Next thing I know, Mr. X calls me to tell me that he’s hired someone else to develop a new site for him, and he’ll have new hosting as well. Okay. It would have been nice if he had at least asked me for a quote, but that’s fine — he has every right to go with someone else.

I sent him the ftp login info so that he can give it to his new webmaster to grab the files from the existing site, in case those are needed. I also suggested that he open an account with GoDaddy so that we can transfer his domain to his own account, since I have no desire to continue to renew Mr. X’s domain every year and bill him for it. If he’s not hosting with me, and not paying me anything to do updates or other maintenance to his site, handling his domain renewal is just not worth my time. So I walked his secretary through opening a GoDaddy account, and I transferred the domain to him.

Mr. X’s hosting was paid up through the end of the quarter, so I told him that I would keep his hosting active through July 31, but his new webmaster needed to either have his new site up and running on the new host by then, or move the existing site to the new host, in order to avoid any downtime for his site.

The last week of July arrived. Before I shut off his hosting, I decided to see if he’s got the site hosted somewhere else yet. Nope. It’s still pointing to my server. I email Mr. X. I get a reply back from his secretary, who said that he’s out of town and she doesn’t know anything about a new webmaster. She was under the impression that the domain transfer was all that was needed. (Even though I made it very clear in my earlier emails that the domain registration was completely separate from the hosting.)

I explained that she really needed to get Mr. X to get his new webmaster to get either his existing site or his new site up and running on their new host (whoever that might be), and to change their nameservers to point to the new host. I explained that if I just shut off his hosting their site would disappear from the web altogether. I also noted that they could renew their hosting with me so as not to have any downtime if there were any problems with the new webmaster or the new host. She said she would talk to Mr. X about it.

Aug. 1 arrived. I checked, and sure enough, the site was still live on my server. I emailed Mr. X and told him that he either needed to get his site running on his new host immediately or renew his hosting with me, because as soon as I shut off his hosting on my server, his site would disappear.

I received a reply email that said, simply, “This has been taken care of.” When I checked again, the domain nameservers were pointing to GoDaddy’s nameservers. So I shut off the hosting on my server.

Now his site consists of a GoDaddy parking page.

I suspect that Mr. X never did hire another webmaster. I have the feeling that he was expecting his secretary to build him a new site, and that she knows virtually nothing about it. I don’t know why he told me that he had hired someone else, nor do I know why he was so determined to move his hosting somewhere else. He had never complained to me about any problems with either the site or its hosting, and he certainly wasn’t overpaying for the hosting. I believe he may have thought he could save some money, somehow, although the small amount he was paying me for the hosting meant that at most he could only save a little tiny bit on his hosting by going with a cheaper host.

I tell myself that you can’t save people from their own mistakes, and that his site is now his problem, and his problem alone. Nevertheless, I hate to see a site disappear from the web, and kill its standing in the search engines, due to the owner’s stubbornness, lack of knowledge, and unwillingness to listen.

I suspect what’s going to happen is this: The domain will expire in a few days. It will go into the registrar’s redemption period, so that no one else can register it, and only the former web developer would be able to renew it. Even if they can reach him at that point, they probably won’t want to pay the redemption fee. So they’ll end up registering a new domain.

I can build them a nice new site. But they’ll lose the two years’ worth of “aging” of the existing site on the current domain. They’ll essentially be starting over from scratch.

This could have been avoided by the client simply registering the domain in their own name in the first place. I frequently end up registering clients’ domains for them, because they don’t know how and they don’t want to learn how, and they consider “all that technical web stuff” to be beyond anything they can or want to manage themselves.

Fortunately for my clients, I don’t plan on disappearing, and I would never ever hold a domain for hostage the way some web developers do. So I consider that my clients’ domain are safe with me. But nevertheless, I always recommend that a domain should be registered in the business owner’s own account in their own name. They wouldn’t allow any other important business asset to be owned or controlled by some third party, and they should apply the same standard to their domain.

Both eNom and Network Solutions, two very large registrars that handle millions of domain registrations, are the target of a major phishing attack. It is believed that the perpetrators’ purpose is to acquire the login details for victims’ domain registrar accounts and thereby steal or otherwise compromise their domain registrations.

Phishing warning posted on Network Solutions home page

Phishing warning on eNom

These e-mails make a dire warning about “innaccurate whois information” or some other problem with your domain, and warn you that you must take immediate action to avoid having your domain registration canceled.

The fake eNom e-mail
(click image for full-size view)

The above image contains the actual text in one of these e-mails that I received. Since I have my e-mail program set to display the actual URLs of links, you can see that the link to “verify your contact information” is set so that it would appear to be a link to enom.com but in fact is a link to enom.com.ssl45.mobi.

If you receive any e-mail about your domain registration (or any other online account you may have) you should never click any link in the e-mail. If you want to verify things for yourself, go directly to the website where you have your account by entering the address in the address bar of your browser.

And it never hurts to drop into your domain registrar account to double-check that your contact information (particularly your e-mail address) is current, and to lock your domain, if your registrar offers such an option. Security experts recommend that you change your password regularly, and that you do not use free web-based e-mail accounts (such as GMail) for any sensitive accounts.

That was basically the response of Network Solutions when it was caught with its hand in the cookie jar, registering domains for themselves that people had looked up in their whois registry. NetSol basically defended their contemptible practice by saying, “In order to prevent domain registration abuse, we’re committing domain registration abuse.”

WARNING: If you do a WhoIs search on a .com or .net domain at the Network Solutions website, NetSol will immediately register that domain. They will then kindly allow you to register it at NetSol — but they’ll also allow anyone else to register it, too.

Their claim that they’re “protecting” the domain “on your behalf” just doesn’t hold up. What they’re doing is ensuring that you cannot register the domain at some other registrar, such as GoDaddy, NameCheap, DotRegistrar, or any other registrar that actually charges a reasonable fee for domain registration. The only place you can register the domain is with Network Solutions, at their highly inflated registration fee of $35 (compare that to GoDaddy’s fee of about $10).

This practice costs Network Solutions nothing — by dropping the domain within the 5-day grace period, they don’t even have to pay the registration fee. Yet — yet — when they drop it, that domain goes on a list of dropped domains, and the domain tasters will snap it up. So, if you simply decide to wait it out until NetSol drops it, then register it at the registrar of your choice, you’ll likely miss out.

ICANN should stop with its hands-off posture toward registrars abusing their position of trust, and take action to prevent this sort of thing. NetSol should start behaving ethically, and should start charging fair prices for domain registration. Everyone should avoid ever using Network Solutions, for anything, ever again.

What’s next, Network Solutions? “We had to destroy the internet in order to save it, sir”?

Unfortunately, nearly all of the “good” domains are taken, and you might find yourself doing search after search to find an available domain that you feel appropriately reflects your business.

What makes a good domain?

Generally, all else being equal, here are some guidelines to follow:

• The exact name of your company is often best, if that domain is available.
• Short — the shorter the better
• Easy to remember
• Non-hyphenated. No hyphens is best. One hyphen is moderately acceptable. More than one hyphen should be avoided, period.
• Few words — the fewer words the better
• .com — There are other TLDs (top level domains: .net, .org, .info, etc.) available, but in general when people think of a web site they think .com. The exception would be if you’re a non-profit organization, the .org would be most appropriate. But you should still probably register the .com version and point it to your .org domain.
• Easy to say
• Easy to spell

Think about saying your domain name to someone over the phone: “It’s keyword1 hyphen keyword2 keyword3 hyphen abbreviatedkeyword4 dot com.” Contrast that with “It’s keyword1keyword2dot.com.”

Think about writing your domain name on the back of a envelope, or on a cocktail napkin at a bar.

Think about your customers telling their friends and associates (potential customers) your domain: “It’s keyword1 and then I think a hyphen, but maybe not, there’s a hyphen in there somewhere. Then keyword2 then companyname dot hmmmm, dot net or dot com? I dunno, try both.”

Try to avoid alternative or informal spellings of words. If you’re a real estate agent, for example, a domain name that includes “housez” would just look stoopid. Although if your target audience is hip teens (unlikely for a real estate agent), the z spelling might be effective.

Try to avoid the .net or other alternative TLD to an existing site that has the dot.com of the domain you want. You’ll lose a certain percentage of people to the dot.com site when they unthinkingly type in .com instead of .net.

Assuming you get a .com domain, if you can, also register the .net, and possibly the .org, versions of your dot.com, so that someone else can’t come along and use those domains.

If all else fails, a made-up word could work. (Think Google.)