Tell HN: Godaddy canceled my domain, gave me 2h to respond, then charged €150

603 points by M0r13n ↗ HN
I use my own domain to host a simple homepage. I also use it as a custom mail domain. Initially, I bought the domain on godaddy.com when I was getting into the realms of software engineering. I always found the user interface hard to get used to, but it never bothered me enough for me to transfer my domain. Especially because I run the DNS through Cloudlfare and, therefore, I have fairly little contact with the interface of godaddy.

Today Proton (my mail provider of choice) surprised me with a warning that there were problems with the setup of my domain. A quick research revealed that godaddy had cancelled my domain. It showed up in the Redemption Grace Period. This status code indicates that godaddy has asked the registry to delete my domain. After 30 calendar days + 5 days following the end of the redemption period, my domain is purged from the registry database and becomes available for registration.

I immediately contacted the godaddy support hotline. Mainly because of my mail account and the services connected to it. They confirmed the termination. The reason given was that I had failed to respond to an e-mail - that was sent yesterday on a Sunday(!) at 9:51 PM. Then at 0 o'clock my domain was terminated. So I had a breathtaking 2 hours to respond. Which is especially fun because I go to bed at 10pm. :-D

To make matters worse, the mail ended up in the spam folder because Godaddy's reputation seems to be bad and was titled: "Update your privacy settings and personal information.". Even under normal circumstances, I would have ignored this email. How should someone suspect that in a few minutes from now on the own domain is going to be killed.

If I understood the service employee correctly, this mail means that something was wrong with my payment data. And indeed, there was an old credit card on file. However, a PayPal address was also stored there, which still worked. Via this address, I was later even debited the penalty fees that I supposedly had to pay.

After some back and forth with service, I was then given an ultimatum: Either I pay €150 fine, allegedly required by my government to be charged for domains that enter the grace period. Or I lose the domain.

The latter didn't sound very inviting, as I like my domain and also don't feel like switching all accounts to another domain/provider. So I paid the fee.

Godaddy confirmed afterwards that there were no further emails or announcements. The service employee even confirmed by phone that apart from the mail and the subsequent generous transition period of 2 hours, there would have been no further information.

TL:DR If you have a domain with Godaddy, just make sure that the payment information is correct. Otherwise, it might get expensive.

326 comments

[ 5.2 ms ] story [ 310 ms ] thread
Question: how quickly can you (and everyone else who has a domain registered with Godaddy) transfer your domain to another registrar?
All the admin probably takes an hour at most; it's an automated process with some identity verification, and most registrars loooove to have you as a customer so they want to make it as easy as possible for you.

There may be a mandatory waiting period.

And finally, there's DNS caches; if you know a migration is upcoming, it's worthwhile setting the TTL to a lower amount.

If you're doing it right, your registrar doesn't run your DNS, so there's no DNS migration. Of course, if your registrar is also doing DNS, email, and web hosting for you, it's messy.

For this poster, I don't think they can migrate to a different registrar while their domain is in the 'redemption' period, and they may not be able to migrate within some time period (30 days?) of renewal, either.

TL:DR If you have a domain with Godaddy, move on to a proper service.

Depending on what you need, https://dnsimple.com seems to have a good reputation, I also see a bunch of people spreading their risk by putting DNS on one big (cloud) provider and all other services on other providers. This means that while Cloudflare does DNS registration now, you might still want to use Cloudflare for your DNS zone and something else for registration. That said, Cloudflare still has a good reputation (for paying customers!).

The idea behind that is the (generally) low fee of DNS registration is easy to monitor/check and maintain, so if all else fails you at least retain your domain name as an identity which is generally the foundation to everything else. While it might suck to lose the contents of a mailbox or a website, if you still retain the DNS registration you can always re-create.

Other service providers that don't structurally screw your DNS over (re-including the ones I mentioned):

  - AWS
  - Cloudflare
  - Leaseweb
  - Rackspace
  - transip
  - OVH
  - dnsimple

Those are the ones I have used (and most of them currently use) myself, but there are others that do domain registration and seem to come recommended by others:

  - GCP (Google)
  - EasyDNS
  - porkbun
  - Microsoft
  - Hetzner
  - key-systems GmbH (usually via one of their partners)
  - Scaleway

Most of them I do have some personal experience with (for what it's worth... we're just strangers on the internet here after all), but I never really had to do any long-term (10+ years) DNS registration with them.

If you are in an ITAR area, conflict region or trade sanctioned region, none of this will help tho.

Which one do you recommend? Namecheap literally kicked me out (with 1 month deadline to transfer my domain) because I happen to have wrong passport color.
How does having the wrong passport color equal being kicked out?
It's a euphemism for trade restrictions.
Ah, thanks. With all the weirdness going on, I wasn't sure we weren't talking immigration.
Namecheap is Ukrainian. Possibly parent has a Russian or Belarusian passport.
Namecheap is not Ukrainian, it's headquartered in Phoenix, Arizona.
Cloudflare, if they support the TLD you need. My personal domain is a .cx which they don't support, so I stick with Namecheap for the time being.
(comment deleted)
Porkbun never fucked me over. They seem legit and not overly scummy.
I have had my domains hosted at EasyDNS for almost 20 years, and have never had the smallest problem with them. Rock solid, reliable DNS, and excellent customer service. The founder is still running the company, and he is both a free speech advocate and a stickler for due process, so no worries about getting kicked off at a whim.
I recommend using NearlyFreeSpeech to register and manage one-off domains for simple services, if you can. Their interface is self-serve, the fees are barely higher than their costs, and basic hosting couldn't get more straightforward.
+1 for NFSN. It's not for newbies, but the FAQ is comprehensive, and the service as a whole is dang good. It treats me well for my many tiny projects that I want to put online and cost me near nothing.
If anyone is looking for an alternative provider: I have been using Gandi (gandi.net) for years. Zero complains so far.
Same with namecheap.com (Ukrainian company)
Could be risky with current events; what if Russia seized the company?

I mean you can never predict these things fully, so be ready to move domain registrars or even domain names if you ever need to. Another example, UK residents or businesses that had a .eu domain name were no longer allowed to have it post-brexit.

Namecheap has a large Ukrainian workforce but is incorporated in the US and also has employees in many other locations around the world. The company cannot be seized by Russia, and I trust them to take appropriate measures to lock out their Ukrainian offices if the cities fall. In the meantime, I'll stick with Namecheap precisely because they employ a lot of Ukrainians.
They're American with some offices in Ukraine for support, etc..
"Some offices" understates it a bit, just under half their workforce is in Ukraine according to their careers pages.

EDIT: I misread it, it's most of their workforce.

Wow, 1700 teammates in Ukraine vs 40 in the US (according to their site). Didn't know it was such a stark difference.
Oh, I misread the page! I thought it was 2000 in the US, but that's the year their offices were established. That means the large majority of their workforce is Ukrainian.
How is that you even need 1700 people to run a domain registrar?
Terrible service, terrible support. Happy it worked for you, but advice is to stay away as far as possible.

If it's ukrainian company it doesn't mean their service is any good

They are based in Phoenix, Arizona, but yes, we've also been using them for years for production stuff and never had issues.
Thanks, will move my only domain from there.
If you're Russian...they may have already done it for you.
I'd heard great things about Gandi from colleagues, and used them for years, but at USD$16.59 per year per .com domain they're relatively expensive for larger numbers of domains. Namecheap has been my go-to more recently, and I haven't had any issues with them.
I actually find the prices somewhat reassuring. They're not trying to make their margins through dark patterns and upsells, they just ask for it up front.

I can see how it'd start adding up with too many domains, but at my level the trust is more comfortable.

True. Prices are higher than of competitors. In my case, since I don't have many domains, paying between $10 and $20 per domain per year doesn't make much of a difference.
I can always find something to complain about (tiring change of user credentials a few years back). But Gandi are on a completely different level from their competition; philosophy, technology, and support are all the best. - Happy customer for over a decade.
I tried to buy a domain through Gandi, and my bank cancelled the card I used because they thought it was a fraudulent purchase.

I don't know if they get a lot of chargebacks against them, or if it was just a fluke, but I haven't tried again since.

Are you from outside France? I had a charge to them blocked years ago but haven't had any trouble since. I suspect an out-of country charge raises red flags in bank fraud departments.
Agreed. I've been using Gandi as my domain registrar of choice for years now. No complaints.
Honestly, I switched from Gandi to Cloudflare the second I could, Gandi has been okay but pretty expensive where it didn't seem necessary especially for just a domain and nothing more. I have had no issues with Cloudflare as my registrar.
I switched to Dynadot years ago since they hosted wikileaks. If figured if they could handle that domain they could take care of anything of mine. Nice interface, never any issues.
I find all the gandi recommendations interesting. Issues with Gandi canceling my friend's registration with no warning pushed me to choose namecheap. Which has been problematic for some people as well, from the sound of it.
I've been using Gandi for ~7-10 years with nothing but positive experiences as well
Familly domain name is at Gandi since 1999, no issue so far.
Gandi was founded in 2000?
1999 according to wikipedia. And I did not came up with this year, it's what is written on the domain name.
Google domains is great. I hate to feed the monopoly but they do everything right. Auto-renews every year, lots of reminders.
I considered them a while ago, but Google has become a bit infamous for terrible/nonexistent customer service (even for paid customers), as well as random indiscriminate suspensions. Not a great combo. Don't wanna try my luck.

(But then again, I ended up getting a .dev domain at a different registrar, so I guess I'm screwed either way)

I would not use Google for anything that I wouldn't be OK with getting cut of without notice and recourse considering how infamous their customer support (or lack thereof) is.

> Auto-renews every year, lots of reminders.

That's pretty standard with any half-decent registrar.

10+ years at gandi. Never any problem. Super tech savvy support. Can only recommend.
It has been over 10 years since I had to last deal with GoDaddy. I called it trash (to put it mildly) back then and have encouraged many to move out. Glad to see they are still the same if not worse.
At least in the past they would “kite” or “taste” the domain - register it and then cancel before the grace period - so it was no cost to them. It’s been a while since I’ve looked into that space and don’t know if that’s still a common practice.

It should be noted that GD had a kiting operation, but then paused it, after which the original owner publicly decried the practice very publicly. The company has since been sold and I would wager that the opportunity was too profitable to ignore.

Source: I built the analytics system for parked domains that was used for pricing early GD domain auctions as well as the initial integration with Adsense for domains.

To change pending delete status costs them nothing.
I've started using Cloudflare's domain register services, and have no complaints so far. I've also used Gandi in the past and they've been good (although a bit more expensive).
Seconded cloudflare - basically at-cost registrations, and I already use them for CDN on most domains, so it was a no brainer.

Only downside is their new registrar doesn't support many new-TLDs, so it's a bit of a hybrid setup for some domains.

Did they gave a reason why they give people 2 hours to respond?
1 hour seemed like too little.
(comment deleted)
jfc.. what utter horseshit; I'd say transfer the domain and apply for a charge back on the fee.
Cloudflare now has a registrar service FYI: https://www.cloudflare.com/en-au/products/registrar/
About a year ago I helped a friend transfer all her domains from GoDaddy to CloudFlare. Her card got jacked so she ended up in the same scenario of no available payment method.

Except with CloudFlare, she didn’t notice it was lapsed until they modified her DNS. The domain was in REGISTRAR HOLD state. We couldn’t do anything via the UI. Reaching out to CF support had a misfire, because the first support rep thought it was about CDN not Registrar. A couple of polite emails (and like 60 days) (she did not make it a priority to resolve) later, the domain was restored. I was kind of surprised because I thought some kind of ICANN hammer drops right about 60 days and forces an auction.

Anyway, my highest accolades for registrar go to CloudFlare.

> Except with CloudFlare, she didn’t notice it was lapsed until they modified her DNS.

> Anyway, my highest accolades for registrar go to CloudFlare.

Er. Is that really the conclusion here? Did you mean to mention that they sent her a warning email in advance and she just missed it? Because the way you've written it makes it sound like CF still screwed up but made it possible to eventually recover.

So far I haven't read or heard about CF being part of horror stories like this one but apparently their support is incredibly slow, whether systemically neglected or over-encumbered. There was recently a Tell/Ask HN story about how they had taken days to repair a domain suddenly becoming unresolvable because of something relating to CF's own infrastructure. I have acquaintances who on two separate occasions, despite being on thousands-of-dollars-per-month terms with CF, have had support errands run for months without a single update on the support ticket.
I just recently migrated all (4) of my domains from google domains to cloudflare. Some of them (.cafe) because it was 50% cheaper (20ish bucks instead of 40) and others (.com) because even through the price was ~ the same ($9ish vs 12) I still wanted to decrease how load-bearing my google account was.

The transfer was quite smooth. It was easy to turn off the cloudflare "protection" (my sites don't need it (yet?) and I didn't want to have to think about it, the threat model, tls stuff, etc). And so far no problems.

I recently (<1mo) moved my educational nonprofit out of GoDaddy (email, web servers, domain registration) to CloudFlare (domain), SiteGround (hosting), and Google Workspace (free for nonprofits) and man, it feels great! Just being able to assign multiple administrator users with separate logins and all enforced 2FA is worth it alone. With GoDaddy, we had to have 1 shared account and it was always challenging to coordinate logging in because only 1 person could have 2FA on their phone.
TLDR: GoDaddy is just as terrible and no different to Epik then. Not a surprise at all.
I've actually had really good experiences with Epik, including with their support. Have you had something bad happen?
Any suggestions for more enterprisey domains? AWS & Route 53?
I'd definitely throw my vote in for Route53. I've been using it as my registrar for... nearly a decade now? across a half dozen companies and personally without any issues or complaints.

You're getting the benefit that AWS isn't just a registrar they're... AWS. Their processes around accounts and support and such are all designed around much higher value and higher impact accounts (many entire businesses would go away if all their compute + storage were suspended). Low margin domain registrations isn't really their business, so they're not trying to cut security/support to make it viable. From $4k/yr accounts to $450k/yr accounts, I've never had an issue getting in touch with support and having someone empowered to resolve my issues.

That said, I'm assuming from "enterprise-y" that this isn't anything that would be remotely near violating their AUP. I haven't heard of much real enforcement outside of people who were very blatantly malicious actors, but I'm sure if I don't mention it someone will come along and point out one of the newsworthy account suspensions that have happened.

I also like Route53 -- moved all domains (from various registrars, including a few from GoDaddy) over to Route53 years ago and haven't looked back since.

It's everything you need from a registrar & DNS provider with nothing you don't: a thoughtful interface that is responsive even with a large volume of domains, no up-sells, first-class API capabilities (which is great for volume/bulk operations), and the pricing is solid/reasonably low-margin with no gimmicks, no front-running.

Only thing to note is that, at least last I looked, Amazon isn't actually the registrar -- it's some kind of 'affiliate' setup with a 3rd party, but AFAICT it's essentially Amazon.

What TLD was the domain on?
I've moved everything away from GoDaddy to Cloudflare at this point. There are a few domain extensions that they don't support yet, so I moved those to Namecheap instead.

As soon as possible though, everything is going to Cloudflare. It simplifies my life.

Back when I was in college, some "friends" of mine stole one of my first successful websites, StrategyWiki.org by transferring the domain into their own account.

GoDaddy did nothing to help. I've posted about this before, and like to bring it up everytime people mention bad GoDaddy customer service.

https://news.ycombinator.com/item?id=24507411

Did you file an ICANN complaint (I didn't lookup their specific policies on this specific dispute type) or small claims court or police report over this issue?
I wish I'd have thought of that at the time. I was intimidated by the guy that stole it. He was ten years older, had steady income, and came from a family of lawyers.

It's long ago history now, but a good lesson learned.

Hetzner just turned off our hole domain, without contacting us first at all! All servers unreachable, 10k angry customers hammering us. All because if they receive a trademark complaint they won't contact the domain owner first and give them reasonable time to "fix" the "issue" (even 2 hours would have been enough). No, they just turn off the production server and simultaneously send an e-mail "you better respond to their complaint if you want your domain back up".

Totally unprofessional and a complete joke. Will never use them on a production system again. Always angry if they are mentioned here like they are a legitimate choice...

What about their hosting? Do you use that and encountered any problems ever?
My experience with small-scale hosting for a few years there (on an enterprise user account) met no problems - but, also, we met no technical problems requiring interaction with support staff.
We just tried their cloud offering and idk if that's new to them and still in "beta" but you are limited to the amount of VMs you can start because "your account is new" and I have not found a way to open a channel of communication where you can lift that. Other than that their prices are hard to beat
Hetzner is a budget server host as is OVH, and which you shouldn't assume a professional service. You get access to a server, free hardware replacements and a network, that's it. It cheaper and easier to mitigate any issues by slamming the power switch and than notifying you.

Folk ask why I colo. And the why is because it's my hardware. If my host is to touch my kit without my permission or a subpoena they'll get slapped with a solicitor.

Anecdotally, we herited a ovh dedi infrastructure when signing a new client and tbh its been going swimmingly. I think the Incident made them really up their game.
If that were it then there wouldn't be a problem. You don't even have access to the server you paid for.
That doesn't solve the issue of making a domain unresolvable if the registrar chooses to do so like the case in here, or does it?
It can. By becoming your own registar. Granted that costs $$ but solves the problem of if a register is deciding to axe you.
Heroku did this to me. A former employer was mad at me for daring to leave my job and made a malicious DMCA claim against my website. Heroku took it down with zero notice and treated me like a criminal when I called them to quit their bullshit
The power of false DMCA takedowns is just insane. You can get a copyright strike if your fucking keyboard makes too much noise.
If this was a business site and you had a service interruption you should absolutely sue them for damages.
I think the DMCA protects them against liability for simply staying within the DMCA safe harbor. But if the claim itself was malicious, the DMCA does allow you to sue the person who made the claim.
A cursory googling suggests DCMA takedowns would take 1 day, 72 hours, or up to 10 days on various websites/services. If the law does not mandate it be that fast, then Heroku and Hetzner's alleged actions of less than 2 hours notice would indeed be tortuous and interference with business. They are backbones for businesses, they are not twitter.
The DMCA requires that service providers who wish to benefit from the safe harbor preventions act on takedown notices "expeditiously". No precise quantitative minimum or maximum timeline is provided by legislation, but under 2 hours is certainly expeditious.
Under 2 hours is fine for a rando on Twitter, it's not OK to cut off a paying customer after doing zero due diligence.
Morally and in terms of business sense I agree with you, except I might argue that 2h is too short even for randos on Twitter (especially late on Sunday night) when the allegation is of trademark violation instead of something more urgent to resolve. Trademark matters by definition impact commerce alone, unlike if the Twitter account were compromising computers through malware or harassing or stalking humans.

But to the extent US law applies and the other required details of the DMCA safe harbor are attended to, I do think the DMCA prevents the service provider from monetary liability in this scenario. Of course, criticizing them for acting rashly remains 100% fair game.

(As to the question of whether US law applies: one example you were discussing, Hetzner, is based in Germany and not the US. But I can imagine circumstances where US law might sometimes apply to them anyway, and/or Germany might have similar laws. I'm not an expert on the international angle here, and I'm not a lawyer in any case.)

That's outrageous. How did this pan out, mate?
They said I was not allowed to ever host the falsely claimed content on Heroku ever again. They said that I should pursue external avenues for disputing the claim. I took my site off Heroku and kept it offline because of the implicit threats of lawsuits from my previous employer. The site was my online portfolio of work and experience I was using for job hunting. However, my Heroku account was also used to host my profit-generating website/business, and instead of taking down only my portfolio site, they took down every site on my account. My account was completely disabled and I wasn't able to even remove the specific site and put my other ones back online, which is why I had to call them to re-enable it, but only after they treated me like shit and like I was murdering babies even though I told them the DMCA claim was malicious.

I did not mention the former employer or any of their projects/clients by their names and did not include any images of those projects that were protected by any copyright that they held. It was screenshots of the website functionality after I had removed all original styling and revamped it myself (on my own time on my own machine using only publicly available HTML/CSS) from the ground up to anonymize it. All branding and images were removed and replaced. These revamps were never publicly released and were only used to create screenshots to display their functionality. They claimed copyright ownership of the images that I took, on my own computer, that had zero resemblance to their own software except for the workflows that they had. These were all public facing sites and there was no internal/proprietary workflow information being shown. The work being displayed was 100% my own creation during my employment, and I was not claiming any credit for work that wasn't done by me.

I did not bother disputing the fraudulent DMCA claim because my former employer that did it was extremely litigious and loved lawsuits and loved making them as long and expensive as possible to punish the people they were trying to bully into submission. The owner would frequently boast in the (open concept) office about all his lawsuits and how he was forcing people to comply to his demands with the threat of ruining them financially with lawsuits.

It did have an impact on my ability to find new employment, but I found employment anyway. I just made a PDF version of my website (well laid out) and send that with my cover letter.

Christ, that's absolutely awful. Sounds like leaving was a good decision though, I wouldn't want to work anywhere that toxic.
Are you sure they turned off the domain?

Your case sounds like one of your IPs got blocked in their firewall, which can happen if you use bittorrent or receive a DMCA strike. But then other IPs associated with the domain would still work fine.

That said, yes, their abuse team is rather trigger happy. I've had disagreements with them, too. They can be VERY German ;) But in general, calling them on the phone can fix these cases within minutes.

yes, they turned off the domain (macupdater.net) because one app-vendors of an app listed wasn't happy that we advertise their app for free. they cited trademark issues and contacted the host hetzner instead of us (grrr!). and hetzner just turned off the whole domain without contacting us first. the very same domain was also used as an app-backend service, thats why we got hundreds of complaints in a very short time.

i think giving 2 days before turning anything off would be sensible. 1 day would still be ok. but turning it off immediately without even giving a chance to reply is not acceptable. especially since anyone can send a trademark complaint without providing any evidence. so, if you want to do some domain sniping, look for businesses hosted on hetzner and watch them go down...

It really depends in which way they complained to Hetzner. Write a stern email? Hetzner could forward it to you and give time to respond. Preliminary injunction (not uncommon in trademark cases), they'd have no choice in that matter.

Generally, I would recommend not hosting APIs on the primary domain for exactly that reason - it's too easy to be hit with some sort of complaint and have that domain cut off (DMCA, preliminary injunction, SPAM complaint against your mail server, shitty host, ...).

> Write a stern email?

exactly what happened. so not even the slightest reason for an immediate reaction

> recommend not hosting APIs

yes! we learned the hard way :)

(comment deleted)
Your reply doesn't really include the technical details to know what really happened.

Did they start sending NXFAIL for DNS requests for that domain? That's what "turning off the domain" means. But in that case, API access via IP would continue to work without issues.

Or did they start blocking traffic to the IP that you had associated with the domain? In that case, the domain would continue to work, you just need to switch the IP.

Based on your information so far, I wouldn't know what to do to repair it. I'm not surprised that others were unable to help, too.

May be you should tell me which App is that so I could blacklist it just in case I may get sued.
Hey, that reminds me of Cloudflare's response to Phishing Reports. Someone claims you're phishing? Page gets locked and there's no recourse. You can reach out to Trust & Safety, but I've never gotten a reply in over a year. Tech support just says "sorry, we can't do anything about it". So you either live with some page(s) on your site getting a big fat "EVIL LURKS AHEAD" warning, or you migrate off of CF.

That said, with Hetzner I've had the trademark complaints as well, but they've always given us 24h, and were always okay with us saying that our usage (e.g. showing a logo of a shop next to their review) was fair use.

I’d like verification of that behavior from CF.

I have an email from them forwarded by a third party reporting phishing on a CF-DNS-hosted site where Cloudflare denied they had any responsibility whatsoever as “they host no content”.

Of course, it requires a subpoena to discover who DOES host the content, as they are the only ones who know.

They'll put a warning message in front of the URL that's been claimed to use phishing ("Warning: Suspected Phishing Site Ahead!"), here's what that looks like: https://archive.ph/qqR8t

They do it for lots of right reasons, I'm sure, but they also do it based on simple claims. While I thought that's a great way to hurt any site if such a claim is all it takes, I haven't experimented with it, so I don't know if you have to make it a legalese thing, or if they do some automated checks. But once you get a site flagged, it'll probably stay so, unless they have some very good connections to CF.

They will forward any complaints also to the hosting company of the origin, but if you're not in luck, the site will be hosted at a questionable company that has no trouble hosting phishing sites. Hetzner for example did quickly react and requested comments from us under threat of shutting down the server. They were happy with our response and their own checks however.

Still, I agree that they should have a way of de-anonymizing who is behind a site, their business is in protecting against technical attacks, not protecting against the law.

Thanks for that.

By contrast, this is the email that a MAANG company received recently regarding a site being reported for phishing one of their login sites:

https://ibb.co/kcsQN0w

So I guess they are somewhat arbitrary in their phishing actions.

I always separate domain hosting from server hosting, to limit the scope of the outage. If there is a problem with the DNS, I can switch to a different domain for the server. If there is a problem with the server, I can switch to a failover server under the same domain.
> I can switch to a different domain for the server.

Sure you can do that for some internal/private service. But how can you do that when you have a public user base who expects a service at foobar.com which has DNS issues?

You can’t, unless you build fallback domains into the protocol. But at least you can inform your users about the fallback domain instead of having to just shrug your shoulders.
Ouch. I use Hetzner and OVH but after this I guess no more Hetzner for me. I already had an unpleasant encounter described below. Do not want to give Hetzner a chance to screw me with this kind of asshole attitude.

Previous experience: I already had one of our videos suspended for "copyright violation" (this was on media hosting site) despite the fact that I fucken made this video myself. Some company had stolen it claimed as their own and submitted hash. Since mine has the same hash ( duh! ) access to my video was blocked resulting to download complaints from customers who purchased it. I sent numerous complaints with the results that amounted to roughly "fuck you". I've given up but suddenly out of blue after 2 month I received the apology from some C-level of theirs telling me that they were in error and access to my video was restored.

Central providers should never have the ability to hold your business hostage for any reason.

It's for this reason that people are losing massive amounts of trust in them, yet they seem to be the only viable option for most.

The concept of grace almost doesn't exist in business, and the idea that customers are valuable is all lipservice.

Their uptime on their 'Robot' 'Storage Box' is also complete and utter shite in my experience. Reading that they plan on hiking the prices due to the cost of electricity, I'm strongly considering cancelling it entirely as it's used for off-site backups.
It would be foolish for me to make any judgements based on anecdotes I find in comments, but this is actually quite worrying to me since I have been recommending Hetzner to people who trust me. (Based on having used them for a few years).

So I guess what I really need to understand is whether this is a typical response or if there is more to the story that I don't understand/see.

If you are no longer using Hetzner, which other vendor(s) are you using?

Hi OP, I'm sorry to hear about your experience there, and I appreciate you warning people.

I was not aware of their abuse policy when I was forced to move my services from another unprofessional provider. I had settled on Hetzner. I'm glad you said something.

Over the last few days I've reached out to them for further clarification on their policies, and over those (multiple) communications there were enough professional red flags that its become clear they can't be considered for any future hosting of production or professional services.

Initially, I was stonewalled with: --- Thank you for reaching out to us directly to clarify this matter.

In accordance with German law, we are not permitted to disclose internal information to third parties or to review or verify the content of any potential abuse reports. As a matter of fact, we neither can confirm nor deny what is described in that thread. We want to assure you that our abuse team handles cases with care and sets reasonable deadlines and measures based on the gravity of the allegation.

---

I asked about what processes and controls they have in place to prevent fraud, and the written policies and timetables, and they didn't appear to understand English well enough to answer, they thought I was talking about other common forms of abuse rather than fraud.

As a customer, they were unable to provide me with any kind of written policy, adversarial response schedule, or other controls commonly needed to mitigate fraud.

No details or specifics on their policies, other than what they refer to as 'reasonable' time tables based on the allegation which are not clarified further.

It appears they consider multiple complaints more severe regardless of the legitimacy of the claims which they don't appear to evaluate prior to shutdown, and their Abuse Team decides on a case-by-case basis what actions are to be taken, and the response times allowed.

As a result, it appears this provider has an unreasonable amount of counter-party risk associated with it. Any company could file a claim, and hold your business hostage (as OP described).

What's worse, if they suspend or terminate your account as a result without notice; any monitoring that might have alerted you so that you could respond more quickly would likely not function correctly and fail silently without a cross-platform investment.

One of the first things I learned in my career was to never use Network Solutions for anything. Not too long after that I learned to never use GoDaddy for anything.

Network Solutions was at least 'good' at one point in time, or at least one of your only options. What did GoDaddy ever do?

> What did GoDaddy ever do?

They got a big marketing campaign first. And as a consequence, it looks like they inserted their brand into people's mind forever.

Now it doesn't matter how many shitty things or outright crimes they do, people always find some excuse to keep giving them money.

+1 vote for Namecheap, for folks looking for a registrar. There are several good ones, Namecheap is just the one I like.
I've yet to have any issues with them.
They're the registrar for MANY spammers and scammers, and provide hosting for plenty of them. They used to respond to abuse complaints; now they just drop complaints sent to their abuse address.

That doesn't make them any worse than, say, GoDaddy, but given enough time, they'll probably end up just as bad.

The problem with these kinds of comments is, most people who use godaddy probably haven't had issues with them either. If 10% of users have their domain terminated for bullshit reasons -- which would be a ridiculously unimaginably high fraction -- 90% of users would still say "I have yet to have any issues with them".
In the early days GD was run by evangelicals and they had no compunction against canceling a domain for religious reasons. It amazes me that they managed to whitewash their image be among those who should know better.
The absurd commercials they put out (with the "uncensored" version on their website) probably helped that.
I've never been able to move to namecheap because they don't support DNSSEC on .eu domains (last asked in 2021). I do hear good things though.
Namecheap has been excellent. They automate a lot of things, and make it clear (with real grace periods) when things go wrong.
Really happy customer of theirs, after hearing good things on HN.
I'd also stick with Namecheap as it does what it actually says and is a very good registrar overall.
Not sure how valid my case is, but in March Namecheap gave me (and thousands other Russian-based clients) a week to migrate before they ban me. The fact that I relocated to another country did not matter.

It's been discussed here at HN too: https://news.ycombinator.com/item?id=30504812

Even if I was affected, I'm not sure I'd want to continue relationship with them. Anyway, user of name.com now, so far so good.

(P.S. Might need to say that I support Ukraine in this horrible conflict, I just happen to hold a Russian passport)

Namecheap says it only applies to Russian residents, not citizens. Did they fail to make that exception for you?
I transferred from GoDaddy a few years back. I got tired of the constant attempts to up-sell me for services I didn't want. I went to namecheap and have been happy with their services so far. The UI is clear and pretty easy to use. They also support MFA for added security (GoDaddy did not at that time).

I've been playing with cloudflare recently, and just realized they also do domain registration and DNS hosting. I might seriously look at switching to them depending on hassle and potential benefit. But I usually like having dedicated registrar/DNS that is uncoupled from hosting.

https://www.cloudflare.com/products/registrar/

Did your domain expire because you didn’t have an up to date credit card on the account for renewal? That’s kind of what it sounds like. If so, that’s your own fault.
godaddy is supposed to send multiple reminders well in advance if thats the case.
And they do - I do a ton of business with GoDaddy not by choice. They send reminders, soo many reminders. I have clients straight up lie to my face that they "didn't receive the reminder" when in fact I find it in their inbox marked as read. GD sucks, but not as much as most people portray.
I have some domains still in GoDaddy I manage. They start sending those weekly expire emails 30+ days in advance. (.com, .net)
If anything I found they notified too early, making it seem like you were about to lose all your stuff when there were months remaining until the renew date.
The post clearly says both a credit card and an alternate Paypal account were on their file and they even accepted the Paypal account to pay the fine.

Some people can't wait to victim blame every time these posts of obvious business stupidity come up.

How is this obvious business stupidity?

Domains go into a redemption period because they expire. Having a card or paypal on file is meaningless if you don't have auto-renew.

People lie. People lie all the time, and always spin the story to somehow make them the blameless victim.

This happens so often it's not even funny - the lack of "what the domain is" in the post makes me suspicious that if you did a whois history you'd find that it expired some time ago and finally went down.
I'm going to give my honest feelings too.

There's just too much superfluous information in the post that's not relevant to the problem. I don't care that OP uses Couldflare as DNS. I don't care what OP's email provider of choice is. I don't care he forgot about his GoDaddy account.

Also I think it's the government he should be complaining too, because it looked like GoDaddy reactivated his account for free.

Not saying GoDaddy is a good business, just stating that OP probably might not be as innocent as it seems.

This is purely an opinion.

Godaddy's also run by people. They even have the financial incentives and the legal leverage to lie. If you believe people lie "all the time", by your own logic, perhaps you should consider the possibility that the people in Godaddy lie "all the time."

It's obvious stupidity in multiple ways:

They failed to account for the customer's long and positive track record. They must be having a CRM. About time they started using it instead of acting like a script that wakes up and shuts down without any context.

Despite being web and mail hosting experts, their architects failed to design their systems for the scenario that their critical mails end up in spam.

Their UX people failed to title the mail in a way that would grab attention.

The post says that apart from this single email and its 2 hour deadline, there weren't any notifications in the past, something that other people here have assumed without checking.

====

In all such posts, it becomes obvious again and again that tech businesses are failing to design their systems for corner cases. This is not that surprising given all the communication and decision-making complexities anybody who's worked in tech would have seen.

Victim blaming is the laziest and most useless approach because it just denies that the real world is more complex than the ideal use cases the designers assumed. And neither helps improve anything nor holds anybody accountable.

You can't just switch to another payment method when the customer explicitly set up the credit card as payment. That argument goes out of the window if you ask me.
Only if you make certain assumptions - that Godaddy tries only one payment method, and that user hasn't set up a backup method.

As it turns out, Godaddy has a backup payment method option: https://godaddy.com/help/set-a-backup-payment-method-724

Like I said, in all these posts, there's a tendency to victim blame by making convenient assumptions to show the victim must have somehow been at fault. The GP even jumped straight into "if X, then it must be your fault" without even bothering to check with OP if X is true.

Additionally, despite all our insider observations of snafus as software engineers as well as personal experiences as customers, there's a tendency to implicitly assume that all software systems are designed perfectly and the entire chain of people that run them are 100% correct and ethical 100% of the time.

I termed this "the tech just-world hypothesis" because of how often I keep seeing it.

Your experience is not unique, OP. One of the happiest days of my digital life is when I finished moving 100s of domains from GoDaddy to Namecheap.
Was this a specific top level domain for citizens of a specific country? It sounds like they are in a weird (and badly handled) compliance mode given the fine passed to you