Don’t be fooled by domain renewal letters

Several years ago, I received a very official looking letter in regular old snail mail from Domain Registry of America (DROA). Inside was a “Domain Name Expiration Notice” which listed one of my domain names and informed me that my domain registration would expire soon. “Act today!” it urged me.

So I did.

I laughed, shredded the “Expiration Notice” and went about the rest of my day.

If you receive such a letter in regard to one of your domains, I strongly suggest that you do the same.

The letter is not an invoice for your impending domain expiration. No legitimate domain registrar I know sends out regular mail notices or invoices. This notice from Domain Registry of America is a carefully worded attempt to steal your domain registration away from your current registrar…and at a higher rate at that. While you can register a domain for $10.00 or less with most good registrars, like namecheap.com (that’s my affiliate link) or name.com, DROA attempts to charge you $35.00 for a year’s registration!

Here’s what this “Domain Name Expiration Notice” looks like:

If you read this notice carefully, you’ll see it’s not a renewal form, but a cleverly-worded attempt to transfer your domain registration. Here’s what the second paragraph says:

You must renew your domain name to retain exclusive rights to it on the Web, and now is the time to transfer and renew your name from your current Registrar to the Domain Registry of America. Failure to renew your domain name by the expiration date may result in a loss of your online identity making it difficult for your customers and friends to locate you on the Web.

It says right there that you’re transferring your name from your current registrar to DROA, if you read it carefully. Many people won’t read it carefully nor understand it.

About five years ago, I was meeting with a client who had received one of these bogus renewal forms. I asked her if she had paid it, hoping the answer was no. Unfortunately, she had assumed the bill was genuine and had already submitted her payment.

I’ve read some of the fine and barely legible fine print on the back of this “Expiration Notice” and apparently, DROA attempts to transfer your domain registration to them. Fortunately for my client, her domain was locked, which meant that it couldn’t be transferred to DROA or any other registrar. This is an important security measure that any reputable domain registrar will have in place.

Unfortunately for my client, she had written a check for the amount rather than using a credit card, where she could have disputed the charge and recovered her money.

To make sure your domain names are secure and you don’t throw your money away, follow these three pieces of advice:

1. Know who your domain name is registered with.

Many of my clients, when asked, didn’t know the difference between a domain registrar and a hosting company. Most couldn’t tell me who their registrar was. Your registrar is the person you pay to have your domain name — your URL. There are many registrars out there, but I prefer namecheap.com (aff) and name.com.

Your hosting company gives you space on their server (computer) where you store all the files for your website. It’s connected to the Internet so that people can access your site via the Web.

I recommend that you DON’T register your domain with the same company who hosts your domain.

2. Lock your domain.

Your domain can be locked or unlocked. If it’s unlocked, it means that anyone could initiate a transfer of that domain away from your current registrar.

Most registrars keep your domain name locked by default. This prevents unauthorized transfers of your domain name to another registrar.  When you log in to your account at your domain registrar, you will have the option to lock or unlock your domain. You should always have it locked. The only time you would unlock your domain is if you are changing registrars yourself and you are the one initiating the transfer. You’ll likely rarely if ever change registrars, so you shouldn’t have to worry about this.

3. Consider purchasing Whois privacy.

When you register your domain, you are required to provide accurate contact information: your name, address, email, and phone number.  That information is available to anyone online who knows how to to search for it, and it doesn’t take a genius. It’s as simple as going to who.is and typing in a URL.

Whois privacy keeps all of this contact information private. Most registrars charge a small fee for this, usually a couple bucks. It’s well worth it I think.

The domain name that DROA sent me the bogus expiration notice about wasn’t even a live site. It was a domain I had plans to develop, never got around to doing so, and forgot about. Even so, I should have popped for the Whois privacy. I’ve made it a habit ever since to always put Whois privacy on my domains.

If my client had Whois privacy on her domain, she wouldn’t have received that letter in the mail. DROA wouldn’t have been able to get her contact information in the first place.

In this day an age, where there’s very little privacy left, any way you can keep your contact information out of the hands of would-be scammers is a good thing.

4. NEVER pay any domain registration invoice you receive in the mail.

You register your desired domain online, not via snail mail. You will receive email notifications from your registrar about 60 days before your domain name expires. You’ll renew by logging into your registrar’s website and paying there.

If you pay the extra few dollars for Whois privacy, you’ll not have to worry about getting a bogus renewal invoice in the mail because no one will be able to access your contact information.

Have you ever received similar letters? What, besides toss them in the trash, did you do?