1.27.2008

One Story About Why I Hate An Unnamed Company

To remain unnamed. The company, that is. This is ONE story. I have others. They aren't mine to discuss publically, so...

In 1996 I purchased a domain. At the time the company I purchased from didn't have passwords for accounts, didn't collect personal data, etc. If you had an email address they could send to, you could have a domain. In 1996 there were not a lot of choices in who you could buy from, either.

Time passes. I move a few times. Living on campus, one of those moves involved a PO Box.

Time continues to pass.

Suddenly, I get a bill for my domain renewal. Ok, that wasn't unexpected. The unexpected part is that I need a password to pay the bill.

I don't have a password. I've never had a password. I've never needed a password to pay my bill. Heck, if someone else wanted to pay my bill, more power to them.

I try and reset the password. They won't accept email from my account. (In the meantime my host had turned OFF the ability to send "from" my domain cleanly. I could receive email, but due to anti-spam policies, I couldn't send "from" my domain and have it appear in all the headers.) I can receive all their emails, but I can't send from something they consider to be good enough.

I call. I sit on hold for over an hour. Ok, this is not good. I need to pay the bill for my domain. At the time the domain was pretty popular, lots of traffic, lots of investment of my time.

I call again, later, sit on hold a lot. Finally get someone. Explain what I need.

Am told they ONLY way they can help me is if I fax my photo id with the billing address on record. The only photo id they will accept? A current driver's license matching the address they have on file. Problem... that address is a PO Box, by state law that address will never appear on my driver's license.

They have no solution. They don't, frankly, care.

I write letters. Delivery refused.

I call some more.

I write certified letters, with CC to the state attorney general and BBB where they are.

No answer from anyone.

Eventually I get a junk mail fake bill solicitation from another registrar. They have a paper form. By filling out the form and paying too much, I can transfer my domain to them.

Bingo.

Transfer to them and transfer the next month to a registrar I trust.

Then I moved hosting companies, after going through something very similar with them.

Lesson from this? Don't be idiots about security. If you don't have passwords, and you start to require them, contact your customers and set up passwords with them.

How would you feel if you went to your family doctor of the past decade and to make an appointment they wanted your password... the password you never set up? I've had that exact scenario happen with three companies. What a way to pay back your most loyal customers!

No comments: