The topic seems a little harsh about what I'm discussing, but that's in effect what is trying to take place.
My dad purchased a domain for a bishop friend of the family (and our church). You may not like Christianity or the website but the problem we're facing can happen to ANYONE.
This domain is up for renewal August of this year. My dad got a bill for the domain in the mail. He's the type of person that when he gets a bill, he tends to just send in money. This bill should have been a no-brainer and shouldn't have required my help but it did. Why? The bill is not from our current domain registrar (godaddy.com) but was in fact from another service called “Domain Registry of America” (www.droa.com). I've had to do renewals with godaddy.com before. They're entirely automated and they take the money from our credit card. We only have to let them know before hand if we're going to cancel the renewal. They also send email renewal reminders and have NEVER sent us any postal mail. That right there would have alerted me to a problem, yet I was never presented it because it didn't seem like there was one.
Why can this happen to anyone? Whois. My complete contact information, as well as my father's, is included when you whois the domain. Anyone that can whois the domain can get our address and 'craft' documentation that closely matches what we currently have.
Here's sample whois information:
Expiration Date:29-Aug-2004 00:50:58 UTC
Registrant ID:GODA-*Blanked*
Registrant Name:Paul Brayton
Registrant Street1:*Blanked*
Registrant City:Marietta
Registrant State/Province:Georgia
Registrant Postal Code:30066
Registrant Country:US
Registrant Phone:*Blanked*
Registrant Email:*Blanked*
Note the Registrant ID. GODA? That is in fact GoDaddy's acronym. Domain Registry of America's acronym is probably DROA. Why is this important? It's quite possible that one can automate a way to get a list of domains. From this list, they can whois every domain and get the Registrant ID. From this ID they can tell who the registrar is. This, coupled with the Expiration Date, proves that DROA could in fact send us a bill that would fool anyone not paying close attention to it. Since DROA is a registrar, they would know best how to poll domains for their internal use. It's entirely possible that coupled with this information, they can find domains that don't belong to them and 'solicit' 'business' by sending them 'renewal' 'bills'. It's entirely possible and it seems like the whois information proves it, but I can't be 100% certain.
I've said all of this to hopefully alert you all to this problem. We may be the only one affected by these underhanded schemes but I have a feeling we're not alone. I also have a feeling that if one company can automate this or do what they did, it's quite possible that other registrars can follow suit.
I also could use help if anyone has dealt with something like this. I want to alert ICANN to this possible issue with one of their registrars. I can't seem to find any email addresses or contact information that I can use to alert them to this possible growing problem. I also want to get our money back but I have a feeling that may be more trouble than it's worth. I could try to contact DROA directly and demand our money back but I have a feeling that approach won't work. If they baited us using this technique they aren't really going to come out and admit it, much less actually give back money they've already withdrawn from the account.
Thanks for listening, hopefully none of you will have to deal with something like this. Unless things change though, I have a feeling this epidemic is only going to increase especially now that domain registration is deregulated. This means that any company can have good intentions but at some point can begin to troll for business by using automated techniques. It's quite sad but quite possible, so watch out.