In a pinch, GoDaddy and Typepad let a customer down

A blogger at StillSecure has frustrations with GoDaddy and TypePad

Michael Horowitz

Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.


Michael Horowitz
3 min read

Following with the theme of my recent posting, Some companies you can trust, and some you can't, I ran across a blog posting from Alan Shimel of StillSecure (More frustrations with web infrastructure) that details how GoDaddy and Typepad let him down in his time of greatest need. Mr. Shimel was the victim of a cyber crime - his blog and domain were stolen out from under him.


The first indication of trouble came to Mr. Shimel as an email message from GoDaddy stating that his domain was switched from a locked* to an unlocked status, a change that he didn't initiate. This started a long dialog with GoDaddy which led Mr. Shimel to refer to them as "the hackers best friend."

I find stories like this unusually illuminating. Anyone reviewing a service, such as the domain registration that GoDaddy offers, can easily cite the features and costs and kick the tires. But, the true test of a company comes in your hour of greatest need and for a domain owner, that hour is when your domain has been stolen out from under you. In this case, GoDaddy did not perform well.

I have a number of domains registered with GoDaddy and have recommended them in the past. Their prices can't be beat and my few interactions with tech support were reasonably handled. My biggest gripe was their busy and always confusing website. In light of this story though, it's hard to recommend GoDaddy going forward.


My favorite registrar (and I've used my fair share) is directNIC. This opinion was cemented in an hour of great need. I had been a steady customer when they screwed up a transaction and transferred a domain away from a client. This was not a case of malicious hacking, the circumstances of the domain registration transfer were extremely unusual, and one that their computer systems had probably never seen before.

The initial response from tech support, was disappointing to say the least. I used other words to describe it at the time. That was out of character, my previous interactions with directnIC tech support were handled very well.

As I noted previously, it's not the problem that I remember, it's how the problem is dealt with. In this case, I was able to reach a higher authority at directNIC and get things straightened out. At one point, they even called me to verify that all was well and they admitted the first response was not up to par.


Mr. Shimel's blog posting also details his experience trying to get Typepad to restore a stolen blog and restore postings the bad guys had deleted. It didn't go well. If your blog is very important to you, you may want to host it with a company that offers telephone based support. Typepad does not.

Update August 20, 2008: Mr. Shimel also had poor experiences dealing with Yahoo trying to reclaim his email account. See Why Google is now my homepage instead of Yahoo.

Update August 20, 2008: Someone claiming to be Anil Dash, a Vice President at the company behind Typepad, Six Apart, left a long comment below. I'm trying to verify that it really was Mr. Dash...

*A locked domain can't be transferred to another registrar. It has nothing to do with the state of a web site or email. Locking a domain is a standard security procedure, but it may not be the default status when you register a new domain. If you control any domains, you may want to verify with the registrar that they are locked.
See a summary of all my Defensive Computing postings.