It’s almost to the point of a movie plot. A company that rose to be one of the most popular providers of online domain names suddenly goes evil and shuts down businesses around the net, sparking mass exodus protests and campaigns. Hollywood may not have the movie rights quite yet, but ask many techies or site admins what they think of GoDaddy, and the picture is usually not very pretty. But is this deserved? How can a company go so far to anger its customers so thoroughly that when anyone mentions that they own domain names on GoDaddy, the response many people have is: “You still have domains registered on GoDaddy? Why?”
We don’t have to go far back to see their latest PR blunder. Just last week, the latest case was unfolding with JotForm, an online service that allows anyone to create forms to use for their businesses or websites. The company is a few years old, and hosts over 2 million user generated forms. So this isn’t a case of a brand new site being registered. Like so many cases before it, the owner woke up to a non-working domain name. JotForm.com had been disabled by GoDaddy without notice, no warning, not a word. According to the founder of the service, the site had a fully established process to report bad forms, and they complied by removing any illegal user-generated content that they were made aware of. Yet, a single phone call from a U.S. federal agent was enough for the registrar to redirect their DNS to NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM, the address that they use when they want to suspend a domain name. Not a pretty picture for the small business. All they were left with was a phone number to the agency, and then hope that they would be so kind as to reverse their decision. No due process, no hearing.
What happened in this case was fairly appalling, and there’s no question that they should have had advance notice. For over two days their business was shut down for no good reason. Still, some could say that GoDaddy is in a difficult position when asked to do something by an actual law enforcement agency. But that isn’t always the case. Last year, we saw another troubling story, very similar to this one, that was narrowly averted. Another business owner behind weebly.com, which hosts millions of websites for small businesses all around the world, got a phone call from a GoDaddy employee saying they were about to “turn off” their domain. The reason? One of the small businesses had a bad customer review, and they had received a complaint about it. The whole domain name was minutes away from being turned off because of one person complaining to GoDaddy. Again, no due process, and in this case, it wasn’t even because of a government intervention.
But perhaps the most scary story was back in 2007, when the domain SecLists.org was suspended, with a simple voicemail left saying it had “been suspended for violation of the GoDaddy.com Abuse Policy.” No reason why, nothing else. For those who don’t follow online security news, this is a domain that hosts some of the most popular security mailing lists, things like NMAP development talk, Bugtraq, and vendor-specific disclosure lists. After many calls, they finally found out that the reason GoDaddy suspended the domain was because an employee of MySpace called them and asked for it, because one of the mailing lists linked to a recent disclosure of thousands of MySpace usernames and passwords. As a security site, that’s exactly the type of news that goes around these lists, and what the white hat hackers rely on to find out about security news. But because of that one phone call, everything went dark, thanks to GoDaddy.
So here we are, after many PR mistakes and the SOPA deal fresh in mind — because GoDaddy supported the bill until a mass protest made them quickly change their minds. There’s no doubt at all that thousands of domains have been transferred away from the registrar, if not more. But to get back to the original question, are you one of those who ask, when you learn someone has a domain name there, why? Are these isolated cases, or did you follow the Reddit protests and transfer your domain names away, assuming they were with GoDaddy in the first place? It’s puzzling how a registrar, a company who clearly knows how important domain names are for businesses and organizations on the web, can be so careless in answering abuse complaints. Are they justified in acting first and asking questions later? Let us know what you think.