Beware of Fake Domain Name Renewal Notices

Domain name renewal schemes are nothing new – we’ve been dealing with them for years – but we figured it wouldn’t be a bad idea to bring them to your attention once again. A quick Google search brings up thousands of examples.

The usual tactic, known as domain slamming, is fairly basic – unethical companies mine WHOIS records for Registrant information and domain expiry dates. Then, months in advance, they contact the Registrant either by mail or email with a very official looking and sounding document or message that tells them to protect their valuable name by renewing early. A Google Images search brings up a couple of scanned examples.

Of course, when the Registrant sends the cheque or pays by credit card, thinking they are doing the right thing, what actually happens is that a Registrar transfer is initiated. The Registrant will then blindly go through the steps to complete the transfer, again thinking they are doing the right thing to protect their valuable domain name.

Combatting this is really fairly simple. I spoke with Paul Karkas, our Compliance Manager, who has been dealing with this kind of thing for years and has a few recommendations for resellers:

  1. WHOIS Privacy. This is the absolute best protection. It stops the practice dead in its tracks as there is no way for to contact the Registrant directly. Encourage your customers to take advantage of WHOIS Privacy and the protection it offers. Tucows includes WHOIS Privacy for free as part of our domains package.
  2. Domain locking. A locked domain can’t be transferred, again, preventing the domain slam. The transfer attempt may generate a support call by the Registrant to remove the lock, in which case you have the perfect opportunity to make sure the transfer is legitimate.
  3. Communication. Let your customers know about this practice and ensure that your customers know who you are and who their Registrar is. Clearly spell out your communication policies surrounding renewals (i.e. “We never send mail invoices reminding you to renew.”) before the scammers have a chance to spread their mis-information.

The Registrant is only one of the victims in domain slamming. When your customers get taken by fake notices like these, you lose their domain business. But if you take the time to educate your customers, you reap the benefits of a better relationship in which the customer knows that you are on their side, looking out for their interests.

One thought on “Beware of Fake Domain Name Renewal Notices

  1. Ian F. Hood

    I, fortunately, have not lost any domains to this scam, even though my clients were being deluged. I should point out that locking would prevent the transfer from proceeding, but there would be absolutely nothing that could be done to retrieve the money paid to the scammer.

    WhoIs Privacy has certainly stopped the mailouts, but I have noticed a new behaviour which I suspect is a scam but I don’t yet understand how it works.

    Via my WhoIs ‘inquiries’ email I have begun receiving emails that offer to purchase ad space on my (customers’) websites, even quoting the domain name. The name of the author (as declared in the text) does not in any way match the name of the email account from which the email was sent and I have received multiple variants per domain.

    I have not replied to any of these emails and I have instructed my customers to also ignore them. As I said, I am not sure what this group is up to, but something smells fishy.

Comments are closed.

To Top