Domain theft attempt? Why is GoDaddy involved in my domain transfer?

Hi,

Experienced IT pro here (so feel free to geek out and skip easy explanations lol). I suspect someone tried to steal one of my domain registrations out from under me while I was transferring it to Cloudflare. Here is the scenario:

On 6/1 I initiated a domain transfer of 3 of my domain registrations from DomainsMadeEasy to Cloudflare. Easy peasy for 2 of them; those were 100% complete inside of 30 minutes.

The problem is the third domain. Same thing: DomainsMadeEasy to Cloudflare. Same prep work as the other two: domains already added into my CF account and CF set up as authoritative DNS (the DNS part was done several months ago).

This third domain’s transfer was delayed for some unknown reason. Two days later, on 6/3, I get an email from [email protected] asking me to approve the transfer. WHAT??? GoDaddy? I don’t even have a GoDaddy account! Never have.

I suspected someone might have tried to swipe my domain out from under me while its status was “transfer in progress” hoping I’d email an approval to the wrong registrar without thinking. (Not sure how that would work if they didn’t have the transfer code though.) Or, more optimistically, I tried to find out if CloudFlare somehow used GoDaddy services, but I could find nothing.

So I called DomainsMadeEasy. They couldn’t explain the email from GoDaddy either, and was able to implement a transfer block for me just to be safe.

Long story short, I have a question for the community: Was it somehow legitimate to receive an email about my domain transfer from [email protected] when my domain is presently registered with DomainsMadeEasy and I was transferring it to Cloudflare? Could GoDaddy possibly be involved behind the scenes between DME and Cloudflare? Somehow?

I should add the two transfers that went through quickly and never resulted in an email from GoDaddy. Further, I have several other domains I moved from DME to Cloudflare, and again, no emails from GoDaddy.

I send my gratitude for any thoughts/ideas/knowledge in advance.
Thanks so much!

Refreshing for a change :slight_smile:

I would say no. I havent transferred to Cloudflare yet, but Cloudflare and Godaddy shouldnt be in any way associated. Cloudflare is not a reseller.

That being said, it would seem as if your previous registrar is a subsidiary or reseller of Godaddy and that would explain why you’d receive an email.

That part is a bit confusing :slight_smile:. I was trying to say you shouldnt have received such an email in the context of Cloudflare. If your previous “registrar” is associated with Godaddy, such an email would certainly make some sense.

Hi Sandro! Thank you so much for your reply.

I’m always glad to provide refreshment! lol :slight_smile: :beer: Cheers! :beers:

To my knowledge, DomainsMadeEasy has nothing to do with GoDaddy. (I hope not. LOL) I’ve used DME for…gosh. It has to be at least 12 years. The DME support rep on the phone said it sounded suspicious as well.

Based on your comments, I have done some additional checking. I still can’t find anything about a relationship between GD and DME. As we geeks know, searching is a bit of an art form. :slight_smile: I’ll keep looking.

Thanks so much for your input, Sandro! Stay safe and well.
Jacquie

I cant say how much they’d have to do with them, but based on the following I would tend to say they are associated in some way

  • ICANN does not list them as registrar (fair enough, that could be under a different name).
  • Their own domain is registered via Wild West Domains, which is Godaddy’s reseller subsidiary.
  • Their documentation at https://domainsmadeeasy.com/domain-registration/ points to a Godaddy server.

Based on that I would say they are either a subsidiary or just a reseller. Also, the fact that this thread is the sixth entry at https://www.google.com/search?client=firefox-b-d&q=domainsmadeeasy does not exactly speak for that provider’s popularity :slight_smile:

Appreciated. We do need such refreshments here among the fifty “why does SSL not work” messages every single day :wink:

Cheers :clinking_glasses:

Probably not a subsidiary, as they appear to be a subsidiary of Tiggee. In that case probably a reseller. Tiggee is not listed as registrar either.

Hi Sandro,

BINGO! Your input got me to the right place. Domain registrations through DomainsMadeEasy always reference Wild West Domains. https://www.wildwestdomains.com/about-us says “Wild West Domains is a wholly-owned subsidiary of GoDaddy Inc.”

That looks like it may be the answer. Thanks for nudging my brain in the right direction!

What is still a mystery is why that one domain needed an approval via [email protected] unlike all of the other domains I have transferred over from DME to Cloudflare.

Jacquie

Different TLD?

As a side note, the GoDaddy involvement is impetus enough for me to move the rest of my domains from DME to Cloudflare. I just don’t like GoDaddy.

Yes, GD is based in Scottsdale, AZ which qualifies as “local” for me.
Yes, Danica Patrick not withstanding. (My cat is named “Dani” after her. lol)

Cheers, Sandro! :beer: :clinking_glasses:

Nope - they are all .COMs

The domain I had a problem with is fairly old - originally registered September, 1997. But I’ve moved a domain even older (2/1997) a few months ago with no problem - and no GoDaddy. I can’t recall off the top of my head one billion years ago (23 years is a billion in computer years) which registrar I used at that time, but GoDaddy didn’t exist until 1999 (per Wikipedia).

Offhand, I’m at a loss. I just hate not knowing why. Dangit! lol

But there’s hope. GoDaddy has started a case on this event, and I have responded with details. At some point perhaps a human can explain this was a legitimate message and why I got it for this domain but none of the others. I don’t want to go through this again in 60 days when the domain lock comes off and I redo the transfer attempt. lol

You have my full understanding and support :slight_smile:

Dont be misled to the dark side by seeming similarities :smile:

Then I dont know, maybe some different domain status but that is difficult to say at this point. Only they could tell, but if they cannot even explain their relation to Godaddy :slight_smile:

Though, generally domain transfers do come with some sort of email which requires a verification. I am rather surprised the others did not.

Indeed. I am still kind of suspicious. GoDaddy is sort of ubiquitous, and though I think we have come up with a reason for a legitimate involvement of GoDaddy in this transfer process, I don’t feel (feel? lol - I don’t Think…) we have found a certain reason to rule out foul play through a rogue individual with a GoDaddy account trying to swipe domains showing a status of “transfer in progress”. I know there would be extra steps involved, but smart people have been fooled under all sorts of circumstances. Better safe than sorry.

Thank you for our conversation today, Sandro. Hope to hear more from you. :slight_smile: I will pop in here with more details when I find them. If you have any more thoughts/experiences/knowledge/ideas, I’m all ears. :slight_smile:
Jacquie

What makes you think so? Not saying it cant be, but it would be quite a coincidence. Also, dont forget you typically need a valid EPP code to even start the transfer.

The other transfers DID ask for confirmation. Those emails came from [email protected], which is a known domain to use for emails from DomainsMadeEasy. Nothing ever came from a godaddy.com domain.

Maybe the domains were managed by different reseller accounts.

Namecheap, for example, was a reseller of Enom for years and managed domains under their account even after becoming an accredited registrar. Maybe the domains in this case were also in different reseller accounts. Speculation of course.