ZH version is available. Content is displayed in original English for accuracy.
Advertisement
Advertisement
⚡ Community Insights
Discussion Sentiment
39% Positive
Analyzed from 4781 words in the discussion.
Trending Topics
#godaddy#domain#support#domains#registrar#com#years#more#don#likely
Discussion (162 Comments)Read Original on HackerNews
Jan 2017: [Godaddy has issued at least 8850 SSL certificates without validating anything](https://news.ycombinator.com/item?id=47911780)
Jan 2019: [GoDaddy injecting JavaScript into websites and how to stop it](https://news.ycombinator.com/item?id=18894792)
Aug 2022: [Tell HN: Godaddy canceled my domain, gave me 2h to respond, then charged €150](https://news.ycombinator.com/item?id=32470017)
Dec 2022: [GoDaddy buying domains when they expire to extort their own users](https://news.ycombinator.com/item?id=34153448)
Jul 2023: [Godaddy just stole my domain](https://news.ycombinator.com/item?id=36854166)
Jan 2024: [Tell HN: GoDaddy Stole My Domain](https://news.ycombinator.com/item?id=39209087)
It's funny, the only time I can recall a programmer describing something as sexist (towards women) in the early/mid 2000's was somebody describing GoDaddy's booth at a convention. That really stuck with me for some reason, lol.
And then flat out lied that they received "the correct" documentation justifying the transfer when they hadn't received any documentation, and denied the appeal.
Frankly the whole thing is inexplicable. The best explanation is fraudulent business practices to save 60 seconds of looking for the documentation.
I certainly don't blame the author being upset and venting. I don't blame them for pointing out that there are problems with the dispute resolution process process. That said, I think they should also realize the registrar also has its own set of challenges to face. In this case, one of those challenges is to protect their customers from having their domain hijacked by a bad actor. The author's behavior most likely had those bad actor vibes, even if it was unintentional.
"- Every email address that exists out in the world is now wrong. - Every piece of marketing material is now incorrect. - All of the SEO is gone."
but it seems to miss even the biggest one, which is that you are effectively locked out of any online business accounts, your bank, your crm, anything that says "we noticed an unusual login, please enter the code we just sent to your email to verify the login."
You dont truly own your cell number or domain. Meanwhile passkeys are certainly hardware I own, likewise my TOTP codes are stored and calculated locally.
Luckily in EU, they still hardly depend on presencs validation, therefore all these sorts of errors can be resolved in couple of hours.
It is similar like losing phone or sim or even being in a foreign country where you can't access your number but worse.
I’m locked out of my 20 year old wikipedia account because they instituted 2fa without asking and my email on file was no longer valid.
And even worse, if I wanted to take over npmjs.com tomorrow and godaddy would kinda... just hand it over (?!?!?!) then i could probably become a crypto billionaire overnight
ANIMATS®
When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well. They're more likely to have established processes that work for all sorts of cases.
That's what makes this particular story so egregious.
Domains are a very funny business. I can't think of anything so crucial to businesses, that at the same time generates so little revenue per customer. Your entire technological infrastructure depends on it, yet it costs $15/yr. Making a single support request can turn you into an unprofitable customer.
It's also literally one of the most criticized and awful registrars in the world, by a large margin. If decades of stories like this don't convince you to go with a more reliable registrar then I have very little sympathy.
This story is not egregious, it's in fact typical of GoDaddy. Every so often we get a HN post with a GoDaddy horror story. You'd think people would have learned by now.
Whatever their process is, it's concerning. I wonder how many sign-offs are actually involved, or if it's just a ticket handled and closed by a rep.
Either way, GoDaddy is not the first choice for a new domain in 2026.
Off the top of your head, what would be a decent one?
In my experience the sentence is only correct this way: "They're more likely to have established processes for all sorts of cases"
They have lots of clients. They have big opportunities to streamline support (which is a cost center). ... do you see where it leads? Read the OP, if not!
Read the last paragraph in my comment.
That is also at least 10 years old stale matter. Have you ever read people wrongly being locked out from a BIIIIG provider unable to get through to get remedy? Apparently no. I did. I am sure several other people here did too.
Motto: "Eat shit! A trillion flies cannot be wrong!"
If we ask 100 likely buyers family feud style, where would they go buy a domain, GoDaddy likely is going to be the top answer by a wide margin.
They wouldn't know about any bad news/ security incident with the brand either.
> [...] is one of the most competent IT guys I know. The GoDaddy account had [...]
Don't think I've ever heard something good about GoDaddy.
So if you have someone using GoDaddy, and everything is working, how do you sell them on the idea of migrating DNS or hosting or email if they've never had an issue?
I use some square space for a lot of stuff, but it's largely because Google Domains sold out and the price is "fine." Sure, I could use something else, but this works, the cost is correct, and - I can't stress this enough - it already freaking works. I also use a python as a service tool I point at frequently. Their customer service is great, so I doubt this would ever happen there? But yeah, I'm not manually configuring a server somewhere most of the time.
Is it the "best" possible tool for the job? Not really, but it works well enough for the stuff I use and my workflows are already rock solid to deploy code to prod, etc. Is it because it's impossible for me to spin up a VPS or I'm too stupid to figure out Hetzner? Probably. But no, I've done it before, I could do it again, but that would take me X hours that I'm not getting paid for to migrate for limited utility, possible customer interruptions, and stress. I might need to migrate in a year or so, but until then, I'm not going to bother.
I reckon that's a similar sort of thing that happened here and depending on what they're doing business-wise, Lee could be insanely competent IT person and was just unlucky because the hammer he reached out for with GoDaddy actually turned out to be a foot gun that took years to fire.
It happens, it's not ideal, but it happens - I'm just glad they got it figured out and I'm glad that these sorts of events percolate up in the hn zeitgeist, because I definitely know who I won't be turning to in the future. Like, I kind of already knew GoDaddy was trash? I used them something like 10 years ago to spool up a website for a friend of mine. The whole experience was garbage then and I said, "never again" - but also that was kind of at the beginning of me even learning about how this stuff works? But I could totally see a scenario where I get snared into a product ecosystem and the opportunity cost of switching out of it outweighs staying put until it blows up in my face.
A competent IT person can have a backup plan for every expected failure. They can't control registrar level screw ups.
Companies explicitly selling you "bulletproof domains" like MarkMonitor have screwed up big time.
Also as an IT guy, asking to register a new domain with X is much easier than asking to transfer a long held domain away from Y.
Or Route53 if you're using AWS since that makes it easier to integrate with the rest of AWS and manage in IaC, and AWS also has robust network/DNS infrastructure.
(I would say GCP if using GCP/Google Workspace, too, but since they split domains off to Squarespace I really don't know what is happening over there anymore as far as domains go.)
So far those 3 have been more than sufficient for all of my domain needs.
Otherwise, Porkbun or Cloudflare Domains if you're ok using their DNS.
Depends. If it's something really high priority (like main domain for a large corporation) I'd likely be paying CSC 4 digit sums per domain per year.
For stuff a tier below that I'd be looking at companies that are serious about security and happen to do domains as well e.g. Cloudflare, Amazon
GoDaddy is a valid domain registrar. The customer had dual MFA set up. The customer did all the right things.
I’ve never heard of Godaddy making this kind of egregious mistake before. I’ve heard of some doozies, sure, but nothing like this.
Don’t blame the victim. “It’s their fault they got robbed, they left their door unlocked” is not a valid response to a situation like that or like this. The robber still stole, and godaddy still broke their own rules, rules that customers pay to have enforced.
When you find yourself victim-blaming, you will find yourself on the wrong side.
Personal experience, no relationship to either registrar listed above
Email, Mastodon, Matrix and XMPP are not decentralized. You just exchange reliance on Google / Microsoft / Proton / Fastmail for reliance on Godaddy / Namecheap / Porkbun (in addition to Let's Encrypt, ICAN and the registration authority).
As soon as the word is mentioned I tell them the horror stories.
Saving this to the bucket of stories.
I caught it like a day or two later, and successfully renewed it through their site but it did not take.
There was somehow already someone up squatting my domain. I contacted support and they told me there's apparently no renewal window for .at but they could recover it for $140 - oof .. sure. It was nothing super important but would be annoying to lose.
Then it took like a week for them to get back to me, but after that week I got my domain back. I have no idea what gymnastics happened on their side.
This is all new and from the content of the post looks like due to an employee error in transferring the wrong domain and they don't have a process to address the situation.
Corporates have a huge blind spot and everything with them is just a process and this case the process completely failed.
Unfortunately everytime it's the customer who suffers.
Q1: Is NameCheap the correct alternative?
Q2: This person has 50 domains on GoDaddy. How do I convince him to migrate? One new domain at a time? Has anyone else dealt with this?
Too bad there's nothing we can do about it. It's up to the corporation to decide how they want to deal with this; if they screw you over, there's no consequences to them. You could try to sue them, but that would take years to unravel (if you even win), and meanwhile your online business is shut down.
We could introduce regulatory codes, like a software building code, or an internet infrastructure code, to prevent these kinds of things from happening, with a faster recourse if it does, inspections to ensure it is being done well, and fines if it's not. But that sounds like a lot of work; I'm sure companies have our best interests at heart! Let's keep everything exactly as it is.
Aside from that, Porkbun gets recommended on Reddit and HN pretty often.
The core problem tight now is there is very little incentive for companies to fix their support since there is no easy way to advertise how bad it is compared to other companies. There is no natural market for the value of support since consumers don't have an easy/obvious way to compare built into how they do things day to day. An infra scan of services tied to public support metrics could help plug that hole.
It took getting my country's NIC and regulator involved before they restored control of my domain back to me.
I've never gotten a formal apology from them, and the incident took so much out of me that I've never gotten around to pursuing them any further.
But fuck Crazy Domains, Dreamscape Networks, and Newfold Digital (fka Endurance International Group).
[1] see also: https://news.ycombinator.com/item?id=47859496
While you could use small claims court, you have to be careful about your ability to appeal and to obtain evidence. In this case you are clearly aggrieved and AI should be able to help you draft a cease-and-desist letter.
Oh, and I have to include a disclaimer that this is not legal advise, that you should pay lots of money to get advice, etc or some dark knight will show up at MY door.
Do not be helpless. You have the right to take legal action. Knowing how to file a case pro se is a useful skill that every citizen should have. (Oops, that is not legal advice either!)
Icann Arbitration seems like the wrong channel, those are typically used for when someone correctly technically registered the domain name, but there's a dispute from the non-owner, e.g:
1- Trademark holder registers trademark.com, malicious actor registers trademark-web.com and phishes. 2- trademark.com expires, and someone registers trademark.com and domainsquats.
This is not the case, all Icann can do is make decisions over who owns a domain. A civil court would be more appropriate for calculating and ordering compensatory damages.
Has Godaddy demonstrated a pattern of violating Godaddy’s contract with ICANN, whatever those terms may be, with regards to performance of the basic duties of a ‘registrar’ on behalf of domain owners?
I’m not evaluating these things today since I’m not their lawyer, but certainly they’re both valuable questions.
- We are totally revamping our processes. This never happened out of incompetence. Humans make mistakes. We are contacting the client for 1 year free renewal - waiving. Will mail a coupon code. We consider this issue closed.
> The Grand Trunk’s problems were clearly the result of some mysterious spasm in the universe and had nothing to do with greed, arrogance, and willful stupidity. Oh, the Grand Trunk management had made mistakes—oops, “well-intentioned judgments which, with the benefit of hindsight, might regrettably have been, in some respects, in error”—but these had mostly occurred, it appeared, while correcting “fundamental systemic errors” committed by the previous management. No one was sorry for anything, because no living creature had done anything wrong; bad things had happened by spontaneous generation in some weird, chilly, geometric otherworld, and “were to be regretted.”
[0] Going Postal (2004) by Terry Pratchett
That sounds like a nice idea in theory, but: 1/the mistake has been undone, and 2/damages are likely to be minimal. At this point, getting a lawyer involved is going to be a lot of cost without much benefit.
and they burrow their stupid certificates into your computer, you can thank microsoft for that one I guess
Oh, please do. Mistakes happen, and the scale of GoDaddy means that even rare mistakes will happen. But they may still be liable for damages, how much is the reputational damage, and the possible lost business? Why wouldn't you go this route?
And yet he uses GoDaddy?
And to be completely honest, it isn't that bad, you get a phone you can call 24/7. Of course mistakes happen and staff can't always help, but it's more like a 99.9% vs 99.99% quality thing when comparing to other providers like AWS or CloudFlare.