[mcherm]

I am curious: does anyone here on HN have a registrar to recommend who they know (preferably from experience) would actually be more helpful in this circumstance?

Because from the sound of it, the unwillingness of the registrars (both of them) to take action here without being compelled to by a lawsuit is the root of the problem. The FBI's willingness to be helpful is nice, but doesn't solve the root problem, and as a law enforcement agency they can only really help in cases where they manage to "catch the criminal". And paying off the criminal just isn't an acceptable solution (although stopping the payment immediately is cool and all).

I would be willing to select a registrar on the basis of their policies, not their prices. Policies like this sort of dispute resolution and policies about how they handle DMCA notices or government subpoenas (and non-subpoenas), if only I knew which registrars had the best reputations for these things.

[zimbatm]

http://gandi.net - I have never had my domain stolen but in general Gandi.net are good people and they care about their customers.

[jellicle]

I lost a domain because Gandi refused to do anything about it; although I was well within the renewal period and tried to contact them many times Gandi refused to process any sort of renewal until it expired and was deleted by their system.

Gandi ONLY accepts support requests through their web form (no email, no phone), and generally ignores those or provides nonsense answers several days later.

As long as you never ever need any sort of support, Gandi is fine.

[soulshake]

@jellicle, that doesn't sound like us. Can I look into your case further? If we messed up, we'll make it right.

[brongondwana]

@soulshake - check out legal #4827870. We were, as we would say in Australia, bloody lucky.

[soulshake]

This is me nodding in greeting and letting the legal team do their thing.

[jellicle]

This was several years ago; what's done is done. I moved all my domains to another provider shortly afterwards. I'm not giving you another chance to screw me.

[Shinkei]

You publicly complained about their customer service. They have offered to right the wrong. You have a poor sense of fairness if you are willing to make a public claim and then aren't willing to address the issue when the company calls you out on it.

[jellicle]

Oh, the stupidity, it burns. What sort of righting do you think they could do, several years past the fact? Gandi refused to respond to their web form for a period of about four weeks or more; they let my domain expire and be deleted (if I recall, the only problem was that my credit card expiration date needed to be updated in their system and the charge processed). Besides the immediate hassle and serious annoyance of having an uncontactable company ignore their support form, it ended up costing me a few hundred dollars to buy the domain back from a domain speculator who snatched it up.

What price should I put on that? What price is it worth to Gandi? Are they going to offer me a year's free domain registration with them? That offer has negative value to me; I wouldn't take it unless paid a lot of money to do so. Are they going to offer me a pile of money (no they aren't, it's not worth it to them). So what exactly are they going to offer here to right the wrong?

The point here - which the top of this thread made, but maybe it wasn't explicit enough for you - is that services such as domain registration can easily have effects disproportionate to the cost of providing them. If all of Google's domains were deleted tomorrow, the cost to Google would easily exceed ($10 x number_of_domains). So a poor service experience can easily do more damage than the sum total of all revenue ever received from a particular customer. Thus the commenter looking for companies which try hard to provide good service. Gandi.net is not such a company, in my experience. (Hint: companies which provide good service have email addresses and phone numbers to contact them.) That's my only comment.

[heypete]

While I doubt neither the veracity of your claim nor your reaction to Gandi's actions (if such a situation happened to me, I would certainly not want to give a company my business going forward), I have had a very different experience with them: all of my queries to Gandi support have received prompt, relevant replies that addressed my issue.

Also, ny domain registered with Gandi can be renewed by any Gandi handle. In the event that you're having trouble accessing the handle that owns a domain or otherwise cannot renew it normally, you can create a new handle and use that to renew the domain. See https://wiki.gandi.net/en/domains/renew and https://www.gandi.net/domain/renew?lang=en for details.

I'm not sure if their "any handle can renew any domain" policy/system existed at the time of your situation, but it should prevent similar issues from occurring today.

[ezequiel-garzon]

One aspect I found puzzling about Gandi is that until recently they published your "handle" in the WHOIS information, which in effect gave away your username. Now, some may tell me hiding that is security through obscurity or some such, but in my mind it adds another protection layer.

[heypete]

I seem to remember that being the case with Network Solutions back in the early days.

Gandi seems to hide your handle these days for certain domains if you have whois privacy enabled: my .com/.net names with Gandi don't show the handle, but my .org domains do. My .us domains (which don't allow whois privacy) also show the handle.

Then again, one can easily enable two-factor authentication and it's essentially irrelevant if the handle is known.

[rafaelm]

Moniker claims that they have never lost a domain. I've got several domains (over 50) registered with them and never had a problem in almost 8 years. Many of them belonged to high traffic sites that might be desirable to thieves. I also have many with Name cheap right now and haven't had a problem them either.

[coldcode]

I use them as well and have had no issues; however just because two of us have had no issues, it's not much of a data point.

[phreanix]

True, I'd be more interested in their actual resolution process and the steps they take to safeguard domain owners.

It works both ways though I think, the same steps they take to secure your domain are the same ones that will make it hard for you to get it back.

[pkfrank]

I use Moniker as well. I pay for their "Portfolio MaxLock" (https://www.moniker.com/domainnames/domainsecurity.jsp) service. Whenever I want to make a change (even DNS), I'm forced to answer the security questions that only I would know. In order to get around that, I'd have to contact their security team directly and provide a substantial amount of identification.

Aside from the security features, Moniker's site and technology seems to be fairly unimpressive.

I'd definitely be open to exploring other options if people have suggestions for truly-safer registrars.

[lingben]

moniker is not the domain registrar you want:

http://www.dnforum.com/f208/warning-privacy-whois-issues-fai...

[shiftpgdn]

Look at it from the GoDaddy's point of view: This woman is claiming she has rights to a domain in one of their customer's accounts. As far as they know it was legitimately transferred in by one of their paying customers. Her real issue rests with HostMonster and the ICANN dispute resolution system.

[unreal37]

GoDaddy could seize the domain until the dispute is settled. If everyone recognized she was the previous owner, that should be enough to cause an investigation into the transfer.

Not saying a claim from anyone should cause a seizure, but the legitimate previous owner should be able to dispute it for a time period. Domains are stolen all the damn time.

[shiftpgdn]

I worked in webhosting for nearly a decade so I'm quite familiar with the volume of fraud and stolen domains. But to play the devils advocate how would you feel if somebody claimed a domain you own was stolen just to freeze your account and waste your time. You'd be furious at GoDaddy for freezing your account over a fictitious claim.

[philbarr]

They only need to freeze the account if the domain was moved very recently.

[dsrguru]

This. I want to upvote this comment a hundred times. If there's a dispute with probable cause, temporarily freezing the domain while launching an immediate investigation seems by far the best balance of thwarting domain theft and minimizing fraudulent claims.

[shiftpgdn]

By ICANN policy domains can only be moved once every 60 days. Did you want the domain name taken offline?

[weaksauce]

And that you were demonstratively the previous owner.

[Geekette]

No, GoDaddy was never in doubt: "No one at either company questioned my statement (supported by written proof) that the website belonged to me. No one doubted that it had been transferred without my authority".

So GoDaddy's refusal to help was ridiculous. At the very least, they could have frozen control of the site for a day or two while investigating.

[shiftpgdn]

By ICANN policy domains can only be moved once every 60 days. How did you want them to go about freezing the site? ICANN has a dispute resolution policy in place.

[Geekette]

They could have disabled access to it by the thief.

The 60 day policy does not apply to cases where it is "being transferred back to the original Registrar in cases where both Registrars so agree ..." http://www.icann.org/en/resources/registrars/transfers/polic...

And given that both registrars acknowledged that she was the real owner, I'd expect the transfer (to the thief) would not be counted as a legitimate one within that period.

[rhizome]

The business goals of GoDaddy preclude them from giving a shit because they can't hire enough people to support issues like this.

[Fuxy]

I use gandi.net never had any serious issues with them and since their located in France (yes i intentionally avoided American companies) all this suing problem may not apply to them or at least it would be a lot more difficult.

One thing is certain though most people i know have had issues with GoDaddy and avoid it like the plague.

[WildUtah]

Gandi now has offices in the USA, so they are effectively an American company as far as being subject to the US legal system and extraconstitutional orders from agencies and such. You won't get any privacy protection or immunity from illegal orders from Gandi.

[soulshake]

Gandi does have an office in San Francisco, but our registrar service is accredited and located in France. It is under EU law.

Those who have been following the industry's responses to the massively reprehensible, illegal dragnet surveillance will know better than to take any company at their word as they swear up and down that they care about their users' right to privacy. So I know this will be taken with a grain of salt (hell, I take it with a grain of salt and I work here)...

But as far as I know, and I've asked around, we _actually_ do protect our customers' privacy to the maximum possible legal extent.

The day I find out otherwise is the day I no longer work here.

[Fuxy]

Oh well off to find another good company for may gray area domains then.

Too bad I liked them why are all of them going to America.

I don't want my stuff subject to American laws.

[chris_wot]

I think you mean extraterritorial jurisdiction. Extraconsitutional orders would be... against the U.S. Consitution and illegal :-)

[Cenk]

Namecheap offers two-factor-authentication.

[notduncansmith]

I've used Namecheap for years and they've been great for me (never had a situation like this happen though).

[foxylad]

Thanks, good to know.

[frigg]

>I would be willing to select a registrar on the basis of their policies, not their prices.

Yes, absolutely this. I've searched through forums and read various reviews of various registrars and some say gandi is good, some name.com, some others, but at the end of the day nobody said "I've had this problem where my domain was stolen and this company was willing to help".

I'm also willing to pay more for good support when serious problems arise.

[caleb23]

I would recommend Melbourne IT or Namecheap for what you are looking for. I would recommend you take advantage of WHOIS protection, two factor authentication, locking your domain at the registrar level (not just with Namecheap for example, but with the actual registrar), using strong passwords, etc.

The company can only do so much, so make sure you do everything you can do as well to make your domains as secure as possible.

[rajat]

I second this. I'm beginning to hear more an more of this problem, and while this is anecdotal, it does seem to be increasing.

[biot]

I use EasyDNS. Here's why: http://blog.easydns.org/2014/01/29/welcome-to-easydns-press-...

[mwww]

Domeny.tv (http://www.domeny.tv/en) protects its login via 2FA: http://www.domeny.tv/en/two-factor-authentication

[zaph0d]

namecheap.com is definitely one of the best per my experience and what I have heard.

[the_ancient]

I use NameSilo

2 Factor Authentication and other security policies

[jypepin]

I use iwantmyname.com and their service is amazingly good and fast. I never got my domain name stolen, but I'm confident they would do anything they could for me to recover it!

[joshmlewis]

I use DNSimple.com. They've been great and are quick at support.