Latest news of the domain name industry

Recent Posts

Uniregistry changes emails after “renewal scam” complaints

Kevin Murphy, February 2, 2018, Domain Registrars

Uniregistry has modified its marketing emails after customers complained they looked like fake renewal “scams”.

One customer contacted DI last week to say they were “horrified” to receive pitches for cheap SSL certificates that “read like some of the worst domain expiration scams of the past”.

The company recently started reselling Comodo’s SSL certs as part of its plan to broaden its customer base beyond its roots in the domain investor community.

But the way these certs were marketed left more than one customer with concerns. One email, which I’ve lightly redacted, read as follows:

Dear [CUSTOMER],

FINAL NOTICE – Your SSL certificate for your domain has expired. Take action and renew your certificate today through Uniregistry.

If your SSL certificate expires your website will display a warning informing customers the site is not secure.

We’ve teamed up with Comodo CA to offer our valued customers discounts up to 78% off when they renew their SSL certificate through us.

Visit https://www.comodo.com/uniregistry/ to take advantage of this offer and renew your certificate before it expires.

Domains at Risk :
[LIST OF DOMAINS]

Average validation time is less than an hour could take longer. Don’t let your certificate expire and put your business at risk. We are here to help, contact one of our SSL Specialist for more information or if you need additional support.

Thank you for choosing Uniregistry and Comodo CA

The reader said that while they have some domains with Uniregistry, their SSL certs had been bought elsewhere.

They added that the certs had not “expired” as the email claimed and said that they were not due to expire for months.

In addition, the email is quite clearly asking the customer to “renew” their cert via Uniregistry and Comodo, which should not be possible if the current cert was bought from a different Certificate Authority. It’s actually a solicitation to buy a new cert.

The scare-tactics wording is reminiscent of the old “slamming” scams carried out by Brandon Gray Internet Services, going under the moniker Domain Registry Of America and similar, until ICANN terminated its contract in 2014.

These “fake renewal” scams were delivered in the form of final-demand invoices, but were in fact solicitations to transfer domains, at a huge premium, from their current registrar to the scammer’s registrar.

A major difference between the DROA scam and Uniregistry’s marketing is that Uniregistry only contacted its existing customers. It was not spamming SSL owners at random.

Uniregistry told DI that the emails in question were part of an “A/B test” — when a company tests two emails to different sets of customers to see which one gets the best response rate — that were sent to “small number” of its customers.

Chief operating officer Kanchan Mhatre said in an email:

The initial content sent came from a previous campaign and it’s fair to say that it needed modifying to more accurately reflect what we were trying to convey. Based on the feedback received from you and other customers, we have modified the messaging and we are currently reviewing cert expiry date validation to ensure that we communicate with our customers in a timely manner.

Finally, domain-slamming registrar gets ICANN breach notice

Kevin Murphy, December 17, 2013, Domain Registrars

Domain “slamming” registrar Brandon Gray Internet Services, which does business as NameJuice.com, has finally received its first ICANN compliance notice.

If you’ve been around the industry for a while you’ll know Brandon Gray better as Domain Registry of America, Domain Registry of Canada, Domain Renewal Group and various other pseudonyms.

DROADROA is known for being the prime perpetrator of the old “slamming” scam, where fake postal renewal notices that look like invoices trick busy or gullible registrants into transferring their names.

It was sued for slamming by Register.com back in 2002, spanked by the UK’s Advertising Standards Agency as recently as 2009, and de-accredited by .ca registry CIRA.

There’s a list of the various times it’s run afoul of regulators over on Wikipedia.

ICANN yesterday sent a breach notice (pdf) to Brandon Gray, saying the company failed to “maintain and make available to ICANN registration records relating to dealings with the Registered Name Holder” of businesspotion.com, in violation of the Registrar Accreditation Agreement.

A Whois look-up reveals that businesspotion.com has belonged to the same registrant since 2009. However, in April 2011 it was transferred from 1&1 to Brandon Gray (DROA/NameJuice).

I can only guess why it might have been transferred.

However, the material ICANN wants only relates to the period from July this year.

It appears from the compliance notice that the owner of the domain tried to transfer his name away from DROA recently but claims to have not received the necessary authorization codes.

Brandon Gray has until January 13 to provide ICANN with the requested documentation or face losing its accreditation.

Back in 2011, the last time Brandon Gray tried to slam me, I asked: “Isn’t it about time ICANN shut these muppets down?”

Hopefully, that wish is a step closer to reality today.