Recently I setup a temporary personal web site that I was concerned might see a traffic spike, and rather than going through my usual registrar and web host, I tried a cheap off-the-shelf package from Yahoo! instead.
Yahoo! offers an add-on service called “Private Domain Registration” where they hide your contact information from the WHOIS database for an additional $0.75/month. Familiar with WHOIS spam, the service sounded great to me and at that price it was practically a free lunch.
Everything worked smoothly (6 Months, 0 Spam) until I shut the site down and decided to transfer the domain from Yahoo! Domains to my normal registrar. The following is a true story about how I learned that Yahoo! Private Domain Registration is broken and is effectively holding my contact info for ransom.
The process of transferring a domain between registrars is designed to avoid fraudulent transfers by people trying to steal domains. There are several authorization steps, one is: The new registrar (Tucows) sends an email to the the current owner of the domain registration (me). When I got to that step in the process my new registrar informed me that their repeated attempts to do so had failed.
So, I contact Yahoo! Domains support over email, assuming that they are having a problem with their mail servers, or that the authorization emails are being blocked by a spam filter. Instead, Yahoo! informs me that the service is working exactly as expected:
I understand that you want to transfer the domain registration to “Tucows”, but you are unable to receive the mail sent by them to your Admin email address “firstname.lastname@example.org”.
Regarding your issue, I have checked the record and found that you have activate the Private domain registration on your domain “[domain removed]”, in order to conceal your personal information from unwanted solicitors by listing contact information for Yahoo!’s domain name registration partner, Melbourne IT, in place of your own registrant, administrative, technical, and billing contact information in the public WHOIS database. [sic] Your own contact information will remain associated with your domain in Yahoo!/MelbourneIT’s database but will not be made available in the public WHOIS.
So, in order to show your actual information in the public WHOIS record, you have to disable the private domain registration.
Yahoo! Domains Support doesn’t expect you to receive any email when you have “Private Domain Registration” turned on. In order to complete the registration, I need to turn off the privacy feature and expose my real email address.
My initial reaction is: I have misunderstood the feature. I read up on the service offering, as well as the slightly more detailed help content, and it turns out that I’m right; something is wrong with the service.
From the Yahoo! Private Domain Registration marketing page (my bold):
How Does Private Domain Registration Work?
- When you sign up, our partner Melbourne IT updates your registration listing with generic contact information that points to MelbourneIT’s offices.
- Whenever someone looks up your domain and tries to contact you, Melbourne IT receives the call, email, or letter and screens the information on your behalf.
- Melbourne IT forwards prescreened communications to you, so you can reply as you see fit.
What does this mean? In practice Yahoo!, with the help of MelbourneIT, replaces your contact email address with email@example.com, your address with a PO Box in Emeryville, CA, and your phone number with their phone number, all for $0.75/month. How could they possibly afford to do that?
I reply to the support mail explaining the discrepancy between the feature list and the service I have been experiencing, and ask for a refund for the last 6 months of service.
Later that week…
1. Yahoo! still has not responded to my email. Several more attempts have been made by my registrar to contact me through the pre-screening service.
2. I decide to call the Yahoo! support phone number. To my surprise, someone promptly answers the phone, and within 10 minutes I have my answer: The mails are getting blocked by spam filters, but Yahoo has no control over their own spam filters, so nothing can be done about my problem. I am surprised that this is an acceptable answer, but I let it go and allow myself to be forwarded to billing to request a refund.
3. Billing listens to my complaint, and then spends several minutes trying to transfer me back to tech support to help resolve my issue. I re-explain that tech support has already given up on resolving it. There is some confusion on the line.
I am disconnected, apparently unintentionally.
4. I call back, and this time ask for billing support immediately. I am transferred to Yahoo! Personals support, where the operator informs me that I have called the wrong number, and gives me a new number to call.
5. Finally, I get another billing support agent on the phone, and this time make it clear up front that I want a refund for the service. The agent I speak with informs me that when I cancel the service, I will be refunded a pro-rated amount for the remainder of the month. As for the past six months of service they have already provided, no refund would be supplied, as the service has already been rendered.
As far as I am concerned, this is not acceptable. The way I see it, the 6 months of privacy “protection” they provided are about to be voided because their service doesn’t work the way it’s supposed to, which in turn makes it impossible for me to transfer my domain registration away from Yahoo! without exposing my personal contact info.
I point out to them that this amounts to blackmail – my privacy is being held hostage to keep me a Yahoo! customer. There is a pause on the other end of the line when I mention to her that I will be writing this up as a blog entry.Finally she says “The bottom line is, I can’t refund you for more than the current month.”
I asked her to escalate my complaint, and she puts me on hold for a few minutes. When she returns she informs me that I will receive an email with a “decision”.
I sit grumbling, hammering out this blog post as the best way to escalate the issue, when I think of another approach. I send a mail quickly to firstname.lastname@example.org. It bounces back immediately. (Try it yourself.) This wasn’t about registrar mails getting bounced, nor did it seem to be about spam filters; I am quite certain now that all mails get bounced, regardless of content.
What’s more, in writing the test email, I realize something else that should have been obvious to me before: Everyone with the Private Domain Registration service gets the same generic contact@myprivate…email address. Ditto for the PO Box and the phone number. Meaning, in order for the pre-screening service to work, some system or person would have to scan each individual communication in order to decide which ones were directed at which domain owners.
How could that possibly work for $0.75/month? Hmmm…the free lunch is sounding less and less like lunch.
Anyway, the all-mails-bounce problem seems like a more concrete issue for the tech support folks to chew on, so I call back.
6. This time, I get a helpful support agent on the line, repeat my story, and even get him to send a mail to see it bounce with his own eyes. His initial response is also that the service is working as expected, and I direct him to the URL that describes the service so that he can understand my problem. After much ado, he decides that the problem is with their partner MelbourneIT, (a diagnosis I agree with) and that therefore I should contact them to resolve the issue.
HEADS UP, BIG BUCK PASSIN’ THROUGH!
Then he gives me a long distance phone number to Australia that he suggests I call. I laugh. He also thinks this is silly, and hopes, for my sake, that they speak English over there.
I try another tack: I explain to him that from Yahoo!’s perspective, this isn’t about my individual complaint, but that everyone who is paying for this service is being affected. I recommend that he escalate this to his manager, and he seems to understand what I am saying, but is also reaching the end of his patience. I can tell that whomever he’s working with on his side is not as sympathetic. He puts me on hold again, and I go to the MelbourneIT website to check out their online support.
As it turns out, MelbourneIT has a nifty support tool that allows me to identify my problem and domain. I write a quick note and submit the request.
Minutes later, while still on hold with Yahoo!, I get an automated reply to my complaint (my bold):
THIS IS A SYSTEM GENERATED MESSAGE
A Melbourne IT Reseller manages the domains specified in your message.
Please contact this reseller using the details below for any assistance you require. If the person you contact refers you back to us, ask them if they would please contact us on your behalf.
Web address: domains.yahoo.com
Email address: email@example.com
Genius! An automatic buck passer. Lucky for me, I’m still on the phone with Yahoo!
When my Yahoo! support agent comes back to the phone, he says that a “special note” has been added to my case to indicate that this issue may affect other Yahoo! customers, and re-recommends that I contact MelbourneIT.
He is quite disappointed when I read him the automated reply from MelbourneIT.
I try explaining to him why I think MelbourneIT is right – after all, Yahoo! contracts MelbourneIT to provide the service – MelbourneIT doesn’t know who I am as an individual. I pay Yahoo!, Yahoo! pays MelbourneIT – if I have a problem, I ask Yahoo! to fix it. If Yahoo! has a problem with MelbourneIT, they ask MelbourneIT to fix it. Who do I want a refund from? Yahoo! Who’s holding my privacy hostage? Yahoo!
At this point, I decide that a blog post is a more effective use of my time and energy, but I let the support agent put me on hold one last time to get a final response from his management.
After several minutes he comes back with, no surprise, a restatement that the problem is on MelbourneIT’s side. But to sweeten the deal he throws in a final gem. He gives me the phone number-equivalent of contact@myprivate…, the phone number that is listed for every Yahoo! Private Domain and suggests I give that number a call, since it is a US phone number. In a manner of speaking, he suggests I try giving myself a call.
Yeah, right, I think, thank him and hang up.
Just for kicks, I dial the number:
Sorry, the mailbox is full and there is not enough space to leave a message. To leave a message for another subscriber, enter the area code or phone number for that subscriber.
LOL! Don’t believe me? Try it yourself. (510-595-2002)
So, in closing: If you sign up for Yahoo! Private Domain Registration, it works great – you won’t get any emails, or phone calls…and though I haven’t tested it, I wouldn’t expect too much mail to make it through that PO Box in Emeryville either.
So, am I missing something? Or is this service a farce at best? Is it anything more than an attempt by Yahoo! to appear to care about user privacy?
No? Well it would just be a good joke if this broken service didn’t also block Yahoo! customers from switching off of the Yahoo! Domains service and on to a competitor’s. Isn’t that a form of extortion?
Update February 26, 2008
I recently discovered that the above story does actually get worse: Yahoo! Private Domain Debacle Part II: Can’t Keep a Secret.