Scam alert: Domain expiration notices from ‘Domain Registry’


A company that called itself the ‘Domain Registry of Canada’ all the way back in 2011 has been scamming with this technique.

Below is a letter on good old snail mail (some details are redacted in the interest of privacy).



What is Domain Slamming?

Domain Slamming is when a company which has no connection to the domain owner (registrant) sends unsolicited and misleading communication that encourages the registrant to transfer the domain to its own brand, under the pretext of being a ‘Domain Expiration Notice’. The communication usually pretends to be an official authority (sometimes labels itself a ‘registry’) and tries to scare registrants that their websites or email will stop working if the domains are not renewed, and conveniently underplay the fact that this involves a domain transfer.

The owner of a domain name is sent an email or direct mail (in this instance, it was physical mail with an official looking envelope, letter head and more) that lists the domain name, its date of expiry, suggested renewal terms, payment form with fields for credit card details and a reply envelope. The letter in this instance was allegedly sent by ‘Doman Registry’ with a maple leaf logo. What’s more, the letter even contained a few upsells for .NET and .ORG domains with the same string (the audacity!).

Who is ‘Domain Registry’, why is this a scam?

In domain name parlance, a registry is the organization that operates a top-level domain extension, such as .CA or .COM. The official registry for .CA domains is CIRA and that for .COM is Verisign, .CA is the designated country code domain extension of Canada. We cannot be sure who ‘Domain Registry of Canada’ as claimed in the letter is, but we know that they are not the team that operates the .CA domain registry. ICANN Wiki have cataloged a list of issues and related incidents that makes for interesting reading.

As to why I call this a scam, the (deliberately?) misleading name is a dead giveaway. The fact that they scraped your data (more on how they might have done that, below) and contacted you in an unsolicited fashion is potentially illegal (on spam and fraud counts according to US courts) and certainly unethical.

If you have your domain names with ictTech Support and would like to change providers, you always have the option to transfer out, but it is our moral imperative to ensure that a transfer is your deliberate intention. A domain transfer requires an authorization code which is a step that is glossed over in the above notice, while your payment details are collected up front. This puts your payment details at risk in the hands of a company that doesn’t appear very trustworthy.

An organization that went by the name ‘Domain Registry of Canada’ had its accreditation to register .CA domain names revoked by CIRA following similar domain slamming incidents in 2013. Below is a screenshot that shows this website state that they do not support .CA domains.

no .ca domain support on domain registry

I don’t know for certain that the ‘Domain Registry’ in this incident is the same ‘Domain Registry of Canada’ from 2011, but the notice template, location and the modus operandi looks uncannily like that attempt.

But… the scammers had my name, address and the domain expiry date. How did they get it?

ICANN, the administrative authority for domain names mandates that domain ownership data is made public through a Whois lookup and in this case, it appears that the scammers scraped the Whois database to collect registrant information and send out these notices. Whois privacy protection helps you protect your personal information in this scenario. Another method is site scrapping for addresses based on the sites domain in which they letter mail your scam notice.

I received a similar expiration invoice on my mail or email, what should I do next?

ictTech Support sends automated domain renewal reminders to ensure that you do not lose your valuable data. In fact, we encourage automatic renewals to save you the trouble.

We send domain renewal reminders via email and these emails are from email ID which will contain our office address, phone number and your account details.

If you received a Domain Expiration notice from an unfamiliar sender, the safest thing to do is ignore it. If you would like to help us or if you need to verify the authenticity of a renewal reminder, please contact support.

If the communication you received looks anything like the letter we shared at the top of this article, might I suggest: SHRED

In addition, we strongly recommend that you enable Domain Privacy with each of your domains so that your personal details such as name, address, contact and domain expiry are not open to spammers and abuse.



Thursday, January 4, 2024

« Back