Yahoo! Private Domain Debacle Part II: Can’t Keep a Secret

February 26th, 2008 by Alex Selkirk

Many months ago I wrote a long rant about my experiences trying to transfer a domain that Yahoo!I had registered with Yahoo!’s Private Domain Registration service to another registrar. The short story is that I was unable to transfer the domain without making my WHOIS contact details public. The long story is long.

There’s another “feature” of Yahoo!’s Private Domain Registration service though that I just learned about: it doesn’t clean up after itself.

So I created a site with the Yahoo! Small Business hosting service, part of which is a somewhat opaque domain registration service for which there is no separate charge. (This is actually quite a good user experience, as I imagine most user’s don’t want to have to understand about registrars, they just want to pay to have a working web site.) I did check the box to use the private domain registration feature to keep my contact information private.

The web site was for an event, and when the event was over, I no longer had any use for the site or the domain, so I logged back in to Yahoo! Small Business and canceled the service. This was a relatively simply process that took me through a number of the-sky-is-falling-bold-red-letter steps, warning me repeatedly that my site would be deleted, and was I really sure I wanted to do this? Yes, I was sure. Cancelled, done, gone. It seemed gone anyway – the site was unavailable.

About one year later, I get an email from the friendly registrar that Yahoo! uses, a cast member in my last rant, Melbourne IT.

From: whoisreminders@whoisupdate.com
To: <xxxxxxx@xxxxx.com>
Sent: Tuesday, December 11, 2007 3:13 PM
Subject: WHOIS Data Reminder

Dear Valued Customer,

In accordance with ICANN (Internet Corporation of Assigned Names and
Numbers) Whois Data Reminder Policy (WDRP) resolution 03.41, this message is a reminder to help you keep the public WHOIS contact data associated with your domain name registration up-to-date. Our records include the following information as of 14-Nov-07:

Domain Name: My domain name
Registration Date: 6-Jun-06
Expiration Date: 6-Jun-08

Registrant Contact Details
Name: My name here
Email: My email address here
Address: My address here
Address: (null)
City: My city here
State/Province: My state here
Post code: My zip
Country: My country

Administration Contact Details
Name: My name here
Email: My email address here
Address: My address here
Address: (null)
City: My city here
State/Province: My state here
Post code: My zip
Country: My country
Phone: and finally My phone number
Fax: (null)

Technical Contact Details
Name: YahooDomains TechContact
Email: domain.tech@YAHOO-INC.COM
Address: 701 First Ave.
Address: (null)
City: Sunnyvale
State/Province: CA
Post code: 94089
Country: UNITED STATES
Phone: 1.61988131
Fax: (null)

Registrar Name: Melbourne IT
Name server Details
yns1.yahoo.com
yns2.yahoo.com

If any of the information above is inaccurate, you must correct it by contacting your domain name supplier, hosting company or web services provider by either calling them or visiting their web site. If your review indicates that all of the information above is accurate, you do not need to take any action. Please remember that under the terms of your registration agreement, the provision of false WHOIS information can be grounds for cancellation of your domain name registration.

***************************************************************
**** Please do not reply directly to this WHOIS reminder email as your
****
**** request will not be attended to.
****
***************************************************************

Thank you for your attention.
Best regards,
Your hosting services provider
—————————————————————————
This email was sent by your current Registrar, at request by ICANN to
xxxxxx@xxxxxx.com

—————————————————————————

Yes, believe it or not, all of the billing information I had given to Yahoo! for billing my website had been dumped into the WHOIS database.

I don’t have the energy to follow-up with Yahoo! customer service given my past experience, and its possible that the experience has improved in the last year, but with my anecdotal evidence, here’s what I think happened to me:

  1. User pays to host a website with a “private” domain name with Yahoo!
  2. Yahoo! registers the domain with MelbourneIT for two years using the anonymized contact information (For those who didn’t read the first rant, contact@myprivateregistration.com, Emeryville P.O. Box and 510-595-2002)
  3. User cancels hosting service and website with Yahoo!
  4. Yahoo! updates domain registration contact information with the billing information provided to them for the hosting service, exposing it to the world.

This is broken. In my mind there are two more appropriate alternatives to the above given that all of the registration process was hidden from my user experience.

  1. Ideally, I would think Yahoo! should cancel the domain registration with MelbourneIT, never exposing the contact information. There are certainly enough warnings in the site deletion process such that as the end user I didn’t have any expectation that any part of the web site would remain.
  2. If there’s some sort of legal catch-22 that prevents true demolition of the domain, those users who paid extra to have the “private” domain registration service should be provided the option to update registration contact information to details of their own choosing.

Given the amount of traffic that my last post on this issue got, this whole mess is a big concern that lots of people are running into. I keep expecting someone from Yahoo! Domain Registration to find these blog posts and respond, but so far, nary an email or a comment. YahooDomains? Anyone listening out there?

Tags: , , ,

11 Responses to “Yahoo! Private Domain Debacle Part II: Can’t Keep a Secret”

  1. TigerKen says:

    Actually, this *may* be OK. Each registrar is required to notify you annually to remind you of the personal information that you have associated with your domain name, so that you can correct any problems.

    I work for a web hosting company, and we send these notices out to people. However, if the user has our WHOIS domain privacy feature enabled, then we still present the generic contact information for any WHOIS queries. We try to make it clear in our annual notifications to users that even though we still have their personal info on file, that’s only for our internal use, and any public WHOIS queries will still be protected by our domain privacy feature.

    Does Melbourne IT show your public information if you do a WHOIS lookup on your domain name?

  2. Alex Selkirk says:

    Thanks for your comment Ken! However, yes, unfortunately, a public WHOIS query on the domain does show the “private” information.

  3. TigerKen says:

    Well, that’s “unfortunate” to put it lightly! 🙁

  4. NewGuy says:

    The below is my post today to Alex’s first rant, posted here to reach more people:

    I just read all this brew-ha-ha today, back into 2007, and later I will scurry over and see if I have any of the same problems. Likely I will.
    What I want to know from y’all, and especially Alex Selkirk (much raucous applause for your good work getting your letter all over the web!) is this:

    Has anyone begun trying to bust Yahoo! legally for this, and how is it going? This is sounds like huge fraud to me. *Someone* should take this on.

  5. […] right to let the domain expire if you decide you don’t want it anymore. However, according to this user of the service, Yahoo will, again, allow all your private information to get into the WHOIS database upon the […]

  6. Satya says:

    Thank you! I just ran into this issue. I sent MelbourneIT a message saying that I no longer own the domain, they should remove my contact information immediately.

  7. Alex Selkirk says:

    Hi Satya – You are welcome. Let us know if you get a helpful reply from MelbourneIT. -Alex

  8. […] Which is pretty exciting as both are huge leaps towards what we’ve envisioned as a “datatrust” in various blog posts and our white paper. Well except for maybe the “trust” part. (Especially given our experiences with Yahoo here and here.) […]

  9. […] According to this blogger, Yahoo will also expose your real name and address if you allow your domain registration to […]

  10. mitch says:

    My Y! domain has been hijacked by Y!. I had a web site through Y! web hosting myself…One day I was making a comment on a Y! News article, someone within Y!’s comment police effectively deleted my account, locking me out of transferring my registrar. I am still being billed monthly for the domain and I cannot do a damn thing about it… what the heck can I do?!!
    It amounts to fraud, extortion, kidnapping my domain and ripping me off.
    I call for a big law firm to step up and set presidents by forming a national and international class action law suit hell bent on destroying Y! and Melbourne IT, or to correct their blatant disregard to the law…

  11. Daniel says:

    Is this actually legit? I also got a email form melbourneIT, but i can’t remember me ever using their services. Also, in my email they just call me “Dear Registrant” and don’t use any personalized data in the email, except domainname and my email address.

    I remember getting a snail mail letter a few years ago that did look like an invoice but was a dodgy “sign here and we transfer the domain to us for a yearly fee of $70” (compared to the $9 or $19 i pay) domain transfer form from some Australian company, but I’m not sure if this was also melbourneIT or not…


Get Adobe Flash player