define(‘TWEET’, ‘The @ICANN mafia has taken @nomadlist hostage for 2 days now’);
This is an short story on how ICANN acts like mafia and has taken my site Nomad List hostage for 2 days now.
Here’s how my site used to look:
Here’s how it has looked for the past few days:
Here’s a short story on how that happened
I have WhoisGuard enabled on all my domain names. WhoisGuard is a service which makes my personal contact information (so-called WHOIS information) stays private and NameCheap puts theirs in instead. That’s a service I pay $2.88/year per domain name for.
So instead of this:
(That’s my Amsterdam address)
You see this:
That’s a P.O. Box in Panama. That’s nice because if someone disagrees with what I write here on the internet they can fly to Panama and beat up a postal box, instead of beating up me. TL;DR I can’t fight.
For some reason, WhoisGuard wasn’t set to renew and it expired. It should look like this:
But it was set to this:
When WhoisGuard expired, NameCheap removed its WhoisGuard Panama P.O. Box, and downgraded it back to my domain’s OLD contacts:
Here’s where the problem starts
Because I’ve been using WhoisGuard for years, I haven’t used the old email “OLD_EMAIL_THAT_I_HAVENT_USED_IN_5_YEARS@GMAIL.COM” that USED to be set as the contact BEFORE I used WhoisGuard. This email wasn’t connected to this domain for 3 years. So when it switched back, I never got ANY of ICANN’s verification request emails. So I could never click their confirmation links. And then after a month they shut my domain down. I only discovered when people suddenly texted me my site was down and looked like this:
Nomad List isn’t VICE, but it’s a big site. It gets 10,000 people using it daily.
ICANN’s new rule: shut down first, ask questions later
Now ICANN has this new rule. With every change of domain contacts (e.g. my WhoisGuard expiring), it requires domain holders to re-confirm their email address. The problem is (1) their emails look like SPAM and often end up in SPAM folders (2) who uses email these days anyway? (3) they often send them to old email addresses.
It’s also unclear what the action here to proceed is. What am I supposed to do? Click the domain link? I guess.
After seeing the crazy notice I was able to get access to my old email and verify my contacts. But that was 24 hours ago. Nomad List is still down, and it seems to going to take a few more days to get it up (this blog post will probably help, but not everyone can blog in this kinda sitaution, so that’s bad):
Showing of force
ICANN is like a SWAT team breaking into your house because your phone number isn’t up to date.
It’s an obvious showing of force.
Now you say “No Pieter, you should read your email more carefully, this is a consequence of your messiness.”. I have about a hundred domain names. How can you expect me to check my inbox daily and click a link for all these domain names. It’s not 1995. This is not realistic. The consequence of shutting down someone’s business if they don’t confirm their email is way too crazy.
It means a lot of lost sign ups, lost revenue, lost profit. They’ve also shut down my MX records, so I haven’t been able to handle any customer support requests resulting in angry customers.
The internet agrees
The internet is full of stories of people who have had their sites (and businesses) shut down because of this:
ICANN’s wants to ensure more transparency. This is laudable but has backlashed with these registrar verification procedures. These rules will create inevitable moments of panic for business owners that believe they are set up properly but could face significant downtime regardless.
This can have grave consequences such as a websites (sic) going down or people losing access to their email, as the dns is removed until the link has been validated. In turn this will result in lost revenue, lost productivity and serious stress.
Additionally it puts an extra burden on domain registrars, which have to ensure that domain registrants are informed and act upon these validation links.
And the one thing ICANN has forgotten is that it also opens the door for scam artists, who will send similar looking phishing emails to domain name registrants looking to get a click or two to hijack a brand.
My message to ICANN
Firstly, give me my site back!
ICANN, stop acting like mafia and don’t take sites hostage. And I’ll try to keep my contacts updated, if you ask me in a more friendly way. You’re the organization for internet domains, not a power hungry malevolent corporation….or wait?
Update after 4 days (2017-02-18)
This post seems to have worked and Nomad List is back up.
ICANN transferred the entire domain away from me (and NameCheap), then after I confirmed the WHOIS gave it back. After the handover, ALL my DNS records were missing, that means it didn’t point to my web server anymore:
ALL MX (that’s email) records were missing too, that means everything I configured over the last years (like DKIM/SPF authorization records for MailChimp and Mandrill to get past SPAM filters) was gone and took me hours to reconfigure. Painful and insane.
In the mean time NameCheap set the default records for a new domain (it even called it a new domain, it’s NOT a new domain) and put ads on my site:
Again, I don’t even…