GoDaddy gave a domain to a stranger without any documentation

Original Article ↗ Hacker News Discussion ↗

GoDaddy’s reputation and why it’s still widely used

  • Many commenters describe GoDaddy as one of the worst registrars: long history of technical screwups, dark patterns, predatory expiry/auction behavior, and controversial marketing and policy stances.
  • Others note it remains the largest registrar, heavily advertising to non‑technical buyers; for many small businesses it’s the first (or only) name they recognize.
  • Some enterprises also use it, partly for 24/7 phone support and managed hosting, and because migrating away later feels risky or costly.
  • Several people say the company has been notoriously bad for decades and are baffled that anyone still signs up.

Assessment of this specific incident

  • Most see the wrongful domain transfer without documentation as gross negligence, not a rare fluke.
  • Likely cause discussed: internal employee error misreading a similar domain in a support email, then processes and support that failed to detect or promptly correct it.
  • Particularly criticized: support slow‑rolling, denying responsibility, or falsely claiming correct documentation existed.

Security, risk, and business impact

  • Commenters stress how critical domains are: loss affects email, login/2FA flows, banking, SaaS accounts, SEO, and brand trust.
  • Registrar support is called out as a major attack surface: social engineering and lax procedures can bypass technical controls like MFA.
  • Using email or SMS as primary 2FA is seen as fragile because users don’t truly control phone numbers or domains.

Alternatives and domain-management best practices

  • Frequently recommended registrars: Porkbun, Dynadot, Namecheap, Gandi, Name.com, Dnsimple; for enterprises: MarkMonitor, CSC, or cloud vendors (AWS Route53, Cloudflare) with paid support.
  • Each alternative has some criticism (e.g., support quality, pricing changes, policy choices, or engineering mistakes).
  • Strong advice to separate roles: keep registrar, DNS, hosting, and email with different providers to reduce lock‑in and blast radius.
  • Use registry lock and strong internal processes for high‑value domains; avoid registrar‑provided DNS when possible.

Legal and regulatory recourse

  • Some urge arbitration or lawsuits for damages; others (including lawyers) doubt it’s worth the cost given arbitration clauses and limited provable loss.
  • ICANN complaints are mentioned but seen as slow and more about ownership disputes than registrar malpractice.
  • Ideas raised: stronger regulation of registrars, “infrastructure building codes,” and public complaint databases to pressure providers.

Broader systemic points

  • Domain pricing leaves almost no margin, so support becomes a cost center and gets minimized, especially at scale.
  • Centralized DNS/registrar dependence undermines “decentralization” of services like email or federated apps.
  • A recurring theme: “friends don’t let friends use GoDaddy,” and many readers report migrating all remaining domains away.