Potential scam alert: Domain expiration notices from ‘Domain Registry’ | Webnames Blog

Potential scam alert: Domain expiration notices from ‘Domain Registry’

domain scam alert domain slamming

An old scam in the domain names industry is back, this merits a throwback post about Domain Slamming. We first wrote about the shady marketing practices of a company that called itself the ‘Domain Registry of Canada’ all the way back in 2011. Read on to know more about how to protect yourself from these practices.

Thanks to Sim, a smart and vigilant Webnames customer, we discovered that the scammers are back at it (and probably never stopped). Below is a letter he received on good old snail mail (some details are redacted in the interest of privacy).

Domain expiration notice from domain registry - potential scam

What is Domain Slamming?

Domain Slamming is when a company which has no connection to the domain owner (registrant) sends unsolicited and misleading communication that encourages the registrant to transfer the domain to its own brand, under the pretext of being a ‘Domain Expiration Notice’. The communication usually pretends to be an official authority (sometimes labels itself a ‘registry’) and tries to scare registrants that their websites or email will stop working if the domains are not renewed, and conveniently underplay the fact that this involves a domain transfer.

The owner of a domain name is sent an email or direct mail (in this instance, it was physical mail with an official looking envelope, letter head and more) that lists the domain name, its date of expiry, suggested renewal terms, payment form with fields for credit card details and a reply envelope. The letter in this instance was allegedly sent by ‘Doman Registry’ with a maple leaf logo. What’s more, the letter even contained a few upsells for .NET and .ORG domains with the same string (the audacity!).

Who is ‘Domain Registry’, why is this a scam?

In domain name parlance, a registry is the organization that operates a top-level domain extension, such as .CA or .COM. The official registry for .CA domains is CIRA and that for .COM is Verisign, .CA is the designated country code domain extension of Canada. We cannot be sure who ‘Domain Registry of Canada’ as claimed in the letter is, but we know that they are not the team that operates the .CA domain registry. ICANNWiki have cataloged a list of issues and related incidents that makes for interesting reading.

As to why I call this a scam, the (deliberately?) misleading name is a dead giveaway. The fact that they scraped your data (more on how they might have done that, below) and contacted you in an unsolicited fashion is potentially illegal (on spam and fraud counts according to US courts) and certainly unethical.

If you have your domain names with Webnames and would like to change providers, you always have the option to transfer out, but it is our moral imperative to ensure that a transfer is your deliberate intention. A domain transfer requires an authorization code which is a step that is glossed over in the above notice, while your payment details are collected up front. This puts your payment details at risk in the hands of a company that doesn’t appear very trustworthy.

An organization that went by the name ‘Domain Registry of Canada’ had its accreditation to register .CA domain names revoked by CIRA following similar domain slamming incidents in 2013. Below is a screenshot that shows this website state that they do not support .CA domains.

no .ca domain support on domain registry

I don’t know for certain that the ‘Domain Registry’ in this incident is the same ‘Domain Registry of Canada’ from 2011, but the notice template, location and the modus operandi looks uncannily like that attempt.

But… the scammers had my name, address and the domain expiry date. How did they get it?

ICANN, the administrative authority for domain names mandates that domain ownership data is made public through a Whois lookup and in this case, it appears that the scammers scraped the Whois database to collect registrant information and send out these notices. Whois privacy protection helps you protect your personal information in this scenario.

I received a similar expiration invoice on my mail or email, what should I do next?

Webnames sends automated domain renewal reminders to ensure that you do not lose your valuable data. In fact, we encourage automatic renewals to save you the trouble.

We send domain renewal reminders on both email and regular mail. We send emails only from from a Webnames.ca email ID and regular mail will contain our office address, phone number and your account details.

If you received a Domain Expiration notice from an unfamiliar sender, the safest thing to do is ignore it. If you would like to help us or if you need to verify the authenticity of a renewal reminder, please contact support.

If the communication you received looks anything like the letter we shared at the top of this article, might I suggest:

seth myers shredding

In addition, we strongly recommend that you enable Domain Privacy with each of your domains so that your personal details such as name, address, contact and domain expiry are not open to spammers and abuse.

Posted in:

Domain Names Security
/* Adroll script */