Wild, wild web: the strange, fraudulent world of domain name scams

Full Text:

LIKE MOST ACCOUNTANTS, Anthony Sandroni spent tax season last year inundated with documents and dollar signs. When a white envelope with an authoritative stars-and-stripes letterhead appeared in his Mississippi mailbox, the enclosed document asking him to renew his tax-solutions website, he didn’t have time to worry about the fine print. He filled out the form and sent it back, along with $60, to the Domain Registry of America.

Except, as Sandroni realized a day later, he’d never heard of the Domain Registry of America. The name sounded legitimate and the notice looked official, but it wasn’t his website’s host, its prices were outrageous–annual web hosting fees typically hover around $12–and the company provided no services in exchange for the money he paid. (Sandroni renewed his domain with its actual host, Yola, a week later.) After being denied a refund when he called the Registry, which he discovered was based in the Canadian city of Markham, Ont., he filed complaints with the Better Business Bureau, a non-profit organization that tracks companies’ credibility, and a pair of anti-fraud agencies. Still no refund. “So, for $60,” he says, “I chalked it up to a life lesson.”

Thousands of domain owners have paid for a similar lesson over the past 13 years. In fact, nearly every website owner in North America will receive, if they haven’t already, a notice from the Domain Registry of America or one of its offshoots. Preying on people who lack a nuanced understanding of domain registration, these faux invoices trick owners into thinking they’re renewing their website when they are in fact transferring it to a new host, or–in cases like Sandroni’s–paying inflated prices for nothing at all.

wild-wild-web-the-strange-fraudulent-world-of-domain-name-scams-1

The practice is called domain slamming, and Markham-based Brandon Gray Internet Services is its de facto kingpin. Since 2001, the company has been mailing out quasi-legal solicitations under a long list of pseudonyms: the Domain Registry of America, the Domain Registry of Canada, the Domain Registry of Europe, and so on. Brandon Gray claims these companies are independent resellers, even though existing affiliates share identical staff listings, similar website designs, and the same 905-area-code phone number. Their scheme hasn’t gone unnoticed: Brandon Gray staff members have been dragged through litigation on both sides of the border, fined hundreds of thousands of dollars, and even sentenced to jail time. So how has the scam survived?

During the early years of the scheme, it was easy to assume that it wouldn’t. In 2002, a U.K.-based advertising watchdog heavily criticized Brandon Gray. That same year, Register.com–a popular registrar akin to GoDaddy–sued the Domain Registry of America. A year later, the Registry clashed, and eventually settled, with the U.S.’s Federal Trade Commission. In 2004, five of Brandon Gray’s senior staff were convicted under the Competition Act for misleading advertising related to domain slamming and mailing out fraudulent Bell Canada and Yellow Pages invoices.

Then, for the next six years, Brandon Gray’s widely acknowledged domain slamming continued uncontested. Through years of legal troubles, it mastered its craft, perfecting its notices, and realizing when to fight and when to refund. By 2010, the company had mailed out millions of solicitations and registered at least 130,000 domains.

Complaints amassed just as quickly as domains. North of the border, most grievances were made to the Canadian Internet Registration Authority (CIRA), which governs dot-ca domains. In August 2010, after Brandon Gray allegedly began mailing solicitations to dot-ca owners, CIRA refused to grant the company recertification, preventing them from targeting Canadian domains. Brandon Gray retaliated with a $ 10-million lawsuit, which was dismissed largely because the company failed to prove that the decision would cause irreparable harm or unduly benefit competitors. In the court’s eyes, CIRA’s refusal to recertify the company didn’t seem to be a major blow: dot-ca domains accounted for only three percent of Brandon Gray’s clients.

Indeed, the decision was hardly paralyzing. Brandon Gray continued domain slamming, and the company denies it ever sent solicitations to dot-ca owners in the first place (a 2010 CIRA affidavit claims otherwise). A spokesperson for the Domain Registry of Canada’s legal team also refuted the widespread accusation that Brandon Gray unlawfully uses content from Whols databases, which contain domain owners’ addresses and other information, to send out its letters. The spokesperson, who identified himself only as Alex and responded to questions via a Domain Registry of America email address, instead posited that there was a conspiracy to tarnish the Domain Registry’s reputation. “Most of the complaints are from competitors […] for the sole purpose of ‘bad mouthing’ us,” Alex wrote, adding that other domain hosts also receive complaints. “We have been in business over 14 years under the same ownership/management, managing over a million domains without a single negative issue from our customers: look that up and you’ll see.”

So I looked it up. As Alex admits, a Google search yields a long list of scam warnings and distressed blog posts, and the Domain Registry of America’s page on the Better Business Bureau’s website contains 245 complaints from the past three years. (By comparison, Wild West Domains, which hosts my website, has 27 complaints over the same period.) But these complaints are not planted by competitors. Liz Turner, a New York City-based actor and singer whose website is currently hosted by the Domain Registry of America, tells me she was angry, felt taken advantage of, and was unsure how to report the company. Antonie Mulder, a nurse in Kitchener, Ont., says the notice’s pseudo-governmental appearance irked him and that he had to call his actual web host before he understood what the document meant. I almost fell for it too. I received a letter from the Domain Registry of Canada in December 2013, and it was only as I was inputting my credit card information on their website that I started to have doubts.

I asked Toronto-based domain-name lawyer Zac Muscovitch what recourse someone like me could take if he’d followed through and wanted to get his money back. “Well,” he says, laughing, “I would give the client the opportunity to spend $400 an hour with me in order to get their $40 back.” He says the often negligible amount of money lost can prevent domain owners from doggedly pursuing a refund. He notes that, while the wording of the Registry’s notices is intentionally misleading, they don’t state anything untrue. In boldface, capital letters, the document indicates that it is a solicitation, not a bill or invoice. “They know what they’re doing. They’re very clever,” Muscovitch says. “I don’t think this is a situation where the people behind this are shocked that people have a problem with them. They’re doing it despite that.”

The Internet Corporation for Assigned Names and Numbers (ICANN), for one, has had a problem with Brandon Gray for at least five years. The international authority–which governs dot-com, dot-org, dot-net, and other popular domains–acknowledged the Domain Registry’s “deceptive marketing practices” in a 2008 document. Its conclusion: “We do not consider this an acceptable situation.”

But according to spokesperson James Cole, ICANN is not investigating Brandon Gray. He points to a pair of recent notices that formally reproach Gray for breaching his company’s agreement with ICANN by failing to provide registration and communication records for two particular registrants, but those breaches have since been resolved. In response to further questions about the possibility of denying Brandon Gray accreditation, Cole says only that ICANN cannot comment on specific registrars. Speaking in general terms, however, he says, “If there’s an egregious breach of the contract […] there are methods for ICANN to shut [a registrar] down.”

wild-wild-web-the-strange-fraudulent-world-of-domain-name-scams-2

What would constitute such a breach? For one, if a registrar had been disciplined for dishonest conduct or knowingly employed staff who had been convicted of a financial felony or misdemeanor. Brandon Gray’s history offers no shortage of choices there.

Why then, 10 years after the bulk of its legal difficulties, is Brandon Gray still going? The inevitable bureaucracy of a massive multinational authority, the unmanageable task of overseeing millions of online domains, a reluctance to tackle a company that has exhibited a willingness to fight back–these factors all play a part. But only once Brandon Gray is stripped of its ability to legally register domains will its solicitations change from simply misleading to irrefutably illegal.

Maybe then Anthony Sandroni could spend his tax season in peace–or as much peace as is possible for an accountant. This past spring, the Domain Registry of America sent him another “renewal” notice. “Man, that made me so angry,” he says. He mailed the notice back with his own letter attached, which was both strongly-worded and expletive-laced, demanding to be taken off the list, and for his $60 back.

A week later, he received a refund.

Luc Rinaldi is a Toronto-based freelance journalist whose work has appeared in the Grid, Maisonneuve, and the Ryerson Review of Journalism.