This morning I sat down to look over my new email, and a message with a subject line containing “FINAL NOTICE” caught my eye. When I opened it, I saw something that had every appearance of being a bill telling me I needed to respond by February 6:
- A painstakingly worded request for me to complete my domain’s “search engine registration”.
I found myself reading it very carefully, even though it turned out to be exactly what I thought it was: a spear phishing attempt. The sender wanted me to sign up for “search engine registration” for my domain. Failure to do so would “make it difficult for my customers to locate me on the web.”
Baloney. My site is already well-indexed by all the major search engines; I don’t need to pay someone $75 per year ($295 for 10 years or $499 for a lifetime subscription) to periodically submit my domain name to the search engines’ “Add URL” page.
However, this is exactly the kind of thing that, as the administrative contact on my domain, that I get all the time. Sometimes people registering domains make the mistake of making the administrative contact for a domain a person who isn’t technical. I did this myself about 15 years ago, and it came back to bite me.
Periodically, I get postal junk mail from a sketchy domain registrar called “Domain Registry of America” that does it’s best to appear that it’s a branch of the US government. The junk mail informs me that my domain registration is about to expire and that it’s necessary for me to renew it–with them. Naturally, I toss these solicitations in the shredder with the rest of my junk mail. Unfortunately, at this time, I was volunteering as the webmaster for a non-profit group, and I’d registered the domain name and put the person in charge of that group down as the administrative contact (for the purposes of this story, let’s call this person “Martin”). My rationale was that, if I ever got hit by a bus, it would be easier for Martin to regain control of the domain and pass it along to my successor.
Well, one day, I got an email saying that the new registrar for this domain was DRoA, and Martin’s name was all over the email. I called up Martin and asked what was going on. “Yeah, I got a bill saying that the website was expiring, so I paid it. Did you forget to do something?” After going back and forth over what happened, it finally came out that Martin had gotten one of these DRoA notices, thought it was a bill, and paid it.
I scolded Martin appropriately and made him promise not to pay any more “bills” that came in the mail without first consulting me. I then tried to get the money Martin had paid refunded. It turned out that I couldn’t. Even though Martin hadn’t read the solicitation completely, it was carefully worded to explain that this was not, in fact, a bill, and that sending money to Domain Registry of America would transfer the domain’s registration to them. Fortunately, all I had to do was pay for an additional year’s registration with our original registrar and our registration was transferred back. I told Martin that paying DRoA’s exorbitant prices for a year’s worth of domain registry (twice what we were currently paying) was his personal penance for not carefully reading something before giving away his credit card number.
Flashing back to the present, I find that this notification also contained a block of small print disclaiming that it was a bill:
By accepting this offer, you agree not to hold DS liable for any part. Note that THIS IS NOT A BILL. This is a solicitation. You are under no obligation to pay the amounts stated unless you accept this offer. The information in this letter contains confidential and/or legally privileged information from the notification processing department of the DS. This information is intended only for the use of the individual(s) named above. There is no pre-existing relationship between DS and the domain mentioned above. This notice is not in any part associated with a continuation of services for domain registration. Search engine submission is an optional service that you can use as a part of your website optimization and alone may not increase the traffic to your site. If you do not wish to receive further updates from DS send an email to firstname.lastname@example.org and in the subject line only put remove to unsubscribe. If you are not the intended recipient, you are hereby notified that disclosure, copying, distribution or the taking of any action in reliance on the contents for this letter is strictly prohibited. * 100% satisfaction guaranteed, you may request a refund within 30 days.
Fortunately, I’m the intended recipient, so my “disclosure, copying [and] distribution” of the contents of this letter aren’t strictly prohibited. 🙂