
Tell HN: Never search for domains on Godaddy.com - wasteme
searched a few days ago for felons.io,
looked for unique names for simple game
didn&#x27;t know if I wanted it or not<p>guess godaddy decided for me:
1 days old
Created on 2020-09-16
by GoDaddy.com, LLC<p>just a warning if you have a special name do not use godaddy to check if its available
======
dang
There's a detailed response here: [https://www.godaddy.com/garage/godaddy-
felons-io-unregistere...](https://www.godaddy.com/garage/godaddy-felons-io-
unregistered-domain/)

currently discussed at
[https://news.ycombinator.com/item?id=24523901](https://news.ycombinator.com/item?id=24523901).

------
ted0
Ted from Namecheap here.

I cannot speak to GoDaddy's practices. However, I can say that for Namecheap,
this is not something we would ever even consider doing.

In my experience though, lookups are more complex than most think. We are
querying so many different sources to give you availability status, some of
which are less reliable than others. For example, with smaller TLDs like .ai
or .is, lookups may be less reliable than a well-oiled machine like Verisign,
which operates the .com and .net TLDs, among others. As a result, sometimes
with a less reliable registry, there can be false positives, resulting in the
registrar showing a domain as "available" when it is actually registered.

In addition to registry connection reliability, there are also many different
aftermarket sources that registrars often pull from. You know when you see a
Premium domain (registered and usually higher priced) in search? That could be
coming from any number of 3rd party aftermarket platforms, which also can have
varying reliability and/or stale listings.

Lastly, you have to consider that some registrars handle the "drop window"
differently than others. If a domain deletes and is removed from the zone,
ergo, becoming available again, some registrars have a buffer period before
they show it as available again.

It does not appear that Felons.io had ever been registered before, which makes
this case pretty strange.

~~~
timcederman
Hi Ted - can you speak to Namecheap's stance on bulk spam domain registrations
and the fact that Namecheap does nothing to stop it?

There has been (at least in the Bay Area) a large increase in text spam. They
all have a very similar format, e.g. pretending you missed a delivery, and try
to get you to click on a link, usually a .info domain.

They are all hosted on Alibaba Cloud, but they are registered in bulk via
Namecheap. Your legal and abuse team says they have no obligation to prevent
such registrations, but to instead take it up with the FTC or the hosting,
both of which do nothing either.

Here's a recent article about the problem with bulk registrations and spam:
[https://www.spamhaus.org/news/article/795/weaponizing-
domain...](https://www.spamhaus.org/news/article/795/weaponizing-domain-names-
how-bulk-registration-aids-global-spam-campaigns)

edit: I highly recommend reading the article for more context on why bulk
domain registration is problematic. Note the DOJ filed a temporary restraining
order again Namecheap, and the office of the NY AG also contacted them due to
their role in spam and scams.

To address some of the questions and comments below:

> A registrar is simple: request a domain, they check you match the
> requirement for said domain rules, take your money and register the domain
> for you. Very simple, very stupid, very non-opiniated.

Where do you draw the line on this? How do you feel about registering hate
speech in a domain name, or someone else's trademark? Clearly there needs to
be some level of regulation.

> do they have any obligation to investigate the purouse people want to use
> the domains for

Do domain hosts have any obligation to investigate what people are hosting?
Does Google have an obligation to remove results from search? There are
clearly multiple parties to hosting content on the web, and it's a shared
responsibility to keep folks doing the right thing

> Are you asking Namecheap to take unilateral action against domain
> registrations with no due process?

No - what makes you think that's what I was asking?

~~~
nolok
You really, _really_ don't want registrars to enter that game.

A registrar is simple: request a domain, they check you match the requirement
for said domain rules, take your money and register the domain for you. Very
simple, very stupid, very non-opiniated.

If registrars start deciding who is worthy of domains, what arbitrary set of
rules they want you to follow on top of the real ones, what set of laws they
act as judge for ... Things would go wrong insanely quickly.

If the price of that is that they let abusers through too then fine, they're
not the justice department either way and if they apply the judicial decision
once those abusers are caught, that's all we should ask from them.

~~~
shiftpgdn
Registrars already deal with abuse complaints (and have done so since the
90s.) GoDaddy, eNom and other large registrars are happy to suspend domains
with proof of network abuse.

------
Marc_Bryan
They are a bigtime scammers. Recently was assisting a friend to get access to
a domain name which was registered in godaddy. They scammed him for a couple
of hundred dollars for contacting the domain owner to get a deal on the domain
and eventually nothing happened. Not even a mail was sent on behalf the
scammed money as we found that the domain was owned by another friend and
eventually got it transferred. He confirmed that he has not received any mail
from godaddy's domain buy service since the contact was under privacy
protection. Another scamming method to siphon money from people.

To make it more clear, if you need a domain which is registered in godaddy and
has privacy protection enabled, please do not pay money to godaddy to broker a
deal on behalf of you with the existing domain owner. They take huge sum of
money, do nothing and stop responding. It's like giving your hard earned money
for free to these godaddy scammers. One of the worst registrars and I don't
want to open another can of worms with their really really bad service
(hosting, emailing and all such services!)

~~~
thiht
If the domain was a a gTLD or new gTLD (more than 2 characters on the TLD),
they could get sanctioned by the ICANN, if you decided to report them.

If it was a ccTLD (2 characters on the TLD), they could also be sanctioned,
depending on the rules of the extension.

The sanction can range from a (huge) fee, to a revocation of their
accreditation, so it's not nothing.

~~~
snowwrestler
Why would they be sanctioned? If GoDaddy is the registrar for a domain,
GoDaddy knows who the real owner is. They have to, per ICANN rules.

And if GoDaddy reaches out to that customer on behalf of another customer,
they don't reveal any private information. Each customer only sees their own
interaction with GoDaddy. They don't see each others' info.

~~~
thiht
The ICANN states that you must provide a way to directly contact a domain's
owner. If I'm correct, the contact info must be freely available in the whole,
whether it's an email address, an obfuscated email address, or a contact form
on the website of the registrar.

Charging for this is really shady, but not contacting the domain owner when
requested is a registrar agreement violation.

Note that it's also the responsibility of the registrar to ensure that contact
information of their registrants are correct.

------
echelon
Back when I was in college, GoDaddy let my at the time close friend break into
my account and steal several of my domains, including
[https://strategywiki.org](https://strategywiki.org). This was while I was on
an overseas study and couldn't regularly check in. GoDaddy gave me no recourse
to dispute.

He had server access because I trusted him. He wasn't supposed to have access
to my domain account, and I didn't share my credentials.

I had another friend on the account because I was paying for his domain and
wanted to let him administer DNS. They conspired together and were able to
leverage this access and the lack of account ACLs to transfer everything away.

This was well over a decade ago.

They never invested in StrategyWiki, so it never realized the vision I had for
the site. I had started to pay contributors and invest in content to
bootstrap.

This guy came from the MediaWiki purge of video game guides and felt like he
owned and deserved the site, despite the fact that I had created most of the
original content. He was ten years older, well paid, and threatened me with a
lawsuit. I was a college kid and couldn't do anything.

I learned a hard lesson. It's stuck with me.

~~~
tehwebguy
They defrauded you & violated your copyright. If the SoL hasn't passed you
might want to consider filing a police report. It's possible that you could
get the current registrar to give it back.

It seems like they are _still_ violating your copyright, so you might be able
to go that avenue if the SoL keeps refreshing as they keep violating it (not
sure though).

GoDaddy has terminated accounts on copyright grounds before, and you could
also file a civil suit if you think you could withstand the cost / pain of it
now.

(That said, sometimes it's better to just walk away)

~~~
echelon
Thanks for the feedback.

This happened back in 2008? SoL has definitely lapsed.

I think it's better to just walk away. It hurt a lot at the time, but that
pain has largely healed. Thinking about it doesn't cause me pain or regret
anymore, just... I feel sorry for them? It doesn't change what I accomplished
then. I'm still proud of what I built, and I know it could have been better
with me steering it.

Since then, I've continued to build really cool stuff and not let these folks
hold me back. My projects have been bigger and have impacted more people. I'm
at peace, and I've got a lot to look forward to.

~~~
cure
> I'm at peace, and I've got a lot to look forward to.

Good for you! That's the healthy path.

------
tomhoward
This sucks and I feel for you. But the sad fact is that domain registrars have
been doing this ever since domain names became big business in the 90s.

As a PSA to everyone, you should only ever use whois in a terminal window to
see if a domain is available.

It's included with macOS, Windows (?), Linux or any other OS anyone's likely
to use. [Edit: a reply says it's not included in Windows. It seems you can
download it free here: [https://docs.microsoft.com/en-
us/sysinternals/downloads/whoi...](https://docs.microsoft.com/en-
us/sysinternals/downloads/whois)]

I guess ICANN's lookup tool
([https://lookup.icann.org/](https://lookup.icann.org/)) is probably more
trustworthy than commercially operated ones; it would be a terrible look for
them to engage in this practice.

But I always feel much safer using whois in a terminal than any website that
can see what I'm searching for.

~~~
xoa
I also wanted say "consider whois", but with a few more caveats. First,
obviously the whois server you use matters. There is nothing magical about
whois that stops GoDaddy from doing the same thing if you query
whois.godaddy.com, you still need to talk to someone less likely to engage in
this like going directly to InterNIC's, whois.internic.net (still I think
under the US DOC, which whatever other flaws it has isn't really scrounging
for change there).

> _But I always feel much safer using whois in a terminal_

Also as a minor FWIW, there are plenty of simple GUI's (often built-in) on
whois as well so someone can just use one of those if they prefer. macOS for
example still has some of the old useful utilities included for free including
in this case Network Utility, though for whatever reason Apple moved them out
of /Applications/Utilities and into /System/Library/CoreServices/Applications
(that's also where a pile of other useful ones went).

~~~
saagarjha
Network Utility has been deprecated in macOS Big Sur.

------
andylynch
This is a scummy move. In the industry I work in, we call this front-running
and it’s a criminal act. If the same laws applied here godaddy would be
looking at a nine digit fine and jail time for whoever thought this is a good
idea.

~~~
bhartzer
But I don't see any proof that GoDaddy is the registrant of that domain,
they're just the registrar. I don't see any evidence of front-running in this
case. I see it more as coincidence if anything else.

~~~
scrollaway
They've been doing it for years, it's a pretty well known thing at this point
which is long past the point of needing new evidence.

PS: Use gandi.net, both for search and registration.

~~~
owlninja
Can you link some prior evidence? I can believe it but is there proof? Could
some other data have led another party to registering OP's domain idea?

~~~
scrollaway
C'mon.. it's one google search away. [https://gnso.icann.org/mailing-
lists/archives/registrars/msg...](https://gnso.icann.org/mailing-
lists/archives/registrars/msg05077.html)

Lots of instances of it, I won't bother listing all of it here as I'm on a
phone.

~~~
bhartzer
That ICANN thread is about domain transfers. Has nothing to do with the topic
at hand, which the OP is claiming 'front-running' but GoDaddy.

------
mdorazio
I had this happen as well in the past when researching domain names for a new
product.

Pro Tip: Stay the hell away from GoDaddy for everything. I've had the
unfortunate task of managing a server hosted with them and it's been
consistently awful (ex. I literally cannot upgrade PHP because the VPS doesn't
support it and there is no upgrade path without spinning up an entirely new
VPS on a different, and of course more expensive, plan). The constant upsells
on garbage are basically predatory at this point, too.

~~~
aerovistae
Recommendations for superior alternatives? I'm an indifferent GoDaddy user but
would be happy to switch to something else since I've never liked them as a
company.

~~~
gogopuppygogo
I love [http://domains.Google](http://domains.Google)

You get free email forwarding (even wildcard), free domain privacy, free
website forwarding (with ssl), Google infrastructure behind all of that and
the authoritative DNS they offer.

Cloudflare also offers a registrar service and its good.

~~~
ourcat
Interesting. I'd never considered Google for my domains.

Any idea if the '£10/year' is _every_ year? Or does it go up after the first
year?

Also, I found it weird that they promote a .app and .dev TLD as 'More Secure'.

~~~
ascorbic
They call them more secure because the whole TLD is on the HSTS preload list,
so no downgrade attacks.

~~~
colejohnson66
Which means that an SSL certificate is _required_

------
rgbrenner
Called domain front running

[https://en.m.wikipedia.org/wiki/Domain_name_front_running](https://en.m.wikipedia.org/wiki/Domain_name_front_running)

~~~
4cao
I was always _expecting_ something like this to be going on, so I'd never use
any Web-based availability-checking tools but then I also tend to be a bit
paranoid at times.

Yet now it turns out not only is this established practice, there is even a
_Wikipedia_ entry on it.

"It's only paranoia if they're not really after you!"

------
dgellow
I faced this ~6 years ago. Someone hired me for a project, at some point he
told me some domain names he had in mind, and we looked them up together on
Gandi, GoDaddy and other registrars to see prices and what was available. The
next day he called me in shock, asking me why I bought the domain and if I'm
trying to steal his company, etc (nobody else knew the names). Of course I
didn't buy anything, we checked the whois and it was registered for GoDaddy...
That was a quite bad experience...

~~~
tzs
The way I check prices at multiple registrars is to check the price on
admrgbldflkrjanjscknadsc.<tld> instead of <name_I_want>.<tld>, where
admrgbldflkrjanjscknadsc is just a bunch of random keyboard mashing.

I do not enter <name_I_want>.<tld> into any registrar until I am actually
attempting to buy it from that registrar.

------
snapetom
This is just part of a long line of scummy practices by GoDaddy in its
history. Bad PR for GoDaddy constantly popped up in tech news sites ~15 years
ago, but it was never enough to stop their aggressive marketing. Still, I
always wondered why anyone in tech would use them. Y'all know what they're
capable of and what they do. Don't support that.

~~~
wegs
As far as I can tell, the general business model in domains is:

* Be the good guy, and establish a customer base. Provide low prices, good customer service, etc. Lose money on the razor-thin margins.

* Once you've got a ton of customers, turn evil, and milk your customer-base for all they've got. Engage in every nasty sleazeball tactic.

I've seen this cycle many times, starting with Network Solutions.

People use GoDaddy because they were the good alternative for a while.

~~~
hobofan
That must have been a long time ago, as I've only heard about them as a bad
business for the past ~10 years (= how long I've been loosely involved in
tech).

I think their business plan is rather: Lure in general population customers
via mainstream media advertising, and don't really care about anything else
(including their reputation with tech people). No one in tech that I know
would touch them with a ten-foot pool. Most of the non-tech people I know are
running to GoDaddy when they have to register a domain for their
business/project, because they are almost the only ones doing widespread
advertising.

~~~
wegs
Yes. It was a long time ago. GoDaddy was where all the tech crowd went after
Network Solutions circa the year 2000. They were great! Until they weren't.

Since then, I've gone through 2 more registrars which went down the same path.
I'm gradually migrating to AWS since I'm hoping they have the same incentive
structure to f- me over in a few years. The way I figure, if my DNS provider
is also providing cloud servers, etc. they'll have more incentive to keep me
as a customer.

------
bleepblorp
Some TLD registries have policies to prevent registrars from front-running
their clients by squat-registering their domain searches.

But, if you're working in a TLD where Freedom<tm> is more important than
actual free markets, do your domain checks against the root servers yourself
with _dig +trace_.

~~~
fanf2
Be warned that a domain can be registered without appearing in the DNS.

In recent years IANA has run a whois server that provides referrals to the
appropriate registry, so in most cases a whois client can start by querying
whois.iana.org and follow whois: or refer: lines to the right whois server
without leaking too much information. (whois is still cleartext and a very
crappy poorly-defined protocol...)

FreeBSD's whois mostly works by following referrals with heuristics for
filling in the ghen that doesn't work; Debian's whois mostly uses a built-in
database of whois servers and heuristics for finding them.

------
roosgit
I never experienced this, but I did wait too long to buy a domain. After I
checked if the domain was available(it was), I started building the website. A
month later the domain was bought by someone who eventually made the same
thing I wanted to make.

My current process for checking if a domain is available is pretty basic. I
first check it in the browser. If Firefox can't find it, then I use the
`whois` command. If there is no match for "example.com" then I decide if I
want to buy it, before starting to build anything. If I do decide to get it, I
go to Hover.com do a final check and press "Add to cart".

These days, for me it's better to spend $15 on a domain that might not get
used, than to regret not buying it.

~~~
bityard
I have a habit of collecting interesting yet vaguely generic domain names and
holding onto them for future projects. (Which I almost never get around to.)

~~~
CrociDB
so do I. the other day I renewed a domain I got 5 years ago and I didn't even
remember what I planned.

~~~
hundchenkatze
Then why did you renew? Domain squatters suck.

~~~
wusel
If it's a good domain it would be snatched by someone who wants to make a
profit flipping domains. The domain business is broken.

~~~
Tepix
Domains that are blocked by people not using them for years are just as bad.

~~~
devenblake
Perhaps, but it's easier to deal with a user you can contact at
[alias]@registrardotcom versus a corporation you can contact at
spam@corporationdotcom

------
_nickwhite
I learned this _years_ ago that Godaddy will steal your name for fun and
profit. As the HN comments confirm, there are several shady outfits that do
the same thing.

For years, I've gone to ICANN directly to check domain name availability:
[https://lookup.icann.org/](https://lookup.icann.org/)

~~~
tzs
That doesn't work for all TLDs. I just checked a .us domain and it says "No
registry RDAP server was identified for this domain. Attempting lookup using
WHOIS service", and then "Failed to perform lookup using WHOIS service:
TLD_NOT_SUPPORTED".

------
gmays
GoDaddy responded to this thread in the article here:
[https://domaininvesting.com/godaddy-still-not-
frontrunning-d...](https://domaininvesting.com/godaddy-still-not-frontrunning-
domain-searches/)

> _“GoDaddy never has and never will register domain names based on customer
> searches. This is an unethical and predatory practice that runs counter to
> our mission of helping people bring their ideas to life online with the best
> possible domain name.”_

------
symkat
And it's free for GoDaddy to do this:
[https://www.icann.org/resources/pages/epp-status-
codes-2014-...](https://www.icann.org/resources/pages/epp-status-
codes-2014-06-16-en#addPeriod)

~~~
boxed
Can't be totally free. If we all would run random garbage through their
search, at some point this evil mudy collapse somehow?

~~~
adventured
They have some systems that suggest words, word combinations, adjacent terms,
and such for domains / related domains. I suspect that by leveraging those
existing systems they can relatively easily tell if the names you're entering
are complete garbage or not (length, any dictionary terms, high value words,
etc).

~~~
iforgotpassword
Then someone cobble together a tool that automatically queries words from a
dictionary on godaddy, maybe with variations like numbers appended, "the"
prefixed or hip things like turning -er into -r.

------
henriquez
Wow, this is a blast from the past. I know Godaddy got busted doing this years
ago. I forget whether they were sued or just hounded with bad P.R. but I
thought they promised to clean up their act. I wish I could find the article
now, but Google only pulls up stuff from the last year or so.

~~~
snapetom
If I recall correctly, it was a VP at GoDaddy and some underlings that were
busted for this. They were personally profiting from it. GoDaddy got bad PR,
those involved got punished (maybe fired?) and people forgot.

It sounds like the culprits' big sin was pocketing the money instead of
letting the company pocket the money.

------
bluedevil2k
I have a similar sorry about the scuzziness of GoDaddy. When Apple first
announced the Swift programming language at their wWWDC i immediately went to
GoDaddy to register every Swift related domain I could think of -
learnswift.com, swift-tutorial.com type domains. I added several and in the
process of checking out (which used to be like 7 steps as each step along they
way they tried to trick you into buying something else), the price of the
domains went from $14 each to $2000+ each. They had suddenly realized the
value of the domains _while they were in my shopping cart_ and raised the
price.

Another GoDaddy sucks story, which happened to me several times before I
dropped them. Good luck canceling an SSL certificate - they will still treat
it as a valid SSL very that needs to get re-cert’ed every year and they’ll
charge you full price, $79, up to 3 months ahead of its expiration! I’m 100%
positive I canceled an SSL very and ensured it was removed from my Renewals
and of course, they still charged for a renewal.

~~~
aprdm
It is not like you're sitting on morale high ground by squatting domains

~~~
bluedevil2k
Who said I was squatting? You’re assuming I couldn’t put together a website
with tutorials on Swift. It’s literally what I do all freakin day.

------
jtolmar
This happened to me too. I was searching the domain on a variety of tools to
make sure it wasn't like, secretly a swear word in another language or
whatever, then a couple days later it was registered by GoDaddy. I wasn't sure
which tool leaked it, or whether that was actually GoDaddy or their domain
holder protection. But it was pretty annoying.

And they registered it for two years.

------
gazelleeatslion
I used their broker service to buy a really expensive domain via a client
(squatter).

They ranted about how it's done totally anonymous and had to do all the
communication.

They transferred the domain to us revealing the seller's WHOIS information
(email, phone, name, address).

Ended up being someone literally walking distance from me in Washington, DC.
So that's some crazy sketch dangerous behavior... I couldn't imagine what
would happen if they sold to a really pissed off client. People are crazy over
their company and personal names. Like hello incoming pissed off dude who just
forked over multiple $xx,xxx to a squatter and now has their address.

Then I couldn't replace the WHOIS information because you needed the seller to
confirm via their WHOIS email (GoDaddy support could not understand this / or
I suck at explaining).

I almost just called the seller up, but instead finally found out GoDaddy
allows you to bypass the WHOIS process with the email of your GoDaddy account.

Disaster. Don't really buy domains anymore but probably Cloudflare or bust at
this point.

------
brk
GoDaddy has been a bad actor for as long as I can remember.

This thread is a good indicator of how/why they keep doing it though. Every
time I start to think people have finally caught on an realized how GoDaddy
treats customers and potential customers, I see a new case of someone
seemingly unaware of their vast history of stuff like this.

We think it is easy to disseminate information on the internet, but in the end
it is really hard to really get anything into true general awareness.

------
Animats
Amusingly, if you query GoDaddy for "godaddy-is-an-ongoing-criminal-
enterprise.com", they claim it is "unavailable", although it's not in "whois"
and other registrars say it is available. I was curious to see if GoDaddy
would actually register that domain for themselves. Network Solutions used to
do that, which was really annoying.

~~~
CydeWeys
GoDaddy is likely blocking registration of any domain with the string
"godaddy" in it, likely for entirely legitimate anti-phishing reasons. If
someone got e.g. godaddyauth.com (or similar) and started phishing with it to
try to get people's login details, and a WHOIS even revealed GoDaddy as the
registrar, a lot of people might fall for it. Keep in mind that many people
don't understand all the distinctions between registry, registrar, and
registrant, and that WHOIS output often gives you details on all 3.

------
vegetablepotpie
This presents an interesting attack vector. If you know that a competitor is
looking at purchasing a particular domain name, type it into godaddy. It costs
nothing and the act can’t be traced back to you.

------
krn
After doing a lot of research, I would recommend Dynadot as the best domain
registrar at the moment.

My main criteria were: fair prices without any coupon codes, no-upselling,
free whois privacy as standard, most ccTLDs supported, REST API for
everything, and at least 15-20 years of history.

I would normally prefer a European company, but Dynadot has been the registrar
of _wikileaks.org_ since 2006.

~~~
cpach
I switched over to Dynadot about three or five years ago and I have never
regretted it. Very solid service IME.

I’ve also heard good things about Gandi.net but I haven’t tried them myself.

~~~
krn
Gandi.net used to have a cult-like following in its early days, was the
registrar of _reddit.com_ up until recently, and is still the registrar of
_ycombinator.com_.

But its ownership has changed multiple times over two decades, and the company
is now owned by a private equity firm. The most recent reviews have been far
from great[1].

I would recommend INWX (Germany) as the best European alternative to Dynadot.

[1]
[https://news.ycombinator.com/item?id=22001822](https://news.ycombinator.com/item?id=22001822)

------
thiht
As someone who works at a somewhat big registrar, it always amazes me how
opaque the whole domain ecosystem and politics is to anyone not in the
business.

Even some "basic" stuff like the difference between registrar and registries
is widely unknown to the public.

It's a shame really, because knowing how it works is extremely empowering.
Knowing where and how to escalate complaints (registrar -> registry -> ICANN
if not a ccTLD) for instance is just mandatory.

------
mmcgaha
This was ten or more years ago, so I cannot speak for their current practices,
but I hosted a domain on a godaddy VPS, and they hijacked the robots.txt file
to exclude the site from getting indexed.

Another issue that I remember was that they provided a free SSL cert that I
did not want. They then charged me for renewal the following year. All it took
was a phone call to get the charge reversed, but it was a phone call that I
should not have been forced to make.

------
1vuio0pswjnm7
This is why ICANN is a joke.

They proclaim themselves sui generis authority in charge of domain names,
domain registries and domain name regsitrars on the internet (there is not and
never was any legal basis for such "authority"), they turn domain names into a
"business", they make up arbitrary rules that line their own pockets (initial
gTLD application will cost $185,000), they allow registrars to do things like
front-running, etc., etc.

Why things do not change: When a user gets screwed by front-running, the user
calls for a boycott of GoDaddy instead of questioning the entire ICANN-
administered system itself. The protection of ICANN's racket relies on
security through obscurity.

Front-running is a very old practice amongst ICANN-approved domain name
registrars.

------
projektfu
Relevant from 13 years ago: Network Solutions sued for domain tasting.

[https://news.ycombinator.com/item?id=123899](https://news.ycombinator.com/item?id=123899)

~~~
projektfu
This is the outcome of the settlement:

[https://www.icann.org/resources/pages/agp-status-
report-2009...](https://www.icann.org/resources/pages/agp-status-
report-2009-08-12-en)

The question is whether they are still enforcing the policy.

------
brudgers
The .io namespace is a lot shadier than Godaddy. It's for occupied territory
and managed by a for-profit company of vague ownership.
[https://www.icb.co.uk/](https://www.icb.co.uk/)

------
thunfisch
GoDaddy is the worst company, ever. I once registered a domain there and had
to cancel it three times. Two times out of those, they silently reverted my
cancelation and just kept renewing it against my will. I don't care if this
was malicious, our just a system failure: They refused to acknowledge this and
charged me anyways.

Never again.

------
ve55
GoDaddy is imo the literal worst registrar. It's unfortunate how often they're
a go-to name for people, but hopefully it won't last forever.

~~~
notyourwork
An example where marketing to average person works quite well.

------
troydavis
Here’s GoDaddy’s response, which denies this occurred or has ever been their
practice: [https://www.godaddy.com/garage/godaddy-felons-io-
unregistere...](https://www.godaddy.com/garage/godaddy-felons-io-unregistered-
domain/)
([https://news.ycombinator.com/item?id=24523901](https://news.ycombinator.com/item?id=24523901))

------
Supermancho
GoDaddy has been doing this since they have existed, I assume. I first used
them after the superbowl ad to search for a domain name and they registered
it. Never again.

~~~
bhartzer
The registrar is GoDaddy, not the owner of the domain as far as I can tell. I
don't see any evidence that GoDaddy did anything wrong in this case.

------
B-Con
Pretty sure I first heard about them pulling these tactics over 10 years ago.
Sad it's still ongoing.

IIRC, after Godaddy blew up with their Superbowl commercial they've been
ratcheting up the scam factor in every way possible. Just avoid them
completely.

------
ffpip
Yes. If you search it 2-3 times, they buy it in most cases.

~~~
hsnewman
I wonder if they have any logarithms that would attack this vulnerability?
Someone could write a script to simply search several times for 1000's of
names and bankrupt godaddy...

~~~
nickphx
Their domain cost as a registrar is a fraction of retail pricing.

~~~
shiftpgdn
No it's not. GoDaddy has to pay the domain registry (verisign, donuts , etc)
for the registration plus a small fee to ICANN. Domains are typically
extremely low margin and profit is made up on add-ons.

------
TaylorGood
I have a theory that GoDaddy also sells domain search quieries to HugeDomains.
After the third domain I finally learned. Basically would mash two words
together that were brandable, low letter count and all three times, within 24
hours HugeDomains purchased and put up a landing page selling said domain for
$1.5k-$3k. Wtf, but doesn't surprise me if so. GoDaddy is the king of funnels.

------
ghego1
I'm sorry for the OP, and at the same time a bit relieved that I'm not
paranoid.

I've always feared that registrars would do that, so I've never really trusted
them. The way I do it is to check only once I'm ready to buy. Of course the
first thing I look for is always taken on .com, but nowadays with so many top
level domains is feasible to find something good.

------
ravenstine
I've never had a problem using who.is for this purpose.

GoDaddy is the SourceForge of hosting. I'll never trust them again, and I
don't think anyone should. Not only do they still pull the shenanigans of
registering domains you search for, but I've had terrible experiences in the
past where they just decided to shut down my hosted sites for no good reason.
I once woke up to discover that my web forum was shut down, and I got an email
from them telling me that they decided that I had used a nulled/cracked
version of paid software, which simply wasn't the case. No matter how much
evidence I provided, they didn't change their minds and took days to get back
to me. I took my business elsewhere, obviously.

Even for the average person, there are tons of better options than GoDaddy
nowadays. If you need a website for your business, just use Wix or Squarespace
or the like. GoDaddy is shady, even though they've tried to rectify their
image.

------
birdfeeder8891
They also say "domain unavailable" if you include "godaddy" in the domain
name. Any other site will let you register profane domains with "godaddy" in
them.

~~~
unicodepepper
I wonder if they'd allow you to transfer such a domain to them.

------
joshxyz
Also got this happen with me on Namecheap, but aint mad since they got top
notch customer support anyways (if you've tried their live chat, thats what im
talkin about).

Trick is to NOT include the domain extension, in your case just search for
"felons" and dont add to cart anything at all unless you're ready to pay for
it immediately. These sites naturally got behaviour analytics behind them that
they lever up against their customers for a higher ask price for their
domains. If you behave in a way they can precisely predict your real wants,
well that is exactly what happens.

Edit: some guy from Namecheap just commented claiming they dont do this. That
is possible imo, maybe its all just coincidence and we're all conspiracy
theorists, but eitherway err on the side of cautious if you want og domain
names, lol.

------
jgowdy
Just so you know, this is a complete lie and total slander of GoDaddy.

[https://domaininvesting.com/godaddy-still-not-
frontrunning-d...](https://domaininvesting.com/godaddy-still-not-frontrunning-
domain-searches/)

The whois information is masked, because that's what we do to protect customer
privacy.

[https://domaininvesting.com/godaddy-whois-records-no-more-
co...](https://domaininvesting.com/godaddy-whois-records-no-more-contact-
information/)

It's registered to someone in New York, not to GoDaddy.

Registrant Organization: Registrant State/Province: New York Registrant
Country: US

------
anonAndOn
Is there a cost for them to do this? If so, perhaps they would like to own
every available word in the dictionary with every TLD? Sounds like a script
kiddie could add a couple million TLDs to their operating expenses for the
year.

------
usr1106
Not really familiar with submission rules and customs here, but shouldn't that
headline be prefixed by "Tell HN:"?

~~~
giarc
I agree, I was confused as there was no url following the title.

------
pkid
Namecheap did me wrong in a major way. In 2018 I registered a domain, all went
fine. I register a second domain a few minutes later. In addition to the
confirmation email I received an additional email requesting personal
information. I assumed it was optional. Nope! The domain was not registered.
When I looked into the matter the domain had been registered by domainbright.
I'm not sure what to make of it. Although compared to all other domains I have
registered with namecheap this was probably the most coveted, valuable. Never
again namecheap. You make me angry!

------
lucasmullens
Is there a way for us to waste GoDaddy's money by searching for domain names
that we don't actually want? If they waste enough, they'll have to stop this
practice.

They're probably not buying every domain that's searched, but if you appear
likely to buy the domain by having an existing account, only searching for a
single domain that's based on an english word, and getting most of the way
through the checkout flow, that might trick them into buying a garbage domain
name.

~~~
cairoshikobon
afaik there is something in ICANN that allows them to do this completely for
free for some period or super cheap, not paying the same price customers pay.

------
ddingus
Well, I just tried a few searches on godaddy...

fuckgodaddy.com Fuckgodaddyhard.com Fuckgodaddyreallyhard.com
Fuckgodaddyproper.com Fuckgodaddyproperly.com

Now, gandi:

All available except for fuckgodaddy.com

edit:

Maybe profanity triggered something?

reamgodaddyproperly.com

Unavailable on godaddy, available on gandi.

Finally, I searched on some of the same, arguably in poor taste names, using
gandi instead of godaddy, and all were available to register.

Was hoping godaddy would squat on one of these. Got denied.

Tried a rando domain too:

biggodaddybomotoys.com. nope

Nothing containing "godaddy" appears registerable at godaddy. Pity.

Make of it what you will.

~~~
driverdan
If they are actually front running it's probably for single word dictionary
domains. They're not going to register everything people search for.

~~~
ddingus
Agreed. That and something catchy might be worth doing for them.

Still, it a lousy practice.

------
digi59404
So .... how can we use this to our nefarious purposes.... anyone want to build
an API Tool and random name generator and get GoDaddy to register tons of
bogus names.

~~~
kaikai
It's almost free for them, so there's very little downside for them to
register thousands of domains. I'd love to see how long it took them to block
malicious searches, though.

------
ijafri
Godaddy has been doing it for at least decade now, i just searched a domain i
think 10 years ago that I in fact needed, however didn't want to use Godaddy
for registration, anyway the only mistake I made was, i searched for its
availability on their site, and it was available, then i went to namecheap to
register it. (im from Pakistan no way affiliated with Namecheap anyhow) .. and
to my surprise it got registered within i think 10 min, I was quite shocked,
and then I tried to look for its whois and found Godadday had registered it,
and I can swear, this was the last time i visited their website.

this godadday practice story keeps showing up every now and then everywhere
reddit or HN etc.

Some people say it's great, they 'secure' your domain than hijacking.. blah
blah. nonetheless it's a creepy behavior.. in the past such discussion i guess
it only cost them few cents to register it for a month period etc.. not sure
exactly, some peeps had suggested to make a bot to search tons of them.. but I
think it doesn't cost them much... somehow....

------
aaron695
How the fuck is this bullshit fake news still here.

It's just not true and is also pretty close to liable.

It's understandable OP mightn't understand domain front running and how Go
Daddy will NOT be doing that.

But Go Daddy has addressed front running before and also this specific
incident [π]

Is everyone here mentally ill?

No one able to even talk about how this might have come from a side channel so
we all actually learn something rather than whatever this is?

[edit] And wow, the account claiming this, was created to post this. No other
comments. Not even on this thread. We don't even know if they are 12 and also
searched for the domain on another site but forgot. This is what we are basing
this liable on?

[π] [https://domaininvesting.com/godaddy-still-not-
frontrunning-d...](https://domaininvesting.com/godaddy-still-not-frontrunning-
domain-searches/)
[https://twitter.com/GoDaddy/status/1306731693710204928](https://twitter.com/GoDaddy/status/1306731693710204928)

------
azhenley
Funny that this is on the front page right now.

GoDaddy a few years ago broke their domain forwarding, which prompted us to
build our own forwarding service, NavHere, which we are shutting down and is
also on the HN front page:

Shutting down NavHere
[https://news.ycombinator.com/item?id=24505232](https://news.ycombinator.com/item?id=24505232)

------
python-3
Seen Louis Rossman talk about this thread in his latest video this morning.
Wanted to chime in.

I have stopped using Godaddy for a while now because I had suspected that was
happening. I wasn't 100% sure, but when I would spend hours looking for a
domain name and searching through hundreds of names, I noticed a few of them
with the least amount of characters and words they might consider more
"premium" were taken. The few I noticed were some of the top choices I was
considering using.

I do suspect they have some sort of algorithm where they take domains you
might consider buying, but I can't prove it.

I've stopped searching on there for a while now and just stick with Namecheap.
Never have any problems with Namecheap and their customer service was pretty
good/fast when I got locked out of my account 1 time.

Now days I'm pretty paranoid about searching for domains on any domain site...

------
McDyver
Not to advertise, but easywhois.com have a no front-running policy, which
prevents exactly this issue. I'm a happy customer

------
unreal37
It doesn't even have to cost them very much. Nothing or a few cents at most.

[https://en.wikipedia.org/wiki/Domain_tasting](https://en.wikipedia.org/wiki/Domain_tasting)

[https://icannwiki.org/Domain_Kiting](https://icannwiki.org/Domain_Kiting)

------
abetusk
This is unfortunately old news, though I can't remember where I heard GoDaddy
engaging in this behavior. Anecdotally, I've had the same thing happen to me.

Now I only use the Internic DNS lookup when I want to search.

[1] [https://lookup.icann.org/lookup](https://lookup.icann.org/lookup)

------
DonHopkins
Fucking sexist elephant murderers.

GoDaddy's most infamous ads

[https://www.youtube.com/watch?v=u7yFCqOAb9Y](https://www.youtube.com/watch?v=u7yFCqOAb9Y)

GoDaddy CEO Kills Elephant

[https://www.youtube.com/watch?v=YnM5yTW2B3g](https://www.youtube.com/watch?v=YnM5yTW2B3g)

~~~
jhgorrell
I had been unhappy with godaddy but not gotten around to moving - this news
got me to move the week the story broke.

Went to easydns.com and been quite happy with them!

------
bitminer
Don't even fill out a form -- I did that for a friend, decided not to press
"click here to purchase".

Turns out they had keystroke-logged me as I filled out the form. They got
name, address, credit-card #, domain name.

I was peppered with website "designer", "logo", "SEO" spam for years
afterwards.

------
goatherders
.io almost always shows AVL on GD and then when added to cart its often
registered because the search for that one doesn't seem to connect properly to
the actual registration process for .io

A 6 letter word that can be well branded and is immediately memorable? I would
be more shocked if it were actually avl

~~~
LeonB
This is so much more believable than the idea that GoDaddy have chosen to
perform front running.

------
filmgirlcw
I had this issue with a registrar (I assume it was Network Solutions because
they kept it in holding) many years ago. My firstnamelastname.com domain was
registered and I had to get firstname-lastname.com instead. A year later, the
domain wasn’t renewed BUT Network Solutions did this gross thing where they
kept the domain in their own escrow/holding area for 90 days before releasing
it.

Twitter was very early at the time (this was late 2007 or early 2008) but I
happened to have a follower who worked at NetSol who released the domain name
so I could get it.

Scammy industry.

I usually trust Namecheap not to do this (porkbun too), but this is why I’ve
become accustomed to doing incognito domain searches or searches via the
command line and whois to try to curb this sort of stuff.

------
pschastain
This is a topic that has come up before (i.e. HN thread from 2011:
[https://news.ycombinator.com/item?id=2326790](https://news.ycombinator.com/item?id=2326790)),
and while GoDaddy continues to deny this practice
([https://www.godaddy.com/community/Domain-Aftermarket/Is-
Goda...](https://www.godaddy.com/community/Domain-Aftermarket/Is-Godaddy-
Stealing-Domains-out-from-under-us/m-p/129107/highlight/true#M1472)) I tend to
think that where there's smoke there's fire. Too many instances over the years
to not be at least a bit suspicious.

[edit] spelling

------
aasasd
I've heard of this technique way back in the 00s. Just as I heard about
GoDaddy being crappy registrar and crappy hoster. Namecheap and Gandi
essentially rose as alternatives to GoDaddy that don't suck. So the surprising
things here are that someone still uses that scam and that someone still uses
GoDaddy.

BTW, I now remembered that this isn't even the main reason why GD sucks. IIRC
perhaps the main reason is that their support is susceptible to all kinds of
social attacks and transfer domains left and right. Basically, account
security is rendered poof by support people who don't care. So probably don't
want to use GD if you like to at least keep your purchases after paying.

------
s_brady
I always use gandi.net for searching for domains. They are honest brokers.
Never had an issue.

------
miroz
It happened to me too, while I was trying to find the domain name for the new
project. It was free and the next day it wasn't.

But, what godaddy does with the domain they registered? Do they try to sell it
to you for an exorbitant price? What's their deal?

~~~
kkotak
That's what I'm thinking as well. You'd think that's counter to their business
model to keep on buying domains.

------
zakki
I thought the same thing a few years ago. Since then I'll use dig or nslookup
in my computer to check if a domain is available. I don't use Godaddy or
similar service anymore for checking domain's availability.

------
Syzygies
Hmm, someone beat me to it:

"Sorry, f___yougodaddyforstealingthesesearches.com is unavailable"

~~~
obscura
Ha ha, I was also putting in rude queries aimed at them. Perhaps someone in a
backroom somewhere will see them in a log and have a laugh.

------
Wistar
A few years ago I found a desirable domain for a friend. I told her in person,
pulled it up on hover for the first time right on her machine and had it ready
to buy and told her to buy it right then. She said she wanted to first ask her
designer about the name. I warned her to tell the designer to not search on
the domain name. The designer did a search anyway and when my friend clicked
"buy" fewer than 20 mins later, the status had changed from "available" to
"taken." The name was taken by Tucows. Either the act of searching on hover or
the google search spilled the beans.

------
aluminussoma
For those who have been directly affected, file a complaint with your state's
attorney general. For California, here's a link:
[https://oag.ca.gov/contact/consumer-complaint-against-
busine...](https://oag.ca.gov/contact/consumer-complaint-against-business-or-
company)

I would think that Attorney Generals love clear cut cases that affect a vocal
and voting portion of their constituencies.

Second, what are the better alternatives? I use Namecheap and so far have been
happy with them. Proud to say that a domain name I was researching months ago
is still not registered.

------
awill
I've used hover.com for probably 10 years. Pretty great. Simple UI, no
upselling/spam and they have customer support. I've never called, but it's
nice knowing it's there. I then use CloudFlare for DNS

------
Jedd
I recall there was a massive boycott [0] of GoDaddy about a decade ago over
their SOPA position.

Whenever a company does something sufficiently offensive, they earn a lifetime
boycott from me.

It's an especially easy commitment to make in crowded marketplaces (laptops &
mobile phone manufacturers, DNS registries, fast food chains, etc).

[0] [http://godaddyboycott.org/](http://godaddyboycott.org/) and
[https://www.bbc.com/news/technology-16320149](https://www.bbc.com/news/technology-16320149)

------
code_paster
Plausible, but not likely. [https://domaininvesting.com/no-domain-
frontrunning-godaddy/](https://domaininvesting.com/no-domain-frontrunning-
godaddy/)

------
ecabuk
I have a similar story with Github. I filled the website field on the Github
repo settings. The project was new and the end was not near and didn't
register the domain. After a year or so decided to register but figured that
the domain is already registered a month ago. I can't prove it but somebody in
Github could have been checked website domains if it is already registered.
(Or I was unlucky) The domain was never used and released after 2 years. The
lesson here is: register your domain when you have a chance.

------
surds
Been there, seen that.

Some good domain names I found were suddenly not available and were up for
auction on GoDaddy.

After a couple of times, I have completely ditched them for search.

Namecheap is good. Also use Google Domains for checking now.

------
dclaw
Moved all my domains to namecheap a few years ago and have never looked back.
I hate godaddy, they are a horrid trash company. Domain theft is just one of
the many reasons to never touch them.

------
reilly3000
100% same as my experience with GoDaddy several years ago. Checked for domain
availability, found an open one, didn’t buy it and it was registered the next
day.

I hope they go down in flames. Their whole business was built on misogyny and
preying on ignorance. Their products are rough to work with, and their service
hasn’t been kind to me. Super Bowl ads and loss leaders have worked to hook a
lot of people into the type of subpar website ownership experience that gave
rise to social networks in the first place.

------
ausjke
That happened to me in the past, the short and concise name I tried was
quickly taken and becomes unavailable, I since lost interests in using
godaddy.

anyone has better options to try new domain names?

------
kirillzubovsky
Just a quick plug for DNSimple. If you need a blazing fast tool to register
domains, they’ve got it. Beats GoDaddy 1000x, no exaggeration.

I just did a quick interview with their founder, judge for yourself -
[https://www.raddadshow.com/episode/anthony-
eden](https://www.raddadshow.com/episode/anthony-eden)

They really run the company for the sake of providing the best service, even
if that doesn’t make them the biggest or richest.

------
aniix
This happened to me on two occasions about two years ago, I can’t remember the
domain names I was trying to register. In my case, the godaddy website I used
was Godaddy.co.za (probably because I was based in South Africa). I thought it
was a fluke or mistake from my side at the time, but seeing that others have
experienced the same issue then I would say it’s a deliberate bad business
practice by godaddy.

------
zeppelin_head
Something similar happened to me while buying a domain for my company
abtesting.ai using namecheap.

I was trying to decide between abtesting.ai and abtest.ai (both were free
while checking). Luckily I decided to go with abtesting.ai and got the domain
right away. A week after that I decided that it may be a good idea to buy
abtest.ai anyway so someone else wouldn't try to impersonate our company.
However, when I checked again the domain was already sold...

~~~
ted0
abtest.ai had expired and was auctioned off by the registry:
[https://auction.whois.ai/auctions/view/2541](https://auction.whois.ai/auctions/view/2541)

It's possible that the registry incorrectly showed it as available due to its
redemption/expired state.

~~~
zeppelin_head
Thanks for that info Ted. Anyway, the timing seems like too much coincidence.
I didn't want to imply that namecheap was at fault here, I don't really know
how the domain lookups are implemented.

------
digital_voodoo
Wow, I thought it was widely known.

I had this back in the days, or should I say back in the years, when I was
still awake staying late at night to have a decent ADSL speed.

Searched a domain name for a project, it was free. Searched the day after, it
wasn't. I was naive enough to think that other people had the same idea at the
same time! When it happened the following days, I got it. And immediately told
everyone around me.

------
Abimelex
Since this seems very common, I would suggest use GoDaddy to search for
Domains, whenever you are sure, that you never would buy it. Let them eat
their own dog shit.

------
erickf1
I had the same experience with GoDaddy. I searched a domain name, which was
available. The next morning I attempted to purchase the domain and it was
owned by GoDaddy.com. I also had a domain with them for 9 years, which expired
for a day and when we tried to renew, they owned it and were selling it for a
much higher rate. BIG, BIG WARNING! Do not use GoDaddy to search for domain
names. I would stay away from them period.

------
svdr
A very quick and safe way to check if a domain is in use is to query for NS
records (e.g. $dig ycombinator.com NS). This will give some false positives
though.

~~~
nhumrich
Sorry to sound pedantic, Im just trying to make sure I understand correctly. A
false positive would be domain doesn't exist but it has NS records, and a
false negative would be does exist but doesn't have MX records. Is that right?

This would only create false negatives, correct?

~~~
svdr
Positive for me would be that a domain is free, so a false positive is a
domain that seems to be free (no NS record) but is in fact taken (because it
is registered but nothing has been added to the DNS). But you're right, my
wording wasn't precise.

------
zupreme
I have experienced this too, more than once, and thought it was just me.

I found the explanation provided here by GoDaddy itself....inadequate at best.

[https://www.godaddy.com/community/Domain-Aftermarket/Is-
Goda...](https://www.godaddy.com/community/Domain-Aftermarket/Is-Godaddy-
Stealing-Domains-out-from-under-us/m-p/95191#M862)

------
bob1029
I just got done looking for a new domain and I told my team this exact thing
(but in a more paranoid "anywhere on the internet" way).

If I find a domain candidate I think we might want and its available, I buy it
as soon as humanly possible (I.e. Route53 tab on the other half of my
monitor). ~$12 is not a big deal if we end up never using it. I'll just go
through and uncheck the auto-renew option.

------
betteryet
This just happened to me today with Epik, another old-timey registrar. Added a
.com to their shopping cart yesterday, then went to pay for it this morning —
no need, it's been registered during the night to someone in Japan. Not a
super great domain either, just a brand extension for our company.

Feels like either they or some other party are looking at the stream of
purchase intent to do this. Awful practice.

~~~
technoluvvo
Well at least you didn't automatically assume the worst. Epik has more care
and support for their customers - and more ethics and common sense - than the
rest of them combined in my experience. Sounds like bad timing, but you would
have a higher chance of falling victim to malware and a keyboard sniffer than
seeing their team go out of their way to thwart your registrations. They would
be more likely to go and convince the new buyer in Japan to give it to you for
free, then figure out a way to make you both happier in life. Just saying.

------
donohoe
I had this happen a couple of years back too. At least I think this is exactly
what happened. It was an obscure'ish name too, and it seemed like within 30
minutes it was gone and registered by GoDaddy.

I know this is statistically possible as just coincidence and bad luck, and I
thought about it that time and concluded they must have just nabbed it (wrote
an angry message to support that went nowhere).

------
nottorp
Always use the command line whois tool to check domains, never go through any
registrar :)

Domain Name: FELONS.IO Registry Domain ID: D503300001186478247-LRMS Registrar
WHOIS Server: whois.godaddy.com Registrar URL:
[http://www.godaddy.com](http://www.godaddy.com) Updated Date:
2020-09-16T21:06:29Z Creation Date: 2020-09-16T10:42:26Z

Yep, created 2 days ago.

------
sathishmanohar
I was always suspicious of godaddy and you never know which domain registrars
would go rogue in this respect in the future.

So I created a simple shell script from which I do all my domain availability
searches now. It is also way faster than using any web based searches.

Link
[https://news.ycombinator.com/item?id=17824665](https://news.ycombinator.com/item?id=17824665)

~~~
im3w1l
Maybe this works presently, but under the hood whois must still be querying
some server who could use your query to buy it? I guess the purchase intent is
lower with whois, as you may drown in other queries.

------
VladimirGolovin
Never search for full domain names anywhere. Find a service that can search
for a substring in the domain name (e.g.
[https://www.namedroppers.com/](https://www.namedroppers.com/)), and search
for substrings instead of the full name.

For example, if you want to see if DogHeaven.com is available, search for
"ogheave".

------
pilsetnieks
I'm feeling old when I remember the original domain name frontrunning scandal
in 2008 when Network Solutions was cought doing it:
[https://en.wikipedia.org/wiki/Domain_name_front_running](https://en.wikipedia.org/wiki/Domain_name_front_running)

Ever since I've been using whois in terminal for domain name lookups.

------
anonymfus
If that is true, does that mean that we/somebody can make them spend
significant amount of money by searching for random domains?

------
platesacrossusa
GoDaddy has always been doing this. They used to do it by forwarding the
search to a company that was just a cloaked subsidiary who would buy it and
offer to resell it to you. I guess now this sort of unethical practice can be
out in the open for all. Once upon a time you would have to be ashamed of this
sort of business practice.

------
ffhhj
I wouldn't take the risk of checking a domain name with any domain registrars,
use ICANN WHOIS. I even made a simple automated domain/website checker that
helped me find a great 3 letter .co domain, registered it with GoDaddy then
transfered to Namecheap for the cheap/free SSL cert and better practices.

------
realchucknorris
good luck trying to move your domain out of godaddy. the amount of bullshit
they throw at your face is ridiculous. disable domain lock >> oh can't because
"enhanced privacy" is turned on >> disabled "enhanced privacy" >> oh we sent
you an email click the link >> click the link >> oh can't you need to contact
support >> contact support >> sent you a link >> ok now you can cancel
"enhanced privacy" >> another link >> ok enhanced privacy is cancelled >>
disable domain lock >> can't you need to wait few hours until enhanced privacy
cancelling takes effect .....

initially i wanted to move 1 domain ... i ended up moving ALL my domains and
my company domains .. and advised others to move their domains.

------
darkhorn
I had mozillazine-tr.org I think I have created it in 2007. Few years later I
have stopped renewing it. But it still looked like it was registered to my
fake name and creation date was same however it wasn't in my account. It had
gihg Google page rank. I think thus Godaddy decided to keep it for themselves

------
NoInkling
Yup, I searched for a desired domain name on GoDaddy once. It was available at
the time (at the standard price), but when I checked again the next day it was
registered to some reseller and said I could buy it for ~$2000. I had to wait
2 years for that registration to expire.

------
Dig1t
Wow this is amazing, I just checked right now and this same just happened to
me. I searched a week ago on NameCheap for a name it was available, and now it
is registered to GoDaddy.. Is there any way that GoDaddy would be able to see
searches from NameCheap or is that just a really big coincidence?

------
juandazapata
Another data point here. Happened to me ~7 years ago. FWIW, I haven't had any
issues with Ghandi.net.

~~~
samtheprogram
> Ghandi.net

I think you meant Gandi.net?

I definitely agree with the sentiment, Gandi has not done this to me in the
past -- I've looked up short domains weeks before purchase -- and in general
provide an outstanding service.

------
manishsharan
GoDaddy recently billed be $6 for domain protection renewal for my domain
which I no longer host with GoDaddy. Now I have to get on the phone to have
these charges reversed because if I don't ,they will keep on billing this
amount till the day my card expires.

------
gigmana
You can use a tool like this one to search for domain name securely.
[https://www.domainhamper.com/](https://www.domainhamper.com/)

------
bifrost
I'd recommend nobody use GoDaddy, ever.

[https://web.archive.org/web/20070829115722/http://www.nodadd...](https://web.archive.org/web/20070829115722/http://www.nodaddy.com/)

------
api
Never use GoDaddy for anything. They're well known as being scummy in
virtually every way.

------
drchiu
On this topic, if it's a domain that seems highly desirable (single word, good
TLD extension), I typically register it for the max period (10 years), just in
case the registrar's system has a glitch and doesn't auto renew when it
should.

------
maremmano
I use domainr.com often and never had this problem. Just in case you need a
nice alternative.

~~~
Shared404
I've found Porkbun to be pretty good as well.

------
mahuani
I've got all my stuff at Directnic. Never had an issue in the 15+ years that
I've been doing business with them. I've searched for thousands of domains
over the years and never had them mysteriously pick it up after a search.

------
yalooze
Equally, it’s a single English word, spelled correctly. It’s not unreasonable
that someone else in the world purchased it in that time. And given GoDaddy
has decent market presence it’s not unreasonable they purchased it through
them.

------
josefresco
Have any big name registrars committed publicly to refrain from "front
running"?

------
WanderPanda
I experienced this a couple days ago with porkbun.com .I wanted to register a
domain and the checkout failed. Shortly after that the whois showed that it
had been registered and populate with porkun nameservers. Extremely
infuriating...

------
oedmarap
I've seen this happen multiple times to people I know.

Always check for individual domains via the whois command, and if you need to
do searches across a few TLDs use [https://njal.la](https://njal.la)

------
jonplackett
This is something I was always worried a registrar would do, but I always told
myself not to be so silly. That they had better things to do. I guess godaddy
don’t have anything better to do. Very crappy behaviour indeed.

------
m3kw9
I figured they would do exactly that, had to be a combination of algorithm and
human analysis to see if it’s worth it to front run searches. From your case
it probably uses a dictionary of popular words as matches

------
jimbob45
You may be right but they were already on my questionable list after using
boobs during the Super Bowl to advertise for 5+ years straight rather than
saying _anything_ about their product or business.

------
beefield
Just came up with a word with thisworddoesnotexist.com and searched a .com
domain at godaddy (was available, not a completely new word, there seems to be
hits in the internet) Let's see what happens.

------
daniellarusso
This was a thing back in the day where shady Adwords advertiser registrars
would ‘register’ any unregistered .com that was searched.

That is when I learned my lesson to use a ‘trusted’ registrar for searching.

------
foofoo4u
I've had this happen plenty of times to be before in the past. Back when I did
freelance web services, I used to tell my clients to never search on GoDaddy
in advance for domains.

------
timmit
That is terrible.

I did get a very similar situation,

I searched one domain, and about a month later, when I searched again, it is
registered.

I did not check how long the domain age was, but I felt so disappointed that
time.

------
tsycho
If this is what GoDaddy is doing, let's get back at them.

Everyone can search for a variety of domains that we are not actually
interested in, and waste their money if they frontrun us.

~~~
erikig
This is perfectly devious and would only work if what the OP said is true. I
love it.

------
cryptoz
Surprised not to see more mention of the CEO killing elephants and posing with
the photos all smiley happy. Fuck the godaddy CEO who killed innocent animals
for pleasure.

------
minusSeven
I have very unique name for which no domains would exist until I searched on
GoDaddy. After a few days it was taken. This happened in 2017 so this is
definitely not new.

------
calenti
Hover and AWS Route 53 don't do this either. It's just the GoDaddy scumbags,
and same (GoDaddy jacking a searched domain name) has happend to others I
know.

------
perplex
I use Hover for the past 10 years. Clean UI with no ads or up sell. Free whois
privacy is really nice. Only contacted support once and was positive
experience.

------
mcdevilkiller
I knew it. I literally knew it. That's the only way they have to register so
many good domain names that would be difficult to automate (plays on words,
etc).

------
secondbreakfast
I tell everyone who will listen to use DNSimple. The best.

~~~
ckrailo
The DNSimple API for updating records makes me super happy. Easy to roll your
own little DDNS script or to have proper domain names set in your Heroku
Pipelines builds and test apps.

------
dryst
Also, don't use a GitHub page as a test for a client. Set up a reasonable
bootstrap page and suddenly the domain by the same name was bought up.

------
letstryagain2
Two registrars I like:

internet.bs inwx.net

gandi.net has a terrible interface. But free Email hosting included. If you
need email hosting only, try swiss based infomaniak.com

------
wombatmobile
I left godaddy for hostgator but it’s just as scammy. They gave my phone
number to local web developers who cold call me! Is that normal, or atrocious?

~~~
thedanbob
Sounds pretty atrocious to me. Giving away a customer’s contact info without
their express permission is never ok, no matter how the company frames it.

------
gbourne
I use to use GoDaddy and the same experience most here had. I switched to
Google Domains and has been a great experience. No upsell, one price.

------
skc
I must be extremely naive then because I've always assumed this is what would
happen when you do a namesearch via any of these providers.

------
dwg
Felt this happened to me once before too. Could have been a coincidence but...
since then try to be careful not to search on GoDaddy.

------
indigodaddy
Literally stunned that no one has mentioned Namesilo in this thread. Simple,
cheap, been using them for years without any issues.

------
twox2
As much as godaddy sucks for just about anything, I would suggest not
searching for domains unless you are prepared to buy it on the spot.

------
rhacker
I use name.com for this reason. I trust them more.

------
terrycody
Without reading, I even know what you are going to say, yes, that shady tricks
Godaddy already doing it for at least 10 years lol.

------
juped
Fortunately, they stole a domain from me well over a decade ago, before I
really got into domains, so I've known to avoid them.

------
burnte
Honestly, they've been doing this for a decade or more. The good news is they
usually only stay registered for a few days.

------
PretzelFisch
It's odd I search on GoDaddy every other day and never had this happen. I
wonder how they decide you fit the buy profile.

------
rtx
I hope someone from Godaddy responds to this.

------
sosuke
Is there a safe method to search for domains?

~~~
q3k
I've been using iwantmyname.com both as a registrar and domain search engine.
Never had a name sniped from me.

~~~
stilisstuk
Agreed. Plus whoisprivacy is free if the tld supports it. Autorenewal is nice
also. Only gripe is that they use authy for 2fa. This is a big gripe though.

------
SteveNuts
Seems like something someone could definitely abuse... it would cost Godaddy
more to register a bunch of junk domains.

------
diob
Could you flood their logs with nonsense domain searches? Would be fun to do a
coordinated effort around that.

------
laurent92
One workaround for that is, search for domains no-one would ever use. They’ll
register them, losing money.

~~~
Nextgrid
As a registrar they probably pay a very tiny fraction of the retail price so
even if only 10% of the registered domains end up selling they still make a
profit.

------
dunderinit
I deleted my godaddy account a month ago, transferred my domains to namecheap.
Better features.

------
y42
What would happen if someone would write a script to query random domain names
via godaddy? Just wondering.

~~~
gnopgnip
It doesn't cost them anything to do this, see domain tasting or
[https://www.icann.org/resources/pages/epp-status-
codes-2014-...](https://www.icann.org/resources/pages/epp-status-
codes-2014-06-16-en#addPeriod)

------
anaxag0ras
Does anyone know the story behind 'Godaddy' name? It's a weird name for a
domain registrar.

~~~
caseyohara
I'm not sure if this is authoritative:

"The company’s original name was called “Jomax Technologies,” named after an
old dirt road Parsons used to drive by on the way to work. Two years after
founding the company, Parsons wanted to change the name to something more fun
and memorable.

An employee suggested the name Big Daddy, but the domain name was already
taken. The reason? The movie “Big Daddy,” starring Adam Sandler. Parsons
suggested GoDaddy to the team. Luckily, the .com was available and the name
has stuck for just about two decades."

[https://www.rewindandcapture.com/why-is-it-called-
godaddy/](https://www.rewindandcapture.com/why-is-it-called-godaddy/)

------
tubularhells
I wonder if I search for extremely offensive domain names, will GoDaddy
register those too? Worth a try!

------
aschatten
This always has been one of my concerns when checking for a domain with a
registrar.

------
bgdkbtv
I have had exactly the same thing happen to me, fucking GoDaddy so shady. Hate
it. Never use it

------
GiantSully
Will see many domain ADs when you browse websites in the following days after
search the domain

------
dika46
GD is just overpriced. Since then I move away all my domains to local
registrar. thanks.

------
lazyeye
Use

[https://viewdns.info](https://viewdns.info)

for name searches (no affiliation)

------
cairoshikobon
First time I noticed this was in 2008. Over a decade later, they didn't change
:/

------
afrnz
I also got burned trying to buy a domain from GoDaddy a couple of days ago.
Never again ...

------
ceilingcorner
I had this happen to me with instantdomainsearch.com, which is owned by
GoDaddy, I believe.

~~~
beau
Hi, I own/operate Instant Domain Search. We make plenty of money from GoDaddy
and other partners by helping them find domain names.

We show results quickly because we check if your search is in the zone file.
We keep a copy of the zone file in memory, and check searches against that.
Some names are "unconfigured" for a variety of reasons, and do not appear in
the zone file. So this means we might show a name as available, but when you
go to register it, it's gone. This sometimes leads people to believe that
we've registered it for ourselves. If you check the WHOIS record, you'll
usually find that it's been registered for years before you searched for it.

The only major registrar that I know of that did this was Network Solutions.
They did it for a few days in 2008 before getting trashed in the press:

[https://arstechnica.com/uncategorized/2008/01/network-
soluti...](https://arstechnica.com/uncategorized/2008/01/network-solutions-
defends-frontrunningto-stop-frontrunners/)

More recently, when we show a name as available, we'll check again with
VeriSign (who runs the .com registry) to make sure. And if it's not available,
we'll switch the color from green to red -- a good example is eager.com. It's
not in the zone, but not available to register.

~~~
ceilingcorner
Okay, I suppose that’s plausible. I just had a few questionable situations and
it seemed fishy.

------
rkagerer
I've always wondered about the possibility of search tools sniping like this.

------
altspace
Yeah, faced something similar few years ago. Since then, switched to command
line:

whois felons.io

------
didibus
I've had good experience with hover.com which is a subsidiary of Tucows.

------
thedangler
networksolutions did this a long time ago too. They stole a domain from me
searching. So I testing it by searching for random name and 20 minutes later
they registered it.

They got caught and said sorry. That was about it.

------
lanecwagner
This. Never use them, and never work with people who insist on using them.

------
TenJack
Had this happen as well. Use whois in the console instead: whois felons.io

------
pluc
Didn't we learn to stay away from GoDaddy after their SOPA stance?

------
SMAAART
Yees, it happened to me.

More bad news: it's not just GoDaddy.

How's this not an FTC violation?

------
andrewveitch
I’m old enough that I always just typed ‘Whois’ at a Unix prompt.

------
tomcooks
Next time use porkbun, the only sensible choice

(not affiliated, just mindblown)

------
ErikAugust
This happened to me... in 1998. Network Solutions. Never again.

------
bitxbit
This should be illegal and they should get sued by the US govt.

------
schwartzworld
I've been using hover.com for years. never had a problem.

------
homarp
so can you DOS godday with that ? create a script that take a word of the
dictionary, add a great and search for it on godaddy

wait for godaddy to buy them!

e.g. I just searched for greatfelons.io

------
ignaciogiri
I had the exact same experience with Godaddy 10 years ago.

------
mesozoic
Have some fun and search for millions of domains per day!

------
pgrote
I guess I am one of the few who thinks GoDaddy is a decent service. Yes, they
front run, which sucks. Could I move? Sure. Moving a large amount of domains
with differing end dates is painful and expensive.

------
rightisleft
We intentionally have our test domains hosted with godaddy to make sure our
product works with the worst possible DNS tools on the planet. If it'll work
on godaddy - it'll work anywhere...

------
ekanes
100%. Has happened to me too. SUPER scammy company.

------
aleks5678
The godaddy search works while Namecheap is slow

------
sslnx
Happened to me too. In my case it was sslnx.com

------
mariust
well all corporations rise and fall, guess the direction for godaddy - tbh I
wonder how they managed for so many years ..

------
CodinM
+1 happened to me as well with GoDaddy.

------
yodon
Or perhaps someone else had the same idea. Domains get registered all the
time. For someone else to want the same domain you want on the same day may
seem like a low probability event but when multiplied by the number of people
and domains purchased through godaddy every day the rate of low probability
events happening is quite high. Experiences like yours probably happen to
multiple people every day through no malicious activity on the part of
godaddy.

tl;dr never attribute to malice that which is bound to happen because
statistics

------
zxcvbn4038
This sounds like something that could be easily exploited - search for a bunch
of nonsense domains on godaddy, let them register every one of them, at some
point that becomes unprofitable. Use the xkcd algorithm - horse-battery-
staple.com, parrot-bananna-nachos.com, dog-cat-chicken.com, etc. Even if they
only pay a couple dollars each it becomes unprofitable at some point.

Front running domains used to be a widespread practice but I thought it was
abolished at some point before all the new TLDs were added.

------
aalbertson
you know, this explains why I have lost a couple domains in the past. What a
shady shitty thing to do.

------
neycoda
True. Heard this story many times.

------
mrbeemo
Where would you recommend searching?

------
babo
I lost my .com in a similar way.

------
samaxe
Hover has been great for me.

------
technick
godaddy is ran by crooks...

------
blahyawnblah
Just use whois on the cli

------
techslave
well known. only use domains.google (for searching).

------
tus88
Obviously.

------
bhartzer
The registrar of that domain is GoDaddy, but that doesn't mean that the owner
of the domain is GoDaddy. If you look at who.godaddy.com you'll see that it's
not GoDaddy that owns the domain.

In this case, I don't see any evidence of front-running. It's more likely that
it's a coincidence that someone registered the domain name a day after you
searched for it. In fact, I personally would consider that to be more of a
'premium' domain, so it's logical that someone simply also searched for it and
bought it.

Personally, when I search for domains, and it's available, I usually just
register it and don't wait. I only wait and not register it right then and
there if I'm OK with not getting it.

~~~
luckylion
Do you happen to be Bill Hartzer, contributor for GoDaddy?

You might want to disclose your affiliation on these kinds of topics,
especially when you're arguing the company's side.

~~~
justinclift
Searching (on DDG) for "Bill Hartzer" and "GoDaddy" doesn't turn up any
obvious affiliation.

There are DNS related articles by "Bill Hartzer", but they seem more to be
calling out places for doing shady crap. Including GoDaddy (for front
running?). eg:

[https://www.billhartzer.com/domain-names/godaddy-caught-
regi...](https://www.billhartzer.com/domain-names/godaddy-caught-registering-
domains-after-availability-lookup/)

That's just an initial impression anyway. ;)

~~~
luckylion
I ran into an article on GoDaddy's blog [1], that's why I thought of an
affiliation. Might still be a random coincidence, there are probably quite a
few people sharing the name with a certain German cheese.

[1] [https://www.godaddy.com/garage/what-is-deep-linking-and-
how-...](https://www.godaddy.com/garage/what-is-deep-linking-and-how-can-you-
use-it-to-boost-promotions-for-your-online-store/)

~~~
justinclift
Oh, that does look like there's a relationship between them.

Good find. :)

