It’s an ICANN rule that domain registrants have current correct contact information, but what happens if there is a mistake in your contact info? Say, for example, you changed email address but forgot to update the email address in your domain registration record?
Well if you registered with GoDaddy, it seems that they might just take your domain away, even though it’s bought and paid for, and is yet to expire. That’s what happened to the owner of FamilyAlbum.com, after he failed to respond to an email requesting that he check/update his contact information. GoDaddy’s response is here.
To add insult to injury, the information available suggests that GoDaddy made some money reselling the domain in question via a back-order (this is where a person can order an already registered domain with the hope that the current owner will abandon it or let it expire), and if you visit FamilyAlbum.com now, you’ll see a GoDaddy parking page (which I’d imagine GoDaddy makes money from too).
My own question about GoDaddy’s response is this: They apparently feel that if you don’t respond to email for some period (the exact period isn’t clear from the news story, but it appears to be 8 weeks or perhaps less), that they are entitled to take the domain back - but what if the domain owner is sick? Or vacationing? Or climbing mountains in Antarctica? Because, remember not every domain owner is using their domain to run a business. ICANN requires valid contact information, but, as far as I know, doesn’t specify a time limit for how quickly domain owners must respond if contacted.
And of course the obvious one: What if the registrar’s email(s) requesting that it be checked/updated accidentally landed in the domain owner’s spam folder, unnoticed? What if the contact info, including address, phone number and email address, are all valid and current? Could you lose your domain for failing to update that which is already fully up to date?
The other thing, that is already being speculated about, is whether a malicious person could do something like this (perhaps targeting GoDaddy registrations, because he knows they will cancel registrations with incorrect email addresses):
- Extract email addresses from domain records in the WHOIS database (not necessarily for every domain, but perhaps for domains which are 1 or 2 dictionary words, domains with high Google PR, etc.)
- Email each address and see which email addresses bounces
- For domains whose email address bounces, back-order them, then email a complaint to the registrar (GoDaddy in this example) complaining of invalid contact information
Or an even more scary scenario: What if the malicious person who wanted a particular domain, simply mail bombed the domain owner (sending so much email continuous to flood his inbox and guaranteeing that he can’t respond to email). The malicious person would have to keep this up for a while…. but, if he did…. could he acquire a domain name by guaranteeing the owner won’t be able to receive/respond to GoDaddy emails?