Results 1 to 14 of 14
  1. #1
    Join Date
    Apr 2013
    Posts
    90

    Enom new Terms and Conditions

    I just received the following email from Enom, some part of the changes makes me very worried. Here is the most concerning part:

    4 d. If they do not click on the link within 15 calendar days, then eNom will overtake the DNS of the domain name associated with that specific Registrant contact.
    In the attachment there is a screenshoot of the whole thing (I have sent Enom a feedback about this, and hope more people do the same).
    Attached Thumbnails Attached Thumbnails enom-new-term.gif  

  2. #2
    I'm somewhat concerned about the changes from ENOM - as of 1st of Jan, they're going to verify new domain registrations with an email to the registrant email... and they say in the webinar I just watched that they're going to send this email out as us (our domain admin contact) - well how can they do that if our SPF has our mail servers listed and not theirs?

    Surely there is a very real risk that they send out an email, it is hard bounced by gmail or hotmail or some other ISP the customer uses, because it came from a mailserver not listed in our SPF records.

    Once that happens, the customer's domain gets locked up by eNom changing the nameservers back to them and presenting a page to explain why they hijacked the page.

    I see customers not getting these emails with hijacked domains all over the place unless we list the eNom mailservers in our SPF record as a valid source of email.

    Either that, or we have to NOT use spf on our domain we have setup with eNom as our domain admin - that's a pain in the rear.

  3. #3
    Join Date
    Nov 2002
    Posts
    4,377
    According to the attachment it is a new ICANN requirement starting Jan 1 2014 - so all registrars will be doing this.

  4. #4
    Join Date
    Jul 2005
    Location
    Huh... where am I again?
    Posts
    974
    What about the yearly information verification emails that are sent out? (the ones that just list info and say if there is a problem go update it) I don't see that mentioned. If they require the same and then take down sites because of no verification, that will cause a lot of problems. As we all know, not everyone reads emails sent to them, not everyone keeps the email address updated for domains, etc.

    Although they say "direct resellers" what about sub resellers? Like those using the WHMCS offers, or Parallels DNN? Since they say to pass down, they will do the same for everyone.

    I haven't seen a notice from opensrs/tucows yet about such changes.
    -Steven | u2-web, LLC - Clustered Shared Hosting
    "It is the mark of an educated mind to be able to entertain a thought without accepting it" -Aristotle

  5. #5
    I got a response from eNom - and I'm waiting on sharing it by direct copy & paste, but the gist of it is that if eNom already sends out Renewal Notices, WDRP notices & transfer notices using the reseller email - if you're going to implement SPF on your domains in any form other than a default SPF record (v=spf1 +a +mx -all) - then you'll need to get hold of their IP address and add their mailserver IP to your allowed email sources within the spf record.

    I do have that IP (eNom had not problem providing it) - so we'll be able to tighten up our SPF without fear that these notices will be bounced by mail providers who have implmented SPF checking.

    That said - it doesn't get around the issue that the client might ignore the notices - or they could be junk-filtered - and domains that are up and running can simply go into "take down mode".

    As mentioned - this is not just eNom - the RAA changes are handed down from ICANN - and I would expect similar changes to policies from all registrars come Jan/1/2014.

  6. #6
    ok - I got permission from Chris Sheridan to share his response:

    My email to eNom:

    Quote Originally Posted by me
    Chris,

    I’ve just watched the webex on RAA changes – I have questions regarding the Registrant verification – you’re going to send emails out as us? How is that going to work with email not sent from our servers falling foul of SPF verification at the recipients ISP or mail handler? Surely we’re going to need to know what IP you’re sending the email from and have to include this IP in our SPF records – right?

    Now at the moment [our_main_domain] is our last domain where we are not tightening our SPF settings – I had planned on getting that setup this week – but I’m concerned that if I tighten the SPF on our end, then enom sending emails as domain-admin@[our_main_domain] will result in failed delivery (bounces) – based on SPF failure and 15 days later, domains will be locked up.

    Kind regards

    Greg
    eNom response:

    Quote Originally Posted by Chris Sheridan of eNom
    Hi Greg,

    Good question regarding the SPF records. Per my Webex, we will be inserting the email address of the Reseller in to the “From” field on our Verification email notices. We use this same process today for a variety of email messages (Renewal notices, WDRP notices, Transfer notices). In regards to the SPF settings, we have a suggestion that should reduce the chances of these notices being considered as Spam. You may use our email exchange IP address and list in your host records. Our IP address is 69.64.153.133.

    In regards to your second question., we are advising Resellers to use our IP to reduce the chance of these emails being considered spam or in the worst scenario blocked.

    Chris
    I hope this helps a little.

  7. #7
    Join Date
    Feb 2008
    Posts
    335
    I have been reading http://whois.icann.org/ about the changes. Take a look at this: http://www.icann.org/en/news/announc...03apr03-en.htm
    WebTuga Hosting - Portuguese Shared, Virtual and Dedicated Web Hosting
    CloudFire WebHosting - European Low Cost Cloud WebHosting

  8. #8
    Join Date
    Apr 2013
    Posts
    90
    Regarding SPF, I have not yet added Enom ip to my SPF record. However, when I look at one of the emails sent from Enom to my private Gmail account, wich uses my admin domain email address as "From:" address, it does not fail. Here it is:

    Code:
    Received-SPF: pass (google.com: domain of [email protected] designates 69.64.153.133 as permitted sender) client-ip=69.64.153.133;

  9. #9
    Quote Originally Posted by Techno View Post
    According to the attachment it is a new ICANN requirement starting Jan 1 2014 - so all registrars will be doing this.
    It's for registrars that have signed the new 2013 RAA, as this is a requirement of that agreement, along with many other requirements I might add.

    Taking over the DNS will essentially mean the registrant will see their email (go down) and site be redirected (I would assume) to a holding page notifying them that they have not completed the registrant confirmation.

    ICANN have stated that a positive action (read click link in email/enter code from SMS (could be either)) is required within 15 days of any gTLD domain registration where the contact has not been positively actioned and confirmed before.

    Essentially its just more work for us registrars to do...
    NetEarth One
    ICANN Accredited Registrar, http://reseller.netearthone.com
    SSLReseller - WHMCS SSL module now released into BETA www.sslreseller.com
    Full UK support, 7 days a week 365 days a year!

  10. #10
    Join Date
    Oct 2009
    Location
    Montréal, QC, Canada
    Posts
    64
    Quote Originally Posted by Techno View Post
    According to the attachment it is a new ICANN requirement starting Jan 1 2014 - so all registrars will be doing this.
    The requirement is to verify the phone number or email address. As far as I know it only applies to registrars who sign the 2013 RAA (which is required to offer new gTLDs).
    DomainCocoon provides technical, development & ICANN accreditation consulting to domain portfolio managers, hosting companies, registrars and resellers.

  11. #11
    Join Date
    Oct 2009
    Location
    Montréal, QC, Canada
    Posts
    64
    Quote Originally Posted by ImFM View Post
    The requirement is to verify the phone number or email address. As far as I know it only applies to registrars who sign the 2013 RAA (which is required to offer new gTLDs).
    I should add that at a later time the Governmental Advisory Committee (GAC) and ICANN have agreed that also the addresses will be validated, but the definition of the level of validation is still in discussion.

    The purpose is supposed to be stopping abuse, but I'm not quite clear how this would stop criminals from using throw-away email addresses/voip numbers in conjunction with valid addresses.

    PS:
    Sorry somehow I missed NetEarth's post explaining some of this already.
    Last edited by ImFM; 11-09-2013 at 01:39 AM.
    DomainCocoon provides technical, development & ICANN accreditation consulting to domain portfolio managers, hosting companies, registrars and resellers.

  12. #12
    I'm glad I stumbled on this post. I use Enom as the registrar for my reselling of domains, and I had not seen/heard anything about this before.

    I added Enom's IP to my SPF record so I don't have to worry about my customers not getting the notices they send out. It seems like an easy preventive fix.

  13. #13
    Join Date
    Jul 2005
    Location
    Huh... where am I again?
    Posts
    974
    Just got a notice from OpenSRS on this, though they do not say they would change the DNS but it does say "Failing to receive a response within 15 days requires us to manually contact the registrant, or suspend the name." Not sure how they will manually contact the registrant. Have a message in to them.

    They did confirm though that if a WDRP bounces, the same validation steps and requirements will be taken.
    -Steven | u2-web, LLC - Clustered Shared Hosting
    "It is the mark of an educated mind to be able to entertain a thought without accepting it" -Aristotle

  14. #14
    This is not a new process that is unique to eNom. As per new ICANN rules, every registrar must validate the registrant.

    So it really doesn't matter if you reseller for eNom, godaddy, or any other registrar... this new requirement for a new registrant to validate their registration info is the same.

    Personally, I don't see what benefit this new requirement offers to anyone. All I see it doing is adding more work to the registrars.

    Want to sell domain names? Sign up today for an eNom.com reseller account from a trusted eNom ETP provider.
    * We provide support and service to over 3245 happy eNom domain name and SSL certificate resellers!

Similar Threads

  1. Which Terms and Conditions?
    By webspawner in forum Running a Web Hosting Business
    Replies: 6
    Last Post: 05-12-2011, 12:04 PM
  2. Terms and Conditions
    By danisgood in forum Running a Web Hosting Business
    Replies: 3
    Last Post: 07-25-2009, 04:10 PM
  3. My Terms and Conditions
    By Dogtanian in forum Other Reviews
    Replies: 4
    Last Post: 01-07-2005, 04:15 AM
  4. Terms and conditions
    By StueyB in forum Running a Web Hosting Business
    Replies: 3
    Last Post: 05-25-2004, 03:50 PM
  5. Terms and conditions
    By chrisblack in forum Other Offers & Requests
    Replies: 3
    Last Post: 09-16-2003, 12:27 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •