![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
snarpIn short:
It’s not possible to either transfer or cancel a domain registered this way without making your personal information public. Yahoo’s description of the service is dishonest about this.
At length:
The WHOIS info for a domain using Yahoo’s private registration service looks like this:
WHOIS information for: sarahpin.com:
[whois.melbourneit.com]
Organisation Name…. Sarah Pin
Organisation Address. P O Box 99800
Organisation Address.
Organisation Address. EmeryVille
Organisation Address. 94662
Organisation Address. CA
Organisation Address. USAdmin Name……….. PrivateRegContact Admin
Admin Address…….. P O Box 99800
Admin Address……..
Admin Address…….. EmeryVille
Admin Address…….. 94662
Admin Address…….. CA
Admin Address…….. US
Admin Email………. contact@myprivateregistration.com
Admin Phone………. +1.5105952002
Admin Fax…………Tech Name………… PrivateRegContact TECH
Tech Address……… P O Box 99800
Tech Address………
Tech Address……… EmeryVille
Tech Address……… 94662
Tech Address……… CA
Tech Address……… US
Tech Email……….. contact@myprivateregistration.com
Tech Phone……….. +1.5105952002
Tech Fax………….
The process of transferring a domain from one registrar to another requires the following steps:
1) You unlock the domain on your present registrar.
2) You get your domain’s “authorization code”/”transfer secret”/whatever we’re calling it from your present registrar (in Yahoo’s case, it can be found on the domain control panel), and give it to the new registrar.
3) The new registrar checks your WHOIS info and sends an email to the address listed under “Admin Email.”
4) You go to a URL provided in the email to confirm the transfer.
4b) If you don’t click on the URL within seven days, the transfer is canceled. This appears to be the only way to cancel a pending transfer - if there’s a problem, you’ll have to wait seven days to try again.
You’ll notice that the admin email address in the information Yahoo provides is contact@myprivateregistration.com. Now, on its page (screenshot) describing the private registration service, Yahoo says
* When you sign up, our partner Melbourne IT updates your registration listing with generic contact information that points to Melbourne IT’s offices.
* Whenever someone looks up your domain and tries to contact you, Melbourne IT receives the call, email, or letter and screens the information on your behalf.
* Melbourne IT forwards prescreened communications to you, so you can reply as you see fit.
Okay, now think about this for a second - as I obviously didn’t, once upon a time. That one, single email address appears in the WHOIS data of every single person who uses this service. And they’re saying they’re going to forward your stuff to you. How are they going to do that?
You can’t hack together a Perl script for this. Actual human beings would have to read every single email to figure out who they were for - something no one wants happening to their private correspondence, particularly someone signing up for a privacy service. This would take hundreds of actual human beings, working full-time.
So what they claim they’re doing makes no sense, particularly given that there is an extremely cheap, simple alternative - giving every domain an individual forwarding address. The only thing cheaper and simpler would be never to forward anything at all. Logically, what must be happening is that they never forward anything at all.
They don’t. When you email that address, you get an email back saying
THIS IS AN AUTOMATED MESSAGE - DO NOT REPLY
You are attempting to contact a domain name that is protected by “My
Private Registration” service.To ensure that your message is delivered to the administrative contact
you will need to complete the form at the following web site.http://www.melbourneit.com.au/cc/emailmanagement/
You will need to submit the following information:
* Your Name & email address
* Your Message to the registrant
Regards
“My Private Registration” Team.
MelbourneIT and Yahoo’s communications seem to have broken down somewhere. MelbourneIT is not even maintaining the pretense.
That address takes you to an email form (screenshot). Upon clicking the “send” button, one is taken to a blank, broken-looking page (screenshot). I transferred my domain before discovering this, but haven’t yet canceled my subscription to Yahoo, so they still have my contact information on record. Emails I send to myself using this form do not go through. (I’d be interested in data from other people.)
So. When you try to transfer your domain, the email the new registrar sends to contact@myprivateregistration.com goes into a black hole, making it impossible for you to conclude your transfer. Yahoo’s instructions (screenshot) for transferring a domain do not, as they should, mention this as a possible problem.
The only way to get a real email address into your WHOIS info, and thus transfer the domain, is to cancel the private registration service, making all your information public. Unless you choose to break the law (US law, anyway), and change some of your info to some made-up crap before canceling.
Even doing the latter, I’m not sure you could keep everything safe, as Yahoo doesn’t permit you to edit certain fields of your WHOIS data. When I first set up private registration on my domain, I found that my “Organization Name” field was still set to my real name. As I couldn’t edit the field, I had to file a support request to get them to change it.
Another option would seem to be to let the domain expire and then re-register it. However, expired domains tend to get bought up by scammers hoping to resell them to you at huge margins. If you want to continue using the domain, this isn’t a good idea.
It at least seems like it would be all right to let the domain expire if you decide you don’t want it anymore. However, according to this user of the service, Yahoo will, again, allow all your private information to get into the WHOIS database upon the expiration of your contract. This is particularly unsettling, as it seems logical that any remnant data left in the WHOIS database would be the last visible data, that is, the MyPrivateRegistration.com data. This switch to the private data strikes me as something that would take actual effort on Yahoo’s part to implement.
Generally, incompetence is a safer bet than malice in technology failures. However, in this case, every action a user might take that would take his/her money away from Yahoo ends up revealing his/her private information. It’s really hard to see this as anything other than blackmail.
-
Other pages discussing Yahoo domains issues:
Two extremely detailed blog posts by the person mentioned above whose data ended up in the WHOIS database after cancellation: 1, 2
(links below added August 13, 2008)
Placebo Effect >> Yahoo Private Registration holds your domain hostage
ingenesis design blog >> Yahoo Private Domain Registration Too Private? Oh, and Yahoo sucks. - Post by someone who was unable to use an SSL certificate with a domain using Yahoo private registration.
WebHostingTalk.com Forums >> How to contact the owner of a private registered domain on Yahoo? - Post by someone who was told by Yahoo that they would not forward his communications to a domain owner. As discussed above, this runs counter to their stated policy.
(added April 6, 2009)
bluehostforum.com - Transfer question…Awaiting Release From Losing Registrar - Another message board thread.
-
Also, the text of a support request I sent to Yahoo asking why my confirmation email hadn’t been forwarded. I never received a response.
(Originally published at SarahPin.com. You can comment here or there.)
