<< Agile methodologies and pricing quotes/estimates | Home | Umbraco v5 R.I.P >>

The terror that is the Domainz NZ website

Domainz (unsurprisingly)  provide services around Domain name registration and renewals here in NZ. I have nothing against Domainz, other than the fact that they sell themselves as “The Kiwi Webexperts”.

I personally don’t use Domainz for any of the hundreds of domains I own, however some of my customers have, so I’m often forced to use their customer portal.

There’s 2 main issues I have:

The customer portal doesn’t actually allow you to do anything useful

When ‘managing’ a domain, there’s basically 2 options. “Redirect to an Existing Website” where you can enter a single IP address, and “Forward All Domain Mail to Another Email Account“.  Want to specify multiple MX records so you can have a proper shot at some email redundancy? Nope, email customer support. Want to add some subdomains? Nope, email customer support. Basically anything useful and you need to email customer support.

I’m not even going to touch on the usability issues with the way the login forces a modal popup which then spans another window after login, or how some domains aren’t listed in some areas for various reasons. At least they’re performing password changes over https, although you might not see that, because the site uses framesets and so the main address stays as http even through the change password frame’s content is loaded securely.

Anyway, once you’ve emailed customer support, you get to point #2:

 

Their security practices are a complete joke

After emailing customer support requesting to make changes that we should be able to make ourselves, we get this:

As a method of verification I will need your Name Holder ID password to verify you to make these changes.
 
Could you please reply back with the password in order for me to make these changes.

How the hell is this still acceptable? Ownership and management of domains is a pretty important part of the identity of a business, and it’s certainly an easy attack vector against any company, so you want to protect them. However Domainz “The Kiwi Webexperts” are forcing you to send them your password via clear text as a method of verification. Seriously? In 2012?

The next question is whether this means that the passwords are stored in clear text their end, so they can compare them visually, or whether they login to your account as you would in order to ensure “Yep this person has access”. Option 2 is slightly less terrifying than option 1, however both options are pretty pathetic from a security/process standpoint.

I should note that the Customer Service people are usually pretty friendly, and this is nothing against them, but more against the systems that the company has in place.

Bottom line, if you’re looking to register some domains, I suggest looking at a provider who takes your security seriously, and is willing to give you the tools to make your life easier – although to be fair there’s a lot of terrible domain management sites out there. I’m not going to mention any names, however I’m pretty happy with the providers I use, so if you want an opinion then feel free to flick me a line.

Domainz, seriously, sort your site out and improve your security.

 Print | Posted on Friday, June 01, 2012 12:03 PM |



Feedback

Gravatar

# re: The terror that is the Domainz NZ website

Hi Ross
I have a domain registered via domainz that is being used for a website on hostgator web hosting.
I want to get the email working so I can use the domain for emails.
Hostgator say that the email won't work at the moment because domainz are blocking emails using this domain.
Do you know if this is domainz normal practice?
I wrote an email to domainz asking about this a few days ago and have not heard anything back so far.
In their setup all I can do is forward to all emails using the domain to a single email - not very useful.
Thanks in advance
Paul

7/7/2012 4:44 PM | Paul

Gravatar

# re: The terror that is the Domainz NZ website

Hi Paul,

I don't think they're blocking email, but their website certainly doesn't let you do any of what you need to in order to get email running properly.

In my experience Domainz will respond to you eventually, at which point you can feed them the MX record information required to get you up and running.

(until you need to change something, in which case you have to go through this all over again :D)

Good luck :)

7/8/2012 5:37 PM | Ross Hawkins

Gravatar

# re: The terror that is the Domainz NZ website

Having just recovered my password with them so I can transfer a domain away I can say that passwords are stored in plain text, as they were able to send it to me in an email.

7/31/2012 7:54 AM | C4NCER


Post Comment

Title  
Name  
Email
Website / Url
 

Your comment

   
Ensure the word in this box says 'orange':
 
Please add 1 and 8 and type the answer here:





Due to excessive comment spam, all comments are now being moderated. If you're a comment spammer then you're wasting your time here. Your comments will not be published - ever.


About me

My name is Ross Hawkins and I'm a developer, consultant, business owner and writer based in Auckland, New Zealand (pictured below!). My current work revolves around ASP.NET, C#, jQuery, Ajax, SQL Server, and a mix of other Microsoft development technologies.

I also have about 15 years of experience with IBM Lotus Notes/Domino and associated technologies. While Notes/Domino is no longer my primary focus I still like to dabble and keep my skills up to date.

I own and run 2 businesses - Hawkins Consulting Services, and Ignition Development.

Bethells Beach, located in sunny West Auckland, New Zealand




Subscribe

Subscribe to this feed


Search




Popular Content

Troubleshooting WebResource.axd

The .NET 2.0 framework changed the way clientside JavaScript is delivered to the browser. Previously, ASP.NET 1.1 used the aspnet_client directory whereas now 2.0 uses WebResource.axd.

Published on October 8, 2006

jQuery Wildcard Selectors - some simple examples

I wrote about jQuery wildcard selector syntax briefly back in 2009, and since then that post has received a lot of views – way more than a post that brief should ever have seen..

Published on October 14, 2011

Microsoft AJAX Extensions: Sys.Debug is null or not an object

One of the breaking changes which was made with the 1.0 release of the Microsoft Ajax Extensions was the renaming of the 'Debug' class to 'Sys.Debug' for reasons of compatiability with other frameworks. Breaking changes like this can often be a source of frustration..

Published on May 22, 2007

Simple ASP.NET Character Counter

A textbox character counter is a pretty simple piece of functionality, and there's a lot of different ways to apply one to your application. The following method is nice and simple, and can be done using only clientside JavaScript if required, or combined with server side code in order to create a more dynamic effect

Published on December 4, 2006

Simple ASP.NET Character Counter - with Master Page Support

A quick update to my previous character counter article adding some changes for those using it with Master Pages.

Published on February 7th, 2009

Adding Tooltips to Gridview Headers

As the title says, this is a very simple but dynamic way of achieving tooltip text on a header column. It's not overly flash, but it's lightweight and quick to implement.

Published on April 15, 2007

SQL Server Web Report Viewer Issues on Windows 2008 Server/IIS7

A fix for another AXD related issue, this time with the SQL Server Web Report Viewer Control which was being served up via IIS7 on a Windows 2008 server.

Published on June 2, 2007
Updated on April 10, 2008





Archives

May, 2013 (3)
April, 2013 (2)
March, 2013 (2)
February, 2013 (3)
January, 2013 (5)
December, 2012 (4)
November, 2012 (4)
October, 2012 (3)
September, 2012 (3)
August, 2012 (4)
July, 2012 (1)
June, 2012 (4)
May, 2012 (2)
April, 2012 (4)
March, 2012 (2)
February, 2012 (4)
January, 2012 (3)
December, 2011 (3)
November, 2011 (8)
October, 2011 (9)
September, 2011 (8)
August, 2011 (5)
July, 2011 (4)
June, 2011 (7)
May, 2011 (5)
April, 2011 (3)
March, 2011 (8)
February, 2011 (4)
January, 2011 (3)
December, 2010 (8)
November, 2010 (5)
October, 2010 (6)
September, 2010 (7)
August, 2010 (11)
July, 2010 (12)
June, 2010 (8)
May, 2010 (8)
April, 2010 (4)
March, 2010 (8)
February, 2010 (6)
January, 2010 (12)
December, 2009 (13)
November, 2009 (11)
October, 2009 (12)
September, 2009 (12)
August, 2009 (2)
July, 2009 (7)
June, 2009 (12)
May, 2009 (9)
April, 2009 (9)
March, 2009 (9)
February, 2009 (8)
January, 2009 (7)
December, 2008 (6)
November, 2008 (7)
October, 2008 (9)
September, 2008 (12)
August, 2008 (9)
July, 2008 (6)
June, 2008 (24)
May, 2008 (13)
April, 2008 (16)
March, 2008 (8)
February, 2008 (10)
January, 2008 (1)
December, 2007 (14)
November, 2007 (11)
October, 2007 (11)
September, 2007 (13)
August, 2007 (11)
July, 2007 (5)
June, 2007 (15)
May, 2007 (11)
April, 2007 (9)
March, 2007 (9)
February, 2007 (10)
January, 2007 (8)
December, 2006 (18)
November, 2006 (11)
October, 2006 (14)
September, 2006 (9)
August, 2006 (10)
July, 2006 (4)
June, 2006 (4)
May, 2006 (6)
April, 2006 (3)
February, 2006 (6)
January, 2006 (10)
September, 2005 (2)
August, 2005 (4)

Post Categories

ASP.NET
AJAX
Amusing
NZ
NZ Trains
Notes/Domino
Visual Studio
Web Development
Miscellaneous
Me
Rugby
C#
SQL