Is this domain letter/email legit?

“slipping

We’ve been receiving a number of inquiries lately about fraudulent domain renewal and transfer scams customers have received. Seems like a good time to post some information about them, and things to look out for.

We’ve seen lots of attempted scams, but the average customer doesn’t deal with that regularly. So when they are targeted, it can be worrying and confusing.

Scammers rely on worry and confusion a lot.

We have lots of information on scams, spam, and privacy in this article. In this piece, we’ll highlight some of the most important things to look out for.

  1. We will never send postal mail to you
  2. We only do domains
  3. Scammers rely on you being busy, not paying attention, and worrying
  4. Scammers use slippery language
  5. It’s not your fault, and what to do next

We will never send postal mail to you

If you receive postal mail warning about your domain expiring and the need to renew or transfer, this is a scam. We don’t send postal mail to anyone, ever. About anything.

Some common scammer sources are: Domain Registry of America, Domain Registry of Canada, Domain Services, or IDNS. Ignore and throw them away. They are not affiliated with us in any way.

Here’s an example of the IDNS one (they’ve been quite active lately):

“IDNS”

To reiterate: we will never, ever send you postal mail. Notifications about your account or domains will be sent via email only to the email address(es) you’ve specified for your account and/or registrant contact.

We only do domains

We help you register domains and manage your DNS setup. That’s all. We don’t provide hosting; we don’t work on SEO; we don’t help build websites.

There are lots of scams and spam to try and get you to “submit your domain” to search engines to improve your rankings. And, of course, there’s a price attached. These “offers” are not from us or affiliated with us in any way. And you have absolutely no need for them.

Search engines are marvelously smart and complex and find domains and websites all by themselves. The best way to rank well is to create a great site with great content that people want to find, engage with, and share.

You don’t need to submit your site like entering a contest, and you definitely don’t need to pay for it.

Side note: yes, there are legit services to help you with your site branding, content, and SEO. That is completely different, though, and typically you need to approach them. They’re not going to solicit.

For more information, check out this excellent Beginner’s Guide to SEO.

Also, to help stop these unwanted solicitations, you may want to add our free WHOIS privacy service to your domain (if supported for your type of domain). Information about that is here. That will also help prevents unsolicited “offers” for web development, marketing, or other services you’re likely not interested in.

Scammers rely on you being busy, not paying attention, and worrying

For many people, domains aren’t something they deal with every day. Which makes it pretty common if you don’t remember exactly when your expiry/renewal date is, unless it was processed recently.

There’s a good chance you also may not recall what the registration price of your domain was. Or what the renewal price will be. If the price quoted in a scam doesn’t seem too bad, you might not question it.

Note that a regular .COM domain renewal from us costs $14.90 USD. However a number of scams quote the renewal price as $60 USD, and people still don’t question it.

So if you receive an official-looking notification telling you how much you need to pay to renew, and giving you instructions… Well, you don’t want to risk losing your domain, right…?

An easy thing to check immediately is the sender’s email address. If it doesn’t show @iwantmyname.com, it’s not from us and it would probably be a good idea to check with us if it’s okay or not.

Certain administrative notifications, like registration verification, will come from @ispapi.net. Those are legitimate, and they won’t ask you for money.

You might also receive something called a WDRP notice. That is also legitimate and comes from ICANN. All the info you need to know about that is here.

Scammers use slippery language

Scammers and spammers craft their emails very carefully. (Even those ridiculous spam emails you get from “Nigerian princes” read the way they do quite intentionally.)

Scams are specifically crafted to make you worry about losing your domain, and make it seem like the required actions are reasonable. If you get someone worrying, they’re more likely to rashly follow instructions.

If you read the messages very carefully, they aren’t straight-up telling you that your domain will expire, or that it needs to be transferred. Because that is incorrect and to say so outright would be against domain registration rules.

But they do rely on people not being that familiar with the domains business, not interacting with their registrar accounts often, not wanting to lose their domains, and being busy folks who get a lot of mail and email and rarely have time to read everything closely.

For many people with limited experience, they may only ever have registered one domain. They may never have renewed or transferred one. So there’s no reason for them to know all the specifics. That makes it easy to just follow “helpful” instructions, too. (Note: renewing a domain never requires a transfer.)

It's not your fault, and what to do next

If you’ve been targeted by a scam or have been victimized, don’t beat yourself up. As noted, these people have a lot of experience getting people to do what they want. And even if a fairly small percentage of targets fall victim and pay them, they can make a lot of money.

Above all, if you receive one of these mailings or emails and have ANY questions or concerns, please let us know. We are more than happy to dispel any concerns or answer any questions.

You can also check our help section. We have a variety of articles on the subject (several of them linked above).

If you have paid one of these organizations for what you thought was a legitimate renewal, we recommend contacting your credit card company immediately and starting a chargeback complaint. This may help to get your money refunded.

If you’re in the process of following through, but haven’t paid the scammers yet: STOP. Delete their emails, throw away their mail, and do not give them your contact details or credit card information.

If you have paid them and have completed a transfer of your domain to them per their instructions, that is a bit trickier.

Typically their scam there is to charge you an exorbitant amount for you to get the domain and transfer it back to your previous registrar. This is not actually illegal, since technically you agreed to the transfer; it’s just bad business practice.

More information on the required Form of Authorisation (FOA), which is a permission/agreement to transfer, for generic domain extensions (gTLDs). For TLDs where this has to be done manually, on paper, there is more time to catch scams. However, these days, most domain transfers can be confirmed electronically via clicking a link in an email sent to the registrant. However, the FOA and the transfer process need to comply with registry requirements, and if the rules haven’t been followed correctly a transfer may be invalid, e.g. incorrect information has been presented) and could be reversed.

More information on ICANN’s transfer policy is here. Note that after November 30th, 2016, updated rules will be in place.

If you’re still not clear whether or not you were defrauded, you should contact your previous domain registrar and inquire about starting a transfer complaint. If nothing can be done there, next you would contact the domain TLD registry. And if that doesn’t work, ultimately there’s ICANN’s dispute resolution panel. More information on ICANN’s transfer dispute policy here.


Not everyone will get scammed, but as noted, we see periods of time when scammers get really active. And we consider it part of our job to help people be educated against these activities.

We’re happy to answer questions any time, and if one of these scams has affected you, we’ll do our best to help.

New Plugin: 3dcart

“3dcart”

If you haven’t noticed, there are quite a few e-commerce platforms on the market today, and most of the top-tier options have a similar combination of style, stability, and price. But while style and stability are sort of at the mercy of web trends, price can fluctuate quite a bit.

The main differentiator is what the platform has you pay for – you either pay per month for your site and get unlimited transactions or per transaction, paying more as you become more popular. 3dcart is in the ladder category, with tiers separated by how many items you are selling, not monthly transactions. For shops selling a lot of a specific number of products, that’s a pretty nice way to go.

And of course, 3dcart comes with all the bells and whistles one would expect from a do-it-all e-commerce platform. Professionally designed responsive themes, 24x7 tech support, easy product upload, 100+ payment system options, an expansive product management system. It’s all there, and it’s not your typical startup endeavor – 3dcart has been around for more than a decade, keeping up with the web every step of the way.

New Domain Extension: .tube

“The

US Senator Ted Stevens, trying to “describe the Internet in the context of opposing network neutrality”:

Ten movies streaming across that, that Internet, and what happens to your own personal Internet? I just the other day got… an Internet was sent by my staff at 10 o’clock in the morning on Friday. I got it yesterday. Why? Because it got tangled up with all these things going on the Internet commercially.

…They want to deliver vast amounts of information over the Internet. And again, the Internet is not something that you just dump something on. It’s not a big truck. It’s a series of tubes.

Whether you’re one of “these things going on the Internet commercially” or just a person with something to broadcast, .tube is a nice new extension with plenty of good, available domain names. I’d expect the extension to be mainly used for video, as tube is an informal term for TV, but again, anything can be added to our glorious “series of tubes.”

Get a brand new .tube domain today. Only $49.00 USD.

The Ins and Outs of gTLDs

“generic

Recently we published a piece outlining what ccTLDs are and how they work. In this piece, we’ll look at the huge, and perhaps more familiar, world of gTLDs.

  1. What is a gTLD
  2. New gTLDs
  3. One registry to rule them all (sort of)
  4. Some major players
  5. Members only
  6. Emoji domain quirks

What is a gTLD?

The “g” in gTLD stands for Generic, which pretty much covers the wide variety available under that type. Any domain extension of at least three letters is pretty much guaranteed to be a gTLD, whether it’s .COM or .COMMUNITY.

Back in the mists of internet history, there weren’t many gTLDs available. It was largely limited to .COM, .INFO, .NET, and .ORG, and even those had restrictions. .COM was originally meant for commercial entities (though that changed ages ago). .ORG was mainly for non-commercial use.

There were also more restricted gTLDs, like .EDU (educational use, but mainly only colleges and universities these days), .GOV (government use, but pretty much only US government now), and .MIL (military use, but again, pretty much only US military now.)

New gTLDs

The expansion of available options for gTLDs started in 2012 when the application window was opened for several months. There was a long process of reviewing and approving applications, and the first ones started to be launched in 2013, with a much greater number and variety launching in 2014.

Now there are over 700 gTLDs available, and nearly 2000 more on the waiting list. The application window has been closed for a while, however, and likely won’t reopen until around 2020, so if you really wanted to apply for your own TLD, you’ll have to wait. And there are some other pretty big requirements as well.

One registry to rule them all (sort of)

Unlike ccTLDs, not all gTLDs are managed by separate registries. ICANN oversees these registries, among other aspects of internet oversight.

As a result, all gTLDs have the same rules. While registrars can set their own pricing and decide to support WHOIS privacy (here’s the list of those who do), for the most part, requirements for who can register domains, what information needs to be provided, how long registrations last, how transfers work, how domains can be renewed or restored, and when expired domains get deleted are all standardized. Here’s an example of the standardized process for domain expiry:

If one of those gTLD domains expires, it will be renewable normally for 45 days. After that it will be restorable (though that’s more expensive) for another 35 days. However, since things can’t be too easy, the restorable period is 30 days for .COMs, and registries like Uniregistry have 180-day restorable periods. After that, the domain will be in a pending deletion state for another 5 days, when it is no longer restorable. After that it will be fully deleted and released, available to be re-registered by anyone.

Overall, this means that pretty much anyone, anywhere can register a .PHOTOS or .PIZZA domain without dealing with any special issues.

Some major players

Verisign, in the US, is the authoritative registry for .COM, .NET, and .NAME, as well as a couple of ccTLDs and provides the back-end systems for .JOBS, .GOV, and .EDU. As you can imagine, they’re a pretty big deal.

They also operate two of the internet’s 13 root nameservers, which is a big responsibility, having the functioning of the actual internets resting on their shoulders (or in their infrastructure, as it were).

The other original gTLDs are managed by several specific registries, like the Public Interest Registry for .ORG (and the newer .NGO) for non-profits.

The newer gTLDs, however, are managed among a variety of registries. As we mentioned in our article on why you can’t get your own TLD delegated, the amount of time, money, and lawyering required really limits applications to pretty big companies or consortiums.

Companies like Amazon and Google have applied for, and received delegation, for a variety of the new gTLDs. Charleston Road Registry, for example, is Google. (Charleston Road is where Google’s headquarters are located in Mountain View). Google has a variety of gTLDs already, from .ADS to .ZIP. They also won .APP, which is going to be very popular.

One interesting thing to note is that organizations that get approval for these gTLDs don’t necessarily have to offer them for public domain registrations. With what’s called single user delegation, they can keep them for just their own use. .DEV (also Google’s) is likely to be one of those.

The Donuts registry, started in 2011, was founded because of ICANN’s gTLD expansion program, and only handles gTLDs. They now manage a wide variety, from .ACADEMY to .ZONE, and have been a big expansion success story.

Because these companies tend to be quite large and well established, there aren’t really issues with services being down or disruptions due to civil unrest or natural disasters (as could happen with some smaller ccTLD registries), as their infrastructure is global and highly robust.

Members only

A number of the new gTLDs are intended for specific professions, like .ACCOUNTANT, .BUILDERS, and .LAWYER. Registration for some of these is as open as for .COM. However, for some, like .LAWYER, you need to provide proof that you are, in fact, licensed to practice law. This is pretty important given that it can be pretty easy to be… less than honest on the internet.

If you’re interested in registering one of those professional domains, the main registration page will include information about any restrictions. Institutional gTLDs like .BANK and .INSURANCE have some rules as well.

Emoji domain quirks

As mentioned in the ccTLD article, emoji domains, while popular, are tricky, as they are not widely supported. The most common TLDs supporting emojis for domains are ccTLDs, like .WS, and there are only a handful.

We really don’t recommend trying to find/register emoji domains for gTLDs, as support for them was never official, but more of a loophole that’s been corrected. As far we we’ve been able to learn, unicode/emojis aren’t supported for the new gTLDs, either.

As always, it’s our job to know the ins and outs of TLDs and other aspects of domains and DNS management. If you have questions or need help, just let us know.

Bali Startup Weekend Rocks!

Startup Weekend Bali

We’ve always been a big supporter of tech and startup community events at home in New Zealand, but our involvement with Bali Startup Weekend was the biggest thrill yet.

Bali has been a magnet for creative people for many years and is also the jewel in Indonesia’s tourism crown, with almost 4 million visitors annually. But the island faces some pressing sustainability issues that are yet to be fully addressed in the headlong rush to embrace the surge in visitor numbers. Diversifying the economy and caring for the environment is not exactly front of mind with administrators at present, but others are already thinking about it.

The island is home to numerous ex-pats, many of whom have started businesses providing employment opportunities outside of tourism. Steve Munro transplanted his family from Canada to Ubud, Bali a few years back and established Hubud, widely recognised as the coolest co-working space in Indonesia. The venue attracts entrepreneurs from all around the globe who come to tropical Bali to work remotely on their startups.

Hubud was the venue for Bali Startup Weekend 2016, a special weekend with a social innovation theme. We sponsored the event in previous years and had no hesitation doing so again when the call came. The organisers also extended a special honour through an invitation to take a seat on the judging panel this time around. It was an amazing event and I found it especially rewarding to see local Balinese working side by side with a literal United Nations of devs, designers and business aspirants.

Our support for Startup Weekend continues, with the inaugural Kapiti Startup Weekend July 22-24. In fact we are offering two free tickets to the event for developers or designers. Simply share this blog article on your Twitter feed, mention @iwantmyname and go in the draw.

Our T&Cs Have Been Updated

If you’re an iwantmyname customer and have been keeping up with your emails, you’ve probably noticed that we updated our terms and conditions (T&Cs) this week. T&Cs are perhaps the most boring documents on the face of the planet, so here’s a little summary of the main changes.

  1. We’ve added a WHOIS privacy agreement to our terms so customers may be able to register domains with WHOIS privacy on by default in the future. We’re still working on the implementation, but terms had to be adjusted beforehand.
  2. ICANN, the governing body of all generic domain extensions, required some wording adjustments to stay current. In short, our terms define our rights and responsibilities as a domain service provider and the rights and responsibilities of our customers, neither of which have substantially changed.
  3. If you scroll down to part 2, we’ve updated our list of all the different registry agreements for the extensions that can be registered via our system. (By registering a domain name, you not only agree to our terms, but also agree to the terms of the registry providing the extension).

If you’d like to read the document in full, here’s the link. And if you have any additional questions, definitely let us know.