The following article was a piece we originally wrote for a marketing page we put up at DomainWarning.com — but we found that a lot of our customers wanted us to keep a copy right here on the website because they were constantly referring their friends and colleagues to it.

Suffice it to say, easyDNS does not engage in any of the tactics described below, but they are widely used across the industry.

General Practice Tricks

1. "Transfer-out" fees

Buried in the fine print of a registrars’ “Terms of Service” will be a hidden fee authorizing them to charge your credit card a “transfer-out” fee if you move your domain to another registrar. Often times, this transfer-out fee is 2 or 3 times the cost of the original registration.

This practice violates the ICANN policy on domain transfers. In most cases if this happens to you a simple call to your credit card company will have the charge reversed, if you notice. Registrars who use this practice play the numbers game as many will not.

2. The fine print from hell

Most people (read: nobody) actually reads the long, odious Terms of Service for anything they buy online. Some registrars bury truly chilling things in these terms like the aforementioned “transfer-out” fees and in one mind-boggling case a “power-of-attorney”.

At easyDNS, our Terms of Service are always in Plain English, and you don't assign us the right to commit you to a mental institution by agreeing to them.

3. “Pay-as-you-go”

This is where you make a multi-year interest-free loan to the registrar. It works like this: You register a domain with them for example, 5 years (perhaps to obtain a discounted rate), you expect your domain name to be registered for 5 years. Think again, some registrars will pay the registry for 1 year and pocket the rest of your money.

Then for the rest of your five year term they’ll renew each year for one year. Usually this is coupled with a strict “no-refunds” policy, so an odd situation occurs: they stand to make more money from your original registration if they lose you as a customer before your full 5 years are up, so providing poor service to the point where you leave actually adds to their bottom line.

You can use a Free whois lookup tool like EasyWhois to verify the real expiration date for your domain. It should match up with the number of years you paid your registrar for.

Whois Database Gotchas

4. Whois privacy pricing tricks, edit locks and lock-ins

Every time you register a domain name, the details of that domain registration must be published in a publicly accessible database called Whois.

Because these Whois databases are routinely datamined by third-party marketers and the information used to send you spam, most registrars offer whois privacy or masking services.

Some registrars, especially the bargain basement outfits, register offer you "free" whois privacy, or very cheap whois privacy. What happens next is that your Whois privacy price "resets" at a higher, much much higher price when your domain renews. In some cases, the "free" whois privacy is only for the first month of your registration term. Even though domain registrations come in 1-year increments, they start automatically billing your credit card every month, starting in month two at the higher, reset rate.

Some registrars make whois privacy extremely easy to enable, in many cases providing it automatically on registration, unless you explicitly opt-out of it. But then disabling whois privacy is very difficult, in some cases forcing you to provide photo ID in order to turn it off. They do this because it makes it harder for you to ever transfer your domain away to a competing registrar.

5. Who owns your domain?

The important thing to know here is that in the eyes of the domain Registry to which all the Registrars interact, and the Registry’s oversight body (like ICANN, or in Canada, CIRA), whoever is listed in the domain whois record as the domain Registrant is the legal owner of the domain name. Keep that in mind, if you use a service like this, they own the domain, not you, notwithstanding whatever contract or Terms of Service you enter into with them to “own” this name on your behalf. If it lands in a dispute proceeding it will be an open and shut case: they own the name.

Taking it one step further, some “privacy” services will get you to sign up for the whois privacy service and then they turn around and happily offer to sell your true data to anybody else who cares to pay for it.

6. Mining whois and domain slamming

Because all the data is there for the taking, spammers and marketers “mine” the whois database and harvest registrant data including addresses, fax numbers and email addresses. This is a real problem, and there have been very slow moving Whois database reform processes creeping through ICANN as well as CIRA in Canada.

In the meantime though, people may wonder why is it that shortly after they register a domain name, they start getting all kinds of marketing spam in their mailbox. This is because their email address is being harvested by robots from the Whois database. There is a free service to protect your email address called MyPrivacy.ca.

The variation on this is some registrars (and there is one outfit who is particularly notorious for this) which is mining the whois database for registrant information, and then mailing out what look like renewal invoices for either those domain names or variations of them.

Unsuspecting recipients think they’ve received a renewal invoice on their domain and then remit payment, initiating a domain transfer without realizing it. Surprise, you’ve been slammed. In the worst cases your website and email comes crashing down as your DNS services terminate with your old provider.

Domain lock-in (a.k.a You can check out anytime you like, but you can never leave.)

7. The registrar-lock

There has historically been a real problem with "domain slamming" (see above) and unauthorized domain transfers, so the "registrar-lock" was created to protect a domain against this. If the registrar lock is set, nobody can transfer your domain away from you. This is actually a good thing and best practices include having this set for all your domains. The sharper registrars enable it by default when they register or transfer a domain for you.

Alas, this lock can become a real problem for you if it is turned on and the registrar will not turn it off, or give you the ability to turn it on or off yourself.

8. The domain auth-code

Some of the Top-Level-Domains (TLDs) run on a protocol called “EPP” and to further guard against unauthorized transfers, a domain must have an 8-character auth-code supplied before it will transfer. Current examples are .BIZ, .INFO and .ORG. The current or “losing” registrar holds this code. You need it if you want to move your domain away. Hopefully they will give it to you.

Registrars should provide you this auth code in realtime or near realtime whenever you request it. Some of them, notably one of the larger, older players, takes 3 business days to email you your auth code, making it even harder to transfer away to a competing registrar.

Traffic & monetization scams

9. Domain parking

You may not know this, but domain parking is big business. You know, when you click on a link somewhere or make a typo entering a web address and you wind up on some crapola “search page” optionally throwing up a million pop-up ads? That is a parked domain and the larger players can park thousands of domains and make literally millions of dollars “monetizing” them via domain parking.

You know who has access to thousands of domains? Domain registrars. Some of them offer domain registrations and rock bottom prices just so they can monetize the parked names. This may not bother you, but some people don’t realize they’re paying for something their registrar then uses to generate more revenue for themselves.

(Update: since the time of writing one registrar in particular rolled out a “Make money from your domains’ parked pages” initiative, which surprised me since I knew them to be one of the biggest parked page monetizers around — they make millions per month monetizing their customers’ parked domains — until I looked at the details: Packages start at 3.99/month. They are actually charging their customers for domain parking monetization. What audacity. If you actually have a domain that’s actually worth something parked, take it to a parking service. They pay you to park your pages. Not the other way around).

10. Domain expiry sniping

The domain aftermarket is also a big business. That's when people buy and sell domains that are already registered. Ideally, you're the one selling when it comes to your names. But many domain registrars actively scour their own customers' domains for names that would fetch premium prices in the aftermarket. If you've registered a domain and never used it, leaving it parked at your registrars' parking system (see #9 above), you may even see ads offering to sell your domain to whoeever is interested. This is the registrar scouting out advance interest for your names.

When your domains near expiry, the registrar already has a decent idea how much traffic it gets, and how much interest there is in the name. They may surmise that your domain is worth more to them if you forget and let it expire than if you actually renew it.

The Conclusion

There are many gotcha’s in the arcane and Kafkaesque world of domain name registrations. There is no free lunch, the rock bottom priced domain registrar has other plans to boost their revenues and at the end of the day a good rule of thumb is...

Go with an ethical registrar

So if you want to register your domain with a registrar who doesn’t play any of these games, a domain registrar who: