. I opted for waiting and fortunately that turned out OK, but I had several days to stew over not being able to tell what was going on.

I did get one thing wrong in my complaint upthread though, when going back over the email thread I realized your turnaround was pretty OK, there's just shy of four and a half hours elapsed between your initial support response and the second-to-last message in the thread, for a total of 8 messages back and forth.

Given the support response, I can't tell if Gandi support was refusing to help for policy reasons, or if support actually doesn't have access to the information that they need to sort out problems like this.

If it's the first, Gandi's support personnel need to be trained to handle exceptions IMO. That's why there are humans in support, and not automated Q&A forms. I'm fully aware of the security risks posed by poorly-trained personnel attempting to evaluate a security-related situation, but I think that refusing to think about anything related to security is an even worse response.

If it's the second, Gandi's systems need some tweaking. The UI for the account signup process is a bit confusing; "create a new Gandi handle" should do a better job of explaining exactly what's about to happen, and it shouldn't clobber the password for the first account that was created. There's no "security reasons" for not retaining at least the last 4 of the credit card number used for a transaction, and maybe even a billing name and/or zip code. It should also be easy for support personnel to see that one Gandi account created another Gandi account, and if someone sends in a request with a problem like mine, you should be able to say, "oh, ok, you have access to account #2 but everything's stuck in account #1, hang on, let me merge those for you, sorry for the trouble."

Also, I just realized I never actually did transfer those domains from Gandi. Oops. Doing that now.

[soulshake]

I'm not Alexis, but we just looked over your ticket together. I think the initial place where this became more complicated was the assumption made during the first reply to your ticket, which was that you had already exhausted the password reset attempts. You mentioned (here, not in the ticket) not receiving them; maybe we should have tried harder to figure out why the password reset option wasn't working for you.

At any rate, once that point is reached, we act with the security of the domain in mind. If the handle in question belongs to an individual and you have access to the email associated with the account, it's as easy as sending a copy of your ID. In this case it was a company handle, which requires some proof that you're authorized to act on behalf of the company.

This kind of situation is exactly why we offer reseller-type accounts (free of charge), which allow you to control your clients' domains and handles from one place, while leaving the domains in their name.

Given that there may have been an easier solution available, I'm sorry this went down the way it did. But at the same time, we don't think it's unreasonable to ask for proof of ID when you're trying to gain access to an account: We don't have access to any payment information that could reliably identify you, as it all goes directly through our payment processor. We understand when you explain the situation, but such explanations are all too often indistinguishable from social engineering, and so we take it a step further--for the sake of the security of people's domains.

We are humans, but we're paranoid humans, and a great deal of our customers appreciate that.

If you ever decide to give us another chance, you can reach me at aj (at) gandi.net. I can help you set up a reseller account (and do my best to restore your faith in us).

[thaumaturgy]

I understand wanting to verify my identity; if you had asked me to just send a copy of my personal identification and then checked that against the payment information that you could have on file in a totally secure way, I would have groused but probably done it without too much complaint. (I might have pointed out how easy it is to falsify a scan of a driver's license, and how that makes this all smell a bit like security theater rather than real security...)

I didn't consider a reseller account because in this particular case the plan was just to be the guy that set up the account for the client and then hand everything off to the client, since that's what they wanted. Maybe that would've worked better.

I dig that Gandi takes social engineering into consideration and it's great that you want to do your best to make sure your customers don't have their domains stolen by bad actors, but I think there might be some room for improvement in figuring out who is and isn't a bad actor. This experience with Gandi was unusual compared to a lot of other companies I have to deal with, most of whom have to have some level of data security policies in place.

> We don't have access to any payment information that could reliably identify you, as it all goes directly through our payment processor.

That seems odd. I wonder if this is a technical limitation of your payment processor, or just something that's not implemented on your end, or if there's some other consideration that's keeping you from making it work. I'm pretty sure authorize.net makes transaction information available in a secure way to vendors, as does Stripe and a small number of other forgettable payment gateways I've had to write code for over the years.

If you did have the ability to see the last four of the credit card used to create the account (and I understand you didn't/don't), you could have asked that in a challenge/response manner and I think that would be even better than asking me to send fakeable images of identification -- which violates my personal security, because I have no guarantees whatsoever for what a company does with a scan of my driver's license after they receive it.

Anyway, I do appreciate you reaching out and taking the time to look into this, that shows you do care about your reputation.

[amrit_b]

I am using iwantmyname for .io domains. They are charging 59 USD per year. Gandi.net is charging $35 only! Will transfer the domain soon.. Thanks for the info!

[KingMob]

I've used Gandi, and they're ok. I can't tell if it's just my experience, or some weird issue with using American CCs with a French company, but I tend to have a lot of issues setting up automatic payment for renewal. It essentially means I have to manually pay every few months, which is annoying.

[soulshake]

Hi, if you were paying through our international payment processor, you should give it another try, as we have a payment processor in the US now.

And if you were paying through our US processor, I'd love to have the support ticket number to look into it, as we're really working to eliminate such payment issues.

[julien421]

+1 for Gandi