Domain Registration Scam
Do not be deceived by any domain expiration notices you receive in the post from Domain Registry Services, Compass House, Vision Park, Cambridge CB4 9AD. Phone: 01223 257759
What they are doing is not illegal but is certainly unethical. The carefully crafted letter simply advises you of the imminent expiration of your domain and the consequences of your inactivity. The letter relies on your fear, ignorance and/or stupidity. Yes, blunt words but true. Read the opening 2 paragraphs, below:
"The domain name shown above is due to expire. Please renew this domain immediately to ensure service continues uninterrupted. If payment is not made to the registry before the expiry date the domain is subjected to immediate suspension and deletion without further notice from us. If you do not intend to renew this domain please notify us in writing.
"It is vital that domain renewal fees are paid promptly to avoid registrants losing ownership. If it becomes past due then the domain name may be deleted from the Internet and open for purchase by other parties. We request you provide us with up-to-date contact information to be able to contact you when payment is required. We will send no further warning of your domain expiry before it is deleted."
Nothing in the content is either fraudulent or otherwise illegal — even twice requesting you supply them with your personal details.
Notice, also, they do not accept credit card payments but request payment by cheque. Why? Plastic is more easily cancelled a couple of months down the line; moreover, the right to process credit card payments may be revoked by PSPs (Payment Service Providers) and merchant account suspended, including all other business and personal accounts. (They also may be unable to obtain a merchant or other PSP account through prior unethical trading.)
Then there's the small print on the back of the letter which basically says all bets are off and they cannot be held responsible should your domain not be re-registered ... and they can walk off with your money.
The Register has more to say on this company and the steps Nominet and the Office of Fair Trading are taking to deal with rogue domain traders. Further alerts over invoices from domain registry services and information from ZD Net.
Here's what you can do to help shut down these and similar rogue traders:
Forward the original letter to:
Legal Team
Nominet UK
Sandford Gate
Sandy Lane West
Oxford
OX4 5LB
Included a letter-headed statement containing the following:
1. What you thought the document meant and if you thought it was real
2. If you thought the sender was an official body
3. Whether Nominet can confirm your details to the Trading Standards or the Office of Fair Trading
4. A closing statement — I believe the above statement to be true.
Oh ... and it may be an idea to seal and pop the empty supplied addressed (but not stamped) envelope in the post. Guess who pays ...
Always check with your existing registration agent - 123reg, godaddy, whomever - your ISP (Internet Service Provider) or hosting company whenever you receive domain renewal requests.
It appears Domain Registry Services managed to get hold of a version of the ICANN/Nominet database of registrations. I would doubt very much they would have access to the full database versions but have simply built an automated bot which scavenges from the likes of WHOIS using scripts and have built a database of expiring domains (although some anomalous alerts after expiration have been issued — but I believe they've been building and planning this for a while in which case the data may have been valid at first harvest). It's very easy to get hold of domain registration details and do so legitimately since these must be made available for public inspection.
Having said that, there may be a case for data mining if Nominet can prove it, as in the case here.
I'd rule out any other chance of getting the scammers through theft of data (since it's public domain — but see above) or fraudulent practice. And I repeat: the content of the document I received is in no way illegal. It is an alert to imminent domain expiration and an opportunity to renew. This is the challenge, current legislation is unable to act. The rule is caveat emptor: let the purchaser take heed, or, buyer beware. It's similar to the rule in court: ignorance is no plea, with the onus on the individual to investigate and be responsible for his/her actions.
By the same token, I doubt there's much can be done about mass unsolicited mailing (although Trading Standards can impose a request to desist — albeit without fiscal sanction teeth). It's still not illegal. Our councils sell off their census data to all and sundry. Admittedly it's edited but there are sufficient clues to get a handle on individual households and integrate with other datasets to produce very accurate demographics.
There may, though, be one angle: Their name is Domain Registry Services, yet it is doubtful they are legitimately permitted to operate as registrars, more likely they are 3rd party referrers, therefore agents, supplying authorised requests to a legal registrar. This may be grounds for operating under false pretences.
But what is good for the goose ... There is nothing to prevent outraged individuals from identifying the culprits then following their future activities with interest, alerting all relevant parties - banks, building societies, business associates - to their unethical business history. Neither is it illegal to make public their names or home and business addresses. One might consider it a public spirited duty.
Domain registration scams impact not only domain owners - be they companies or private individuals - but ISPs, domain registration and hosting companies, whose revenue is leeched away directly and whose good name is blighted by angry customers who through ignorance, frustration and confusion accuse the hosting company of levelling hidden and extortionate charges.
My own hosting company Open Hosting receive many complaints along these lines —
I've just paid £60 to renew my domain name with DROA [etc.] and I'm pissed off because you said I'd only get charged £20. DROA have said that if I don't pay this my website won't work. You never mentioned we'd have to pay this much — that's more than my hosting package alone! OH is crap because you hide charges from your clients ... and why have you charged me to renew my domain? [when] I just paid DROA?
Once one factors in the loss of good will and public relations damage caused to innocent business, the magnitude of the scam becomes criminal (not that it isn't to begin with). Perhaps it's time for a UK law firm to bite the bullet and bring a class action suit (or UK equivalent) against Domain Registry Services (who are not a limited company and whose assets are not therefore protected). A ruling against them would no doubt bankrupt them and lead to all private assets being frozen, seized and liquidated. There would unlikely be full recompense to all damaged parties but the criminals would be out of business and, if presented adroitly, a banning order could be ordered prohibiting access to the Internet and/or the right to operate any computer related business, enforced on pain of death.