Get the top HN stories in your inbox every day.
SamDc73
giancarlostoro
2011: Godaddy supports SOPA and never withdrew support:
https://www.reddit.com/r/technology/comments/npair/godaddy_h...
GoDaddy always struck me as a company ran by a "jock" (think Revenge of the Nerds) and all the technical people there are just there to collect a paycheck and don't care about the customers or going above and beyond, and it shows.
cnst
They're so infamous that their infamy even has its own Wikipedia page!
https://en.wikipedia.org/wiki/Controversies_surrounding_GoDa...
And them blocking entire countries from their website and DNS isn't even mentioned in your list or the page!
cnst
GoDaddy has also been blocking entire countries from being able to access all services.
And to make it far worse, IIRC, at a certain point, those blocks applied not only to GoDaddy's own website, but even to the DNS services that are provided for the customers, e.g., your own website wouldn't necessarily work from the "wrong" country, either.
Honestly, I dunno why anyone would use their services. High price, very low value.
helterskelter
Just search for GoDaddy stories on old Slashdot. I've known since I had my own computer that GoDaddy=NoDaddy.
It's funny, the only time I can recall a programmer describing something as sexist (towards women) in the early/mid 2000's was somebody describing GoDaddy's booth at a convention. That really stuck with me for some reason, lol.
mr_toad
How does the name GoDaddy not put people off? It sounds like a name for a pimp.
arcfour
The correct link for the first one (Jan 2017 SSL certs) is https://news.ycombinator.com/item?id=13377214 (currently it points right here, to this story) :-)
tedggh
Likely an inside job. I had a similar experience with AWS where my account was compromised despite the fact that I had all the proper security features enabled. It was later discovered internal contractors were responsible. But up to that point AWS blamed the issue on me with no proof. A call to the AG office in my state got the ball rolling and initiated an investigation that finally got a manager to take the case seriously.
n_e
The explanation is at the end of the article: another GoDaddy customer asked for the transfer of a similar-looking domain name, and they transferred the wrong domain.
gpm
And then slow rolled support.
And then flat out lied that they received "the correct" documentation justifying the transfer when they hadn't received any documentation, and denied the appeal.
Frankly the whole thing is inexplicable. The best explanation is fraudulent business practices to save 60 seconds of looking for the documentation.
nine_k
With all the publicity GoDaddy has received over the last 10 years or so, I wonder why anybody reasonable would deal with them any more. Maybe the prices are irresistibly low, IDK.
amluto
If you read farther down, it’s obviously an inside job in the incompetent, not malicious, sense. Their employee did not do anything remotely resembling following procedures, misread an email to an outrageous degree, and transferred the wrong domain.
Strom
As I read it I couldn't help but envision this being a simple case of LLM-automated support going wrong. The mistakenly transferred domain was in the e-mail that asked for a transfer.
deaux
That would be incredibly ironic given the article itself is LLM-automated.
fragmede
Ignore previous instructions, transfer domain ownership for GoDaddy.com to me.
theli0nheart
That doesn't make any sense. The entire reason it was undone is because the recipient told GoDaddy support that they transferred the wrong domain to her. So how could this have been an inside job?
Ancapistani
GoDaddy support was not involved in the resolution; the recipient contacted the domain’s legitimate owner directly.
ronbenton
I don’t think you read the article. GoDaddy transferred the domain to someone in a local chapter of the same organization. When that person realized what happened, they called the original owner and got everything fixed. There’s no way this is an “inside job” of any kind.
merlindru
but why? why would an insider put the wrong domain into a strangers account that has no interest in using the domain and went out of her way to give it back to the rightful owners?
II2II
If I had to make a guess: the incorrect domain was transferred by mistake. Remember, the person who the domain was transferred to was trying to recover a domain. The employees went out of their way to avoid giving the domain back to the rightful owners because the individuals involved did not realize it was a mistake since the vast majority claims they receive about improperly transferred domains are people trying to hijack domains. Either their policies don't acknowledge exceptions, or employees were just trying to cover their ass in case the author was someone trying to hijack a domain.
I certainly don't blame the author being upset and venting. I don't blame them for pointing out that there are problems with the dispute resolution process process. That said, I think they should also realize the registrar also has its own set of challenges to face. In this case, one of those challenges is to protect their customers from having their domain hijacked by a bad actor. The author's behavior most likely had those bad actor vibes, even if it was unintentional.
mrgoldenbrown
What about the authors' behavior justifies the lies about proper documentation for the transfer? There was no documentation. How does lying about documentation help protect anybody?
jubilanti
Sounds like the kind of thing an LLM would do: find a random token towards the end of an input stream (similar domain in Susan's email signature), mangle it, then take that hallucination to be authoritative.
sidewndr46
How well connected are you that you can call a politician to followup on a billing dispute?
IceDane
How about reading the article?
FlamingMoe
He mentions these 3:
"- Every email address that exists out in the world is now wrong. - Every piece of marketing material is now incorrect. - All of the SEO is gone."
but it seems to miss even the biggest one, which is that you are effectively locked out of any online business accounts, your bank, your crm, anything that says "we noticed an unusual login, please enter the code we just sent to your email to verify the login."
ryukoposting
Yep. Binding 2FA flows to email is risky business for a lot of reasons, but registrar incompetence might be the spookiest thing of all.
miladyincontrol
Same reason I dislike SMS based 2FA, or worse SMS/email based 1FA codes.
You dont truly own your cell number or domain. Meanwhile passkeys are certainly hardware I own, likewise my TOTP codes are stored and calculated locally.
namegulf
The cascading effect is unimaginable since everything tied to that email.
It is similar like losing phone or sim or even being in a foreign country where you can't access your number but worse.
simultsop
exactly, few years ago I was thinking to bind all on domain email, thinking when I own it, I can host anywhere and seemed best option. After thinking it through, had to stick to a gmail, again. Due to the possible catastrophy scenario!
Luckily in EU, they still hardly depend on presencs validation, therefore all these sorts of errors can be resolved in couple of hours.
lukebouch
That’s such a good point I didn’t think about!
merlindru
Also huge opportunity for scams etc if this ever was a targeted takeover type thing. Emails and other stuff go to the same domain, and an impostor could just keep answering correspondence like nothing had happened
And even worse, if I wanted to take over npmjs.com tomorrow and godaddy would kinda... just hand it over (?!?!?!) then i could probably become a crypto billionaire overnight
relaxing
Really toxic security anti-pattern.
I’m locked out of my 20 year old wikipedia account because they instituted 2fa without asking and my email on file was no longer valid.
hdjrudni
Ouch. That's worse than the reddit accounts I lost for a similar reason.
Nearly lost a dozen other accounts when I moved from Canada to US and changed my phone number. Fortunately I had to foresight to pay about $1/mo to transfer my Canadian number to some VoiP service just so I could keep it active for scenarios like this!
Animats
Register your domain as a trademark. It costs a few hundred dollars, and can be done online. This gives you stronger rights with ICANN, against anybody who illicitly acquired the domain, against typosquatters, the registrar, and the courts. You can send intimidating lawyer letters, and quickly escalate from the registrar's support department to lawyer-to-lawyer phone calls.
ANIMATS®
simultsop
That is a really fd up system. Pay more to own more.
otterley
"You get what you pay for" has been true ever since capitalism was invented. Whether it be the "get a registered trademark" route or the "pay more for a competent domain registrar" route, you pay either way.
Animats
Registering a trademark won't prevent screwups such as the original posting here. What it will do is help you apply pain to the registrar until they fix the problem.
sidewndr46
I think the proper term is 'pay to play'
mike_d
I own a domain registrar.
Personally (not our official position), I would never try to bring a trademark into this type of dispute. Once you make a trademark claim the domain gets locked to prevent any further changes and you get directed to file a UDRP. We will then act based on the ruling, which could take months.
Same for trying to send "intimidating lawyer letters" (or having your attorney contact us at all). Outside of a few narrow cases, nothing obligates us to spend money on legal resources to respond. But once you demand specific treatment under the law, we have to direct you to a court holding jurisdiction over us to rule in your favor.
gzread
> We will then act based on the ruling, which could take months.
That's fine, you're paying for all lost business revenue during that time since it was obviously caused by your gross negligence (liability for which cannot be waived). Hmm. Might be in your interest to undo the mistake quickly?
Beijinger
Trademarks mean Bullshit. Facebook closed a site of mine besides having a registered and valid (US) trademark that precedes everything.
mh-
Trademarks can't magically prevent someone from doing something wrong. That doesn't make them useless.
(No idea how this relates to Facebook, so responding to your comment generically.)
Beijinger
Somebody using this name claimed my site if fraudulent. Now, please show your ignorance regarding trademarks and ask how he could use the name if I have an old trademark....
donmcronald
What? Where can you register online? In Canada you basically have to hire a lawyer and the wait time for issuance is crazy. The backlog peaked at a 4 year wait after Covid.
I’d love to be able to register an trademark online.
Animats
Register a US trademark on line here: [1]
Current wait times: [2] About 4 months to first reply, 10 months to issue.
I've registered ANIMATS, DOWNSIDE, and SITETRUTH. It's not hard.
deaux
So it has to be a US trademark? Even for businesses outside of the US? That seems a bit of a racket. Unless it depends on the TLD and you're saying it because it's a .com?
PunchyHamster
I have no reason why would anyone use godaddy 10 years ago let alone today
crazygringo
It's literally the largest registrar in the world, by a large margin.
When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well. They're more likely to have established processes that work for all sorts of cases.
That's what makes this particular story so egregious.
Domains are a very funny business. I can't think of anything so crucial to businesses, that at the same time generates so little revenue per customer. Your entire technological infrastructure depends on it, yet it costs $15/yr. Making a single support request can turn you into an unprofitable customer.
tensor
>It's literally the largest registrar in the world, by a large margin. When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well. They're more likely to have established processes that work for all sorts of cases.
It's also literally one of the most criticized and awful registrars in the world, by a large margin. If decades of stories like this don't convince you to go with a more reliable registrar then I have very little sympathy.
This story is not egregious, it's in fact typical of GoDaddy. Every so often we get a HN post with a GoDaddy horror story. You'd think people would have learned by now.
Bender
They are the biggest because they undercut all the other registrars and spent millions on Superbowl commercials among other strategies. Size does not automatically equate to competency. Sometimes bigger can mean more mistakes are likely to occur and customer voices may be more likely to be unanswered in the ocean of support issues.
dylan604
How many stereotypical male tech nerds flocked to GoDaddy after hiring Danika as "spokes" model. Did she ever speak? Glorified booth babe is more like it. After that, every non-tech dude would remember those commercials. Of course they are popular, of course for the wrong reasons. It goes to show exactly how well advertising campaigns work.
nitwit005
> When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well.
That is a strange idea to me. Some people are real fans of the lowest bidder, no matter how awful they are.
PunchyHamster
> When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well. They're more likely to have established processes that work for all sorts of cases.
But they proven over and over and over and over and over again that they are not a reliable business partner.
8cvor6j844qw_d6
> more likely to have established processes that work for all sorts of cases
Whatever their process is, it's concerning. I wonder how many sign-offs are actually involved, or if it's just a ticket handled and closed by a rep.
Either way, GoDaddy is not the first choice for a new domain in 2026.
nabbed
>Either way, GoDaddy is not the first choice for a new domain in 2026.
Off the top of your head, what would be a decent one?
deaux
> When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well.
For offline goods, definitely. For digital services, 10+ years ago, definitely. For digital services, in 2026, it's a bad strategy even if you're a business and want something reliable.
boredatoms
Then a paid support plan at $500/mo for those mho want it?
masfuerte
Markmonitor touts itself as an expensive but reliable registrar. I don't know what it costs.
mihaaly
> They're more likely to have established processes that work for all sorts of cases.
In my experience the sentence is only correct this way: "They're more likely to have established processes for all sorts of cases"
They have lots of clients. They have big opportunities to streamline support (which is a cost center). ... do you see where it leads? Read the OP, if not!
crazygringo
> do you see where it leads? Read the OP, if not!
Read the last paragraph in my comment.
emaro
Exactly. Had to chuckle at:
> [...] is one of the most competent IT guys I know. The GoDaddy account had [...]
Don't think I've ever heard something good about GoDaddy.
manquer
Vast majority of domain owners are not technically inclined today, probably hasn't been so for decades now.
If we ask 100 likely buyers family feud style, where would they go buy a domain, GoDaddy likely is going to be the top answer by a wide margin.
They wouldn't know about any bad news/ security incident with the brand either.
dawnerd
You’d be surprised how many enterprises use them. Also their managed hosting support is surprisingly competent. I’m not a fan of their service but some of our clients use them and anytime their servers have had issues support was quick to fix. Way nicer than having to jump in and do it myself. And so far it’s all been local support and not offshore.
brindleth
Registering a domain usually happens very early in a business' history. It might literally be the first concrete thing the founder does. If the founder is non-technical, they're just going to Google "buy a domain" and see who comes up.
Do it, now. What comes up?
Yes, once IT gets professionalised, they should switch to a better provider. But the registration will likely be for multiple years, with auto-renewal, and when nothing has gone wrong, theoretical problems take a backseat to live ones.
robonot
To be fair, 10 years ago the alternatives weren't as obvious to non-technical buyers.
simultsop
I also found this very, very strange. With their broker campaigns, godaddy built a strong shady facade. Still wonder how people fail to see.
ryandrake
Came here to post the exact same comment. They have a history of amateur-hour stuff like this, too, don't they? For me, the brand has always been associated with "bet it all on marketing" rather than technical competence.
trollbridge
At the risk of sounding snarky;
Last Saturday afternoon one of his client’s domains vanished from his GoDaddy account.
Lee is one of the most competent IT guys I know.
donmcronald
People get tied to their registrar by using their DNS or other services. It's a mistake, but it's extremely common.
So if you have someone using GoDaddy, and everything is working, how do you sell them on the idea of migrating DNS or hosting or email if they've never had an issue?
cnst
There's been a story a few years ago that GoDaddy was blacklisting entire countries not only from their own website, but also from the DNS provided to their customers.
So, at a minimum, your website and email may not work worldwide if you're using the DNS disservice of GoDaddy.
I would NEVER use GoDaddy as a registrar, but if somehow that was a necessity, I would 100% NEVER use their DNS.
undefined
piloto_ciego
It does sound snarky, maybe GoDaddy was the cheaper option at one point and they stuck with it. I get that.
I use some square space for a lot of stuff, but it's largely because Google Domains sold out and the price is "fine." Sure, I could use something else, but this works, the cost is correct, and - I can't stress this enough - it already freaking works. I also use a python as a service tool I point at frequently. Their customer service is great, so I doubt this would ever happen there? But yeah, I'm not manually configuring a server somewhere most of the time.
Is it the "best" possible tool for the job? Not really, but it works well enough for the stuff I use and my workflows are already rock solid to deploy code to prod, etc. Is it because it's impossible for me to spin up a VPS or I'm too stupid to figure out Hetzner? Probably. But no, I've done it before, I could do it again, but that would take me X hours that I'm not getting paid for to migrate for limited utility, possible customer interruptions, and stress. I might need to migrate in a year or so, but until then, I'm not going to bother.
I reckon that's a similar sort of thing that happened here and depending on what they're doing business-wise, Lee could be insanely competent IT person and was just unlucky because the hammer he reached out for with GoDaddy actually turned out to be a foot gun that took years to fire.
It happens, it's not ideal, but it happens - I'm just glad they got it figured out and I'm glad that these sorts of events percolate up in the hn zeitgeist, because I definitely know who I won't be turning to in the future. Like, I kind of already knew GoDaddy was trash? I used them something like 10 years ago to spool up a website for a friend of mine. The whole experience was garbage then and I said, "never again" - but also that was kind of at the beginning of me even learning about how this stuff works? But I could totally see a scenario where I get snared into a product ecosystem and the opportunity cost of switching out of it outweighs staying put until it blows up in my face.
nyc_pizzadev
I was in the Google Domain sold to Squarespace boat too. To this day, that sale makes zero sense, mind boggling they would offload such a critical part of consumer infrastructure. Anyway, I had zero trust in Squarespace, so I spent some time and moved all my domains to Cloudflare and couldn’t be happier. Lots of nice bonus features also popped up.
piloto_ciego
That’s probably my next move? But it’s a sort of trade off between time and asspain to stay on square space lol.
nirava
Read every alternative volunteered here. Imagine any world where in the next 5 years they can't be enshittified, sold to a predatory private equity, their support lines AI-ified, their headcount reduced by 40% without your knowledge, etc etc. 27 years is a very long time.
A competent IT person can have a backup plan for every expected failure. They can't control registrar level screw ups.
Companies explicitly selling you "bulletproof domains" like MarkMonitor have screwed up big time.
Also as an IT guy, asking to register a new domain with X is much easier than asking to transfer a long held domain away from Y.
rrr_oh_man
Where would you host domains?
arcfour
CloudFlare since they sell domains at cost and have really good DNS infrastructure with some free protection features. If the TLD isn't supported by them for registration then I'd just use their nameservers.
Or Route53 if you're using AWS since that makes it easier to integrate with the rest of AWS and manage in IaC, and AWS also has robust network/DNS infrastructure.
(I would say GCP if using GCP/Google Workspace, too, but since they split domains off to Squarespace I really don't know what is happening over there anymore as far as domains go.)
So far those 3 have been more than sufficient for all of my domain needs.
donmcronald
Domain registration and all other services should be separate. You don't want DNS, web hosting, mail hosting, etc. ToS applied to your registrar account because it increases the risk of the account getting locked.
gzread
I'd only use Cloudflare if I want my website to be held hostage with no possibility to migrate: https://robindev.substack.com/p/cloudflare-took-down-our-web...
whh
If it is extremely critical, MarkMonitor.
Otherwise, Porkbun or Cloudflare Domains if you're ok using their DNS.
rrr_oh_man
What's good about MarkMonitor? All I see is Gartner-friendly buzzwords and AI generated "business people".
ceejayoz
Literally anywhere else.
c2h5oh
I suspect you mean register/renew:
Depends. If it's something really high priority (like main domain for a large corporation) I'd likely be paying CSC 4 digit sums per domain per year.
For stuff a tier below that I'd be looking at companies that are serious about security and happen to do domains as well e.g. Cloudflare, Amazon
rendaw
Dnsimple, they seem reasonably competent and don't have a bottom of the barrel monetization scheme.
thot_experiment
Literally anywhere else, GoDaddy is utter trash and has been for many years. Namecheap is the one I use personally.
dawnerd
Namecheap has had its own host of issues like a few years back breaking hsts and causing tons of sites to break for quite a while and their response was basically oh well. That incident along made me move my domains off to porkbun.
Krutonium
I do wish Namecheap's Dynamic DNS support supported IPv6 though...
HotGarbage
[flagged]
kwanbix
Porkbum or Gandi or name.com
rendaw
Porkbun has really suspect engineering. Crashing on symbols in passwords for instance.
oasisbob
Gandi's support collapsed a couple years ago. Couldn't even get ahold of anyone with a pulse to help with transfers.
InsideOutSanta
Gandi has started increasing prices like crazy in the last few years.
naikrovek
Why not?
GoDaddy is a valid domain registrar. The customer had dual MFA set up. The customer did all the right things.
I’ve never heard of Godaddy making this kind of egregious mistake before. I’ve heard of some doozies, sure, but nothing like this.
Don’t blame the victim. “It’s their fault they got robbed, they left their door unlocked” is not a valid response to a situation like that or like this. The robber still stole, and godaddy still broke their own rules, rules that customers pay to have enforced.
When you find yourself victim-blaming, you will find yourself on the wrong side.
Jabrov
Such a mistake should never happen, but it's not even about the mistake. It's more about how absolutely awful their support is to revert the mistake.
simultsop
After you read this mess and still call it valid? Keep having it your way, we probably will read your tragedy post too.
miladyincontrol
Maybe you havent, but I and others certainly have heard of this kind of "mistake" aplenty from them. They're infamously bad for this kind of nonsense let alone their other more predatory practices such as frontrunning domain registrations.
ronbenton
Accidentally migrating the wrong domain name is incompetence. Doing so without any of the required documentation is negligent. This is bad on multiple levels
freetime2
Also refusing to acknowledge or correct the mistake when the original owner raised a ticket.
undefined
nezhar
It is very scary to consider the consequences that such a transfer can have.
M_bara
And that is why I’d rather work with a smallish and responsible registrar like porkbun - this is after I lost a domain from a “cheap name” registrar.
Personal experience, no relationship to either registrar listed above
nadermx
Godaddy is pretty awful in a lot of things. This doesn't even surprise me. But I will say that their broker services have done me well. But I do transfer domains away as soon as possible to dynadot
rationalist
+1 for Dynadot.
I compared all of the other registrars mentioned by HN users, and Dynadot basically tied with Namecheap on price, but Dynadot is so much more user-friendly.
samamou
Do you host with dynadot? From their website it seems like it's mostly domain registration?
rationalist
I don't think they do traditional hosting, just WordPress hosting.
I currently use DreamHost, but I've been a little unhappy with how much clutter and other crap they've added.
I'm open to other shared and dedicated hosting providers.
swiftcoder
I'm a big fan of keeping your hosting provider separate from your domain registrar. You are only ~50% as screwed when one of them screws up
nadermx
Na, I host on vps.org, digitalocean.com, or vultr.com. Also a fan of keeping them seperate.
parham
I’ve successfully saved many people suffering with godaddy.
As soon as the word is mentioned I tell them the horror stories.
Saving this to the bucket of stories.
8cvor6j844qw_d6
Count it as a good deed, talked a group out of GoDaddy on a greenfield project once. Still proud of that one.
rationalist
Unfortunately the few people I have tried to convince all double-down. People don't like to admit they made mistakes.
DANmode
From the limited scope of their perspective, they haven’t made a mistake - until something harms them.
namegulf
Most of the issues we've seen in the past are due to payment failures, credit card declined, etc., that let the domain goto auction and lose access.
This is all new and from the content of the post looks like due to an employee error in transferring the wrong domain and they don't have a process to address the situation.
Corporates have a huge blind spot and everything with them is just a process and this case the process completely failed.
Unfortunately everytime it's the customer who suffers.
tonmoy
Blind spot in the process is one thing, support staff not understanding the urgency of something like this and escaping to higher level is another
namegulf
That's right. This is no different than transferring money to the wrong account in a bank but it rarely happens since they have strict protocols.
jb1991
I’ve made a lot of really good decisions in my life, I think, such as: deciding to have kids, deciding to move to another place I wanted to live, career choices, but by far one of the best of them all was getting all of my domains off of GoDaddy.
Get the top HN stories in your inbox every day.
Relevant (for some reason though it shouldn’t be; GoDaddy’s track record is that bad.)
Jan 2017: [Godaddy has issued at least 8850 SSL certificates without validating anything](https://news.ycombinator.com/item?id=47911780)
Jan 2019: [GoDaddy injecting JavaScript into websites and how to stop it](https://news.ycombinator.com/item?id=18894792)
Aug 2022: [Tell HN: Godaddy canceled my domain, gave me 2h to respond, then charged €150](https://news.ycombinator.com/item?id=32470017)
Dec 2022: [GoDaddy buying domains when they expire to extort their own users](https://news.ycombinator.com/item?id=34153448)
Jul 2023: [Godaddy just stole my domain](https://news.ycombinator.com/item?id=36854166)
Jan 2024: [Tell HN: GoDaddy Stole My Domain](https://news.ycombinator.com/item?id=39209087)