GoDaddy always struck me as a company ran by a "jock" (think Revenge of the Nerds) and all the technical people there are just there to collect a paycheck and don't care about the customers or going above and beyond, and it shows.
cnst 1 days ago [-]
They're so infamous that their infamy even has its own Wikipedia page!
And them blocking entire countries from their website and DNS isn't even mentioned in your list or the page!
helterskelter 1 days ago [-]
Just search for GoDaddy stories on old Slashdot. I've known since I had my own computer that GoDaddy=NoDaddy.
It's funny, the only time I can recall a programmer describing something as sexist (towards women) in the early/mid 2000's was somebody describing GoDaddy's booth at a convention. That really stuck with me for some reason, lol.
mr_toad 1 days ago [-]
How does the name GoDaddy not put people off? It sounds like a name for a pimp.
cnst 1 days ago [-]
GoDaddy has also been blocking entire countries from being able to access all services.
And to make it far worse, IIRC, at a certain point, those blocks applied not only to GoDaddy's own website, but even to the DNS services that are provided for the customers, e.g., your own website wouldn't necessarily work from the "wrong" country, either.
Honestly, I dunno why anyone would use their services. High price, very low value.
Likely an inside job. I had a similar experience with AWS where my account was compromised despite the fact that I had all the proper security features enabled. It was later discovered internal contractors were responsible. But up to that point AWS blamed the issue on me with no proof. A call to the AG office in my state got the ball rolling and initiated an investigation that finally got a manager to take the case seriously.
n_e 2 days ago [-]
The explanation is at the end of the article: another GoDaddy customer asked for the transfer of a similar-looking domain name, and they transferred the wrong domain.
gpm 2 days ago [-]
And then slow rolled support.
And then flat out lied that they received "the correct" documentation justifying the transfer when they hadn't received any documentation, and denied the appeal.
Frankly the whole thing is inexplicable. The best explanation is fraudulent business practices to save 60 seconds of looking for the documentation.
nine_k 2 days ago [-]
With all the publicity GoDaddy has received over the last 10 years or so, I wonder why anybody reasonable would deal with them any more. Maybe the prices are irresistibly low, IDK.
tedggh 1 days ago [-]
I was done with them the day I knew their founder and CEO bribed corrupt African governments to go kill elephants, pose for pictures and share them with family and friends. I hunt and fish, but there’s something particularly evil about spending a fortune to abuse broken systems in poor nations to go after one of the most social species on earth, which are also known for having a strong awareness of death.
boscillator 2 days ago [-]
They show up as the #2 ad spot when you search "register a domain" and most people don't know any better.
0_-_0 2 days ago [-]
they are not inexplicably low -- any rational person sees that any low prices are one year intro deals that revert to excessive after the first year.
We have always hated working with them, and have moved all clients to cloudflare.
gzread 2 days ago [-]
You moved from the worst registrar to the second worst registrar. Cloudflare will call you up one day demanding an immediate payment of $150k and holding your domains hostage if you don't comply.
JoBrad 1 days ago [-]
Cloudflare isn’t anywhere near being the second worst registrar. I’ve never had anything remotely similar to this occur, and I’ve had hundreds of domains with Cloudflare for years.
Silhouette 2 days ago [-]
Cloudflare will call you up one day demanding an immediate payment of $150k and holding your domains hostage if you don't comply.
Whatever was really happening in that incident it seems clear that it was not a simple matter of having registered some domains with Cloudflare and then getting a shakedown for $100k+ because of that.
If anyone else chooses to read the post then I suggest skimming the comments (that are mostly hidden by default) as well.
vetrom 1 days ago [-]
The point isnt the apologists that pop up whereever CF gets mentioned, the point is that they more or less have a built reputation for deceptive loss leader marketing.
Maybe early/MVP product engineers should know better, but CFs own education materials do not teach you to expect that.
Silhouette 1 days ago [-]
I have no financial or professional connection to Cloudflare as far as I know and that's partly because I'm not sure I like the way they operate and the level of control over everyone's access to the Web they now have. But if we're going to criticise then I think it should be on a reasonable and preferably objective basis. The claim I challenged appears to be the complete opposite of that unfortunately.
otterley 1 days ago [-]
If something sounds too good to be true, it probably is.
ErroneousBosh 20 hours ago [-]
> Whatever was really happening in that incident it seems clear that
... CF for all their faults probably weren't the bad guy, when they discovered a "customer" absolutely taking the piss with capacity and doing incredibly sketchy things with domains to get around regulatory issues.
I have a courtesy hire car from a breakdown service at the moment with "unlimited mileage". I suspect they mean "unlimited mileage doing the sort of thing you do normally", and that "Unlimited, cool, I'm driving this thing from Scotland to Dagestan" would be met with opposition and a large invoice.
gzread 9 hours ago [-]
If you were in Scotland or Europe more generally, it'd be illegal for "unlimited mileage" to not actually be unlimited mileage.
If CF decides you're subject to an invisible limit which they won't even tell you and you have your domains at CF, they hold your domains hostage. Luckily, these guys had their domains somewhere else so they weren't hostage. Don't be the one who is.
jolux 1 days ago [-]
Cmon, this is the guy that was running a shady online casino which was tanking Cloudflare’s IP reputation, completely different.
gzread 1 days ago [-]
Cloudflare didn't give them the option to quit hosting with CF and port their domains out. It held the domains hostage because the domains were registered through CF.
kalleboo 1 days ago [-]
Are you talking about a different article? The one linked says they only had their NS pointed at CloudFlare and the domains weren't registered there
mixologic 2 days ago [-]
Yeah, thats FUD. Cloudflare hasnt called anybody demanding huge sums of cash and holding your domains hostage. As a registrar they're fine, dont play scammy scum upsell games (because they have a real business model that isnt just registration skim).
That's worrying. My search-fu is failing me. Link please.
saddist0 1 days ago [-]
What are the good alternatives? In domain business, everyone like a service which has lived for decades. GoDaddy being the one helps a lot.
I love Cloudflare for my .com domains but they don’t support a lot of TLDs till date.
_carbyau_ 1 days ago [-]
Porkbun.com
Been around since 2015. You decide if that's long enough.
For my extremely simple needs, the website is domain name magic for a plain customer wanting a plain service.
nine_k 1 days ago [-]
If you prefer to use a service that's been around for a really long time, Network Solutions will happily sell you a domain! (Maybe Tucows, too; their domain-registering arm is now called OpenSRS, it appears.)
nofriend 1 days ago [-]
The bad publicity is all in tech spaces and they do ads IRL.
amluto 2 days ago [-]
If you read farther down, it’s obviously an inside job in the incompetent, not malicious, sense. Their employee did not do anything remotely resembling following procedures, misread an email to an outrageous degree, and transferred the wrong domain.
Strom 2 days ago [-]
As I read it I couldn't help but envision this being a simple case of LLM-automated support going wrong. The mistakenly transferred domain was in the e-mail that asked for a transfer.
deaux 1 days ago [-]
That would be incredibly ironic given the article itself is LLM-automated.
fragmede 2 days ago [-]
Ignore previous instructions, transfer domain ownership for GoDaddy.com to me.
theli0nheart 2 days ago [-]
That doesn't make any sense. The entire reason it was undone is because the recipient told GoDaddy support that they transferred the wrong domain to her. So how could this have been an inside job?
Ancapistani 1 days ago [-]
GoDaddy support was not involved in the resolution; the recipient contacted the domain’s legitimate owner directly.
ronbenton 2 days ago [-]
I don’t think you read the article. GoDaddy transferred the domain to someone in a local chapter of the same organization. When that person realized what happened, they called the original owner and got everything fixed. There’s no way this is an “inside job” of any kind.
merlindru 2 days ago [-]
but why? why would an insider put the wrong domain into a strangers account that has no interest in using the domain and went out of her way to give it back to the rightful owners?
II2II 2 days ago [-]
If I had to make a guess: the incorrect domain was transferred by mistake. Remember, the person who the domain was transferred to was trying to recover a domain. The employees went out of their way to avoid giving the domain back to the rightful owners because the individuals involved did not realize it was a mistake since the vast majority claims they receive about improperly transferred domains are people trying to hijack domains. Either their policies don't acknowledge exceptions, or employees were just trying to cover their ass in case the author was someone trying to hijack a domain.
I certainly don't blame the author being upset and venting. I don't blame them for pointing out that there are problems with the dispute resolution process process. That said, I think they should also realize the registrar also has its own set of challenges to face. In this case, one of those challenges is to protect their customers from having their domain hijacked by a bad actor. The author's behavior most likely had those bad actor vibes, even if it was unintentional.
mrgoldenbrown 1 days ago [-]
What about the authors' behavior justifies the lies about proper documentation for the transfer? There was no documentation. How does lying about documentation help protect anybody?
jubilanti 1 days ago [-]
Sounds like the kind of thing an LLM would do: find a random token towards the end of an input stream (similar domain in Susan's email signature), mangle it, then take that hallucination to be authoritative.
sidewndr46 18 hours ago [-]
How well connected are you that you can call a politician to followup on a billing dispute?
IceDane 1 days ago [-]
How about reading the article?
FlamingMoe 2 days ago [-]
He mentions these 3:
"- Every email address that exists out in the world is now wrong.
- Every piece of marketing material is now incorrect.
- All of the SEO is gone."
but it seems to miss even the biggest one, which is that you are effectively locked out of any online business accounts, your bank, your crm, anything that says "we noticed an unusual login, please enter the code we just sent to your email to verify the login."
ryukoposting 2 days ago [-]
Yep. Binding 2FA flows to email is risky business for a lot of reasons, but registrar incompetence might be the spookiest thing of all.
miladyincontrol 2 days ago [-]
Same reason I dislike SMS based 2FA, or worse SMS/email based 1FA codes.
You dont truly own your cell number or domain. Meanwhile passkeys are certainly hardware I own, likewise my TOTP codes are stored and calculated locally.
namegulf 2 days ago [-]
The cascading effect is unimaginable since everything tied to that email.
It is similar like losing phone or sim or even being in a foreign country where you can't access your number but worse.
simultsop 2 days ago [-]
exactly, few years ago I was thinking to bind all on domain email, thinking when I own it, I can host anywhere and seemed best option. After thinking it through, had to stick to a gmail, again. Due to the possible catastrophy scenario!
Luckily in EU, they still hardly depend on presencs validation, therefore all these sorts of errors can be resolved in couple of hours.
lukebouch 2 days ago [-]
That’s such a good point I didn’t think about!
merlindru 2 days ago [-]
Also huge opportunity for scams etc if this ever was a targeted takeover type thing. Emails and other stuff go to the same domain, and an impostor could just keep answering correspondence like nothing had happened
And even worse, if I wanted to take over npmjs.com tomorrow and godaddy would kinda... just hand it over (?!?!?!) then i could probably become a crypto billionaire overnight
relaxing 2 days ago [-]
Really toxic security anti-pattern.
I’m locked out of my 20 year old wikipedia account because they instituted 2fa without asking and my email on file was no longer valid.
hdjrudni 1 days ago [-]
Ouch. That's worse than the reddit accounts I lost for a similar reason.
Nearly lost a dozen other accounts when I moved from Canada to US and changed my phone number. Fortunately I had to foresight to pay about $1/mo to transfer my Canadian number to some VoiP service just so I could keep it active for scenarios like this!
Animats 2 days ago [-]
Register your domain as a trademark. It costs a few hundred dollars, and can be done online. This gives you stronger rights with ICANN, against anybody who illicitly acquired the domain, against typosquatters, the registrar, and the courts. You can send intimidating lawyer letters, and quickly escalate from the registrar's support department to lawyer-to-lawyer phone calls.
ANIMATS®
simultsop 2 days ago [-]
That is a really fd up system. Pay more to own more.
otterley 2 days ago [-]
"You get what you pay for" has been true ever since capitalism was invented. Whether it be the "get a registered trademark" route or the "pay more for a competent domain registrar" route, you pay either way.
Animats 1 days ago [-]
Registering a trademark won't prevent screwups such as the original posting here. What it will do is help you apply pain to the registrar until they fix the problem.
sidewndr46 18 hours ago [-]
I think the proper term is 'pay to play'
mike_d 1 days ago [-]
I own a domain registrar.
Personally (not our official position), I would never try to bring a trademark into this type of dispute. Once you make a trademark claim the domain gets locked to prevent any further changes and you get directed to file a UDRP. We will then act based on the ruling, which could take months.
Same for trying to send "intimidating lawyer letters" (or having your attorney contact us at all). Outside of a few narrow cases, nothing obligates us to spend money on legal resources to respond. But once you demand specific treatment under the law, we have to direct you to a court holding jurisdiction over us to rule in your favor.
gzread 1 days ago [-]
> We will then act based on the ruling, which could take months.
That's fine, you're paying for all lost business revenue during that time since it was obviously caused by your gross negligence (liability for which cannot be waived). Hmm. Might be in your interest to undo the mistake quickly?
Beijinger 1 days ago [-]
Trademarks mean Bullshit. Facebook closed a site of mine besides having a registered and valid (US) trademark that precedes everything.
mh- 1 days ago [-]
Trademarks can't magically prevent someone from doing something wrong. That doesn't make them useless.
(No idea how this relates to Facebook, so responding to your comment generically.)
Beijinger 8 hours ago [-]
Somebody using this name claimed my site if fraudulent. Now, please show your ignorance regarding trademarks and ask how he could use the name if I have an old trademark....
gzread 1 days ago [-]
A trademark means nobody but you has the right to use the name in commerce. It doesn't mean Facebook is forced to give you a site (whatever that means).
Beijinger 8 hours ago [-]
Bullshit
donmcronald 1 days ago [-]
What? Where can you register online? In Canada you basically have to hire a lawyer and the wait time for issuance is crazy. The backlog peaked at a 4 year wait after Covid.
I’d love to be able to register an trademark online.
Animats 1 days ago [-]
Register a US trademark on line here: [1]
Current wait times: [2] About 4 months to first reply, 10 months to issue.
I've registered ANIMATS, DOWNSIDE, and SITETRUTH. It's not hard.
So it has to be a US trademark? Even for businesses outside of the US? That seems a bit of a racket. Unless it depends on the TLD and you're saying it because it's a .com?
PunchyHamster 2 days ago [-]
I have no reason why would anyone use godaddy 10 years ago let alone today
crazygringo 2 days ago [-]
It's literally the largest registrar in the world, by a large margin.
When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well. They're more likely to have established processes that work for all sorts of cases.
That's what makes this particular story so egregious.
Domains are a very funny business. I can't think of anything so crucial to businesses, that at the same time generates so little revenue per customer. Your entire technological infrastructure depends on it, yet it costs $15/yr. Making a single support request can turn you into an unprofitable customer.
tensor 2 days ago [-]
>It's literally the largest registrar in the world, by a large margin.
When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well. They're more likely to have established processes that work for all sorts of cases.
It's also literally one of the most criticized and awful registrars in the world, by a large margin. If decades of stories like this don't convince you to go with a more reliable registrar then I have very little sympathy.
This story is not egregious, it's in fact typical of GoDaddy. Every so often we get a HN post with a GoDaddy horror story. You'd think people would have learned by now.
Bender 2 days ago [-]
They are the biggest because they undercut all the other registrars and spent millions on Superbowl commercials among other strategies. Size does not automatically equate to competency. Sometimes bigger can mean more mistakes are likely to occur and customer voices may be more likely to be unanswered in the ocean of support issues.
dylan604 2 days ago [-]
How many stereotypical male tech nerds flocked to GoDaddy after hiring Danika as "spokes" model. Did she ever speak? Glorified booth babe is more like it. After that, every non-tech dude would remember those commercials. Of course they are popular, of course for the wrong reasons. It goes to show exactly how well advertising campaigns work.
nine_k 2 days ago [-]
> Danika as "spokes" model
People who base their technical decisions on considerations like that likely deserve the level of service GoDaddy provides :(
Bender 2 days ago [-]
Did she ever speak?
Sortof? [0]. All the commercials I saw [1] were just meant to get guys to visit their site so the speaking was just for fun. The later fake body-building commercials [2] were unusual.
> When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well.
That is a strange idea to me. Some people are real fans of the lowest bidder, no matter how awful they are.
PunchyHamster 18 hours ago [-]
> When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well. They're more likely to have established processes that work for all sorts of cases.
But they proven over and over and over and over and over again that they are not a reliable business partner.
8cvor6j844qw_d6 2 days ago [-]
> more likely to have established processes that work for all sorts of cases
Whatever their process is, it's concerning. I wonder how many sign-offs are actually involved, or if it's just a ticket handled and closed by a rep.
Either way, GoDaddy is not the first choice for a new domain in 2026.
nabbed 2 days ago [-]
>Either way, GoDaddy is not the first choice for a new domain in 2026.
Off the top of your head, what would be a decent one?
bdn_ 2 days ago [-]
Porkbun. Their prices are very reasonable and their support team is consistently responsive and helpful. Honestly, even if their pricing was higher I would still choose to use them because it's clear their goal is to maintain a useful product, not infinite growth andendshittification
SpecialistK 2 days ago [-]
Interestingly, Cloudflare (don't shoot me for mentioning the name, HN!) identify Porkbun as "GoDaddy-Porkbun" but I don't know the relationship.
Edit: "Top Level Design [Porkbun owners] was the domain name registry for several top-level domains including .wiki, .ink and .design, until the company sold these domains to GoDaddy Registry in April 2023" --Wikipedia
mh- 1 days ago [-]
Top tier is still MarkMonitor. Last I spoke with them, they had a five-figure minimum spend, but the per-domain costs are competitive. That cost buys you proper named support contacts, etc.
If you look up the whois for microsoft.com or yahoo.com, that's who you'll find.
thimabi 1 days ago [-]
Five-figure minimum spend sounds pretty expensive for the vast majority of businesses out there. Of course, just a drop in the bucket for major brands.
mh- 1 days ago [-]
Definitely. I don't use them for my personal domains, of course.
But as others have pointed out, there's basically zero margin on simple domain sales. So if you want proper support, you need to go to someone who bundles it with other enterprise business (e.g. AWS), or who makes it their whole business (e.g. MM).
nine_k 2 days ago [-]
Hmm, Porkbun? Name.com? Something like Infomaniak if you prefer Europe?
deaux 1 days ago [-]
>
When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well.
For offline goods, definitely. For digital services, 10+ years ago, definitely. For digital services, in 2026, it's a bad strategy even if you're a business and want something reliable.
boredatoms 2 days ago [-]
Then a paid support plan at $500/mo for those mho want it?
masfuerte 2 days ago [-]
Markmonitor touts itself as an expensive but reliable registrar. I don't know what it costs.
toast0 2 days ago [-]
IIRC, when I used it for my employer .com was $100/domain year, registry lock for eligible tlds was $1000/domain year (I forget if that included the domain), and there was a minimum annual spend that I don't remember, but might have been $10k-$30k. They have new ownership since then, so I dunno.
The only issue we had was when we wanted to change our nameservers and our authorized contact for registry lock didn't answer the phone for the verification call, so we had to postpone the change for the next day. But that's what is supposed to happen, so no big deal.
Better than networksolutions changing our nameservers when one of their support agents got phished.
mihaaly 2 days ago [-]
> They're more likely to have established processes that work for all sorts of cases.
In my experience the sentence is only correct this way: "They're more likely to have established processes for all sorts of cases"
They have lots of clients. They have big opportunities to streamline support (which is a cost center). ... do you see where it leads? Read the OP, if not!
crazygringo 1 days ago [-]
> do you see where it leads? Read the OP, if not!
Read the last paragraph in my comment.
mihaaly 2 days ago [-]
> When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well.
That is also at least 10 years old stale matter. Have you ever read people wrongly being locked out from a BIIIIG provider unable to get through to get remedy? Apparently no. I did. I am sure several other people here did too.
Motto: "Eat shit! A trillion flies cannot be wrong!"
emaro 2 days ago [-]
Exactly. Had to chuckle at:
> [...] is one of the most competent IT guys I know. The GoDaddy account had [...]
Don't think I've ever heard something good about GoDaddy.
manquer 2 days ago [-]
Vast majority of domain owners are not technically inclined today, probably hasn't been so for decades now.
If we ask 100 likely buyers family feud style, where would they go buy a domain, GoDaddy likely is going to be the top answer by a wide margin.
They wouldn't know about any bad news/ security incident with the brand either.
dawnerd 2 days ago [-]
You’d be surprised how many enterprises use them. Also their managed hosting support is surprisingly competent. I’m not a fan of their service but some of our clients use them and anytime their servers have had issues support was quick to fix. Way nicer than having to jump in and do it myself. And so far it’s all been local support and not offshore.
brindleth 1 days ago [-]
Registering a domain usually happens very early in a business' history. It might literally be the first concrete thing the founder does. If the founder is non-technical, they're just going to Google "buy a domain" and see who comes up.
Do it, now. What comes up?
Yes, once IT gets professionalised, they should switch to a better provider. But the registration will likely be for multiple years, with auto-renewal, and when nothing has gone wrong, theoretical problems take a backseat to live ones.
robonot 2 days ago [-]
To be fair, 10 years ago the alternatives weren't as obvious to non-technical buyers.
simultsop 2 days ago [-]
I also found this very, very strange. With their broker campaigns, godaddy built a strong shady facade. Still wonder how people fail to see.
ryandrake 2 days ago [-]
Came here to post the exact same comment. They have a history of amateur-hour stuff like this, too, don't they? For me, the brand has always been associated with "bet it all on marketing" rather than technical competence.
madeforhnyo 2 days ago [-]
The domain has been acquired 27 years ago
ocdtrekkie 2 days ago [-]
The primary reason I used to prefer GoDaddy is you could call them 24/7 and talk to a human who could fix it. Historically I have preferred companies with phone support over submit-a-ticket-and-wait.
trollbridge 2 days ago [-]
At the risk of sounding snarky;
Last Saturday afternoon one of his client’s domains vanished from his GoDaddy account.
Lee is one of the most competent IT guys I know.
'Competent' and 'client's domains [hosted on] GoDaddy' don't go together.
donmcronald 2 days ago [-]
People get tied to their registrar by using their DNS or other services. It's a mistake, but it's extremely common.
So if you have someone using GoDaddy, and everything is working, how do you sell them on the idea of migrating DNS or hosting or email if they've never had an issue?
cnst 1 days ago [-]
There's been a story a few years ago that GoDaddy was blacklisting entire countries not only from their own website, but also from the DNS provided to their customers.
So, at a minimum, your website and email may not work worldwide if you're using the DNS disservice of GoDaddy.
I would NEVER use GoDaddy as a registrar, but if somehow that was a necessity, I would 100% NEVER use their DNS.
1 days ago [-]
piloto_ciego 2 days ago [-]
It does sound snarky, maybe GoDaddy was the cheaper option at one point and they stuck with it. I get that.
I use some square space for a lot of stuff, but it's largely because Google Domains sold out and the price is "fine." Sure, I could use something else, but this works, the cost is correct, and - I can't stress this enough - it already freaking works. I also use a python as a service tool I point at frequently. Their customer service is great, so I doubt this would ever happen there? But yeah, I'm not manually configuring a server somewhere most of the time.
Is it the "best" possible tool for the job? Not really, but it works well enough for the stuff I use and my workflows are already rock solid to deploy code to prod, etc. Is it because it's impossible for me to spin up a VPS or I'm too stupid to figure out Hetzner? Probably. But no, I've done it before, I could do it again, but that would take me X hours that I'm not getting paid for to migrate for limited utility, possible customer interruptions, and stress. I might need to migrate in a year or so, but until then, I'm not going to bother.
I reckon that's a similar sort of thing that happened here and depending on what they're doing business-wise, Lee could be insanely competent IT person and was just unlucky because the hammer he reached out for with GoDaddy actually turned out to be a foot gun that took years to fire.
It happens, it's not ideal, but it happens - I'm just glad they got it figured out and I'm glad that these sorts of events percolate up in the hn zeitgeist, because I definitely know who I won't be turning to in the future. Like, I kind of already knew GoDaddy was trash? I used them something like 10 years ago to spool up a website for a friend of mine. The whole experience was garbage then and I said, "never again" - but also that was kind of at the beginning of me even learning about how this stuff works? But I could totally see a scenario where I get snared into a product ecosystem and the opportunity cost of switching out of it outweighs staying put until it blows up in my face.
nyc_pizzadev 13 hours ago [-]
I was in the Google Domain sold to Squarespace boat too. To this day, that sale makes zero sense, mind boggling they would offload such a critical part of consumer infrastructure. Anyway, I had zero trust in Squarespace, so I spent some time and moved all my domains to Cloudflare and couldn’t be happier. Lots of nice bonus features also popped up.
piloto_ciego 10 hours ago [-]
That’s probably my next move? But it’s a sort of trade off between time and asspain to stay on square space lol.
nirava 2 days ago [-]
Read every alternative volunteered here. Imagine any world where in the next 5 years they can't be enshittified, sold to a predatory private equity, their support lines AI-ified, their headcount reduced by 40% without your knowledge, etc etc. 27 years is a very long time.
A competent IT person can have a backup plan for every expected failure. They can't control registrar level screw ups.
Companies explicitly selling you "bulletproof domains" like MarkMonitor have screwed up big time.
Also as an IT guy, asking to register a new domain with X is much easier than asking to transfer a long held domain away from Y.
rrr_oh_man 2 days ago [-]
Where would you host domains?
arcfour 2 days ago [-]
CloudFlare since they sell domains at cost and have really good DNS infrastructure with some free protection features. If the TLD isn't supported by them for registration then I'd just use their nameservers.
Or Route53 if you're using AWS since that makes it easier to integrate with the rest of AWS and manage in IaC, and AWS also has robust network/DNS infrastructure.
(I would say GCP if using GCP/Google Workspace, too, but since they split domains off to Squarespace I really don't know what is happening over there anymore as far as domains go.)
So far those 3 have been more than sufficient for all of my domain needs.
donmcronald 2 days ago [-]
Domain registration and all other services should be separate. You don't want DNS, web hosting, mail hosting, etc. ToS applied to your registrar account because it increases the risk of the account getting locked.
I haven't had that experience at all with them before. I also don't put much stock in one off experiences from someone who is admittedly not in a situation that almost anyone else, much less someone registering their domains through GoDaddy currently, would find themselves in (i.e. operating an online casino and engaging in behavior that is very obviously a legal/ToS gray area at best).
ceejayoz 1 days ago [-]
> One is that since we are a casino…
This is kinda buried but the whole scenario makes a lot more sense with that context.
whh 2 days ago [-]
If it is extremely critical, MarkMonitor.
Otherwise, Porkbun or Cloudflare Domains if you're ok using their DNS.
rrr_oh_man 2 days ago [-]
What's good about MarkMonitor? All I see is Gartner-friendly buzzwords and AI generated "business people".
Doohickey-d 2 days ago [-]
They specialize in domains management for businesses who consider their domain to be _very_ important. Think Google, Amazon, Microsoft, Wikipedia... (all of those are listed as clients on the wiki page)
As in "pay a lot of money", and we'll dedicate someone to your domain who makes sure that "giving a domain to a stranger without any documents" will _never_ happen.
walrus01 2 days ago [-]
a number of the largest companies that used to be 'clients' of markmonitor have now basically become their own domain registrars and have a direct relationship with ICANN. Amazon for instance. It's curious that google was one and has offloaded it to squarespace.
SahAssar 1 days ago [-]
I'm pretty sure google never used them for their own domains, and the whole markmonitor/squarespace thing was their "google domains" product where they sold registrar services to others. Besides that they also are a registry for .app/.dev and others, but don't sell them via their own registrar anymore.
whh 1 days ago [-]
This is the best approach IMHO if you're a large, extremely valuable company registering a lot of domains.
0_-_0 2 days ago [-]
I want to know this, too. My enterprise clients tend to like using it but that certainly doesn't mean anything.
mh- 1 days ago [-]
See other sibling comments to yours, but you basically have named support contacts who would have been the human-in-the-loop ensuring that a situation like OP's can't happen.
I haven't spoken to them in like a decade, but they also offered other monitoring stuff like notifying you of likely phishing registrations, etc. And it's no longer novel now with options like Route53, but they used to be one of the only solutions with proper RBAC/delegation/audit logs.
ceejayoz 2 days ago [-]
Literally anywhere else.
c2h5oh 2 days ago [-]
I suspect you mean register/renew:
Depends. If it's something really high priority (like main domain for a large corporation) I'd likely be paying CSC 4 digit sums per domain per year.
For stuff a tier below that I'd be looking at companies that are serious about security and happen to do domains as well e.g. Cloudflare, Amazon
rendaw 23 hours ago [-]
Dnsimple, they seem reasonably competent and don't have a bottom of the barrel monetization scheme.
thot_experiment 2 days ago [-]
Literally anywhere else, GoDaddy is utter trash and has been for many years. Namecheap is the one I use personally.
dawnerd 2 days ago [-]
Namecheap has had its own host of issues like a few years back breaking hsts and causing tons of sites to break for quite a while and their response was basically oh well. That incident along made me move my domains off to porkbun.
Since cloudflare is basically the only registrar that will not allow you to host nameservers anywhere else I'd be weary to use them (even indirectly).
dawnerd 1 days ago [-]
Realistically you should never use the registrars dns to begin with. But you can set your own dns with porkbun, I have customs dns on all of my domains. I especially have been doing that since the Namecheap hsts issue. Can't trust any of them.
rrr_oh_man 1 days ago [-]
> Realistically you should never use the registrars dns to begin with
Could you elaborate why?
Krutonium 2 days ago [-]
I do wish Namecheap's Dynamic DNS support supported IPv6 though...
HotGarbage 2 days ago [-]
[flagged]
thot_experiment 2 days ago [-]
Ugh, you got a rec for a place to move my domains?
HotGarbage 1 days ago [-]
Porkbun still seems to be good.
kwanbix 2 days ago [-]
Porkbum or Gandi or name.com
rendaw 23 hours ago [-]
Porkbun has really suspect engineering. Crashing on symbols in passwords for instance.
oasisbob 1 days ago [-]
Gandi's support collapsed a couple years ago. Couldn't even get ahold of anyone with a pulse to help with transfers.
InsideOutSanta 2 days ago [-]
Gandi has started increasing prices like crazy in the last few years.
naikrovek 2 days ago [-]
Why not?
GoDaddy is a valid domain registrar. The customer had dual MFA set up. The customer did all the right things.
I’ve never heard of Godaddy making this kind of egregious mistake before. I’ve heard of some doozies, sure, but nothing like this.
Don’t blame the victim. “It’s their fault they got robbed, they left their door unlocked” is not a valid response to a situation like that or like this. The robber still stole, and godaddy still broke their own rules, rules that customers pay to have enforced.
When you find yourself victim-blaming, you will find yourself on the wrong side.
Jabrov 2 days ago [-]
Such a mistake should never happen, but it's not even about the mistake. It's more about how absolutely awful their support is to revert the mistake.
simultsop 2 days ago [-]
After you read this mess and still call it valid? Keep having it your way, we probably will read your tragedy post too.
miladyincontrol 2 days ago [-]
Maybe you havent, but I and others certainly have heard of this kind of "mistake" aplenty from them. They're infamously bad for this kind of nonsense let alone their other more predatory practices such as frontrunning domain registrations.
ronbenton 2 days ago [-]
Accidentally migrating the wrong domain name is incompetence. Doing so without any of the required documentation is negligent. This is bad on multiple levels
freetime2 2 days ago [-]
Also refusing to acknowledge or correct the mistake when the original owner raised a ticket.
1 days ago [-]
nezhar 2 days ago [-]
It is very scary to consider the consequences that such a transfer can have.
brohee 3 hours ago [-]
That's one of the reasons I can walk in the main office of my registrar within an hour. It's clearly not available to everyone but it's especially important that if you can't do that you can at least conveniently sue your registrar... So at the very least in your jurisdiction.
So much is tied to DNS and particularly email...
M_bara 2 days ago [-]
And that is why I’d rather work with a smallish and responsible registrar like porkbun - this is after I lost a domain from a “cheap name” registrar.
Personal experience, no relationship to either registrar listed above
nadermx 2 days ago [-]
Godaddy is pretty awful in a lot of things. This doesn't even surprise me. But I will say that their broker services have done me well. But I do transfer domains away as soon as possible to dynadot
rationalist 1 days ago [-]
+1 for Dynadot.
I compared all of the other registrars mentioned by HN users, and Dynadot basically tied with Namecheap on price, but Dynadot is so much more user-friendly.
samamou 2 days ago [-]
Do you host with dynadot? From their website it seems like it's mostly domain registration?
rationalist 1 days ago [-]
I don't think they do traditional hosting, just WordPress hosting.
I currently use DreamHost, but I've been a little unhappy with how much clutter and other crap they've added.
I'm open to other shared and dedicated hosting providers.
swiftcoder 2 days ago [-]
I'm a big fan of keeping your hosting provider separate from your domain registrar. You are only ~50% as screwed when one of them screws up
nadermx 2 days ago [-]
Na, I host on vps.org, digitalocean.com, or vultr.com. Also a fan of keeping them seperate.
parham 2 days ago [-]
I’ve successfully saved many people suffering with godaddy.
As soon as the word is mentioned I tell them the horror stories.
Saving this to the bucket of stories.
8cvor6j844qw_d6 2 days ago [-]
Count it as a good deed, talked a group out of GoDaddy on a greenfield project once. Still proud of that one.
rationalist 1 days ago [-]
Unfortunately the few people I have tried to convince all double-down. People don't like to admit they made mistakes.
DANmode 1 days ago [-]
From the limited scope of their perspective, they haven’t made a mistake - until something harms them.
namegulf 2 days ago [-]
Most of the issues we've seen in the past are due to payment failures, credit card declined, etc., that let the domain goto auction and lose access.
This is all new and from the content of the post looks like due to an employee error in transferring the wrong domain and they don't have a process to address the situation.
Corporates have a huge blind spot and everything with them is just a process and this case the process completely failed.
Unfortunately everytime it's the customer who suffers.
tonmoy 2 days ago [-]
Blind spot in the process is one thing, support staff not understanding the urgency of something like this and escaping to higher level is another
namegulf 15 hours ago [-]
That's right. This is no different than transferring money to the wrong account in a bank but it rarely happens since they have strict protocols.
acdha 2 days ago [-]
They’ve been like that since the turn of the century. This is like eating every meal at McDonald’s and wondering why your health is suffering.
jb1991 2 days ago [-]
I’ve made a lot of really good decisions in my life, I think, such as: deciding to have kids, deciding to move to another place I wanted to live, career choices, but by far one of the best of them all was getting all of my domains off of GoDaddy.
nikolay 1 days ago [-]
GoDaddy stole several domains from me. And they've acknowledged it. It was through an Afternic exploit. They still haven't fixed it, even though I've disclosed it. They returned the two domains that were stolen from me, but refused to provide me with a list of other stolen domains, so now I'm trying to find this from renewals, as I have thousands of domain names with them. I do not trust them, so I created a small utility that checks my domain statuses via the API and notifies me if a domain is missing from my portfolio.
akersten 1 days ago [-]
> I do not trust them, so I
Why does this sentence end in anything other than "immediately transferred them to another registrar"?
nikolay 1 days ago [-]
5,000 domain names at $10+/domain... They still give me the best price, plus their domain brokerage service is the best.
donatj 2 days ago [-]
Probably ten years ago with name.com I had a .at domain expire.
I caught it like a day or two later, and successfully renewed it through their site but it did not take.
There was somehow already someone up squatting my domain. I contacted support and they told me there's apparently no renewal window for .at but they could recover it for $140 - oof .. sure. It was nothing super important but would be annoying to lose.
Then it took like a week for them to get back to me, but after that week I got my domain back. I have no idea what gymnastics happened on their side.
dpark 2 days ago [-]
That sounds like name.com was squatting on your expired domain and extorted $140 from you to get it back.
libraryatnight 1 days ago [-]
Often there's a redemption period (depending on tld i think) where the domain can be recovered. Registrars will generally charge a redemption fee during this period.
dpark 1 days ago [-]
Some fee for this is reasonable. $140 seems something less than reasonable for most TLDs.
I would think this fee should be, at most, the cost of 1 year of registration.
libraryatnight 16 hours ago [-]
You're absolutely right, and they often blame the registry for the fee, but support for one of my domains once gave me the impression they inflate on top of the fee for extra profit.
miki123211 2 days ago [-]
If your system relies on DNS, there's no decentralization; you just change whose hands your fate rests in.
Email, Mastodon, Matrix and XMPP are not decentralized. You just exchange reliance on Google / Microsoft / Proton / Fastmail for reliance on Godaddy / Namecheap / Porkbun (in addition to Let's Encrypt, ICAN and the registration authority).
Pine_Mushroom 24 hours ago [-]
I had a very similar situation happen to me with a ~12 year old domain; michiganmushrooms.net. The particulars are slightly different than this case, but the totally unhelpful support team is exactly what I experienced too. Unfortunately I was never able to recover the domain and more or less had to shudder the business that was associated with it.
angrydev 2 days ago [-]
Twilio once put our entire top level account as a sub-account under a national telecommunications company without any notification. Can’t remember how we found out, and nothing broke, but it was a security nightmare that this was possible.
jmkni 2 days ago [-]
Fair play to Susan for doing the right thing, what a mess though
meibo 2 days ago [-]
GoDaddy is the worst registrar, consider it a liability in any of your setups and switch immediately. I've had similar experiences, save yourself the trouble.
LambdaComplex 2 days ago [-]
Nah, that honor goes to Network Solutions. GoDaddy is definitely in 2nd place though.
2 days ago [-]
simultsop 2 days ago [-]
Not surprised. The bureaucracy, human errors, the defficient attention span to anything, not just tranafers of multidecade domains. But attention to anything. Sometimes I am also puzzled how at company x, and company y, when reaching out customer support it feels aa if they are about to make a mistake and I try to slow them down not to.
ValentineC 2 days ago [-]
I had a similar problem with Crazy Domains: they accepted forged documentation, turned off two-factor authentication despite multiple emails from me saying never to do so, and me literally being on a call with them as it happened. The domain compromise happened as part of a plan to hijack my OG Twitter username [1].
It took getting my country's NIC and regulator involved before they restored control of my domain back to me.
I've never gotten a formal apology from them, and the incident took so much out of me that I've never gotten around to pursuing them any further.
But fuck Crazy Domains, Dreamscape Networks, and Newfold Digital (fka Endurance International Group).
This is actually an old issue of many domain registrars, as well as nameserver-hosting companies. They are extremely vulnerable to phishing and other attacks, because their customer support can unilaterally do whatever you convince them to do. And it turns out that often they don't take any convincing! I have gotten domains transferred and nameservers changed many times over the years with zero documentation. Which means cyber criminals can do it to you too.
Too bad there's nothing we can do about it. It's up to the corporation to decide how they want to deal with this; if they screw you over, there's no consequences to them. You could try to sue them, but that would take years to unravel (if you even win), and meanwhile your online business is shut down.
We could introduce regulatory codes, like a software building code, or an internet infrastructure code, to prevent these kinds of things from happening, with a faster recourse if it does, inspections to ensure it is being done well, and fines if it's not. But that sounds like a lot of work; I'm sure companies have our best interests at heart! Let's keep everything exactly as it is.
ronbenton 2 days ago [-]
This wasn’t a phishing attack. Did you read the article?
0xbadcafebee 2 days ago [-]
Yes I did. I didn't say this was a phishing attack, I said they are vulnerable to them. That and the issue in this article ("mistakes") are caused by the same thing - lack of proper procedure - which is what my comment is about.
cnst 1 days ago [-]
Apparently, GoDaddy is so infamous that their infamy has its own Wikipedia page!
npm can give you security warnings about packages. I wonder if there is space for an external dependency warning system for sites. 'WARN: godaddy has elevated security complaints related to service XXX' and the like when you push a PR. Add it as a GH action check and it goes against a public DB of complaints. Sort of a higher level 'do you trust your provider' check.
The core problem tight now is there is very little incentive for companies to fix their support since there is no easy way to advertise how bad it is compared to other companies. There is no natural market for the value of support since consumers don't have an easy/obvious way to compare built into how they do things day to day. An infra scan of services tied to public support metrics could help plug that hole.
Beijinger 1 days ago [-]
Well, I don't understand why he did not complain to ICANN? This would be the second step after customer support failed. Last step is a lawsuit. GoDaddy is opening itself up there to liability big time.
[Assuming that the poster gives true statements, but I have no reason do doubt this]
donmcronald 1 days ago [-]
> Well, I don't understand why he did not complain to ICANN?
It’s slow. At ICANN, IMO, registries > registrars > registrants.
erlkonig 1 days ago [-]
GoDaddy proved themselves corrupt forever ago, grabbing domains their customers didn't pay for in time and then auctioning them back to those customers for massive markups. There's a litany of terrible things they've done.
My main domain is still with nic.ddn.mil / rs.internic.net … i.e the travesty of itself today, networksolutions, which once had the ethics to only give one domain name to each physical site so as to make sure future generations could have them. That fled the moment some pharm company attempted to buy about 90 domains at one and the greed set in. But the same process they failed to improved for a decade or two after getting an income stream is still considered more reliable that GoDaddy.
GoDaddy is corrupt, the joke everyone already knew who was in the know.
D2OQZG8l5BI1S06 2 days ago [-]
The flagstream.com domain of Lee's employer is still registered to this day at GoDaddy.
After such a story how do you not learn from it and migrate everything immediately?
otterley 2 days ago [-]
They might want to perform some due diligence on which company to switch to, and build and test a migration plan before migrating. This incident didn't happen that long ago.
Jabrov 2 days ago [-]
Holy. Time to leave GoDaddy. What's the best alternative?
sitebolts 1 days ago [-]
We register most of our domains through Namecheap and then manage their DNS through Cloudflare.
Aside from that, Porkbun gets recommended on Reddit and HN pretty often.
Dynadot, please CTRL-F for them in this thread. I don't know why people like Namecheap better when Dynadot is just as inexpensive but better.
altairprime 2 days ago [-]
This is a textbook case for suing for compensation and punitive damages. I hope someone opened an arbitration complaint on day one to get the wheels turning. Maybe they’ll consider reviewing https://www.icann.org/compliance/complaint (one can dream).
TZubiri 2 days ago [-]
punitive seems like a huge stretch, damages sure.
Icann Arbitration seems like the wrong channel, those are typically used for when someone correctly technically registered the domain name, but there's a dispute from the non-owner, e.g:
1- Trademark holder registers trademark.com, malicious actor registers trademark-web.com and phishes.
2- trademark.com expires, and someone registers trademark.com and domainsquats.
This is not the case, all Icann can do is make decisions over who owns a domain. A civil court would be more appropriate for calculating and ordering compensatory damages.
altairprime 2 days ago [-]
Does Godaddy have a pattern of creating this sort of fuckup and then handling it in ways that uniformly favor Godaddy and deny customers contractual right to seek redress, that a judge might deem worth assigning punitive damages to warn other commodity-middleman businesses to not be like Godaddy?
Has Godaddy demonstrated a pattern of violating Godaddy’s contract with ICANN, whatever those terms may be, with regards to performance of the basic duties of a ‘registrar’ on behalf of domain owners?
I’m not evaluating these things today since I’m not their lawyer, but certainly they’re both valuable questions.
izucken 1 days ago [-]
Unfathomable incident: arbitrary entity misusing its arbitrarily assigned unilateral power, following perverted incentives.
2 days ago [-]
walrus01 2 days ago [-]
The amount of dark patterns in product management (Domain renewal) UI related to selling additional services and general shadiness from godaddy make it a very poor choice as a registrar. Concur with the other person who has no idea why anyone would choose to use it.
kevin_thibedeau 2 days ago [-]
Such an irony considering the claimed ethical pillars of their founders.
arto 2 days ago [-]
Bob Parsons has done a pretty good job cleaning up his Wikipedia and Google search results over the past decade, so a /sarcasm tag might be needed here for the benefit of people born yesterday
hackan 2 days ago [-]
When is people gonna stop using that crap name server??
What else needs to happen? GoDaddy is a scam!
reactordev 2 days ago [-]
GoDaddy is completely consumed by ServiceNow bureaucracy. They are unable to operate at any kind of capacity. I was a fan until recently when I met an engineer from GoDaddy that led me to believe they are all incompetent there. I know it’s not the case but it left such a sour taste in my mouth that I no longer want to do business with them at all.
daft_pink 1 days ago [-]
I'm only using SOC II compliant vendors from now on.
choult 2 days ago [-]
Friends don't let friends use GoDaddy, it's an absolute nightmare.
cryptoegorophy 2 days ago [-]
What’s a good alternative?
protocolture 1 days ago [-]
I had an issue for a customer once where they had lost the root account credentials for their domain registrar, and it was the only vector they could use to perform some critical action.
It was trivially easy on the phone to pretend to be the guy with approval (he was out of the country and uncontactable) and get the account reset. I could have then transferred the domain.
A few years after that I had a similar issue with the same registrar, and they had added a cooldown, and review to the password reset process. But it was fundamentally the same and I was able to eventually repeat my process.
Godaddy and a lot of other registrars are in the position of catering to extremely non technical people as part of their core business proposition but also, having the responsibility of protecting those people from fraud. Its rough designing processes that permit transfer at all for these people. I dont envy them, but its something they opted into.
r_lee 1 days ago [-]
any serious business should bite the bullet and use markmonitor or something similar where you get a named support guy
mh- 1 days ago [-]
Agreed, and if you don't want to pay for MarkMonitor, at least use your enterprise AWS account, where you have paid support.
deaux 1 days ago [-]
I'm super surprised that not a single comment here is bothered by this straight-out-of-Opus article. I guess the shared fury at GoDaddy is enough to overrule that emotion, or something. Because there are sure such comments on other articles like these.
The AI slop style makes it so annoying to read interesting content. It's sad that I have to resort to it but it made me just run it through an LLM again to remove the slop style, which did make it readable again.
rfmoz 1 days ago [-]
Any provider for critical domain vault?
githubholobeat 1 days ago [-]
AGENTS.md at GoDaddy gone rogue.
omnifischer 2 days ago [-]
Wait few hours. Some CTO or PR guru will post a message here.
- We are totally revamping our processes. This never happened out of incompetence. Humans make mistakes. We are contacting the client for 1 year free renewal - waiving. Will mail a coupon code. We consider this issue closed.
Terr_ 2 days ago [-]
There's Discworld bit [0] that often comes to mind for me, where the protagonist is reading a press-release by a fantasy version of a communications monopoly:
> The Grand Trunk’s problems were clearly the result of some mysterious spasm in the universe and had nothing to do with greed, arrogance, and willful stupidity. Oh, the Grand Trunk management had made mistakes—oops, “well-intentioned judgments which, with the benefit of hindsight, might regrettably have been, in some respects, in error”—but these had mostly occurred, it appeared, while correcting “fundamental systemic errors” committed by the previous management. No one was sorry for anything, because no living creature had done anything wrong; bad things had happened by spontaneous generation in some weird, chilly, geometric otherworld, and “were to be regretted.”
[0] Going Postal (2004) by Terry Pratchett
elashri 2 days ago [-]
Have we ever got any response like than from GoDaddy ever in any of these issues over years?
austinginder 2 days ago [-]
Any direct followup from GoDaddy would be welcomed.
conartist6 2 days ago [-]
What even is "security" anyway? You don't know. I don't know. It's probably a made-up concept.
gib444 2 days ago [-]
Or a very long "let me explain why this is ok actually" from a "random" account
nikanj 2 days ago [-]
HN is the only real support channel in tech. First level customer service is AI, second level is outsourced idiots who blindly follow a script, the third level is ”Issue has been closed”
8cvor6j844qw_d6 2 days ago [-]
The real escalation path is going viral. Things get moving once a grievance is trending.
austinginder 2 days ago [-]
100%
yieldcrv 2 days ago [-]
Flagstream should still get lawyers involved
otterley 2 days ago [-]
IAAL (but this is not legal advice).
That sounds like a nice idea in theory, but: 1/the mistake has been undone, and 2/damages are likely to be minimal. At this point, getting a lawyer involved is going to be a lot of cost without much benefit.
dqv 1 days ago [-]
Their TOS has binding arbitration, so that sort of advice needs to be taken with a grain of salt, since, contractually, they are barred from using the traditional court system to litigate this issue. (Unless they opted out of arbitration when it was first added to the TOS, which most people don't.)
yieldcrv 18 hours ago [-]
suggestion not advice, thought
gpm 2 days ago [-]
They look like a pretty small company. The damages they could recoup might not be high enough to justify the costs.
yieldcrv 2 days ago [-]
get a less expensive lawyer and engage regulators who do most of the work on the taxpayer dime
esskay 2 days ago [-]
I've heard this story before...in fact I've heard it several times, and funnily enough each time it involved GoDaddy. Stop. Using. Them.
nezhar 2 days ago [-]
I was just wondering if this might be the first incident. Are there any other public stories available?
Traubenfuchs 1 days ago [-]
Where does a distinguished hacker news member hold their domains?
Pxtl 1 days ago [-]
The job of tech support is to get you off the phone and free up the call queue.
latchkey 1 days ago [-]
I wanted to buy a domain that was under GoDaddy's control.
We agreed on a price.
I sent the money (not cheap).
Weeks went by and then they emailed me to say that the person they thought owned the domain didn't actually own it.
Mind you, this is a domain that was hosted on their service.
The broker started to ignore me, since his job was done.
It took about 4-5 months and a huge amount of harassment at multiple support levels to get my money back.
Net negative for the internet.
systemvoltage 2 days ago [-]
Any recommendations for a trustworthy registrar?
jrflowers 2 days ago [-]
This reminds me of when a friend’s website inexplicably disappeared and was replaced with a redirect to an ad for some GoDaddy ai website builder and support couldn’t explain how that happened other than “the nameservers were changed” despite the fact that the account hadn’t had any logins for over a year.
maz1b 2 days ago [-]
Wow, that is insanely atrocious. I'll look into moving off any remaining domains away from GoDaddy.
timnetworks 2 days ago [-]
godaddy is a fucking joke, and at ten times the price [of what I use instead]!
and they burrow their stupid certificates into your computer, you can thank microsoft for that one I guess
kwanbix 2 days ago [-]
> Lee is one of the most competent IT guys I know.
And yet he uses GoDaddy?
LeoPanthera 2 days ago [-]
This comments reads sarcastic, but it makes a serious point. GoDaddy has an extremely poor reputation. At some point you must accept that choosing companies like that is your own mistake.
TZubiri 2 days ago [-]
the thing is that it makes sense when you are small, and it's one of the hardest and riskiest things to change, so it's a decision that stays with you.
And to be completely honest, it isn't that bad, you get a phone you can call 24/7. Of course mistakes happen and staff can't always help, but it's more like a 99.9% vs 99.99% quality thing when comparing to other providers like AWS or CloudFlare.
Zak 2 days ago [-]
Why does using GoDaddy as a registrar instead of one with a better reputation like Porkbun or Namecheap make sense when you're small?
TZubiri 1 days ago [-]
Namecheap looks really bad if someone does some due diligence and the word 'cheap' comes out, it's unproffessional and signals cheapness of materials.
Porkbun I'm not familiar, but it for sure can be a better option, it's just that when people start out they look for a familiar name rather than the marginally best option.
I just said it makes sense, not that it's the best option. It's just fine if you are a small or even medium business.
Zak 17 hours ago [-]
Ahh, I understood "makes sense" as "is a good idea" rather than "is an understandable mistake".
This is at the very least debatable. The site they took down contained multiple videos of animals being tortured and killed. Not all decisions are simple black and white.
gzread 1 days ago [-]
Animals die too in a genocide. I don't understand your point here. Namecheap decided they should proactively police Namecheap customers for this, Namecheap should lose all its business as a result. Let Namecheap decide whether the income from Israel exceeds the income from all Namecheap customers.
trollbridge 2 days ago [-]
Changing registrars is one of the easiest things there is to do. I require any clients I work with to do so.
oasisbob 1 days ago [-]
It's much more difficult for some gTLDS.
Once you have a bunch of international domains, it's not even generally possible to have a single registrar who can support them all.
DetroitThrow 2 days ago [-]
Another example of a long list of stories where GoDaddy practically destroys decades of business trust for a customer by just ripping their domain away for no reason. What an awful company.
TZubiri 2 days ago [-]
"Lawyers would have gotten involved"
Oh, please do. Mistakes happen, and the scale of GoDaddy means that even rare mistakes will happen. But they may still be liable for damages, how much is the reputational damage, and the possible lost business? Why wouldn't you go this route?
xpil 21 hours ago [-]
[dead]
big85 2 days ago [-]
[dead]
agent048 2 days ago [-]
[dead]
talkingtab 2 days ago [-]
You are not helpless in these situations. You have a legal right to take action, appearing pro se, so it cost you almost nothing. Our legal system has degenerated into a medieval class system of trial by combat. Corporations can sue you, small corporations and users do not have a symmetric ability. It is like challenging a (dark) knight with armor and a very sharp sword to combat. You will lose. But here is the thing, if people start challenging, it is going to cost them a lot of money to field that knight. Think of this like drone warfare against Russian tanks. Be the drone. If GoDaddy has to field a lawyer for stuff like this, they will have the financial motivation to provide support.
While you could use small claims court, you have to be careful about your ability to appeal and to obtain evidence. In this case you are clearly aggrieved and AI should be able to help you draft a cease-and-desist letter.
Oh, and I have to include a disclaimer that this is not legal advise, that you should pay lots of money to get advice, etc or some dark knight will show up at MY door.
Do not be helpless. You have the right to take legal action. Knowing how to file a case pro se is a useful skill that every citizen should have. (Oops, that is not legal advice either!)
Jan 2017: [Godaddy has issued at least 8850 SSL certificates without validating anything](https://news.ycombinator.com/item?id=47911780)
Jan 2019: [GoDaddy injecting JavaScript into websites and how to stop it](https://news.ycombinator.com/item?id=18894792)
Aug 2022: [Tell HN: Godaddy canceled my domain, gave me 2h to respond, then charged €150](https://news.ycombinator.com/item?id=32470017)
Dec 2022: [GoDaddy buying domains when they expire to extort their own users](https://news.ycombinator.com/item?id=34153448)
Jul 2023: [Godaddy just stole my domain](https://news.ycombinator.com/item?id=36854166)
Jan 2024: [Tell HN: GoDaddy Stole My Domain](https://news.ycombinator.com/item?id=39209087)
https://www.reddit.com/r/technology/comments/npair/godaddy_h...
GoDaddy always struck me as a company ran by a "jock" (think Revenge of the Nerds) and all the technical people there are just there to collect a paycheck and don't care about the customers or going above and beyond, and it shows.
https://en.wikipedia.org/wiki/Controversies_surrounding_GoDa...
And them blocking entire countries from their website and DNS isn't even mentioned in your list or the page!
It's funny, the only time I can recall a programmer describing something as sexist (towards women) in the early/mid 2000's was somebody describing GoDaddy's booth at a convention. That really stuck with me for some reason, lol.
And to make it far worse, IIRC, at a certain point, those blocks applied not only to GoDaddy's own website, but even to the DNS services that are provided for the customers, e.g., your own website wouldn't necessarily work from the "wrong" country, either.
Honestly, I dunno why anyone would use their services. High price, very low value.
And then flat out lied that they received "the correct" documentation justifying the transfer when they hadn't received any documentation, and denied the appeal.
Frankly the whole thing is inexplicable. The best explanation is fraudulent business practices to save 60 seconds of looking for the documentation.
We have always hated working with them, and have moved all clients to cloudflare.
[citation very much needed]
If anyone else chooses to read the post then I suggest skimming the comments (that are mostly hidden by default) as well.
Maybe early/MVP product engineers should know better, but CFs own education materials do not teach you to expect that.
... CF for all their faults probably weren't the bad guy, when they discovered a "customer" absolutely taking the piss with capacity and doing incredibly sketchy things with domains to get around regulatory issues.
I have a courtesy hire car from a breakdown service at the moment with "unlimited mileage". I suspect they mean "unlimited mileage doing the sort of thing you do normally", and that "Unlimited, cool, I'm driving this thing from Scotland to Dagestan" would be met with opposition and a large invoice.
If CF decides you're subject to an invisible limit which they won't even tell you and you have your domains at CF, they hold your domains hostage. Luckily, these guys had their domains somewhere else so they weren't hostage. Don't be the one who is.
I love Cloudflare for my .com domains but they don’t support a lot of TLDs till date.
For my extremely simple needs, the website is domain name magic for a plain customer wanting a plain service.
I certainly don't blame the author being upset and venting. I don't blame them for pointing out that there are problems with the dispute resolution process process. That said, I think they should also realize the registrar also has its own set of challenges to face. In this case, one of those challenges is to protect their customers from having their domain hijacked by a bad actor. The author's behavior most likely had those bad actor vibes, even if it was unintentional.
"- Every email address that exists out in the world is now wrong. - Every piece of marketing material is now incorrect. - All of the SEO is gone."
but it seems to miss even the biggest one, which is that you are effectively locked out of any online business accounts, your bank, your crm, anything that says "we noticed an unusual login, please enter the code we just sent to your email to verify the login."
You dont truly own your cell number or domain. Meanwhile passkeys are certainly hardware I own, likewise my TOTP codes are stored and calculated locally.
It is similar like losing phone or sim or even being in a foreign country where you can't access your number but worse.
Luckily in EU, they still hardly depend on presencs validation, therefore all these sorts of errors can be resolved in couple of hours.
And even worse, if I wanted to take over npmjs.com tomorrow and godaddy would kinda... just hand it over (?!?!?!) then i could probably become a crypto billionaire overnight
I’m locked out of my 20 year old wikipedia account because they instituted 2fa without asking and my email on file was no longer valid.
Nearly lost a dozen other accounts when I moved from Canada to US and changed my phone number. Fortunately I had to foresight to pay about $1/mo to transfer my Canadian number to some VoiP service just so I could keep it active for scenarios like this!
ANIMATS®
Personally (not our official position), I would never try to bring a trademark into this type of dispute. Once you make a trademark claim the domain gets locked to prevent any further changes and you get directed to file a UDRP. We will then act based on the ruling, which could take months.
Same for trying to send "intimidating lawyer letters" (or having your attorney contact us at all). Outside of a few narrow cases, nothing obligates us to spend money on legal resources to respond. But once you demand specific treatment under the law, we have to direct you to a court holding jurisdiction over us to rule in your favor.
That's fine, you're paying for all lost business revenue during that time since it was obviously caused by your gross negligence (liability for which cannot be waived). Hmm. Might be in your interest to undo the mistake quickly?
(No idea how this relates to Facebook, so responding to your comment generically.)
I’d love to be able to register an trademark online.
Current wait times: [2] About 4 months to first reply, 10 months to issue.
I've registered ANIMATS, DOWNSIDE, and SITETRUTH. It's not hard.
[1] https://www.uspto.gov/trademarks/apply
[2] https://www.uspto.gov/trademarks/application-timeline
When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well. They're more likely to have established processes that work for all sorts of cases.
That's what makes this particular story so egregious.
Domains are a very funny business. I can't think of anything so crucial to businesses, that at the same time generates so little revenue per customer. Your entire technological infrastructure depends on it, yet it costs $15/yr. Making a single support request can turn you into an unprofitable customer.
It's also literally one of the most criticized and awful registrars in the world, by a large margin. If decades of stories like this don't convince you to go with a more reliable registrar then I have very little sympathy.
This story is not egregious, it's in fact typical of GoDaddy. Every so often we get a HN post with a GoDaddy horror story. You'd think people would have learned by now.
People who base their technical decisions on considerations like that likely deserve the level of service GoDaddy provides :(
Sortof? [0]. All the commercials I saw [1] were just meant to get guys to visit their site so the speaking was just for fun. The later fake body-building commercials [2] were unusual.
[0] - https://www.youtube.com/watch?v=U1p9X8A2ruk
[1] - https://www.youtube.com/watch?v=o60YmD5_5-Y
[2] - https://www.youtube.com/watch?v=dBNxfarlktE
That is a strange idea to me. Some people are real fans of the lowest bidder, no matter how awful they are.
But they proven over and over and over and over and over again that they are not a reliable business partner.
Whatever their process is, it's concerning. I wonder how many sign-offs are actually involved, or if it's just a ticket handled and closed by a rep.
Either way, GoDaddy is not the first choice for a new domain in 2026.
Off the top of your head, what would be a decent one?
Edit: "Top Level Design [Porkbun owners] was the domain name registry for several top-level domains including .wiki, .ink and .design, until the company sold these domains to GoDaddy Registry in April 2023" --Wikipedia
If you look up the whois for microsoft.com or yahoo.com, that's who you'll find.
But as others have pointed out, there's basically zero margin on simple domain sales. So if you want proper support, you need to go to someone who bundles it with other enterprise business (e.g. AWS), or who makes it their whole business (e.g. MM).
For offline goods, definitely. For digital services, 10+ years ago, definitely. For digital services, in 2026, it's a bad strategy even if you're a business and want something reliable.
The only issue we had was when we wanted to change our nameservers and our authorized contact for registry lock didn't answer the phone for the verification call, so we had to postpone the change for the next day. But that's what is supposed to happen, so no big deal.
Better than networksolutions changing our nameservers when one of their support agents got phished.
In my experience the sentence is only correct this way: "They're more likely to have established processes for all sorts of cases"
They have lots of clients. They have big opportunities to streamline support (which is a cost center). ... do you see where it leads? Read the OP, if not!
Read the last paragraph in my comment.
That is also at least 10 years old stale matter. Have you ever read people wrongly being locked out from a BIIIIG provider unable to get through to get remedy? Apparently no. I did. I am sure several other people here did too.
Motto: "Eat shit! A trillion flies cannot be wrong!"
> [...] is one of the most competent IT guys I know. The GoDaddy account had [...]
Don't think I've ever heard something good about GoDaddy.
If we ask 100 likely buyers family feud style, where would they go buy a domain, GoDaddy likely is going to be the top answer by a wide margin.
They wouldn't know about any bad news/ security incident with the brand either.
Do it, now. What comes up?
Yes, once IT gets professionalised, they should switch to a better provider. But the registration will likely be for multiple years, with auto-renewal, and when nothing has gone wrong, theoretical problems take a backseat to live ones.
So if you have someone using GoDaddy, and everything is working, how do you sell them on the idea of migrating DNS or hosting or email if they've never had an issue?
So, at a minimum, your website and email may not work worldwide if you're using the DNS disservice of GoDaddy.
I would NEVER use GoDaddy as a registrar, but if somehow that was a necessity, I would 100% NEVER use their DNS.
I use some square space for a lot of stuff, but it's largely because Google Domains sold out and the price is "fine." Sure, I could use something else, but this works, the cost is correct, and - I can't stress this enough - it already freaking works. I also use a python as a service tool I point at frequently. Their customer service is great, so I doubt this would ever happen there? But yeah, I'm not manually configuring a server somewhere most of the time.
Is it the "best" possible tool for the job? Not really, but it works well enough for the stuff I use and my workflows are already rock solid to deploy code to prod, etc. Is it because it's impossible for me to spin up a VPS or I'm too stupid to figure out Hetzner? Probably. But no, I've done it before, I could do it again, but that would take me X hours that I'm not getting paid for to migrate for limited utility, possible customer interruptions, and stress. I might need to migrate in a year or so, but until then, I'm not going to bother.
I reckon that's a similar sort of thing that happened here and depending on what they're doing business-wise, Lee could be insanely competent IT person and was just unlucky because the hammer he reached out for with GoDaddy actually turned out to be a foot gun that took years to fire.
It happens, it's not ideal, but it happens - I'm just glad they got it figured out and I'm glad that these sorts of events percolate up in the hn zeitgeist, because I definitely know who I won't be turning to in the future. Like, I kind of already knew GoDaddy was trash? I used them something like 10 years ago to spool up a website for a friend of mine. The whole experience was garbage then and I said, "never again" - but also that was kind of at the beginning of me even learning about how this stuff works? But I could totally see a scenario where I get snared into a product ecosystem and the opportunity cost of switching out of it outweighs staying put until it blows up in my face.
A competent IT person can have a backup plan for every expected failure. They can't control registrar level screw ups.
Companies explicitly selling you "bulletproof domains" like MarkMonitor have screwed up big time.
Also as an IT guy, asking to register a new domain with X is much easier than asking to transfer a long held domain away from Y.
Or Route53 if you're using AWS since that makes it easier to integrate with the rest of AWS and manage in IaC, and AWS also has robust network/DNS infrastructure.
(I would say GCP if using GCP/Google Workspace, too, but since they split domains off to Squarespace I really don't know what is happening over there anymore as far as domains go.)
So far those 3 have been more than sufficient for all of my domain needs.
This is kinda buried but the whole scenario makes a lot more sense with that context.
Otherwise, Porkbun or Cloudflare Domains if you're ok using their DNS.
As in "pay a lot of money", and we'll dedicate someone to your domain who makes sure that "giving a domain to a stranger without any documents" will _never_ happen.
I haven't spoken to them in like a decade, but they also offered other monitoring stuff like notifying you of likely phishing registrations, etc. And it's no longer novel now with options like Route53, but they used to be one of the only solutions with proper RBAC/delegation/audit logs.
Depends. If it's something really high priority (like main domain for a large corporation) I'd likely be paying CSC 4 digit sums per domain per year.
For stuff a tier below that I'd be looking at companies that are serious about security and happen to do domains as well e.g. Cloudflare, Amazon
Since cloudflare is basically the only registrar that will not allow you to host nameservers anywhere else I'd be weary to use them (even indirectly).
Could you elaborate why?
GoDaddy is a valid domain registrar. The customer had dual MFA set up. The customer did all the right things.
I’ve never heard of Godaddy making this kind of egregious mistake before. I’ve heard of some doozies, sure, but nothing like this.
Don’t blame the victim. “It’s their fault they got robbed, they left their door unlocked” is not a valid response to a situation like that or like this. The robber still stole, and godaddy still broke their own rules, rules that customers pay to have enforced.
When you find yourself victim-blaming, you will find yourself on the wrong side.
So much is tied to DNS and particularly email...
Personal experience, no relationship to either registrar listed above
I compared all of the other registrars mentioned by HN users, and Dynadot basically tied with Namecheap on price, but Dynadot is so much more user-friendly.
I currently use DreamHost, but I've been a little unhappy with how much clutter and other crap they've added.
I'm open to other shared and dedicated hosting providers.
As soon as the word is mentioned I tell them the horror stories.
Saving this to the bucket of stories.
This is all new and from the content of the post looks like due to an employee error in transferring the wrong domain and they don't have a process to address the situation.
Corporates have a huge blind spot and everything with them is just a process and this case the process completely failed.
Unfortunately everytime it's the customer who suffers.
Why does this sentence end in anything other than "immediately transferred them to another registrar"?
I caught it like a day or two later, and successfully renewed it through their site but it did not take.
There was somehow already someone up squatting my domain. I contacted support and they told me there's apparently no renewal window for .at but they could recover it for $140 - oof .. sure. It was nothing super important but would be annoying to lose.
Then it took like a week for them to get back to me, but after that week I got my domain back. I have no idea what gymnastics happened on their side.
I would think this fee should be, at most, the cost of 1 year of registration.
Email, Mastodon, Matrix and XMPP are not decentralized. You just exchange reliance on Google / Microsoft / Proton / Fastmail for reliance on Godaddy / Namecheap / Porkbun (in addition to Let's Encrypt, ICAN and the registration authority).
It took getting my country's NIC and regulator involved before they restored control of my domain back to me.
I've never gotten a formal apology from them, and the incident took so much out of me that I've never gotten around to pursuing them any further.
But fuck Crazy Domains, Dreamscape Networks, and Newfold Digital (fka Endurance International Group).
[1] see also: https://news.ycombinator.com/item?id=47859496
Too bad there's nothing we can do about it. It's up to the corporation to decide how they want to deal with this; if they screw you over, there's no consequences to them. You could try to sue them, but that would take years to unravel (if you even win), and meanwhile your online business is shut down.
We could introduce regulatory codes, like a software building code, or an internet infrastructure code, to prevent these kinds of things from happening, with a faster recourse if it does, inspections to ensure it is being done well, and fines if it's not. But that sounds like a lot of work; I'm sure companies have our best interests at heart! Let's keep everything exactly as it is.
https://en.wikipedia.org/wiki/Controversies_surrounding_GoDa...
The core problem tight now is there is very little incentive for companies to fix their support since there is no easy way to advertise how bad it is compared to other companies. There is no natural market for the value of support since consumers don't have an easy/obvious way to compare built into how they do things day to day. An infra scan of services tied to public support metrics could help plug that hole.
[Assuming that the poster gives true statements, but I have no reason do doubt this]
It’s slow. At ICANN, IMO, registries > registrars > registrants.
My main domain is still with nic.ddn.mil / rs.internic.net … i.e the travesty of itself today, networksolutions, which once had the ethics to only give one domain name to each physical site so as to make sure future generations could have them. That fled the moment some pharm company attempted to buy about 90 domains at one and the greed set in. But the same process they failed to improved for a decade or two after getting an income stream is still considered more reliable that GoDaddy.
GoDaddy is corrupt, the joke everyone already knew who was in the know.
Aside from that, Porkbun gets recommended on Reddit and HN pretty often.
Have you seen this? https://news.ycombinator.com/item?id=30506581
Icann Arbitration seems like the wrong channel, those are typically used for when someone correctly technically registered the domain name, but there's a dispute from the non-owner, e.g:
1- Trademark holder registers trademark.com, malicious actor registers trademark-web.com and phishes. 2- trademark.com expires, and someone registers trademark.com and domainsquats.
This is not the case, all Icann can do is make decisions over who owns a domain. A civil court would be more appropriate for calculating and ordering compensatory damages.
Has Godaddy demonstrated a pattern of violating Godaddy’s contract with ICANN, whatever those terms may be, with regards to performance of the basic duties of a ‘registrar’ on behalf of domain owners?
I’m not evaluating these things today since I’m not their lawyer, but certainly they’re both valuable questions.
It was trivially easy on the phone to pretend to be the guy with approval (he was out of the country and uncontactable) and get the account reset. I could have then transferred the domain.
A few years after that I had a similar issue with the same registrar, and they had added a cooldown, and review to the password reset process. But it was fundamentally the same and I was able to eventually repeat my process.
Godaddy and a lot of other registrars are in the position of catering to extremely non technical people as part of their core business proposition but also, having the responsibility of protecting those people from fraud. Its rough designing processes that permit transfer at all for these people. I dont envy them, but its something they opted into.
The AI slop style makes it so annoying to read interesting content. It's sad that I have to resort to it but it made me just run it through an LLM again to remove the slop style, which did make it readable again.
- We are totally revamping our processes. This never happened out of incompetence. Humans make mistakes. We are contacting the client for 1 year free renewal - waiving. Will mail a coupon code. We consider this issue closed.
> The Grand Trunk’s problems were clearly the result of some mysterious spasm in the universe and had nothing to do with greed, arrogance, and willful stupidity. Oh, the Grand Trunk management had made mistakes—oops, “well-intentioned judgments which, with the benefit of hindsight, might regrettably have been, in some respects, in error”—but these had mostly occurred, it appeared, while correcting “fundamental systemic errors” committed by the previous management. No one was sorry for anything, because no living creature had done anything wrong; bad things had happened by spontaneous generation in some weird, chilly, geometric otherworld, and “were to be regretted.”
[0] Going Postal (2004) by Terry Pratchett
That sounds like a nice idea in theory, but: 1/the mistake has been undone, and 2/damages are likely to be minimal. At this point, getting a lawyer involved is going to be a lot of cost without much benefit.
We agreed on a price.
I sent the money (not cheap).
Weeks went by and then they emailed me to say that the person they thought owned the domain didn't actually own it.
Mind you, this is a domain that was hosted on their service.
The broker started to ignore me, since his job was done.
It took about 4-5 months and a huge amount of harassment at multiple support levels to get my money back.
Net negative for the internet.
and they burrow their stupid certificates into your computer, you can thank microsoft for that one I guess
And yet he uses GoDaddy?
And to be completely honest, it isn't that bad, you get a phone you can call 24/7. Of course mistakes happen and staff can't always help, but it's more like a 99.9% vs 99.99% quality thing when comparing to other providers like AWS or CloudFlare.
Porkbun I'm not familiar, but it for sure can be a better option, it's just that when people start out they look for a familiar name rather than the marginally best option.
I just said it makes sense, not that it's the best option. It's just fine if you are a small or even medium business.
Once you have a bunch of international domains, it's not even generally possible to have a single registrar who can support them all.
Oh, please do. Mistakes happen, and the scale of GoDaddy means that even rare mistakes will happen. But they may still be liable for damages, how much is the reputational damage, and the possible lost business? Why wouldn't you go this route?
While you could use small claims court, you have to be careful about your ability to appeal and to obtain evidence. In this case you are clearly aggrieved and AI should be able to help you draft a cease-and-desist letter.
Oh, and I have to include a disclaimer that this is not legal advise, that you should pay lots of money to get advice, etc or some dark knight will show up at MY door.
Do not be helpless. You have the right to take legal action. Knowing how to file a case pro se is a useful skill that every citizen should have. (Oops, that is not legal advice either!)