Caught in the GoDaddy red tape

This is one of those situations that would be funny if I wasn't the one caught up in it.

I blogged on Tuesday that I'm listed on WHOIS as the administrator of a charming site called travel-getaways.com. The problem is that I have absolutely no links to travel-getaways.com at all, and the site is pulling content from a legitimate travel site, to populate travel-getaways.com with content.

Now, looking at the WHOIS entry for travel-getaways.com, it has my name, fake address, and a fake contact email address and number. The owner of the legitimate site -- a ZDNet.co.uk reader -- got in contact with me through the community email, to let me know that a site registered in my name was nicking content off his site.

The domain registrar is GoDaddy.com. I gave them a ring. Ok, I thought, I'll be straight with them -- I told them from the beginning that I am an IT security journalist. I didn't go through their PR, however, as I wanted to get a flavour of the GoDaddy complaints procedure.

So what's my complaint? Someone has used my details, subtly altered, to set up a fake GoDaddy account. While not exactly being identity theft, this is definitely somebody using my name, with my slightly altered work details, to register a dodgy site. Obviously I'm not happy about that.

There's also the small matter of the potential intellectual property infringement by travel-getaways.com against the owner of the legitimate site. I'm not happy about that, either.

I wanted to see how GoDaddy would react, given the nature of my concerns.

I contacted GoDaddy to speak to a person in the GoDaddy support department, who very politely directed me to the office of the president. I emailed my complaint to the office of the president, detailing the situation.

The email I got back contained the line:

"It is the domain registrant's responsibility to review and maintain their WHOIS data."

This made me laugh.

"Ok, fair enough, it's the domain registrant's responsibility to maintain their data, but I AM NOT THE DOMAIN REGISTRANT," I said to the computer, shaking my fists.

The email directed me to log a complaint with GoDaddy Domain services, which I duly did, outlining the situation. I gave them a link to the fraudulent WHOIS lookup, as well as contact details -- my (real) work email and telephone number.

Meanwhile I wrote another letter of complaint, also outlining the situation but in stronger terms, and asking GoDaddy to take my details off its register, and to turn over the payment details for the fake account to law enforcement in the States. I doubt very much whether law enforcement would have the time or resources to do anything, but it's worth asking.

I got an answer back from my original complaint:

DearTom Espiner,

Thank you for your email. Please provide evidence to prove your information is being used in the Whois for the domain travel-getaways.com. We can accept a copy of a utility bill showing your name and mailing address or an email from the email address listed. Once we have this documentation from you, we can move forward with your complaint.

Thank you,

GoDaddy.com, Inc. Domain Services

I must admit, I'm not good with bureaucracy at the best of times, but this email made me both laugh and get angry. For a start, I'd already provided the link to the fake WHOIS entry. It was in the complaint that Domain Services was replying to.

The work address is fake in the fake entry, so providing proof of my real work address wouldn't help at all. Plus, who gets utility bills to their work address, unless they work from home?

The email address listed in the fake WHOIS entry is also, you guessed it, fake. So I couldn't respond from that email address, unless I fiddled around spoofing the sender details, which I doubt would have helped my case much.

Feeling like I was bashing my head against a brick wall, I rang up GoDaddy. In fairness to the company, the person I dealt with first very patiently escalated me to a polite man in the office of the president. GoDaddy is currently looking into the situation. They did keep me on hold for approximately an hour, but to be fair, they were trying to sort the situation out there and then.

So far as I can tell so far about GoDaddy's complaints procedure, it seems that the people on the other end of the phone are courteous, efficient, and professional, while GoDaddy's processes seem clunky, unhelpful, and bureaucratic to the point of being obtuse.