Every year I get a phone call or an email from someone asking if they should pay Domain Registry for a given domain name.
In 100% of cases I have told people to shred the letter.
These predatory registrars carefully crafts their letters to trick people into believing that they have to pay them or they will lose their domains.1
It is a plausibly deniable sort of scam. It probably meets the bare minimum legal requirement so they avoid being sued. Their letters do clarify that they’re not an invoice or bill but you have to dig to find it. And the fear of losing a domain name sometimes hijacks a person’s reading comprehension.
We estimate that we’ve received 60 of these letters. We have consulted with people and organizations on roughly the same number of letters. In every case, the posing registrar was not the actual registrar.
In one case, a client called us frantically after they realized they mistakenly transferred a domain name. Luckily, we did manage to wrestle it back.
On top of everything, these companies overcharge. This is fundamentally why the letters are misleading. If the letter simply said, “we want to be your domain name registrar, but we want to charge you more,” their business model would fail.
Domain Registry is not the only perpetrator. It’s called domain slamming.
How to protect yourself from domain slammers like Domain Registry
Domain Registry is one of the main reasons I tell my clients to always use privacy on their domain name registration. I always recommend registrars that offer privacy for free, like Hover, or Google Domains. Some registrars treat domain privacy as an addon that you have to pay for.
Unfortunately, some top level domains don’t allow privacy as an option. Additionally, even if you have privacy on a domain, it’s still possible for DROC or others to sleuth out your mailing address. (We’ve had this happen.)
The main way to protect yourself is to have good records and a functioning institutional memory. A domain name is a valuable asset to be protected. Organizations should have systems in place to ensure continuity including the regular review of the contact and credit card information connected to the registrar. If someone in your organization gets this sort of scammy mail, they should know who to call for clarification.