OnlineDomain.com Domain Name News & Opinions
Hexonet suspended one of my domains after their 2013 RAA verification email went straight to spam. I wrote a few months back about the Enom and Tucows problem that was that they didn’t use their official websites for domain name verifications.
But Hexonet got that and took it to a whole new level.
After some other problems with Hexonet (deleting my domain before it was expired, but that is another story) I noticed that one of my domains had a “CLIENT HOLD” status and was not resolving.
I asked them about it and was told that “The “clientHold” status has been set due to unconfirmed owner verification. An e-Mail has been sent out to xxx. Please check your post box and confirm the e-mail. The “Hold” status will be removed automatically after the confirmation.”.
Needless to say I was not able to find any such email but there was a reason for that. I had it right before my eyes (in my spam folder) but it was impossible to even know that it was the verification email.
It was in my junk folder and for good reason. Outlook.com and I believe all email clients are catching this is spam. The email looks and feels like spam and no one knows who it is coming from and why. Nobody will open these emails and of course no one will click on these links and this is why:
1) The email was not send by hexonet.net. (or 1API that very few people know that is the name of the registrar)
2) It is send by what seems like a spam email address:
no-reply@registrant-verification.net
3) The email sender’s name is listed as “Registrar Mail”.
4) The email does not mention anywhere in the body Hexonet.
5) The email does not mention my name (i.e. is not personalized)
6) Subject is in German and then in English (Sofortige Verifizierungen erforderlich | Immediate verification required)
7) Email body is in German and then in English
8) The domain name is not in the subject. (actually they don’t even mention is about a DOMAIN in the subject)
9) The domain name only appears at the very bottom of the email body after the German and English versions of the email
10) “Whois” is not mentioned anywhere in the email or subject
And of course the email that does not mention Hexonet anywhere, has some other company’s details: EPAG. Of course I had no idea what this was. It turns out it is one of their registrar partners. But how am I supposed to know? Even after I found it I thought it was some spam/scam emails that wants you to transfer/renew your domains to a different registrar.
After I told them all the above their reply was:
“EPAG is one of our partner. That is the intention of ICANN. Domains should be de-activated if the owner do not react. ICANN wants to minimize FAKE details.”
(With the introduction of the 2013 Registrar Accreditation Agreement (RAA) registrars are obligated to send whois verification emails to all domain name registrants. Inaccurate contact data may result in the suspension or termination of a domain registration.)
It is not the intention of ICANN to send emails from strange emails with strange details that go directly to spam. Wake up Hexonet. You must have hundreds of deactivated domains by now and it all your fault. Not the registrar’s fault. If I get another deactivated domain because of this take this matter further.
I used to like Hexonet but lately not so much. They are very stubborn. I have told them about at least 4-5 dangerous problems with their control panel and system and they refuse to fix any of these. Actually they don’t even acknowledge there is any problem.
I just checked 2 domains I lost in a Hexonet auction and both domains are registered with this EPAG registrar and both are suspended. The domains are owned by 2 different buyers and I am sure they have no idea that their domains are suspended.
OnlineDomain.com - © Copyright 2012-2024 - All Rights Reserved
Here is the email:
From: no-reply@registrant-verification.net
Subject: Sofortige Verifizierungen erforderlich | Immediate verification required
Body:
** Hinweis: Diese Mail ist kein Spam, sondern eine wichtige Mitteilung
der Firma EPAG Domainservices GmbH.
Wird die Verifizierung nicht abgeschlossen, führt dies zu einer
Deaktivierung Ihrer Domain. **
[ ENGLISH VERSION BELOW ]
Sehr geehrter Domaininhaber,
vor kurzem haben Sie eine oder mehrere bestehende Domains transferiert,
die Kontaktdaten aktualisiert oder neue Domains registriert.
ICANN, die übergeordnete Organisation für die Domainverwaltung im
Internet, verpflichtet die Verifizierung Ihrer neuen Kontaktdaten.
Unter dem folgenden Link finden Sie weitere Informationen zu dieser
Verpflichtung:
http://www.icann.org/en/resources/registrars/raa/approved-with-specs-27jun13-en.htm#whois-accuracy
Um die Deaktivierung dieser Domains zu vermeiden, müssen Sie jetzt die
Domaininhaber-Geschäftsbedingungen
( http://www.registrant-verification.net/pdf/Registrant_Agreement_EPAG.pdf )
akzeptieren und Ihre Kontaktdaten validieren durch das Anklicken des
nachstehenden Links:
http://www.registrant-verification.net/?form_data%5Bregistrant_confirm
Wird diese Verifizierung nicht bis zum 24.04.2014
abgeschlossen, führt dies zu einer Deaktivierung aller Domains, die
Ihren Namen und diese E-Mail-Adresse für den Inhaber verwenden. Die
Liste am Ende dieser E-Mail enthält alle Domains, die derzeit
verifiziert werden.
Eine Aktualisierung der Kontaktdaten Ihrer Domain können Sie über Ihren
zuständigen Domain-Provider vornehmen.
Mit freundlichen Grüßen
Kundenbetreuung
EPAG Domainservices GmbH
Niebuhrstraße 16B
53113 Bonn
Germany
E-Mail: support@epag.de
Internet: http://www.epag.de
——————————————————————-
[ english version ]
** Please note: This email is not spam but rather an important message
from the company EPAG Domainservices GmbH.
Failure to complete this verification will result in the deactivation
of your domain. **
Greetings,
Recently you registered, transferred or modified the contact information
for one or more of your domain names. ICANN, the Internet Corporation
for Assigned Names and Numbers, requires the validation of your new
contact information.
You can find further information about ICANN’s validation policy at:
http://www.icann.org/en/resources/registrars/raa/approved-with-specs-27jun13-en.htm#whois-accuracy
In order to prevent the deactivation of your domains, you must agree to
the Registrant Terms and Conditions
( http://www.registrant-verification.net/pdf/Registrant_Agreement_EPAG.pdf )
and validate your contact information by clicking the link below.
http://www.registrant-verification.net/?form_data%5Bregistrant_confirm
If this verification has not completed by 2014-04-24,
all of the domains using your name and this email address will be
deactivated. The list at the end of this email contains
a full report of all names that are currently undergoing verification.
In order to update any contact data, please contact your domain provider.
Sincerely,
Support
EPAG Domainservices GmbH
Niebuhrstrasse 16B
53113 Bonn
Germany
Email: support@epag.de
Internet: http://www.epag.de
—— Ihre betroffenen Domains / Your Affected Domains ——
nob.biz
Everyone here continue to joke with these properties.. No privacy or with many problems on the new TLDs; no transfer (yes, I don’t know how many people were able to sell their new domains, I tried to transfer a domain and they said it is still not possible….).
Furthermore, you can’t put them up for auction, at least places like Flippa don’t show these new TLDs to potential buyers, you can’t search through the domain based on these new TLDs, so even in this case they are placing obstacles….
They are all engaged, with all their energies, to make the life of registrants hard and disseminate their ways with obstacles and pitfalls that can bring them to lose their domains.
Times are coming to see the first serious problems for all these united little and great criminals…. Criminals will encounter serious problems, it is only a matter of time.
Instead of asking domain holders to click on a link in an email, why don’t registrars simply ask domain holders to perform the verification process on their websites? There can be various ways to verify their emails on their websites. Registrars should also place the same message on the after-login page just in case a domain holder did not see the email for whatever reasons (junk box, oversight, shady emails, etc). They should realize hackers are sending fake emails to domain holders that look exactly the same as the registrars’ emails. So, domain holders do not like clicking on links in an email. In short, registrars should invest more money, time and efforts to safeguard the interests of domain holders.
The after-login message would be great for domainers that login to registrars regularly.
But most people don’t, so a better designed email coming from a legitimate email address would do the trick.
Hexonet doesn’t even send an order confirmation email.
I mean “in addition to” a better-designed email. Just in case. Double safeguards.
I understood.
I just said that the after-login message will only help domainers.
Regular people take months or even years between registrar logins.
This is ICANN’s mess. It was a bad idea from the word go, the suspension of the domain is batshit crazy, it dumps all the backlash on the registrars AND it accomplishes nothing.
http://blog.easydns.org/2014/01/21/icann-unleashes-deadliest-ddos-attack-vector-of-2014/
All the ideas on how registrars can “do it better” are academic. The rars have been dealt a bad hand (as always), they get to clean up ICANN’s mess, again and again.
http://blog.easydns.org/2014/03/24/definitive-proof-icanns-new-whois-verification-works/
Any registrar who has executed the 2013RAA is bound by this. It is guaranteed to fail because it contravenes best practices IT professionals have been trying to teach people forever (namely, if it comes via email and purports to be a “verify your account” link, it’s probably a phish or a virus)
It’s just mind bogglingly fucking stupid.
It is very difficult to determine which email is from a legitimate registrar. If a sender’s IP address of an email is the same as a registrar’s, is it 100% legitimate? No!!!!
In the same boat. Got the ‘final warning’ email and decided to research who the hell epag was. I asked if they were associated with Hexonet – I have seven domain there – and this was the reply:
Dear David,
we are the Domain registrar EPAG Domainservices.
Please provide us the domain name if you are the domain owner so that we can forward your email to your provider.
Greetings
Yuliya Kharsane
———————————————————————
I don’t have a clue which domain they are referring to… so I’m sending them all seven.
No more Hexonet… EVER!
Hexonet is using several registrars for drop catching.
You should check whois and see which of your domains is registered with EPAG.
I know this is crazy. Craziest thing is that they don’t care and they never improve.