# BIN purchases at godaddy



## rlm__ (Jan 9, 2022)

I bought a .ca domain yesterday at a BIN price in the low $xxxx on godaddy, and paid by CC.  The domain was already registered at Godaddy so it should just be a push into my account, I kinda hoped it would be fast.

I don't usually mess with Godaddy much, so I'm not really sure how their systems work.  Does the owner have a chance to renege on a BIN sale?

Also, does anyone know how long it typically takes for Godaddy to actually put the domain in my account, keeping in mind its a push, not a transfer?

Thanks!


----------



## DomainRecap (Jan 9, 2022)

I think in cases of a push (rather than a transfer, where GD does it automatically), the domain owner needs to initiate the transfer, as least it used to be that way when I did it years ago. 

Again, this could be old info, but definitely get ahold of GoDaddy to make sure.


----------



## MapleDots__ (Jan 9, 2022)

From my experience it depends on the domain owner who has to authorize, I have seen it take 3 days to get a domain keeping me on pins and needles.

Really it should be automatic, I list, you buy, it fast transfers out.
Both parties have an agreement, what more do we need?


----------



## rlm__ (Jan 9, 2022)

MapleDots said:
			
		

> From my experience it depends on the domain owner who has to authorize, I have seen it take 3 days to get a domain keeping me on pins and needles.
> 
> Really it should be automatic, I list, you buy, it fast transfers out.
> Both parties have an agreement, what more do we need?



I tend to agree.  But then again, if they were my domains I'd want to have some oversight as well.  What if your godaddy account got hacked, they lowered your prices to $100 for a $10,000+ domains, then paid for them all to make it look legitimate and voila, your domains are gone and they have a legit looking receipt of sale.  They could even claim they weren't the hacker, they just happened to notice the bargain and legitimately bought the domains.  Kind of a scary situation.  I know its a stretch, but I guess I get it that there should be checks and balances by the owner.   But I also hope they're not going to renege on the deal either....


----------



## DomainRecap (Jan 9, 2022)

rlm said:
			
		

> I tend to agree.  But then again, if they were my domains I'd want to have some oversight as well.  What if your godaddy account got hacked, they lowered your prices to $100 for a $10,000+ domains, then paid for them all to make it look legitimate and voila, your domains are gone and they have a legit looking receipt of sale.  They could even claim they weren't the hacker, they just happened to notice the bargain and legitimately bought the domains.  Kind of a scary situation.



This is why, unless I know the person, I only spend significant money on transferrable domains and then transfer them far, far, far away from the originating registrar. Too many horror stories of GD (and others) taking back domains due to scams like this, as well as the old "buy a ton of expired domains on stolen credit cards, sell them cheap as pushes, then run!" trick.


----------



## Esdiel (Jan 9, 2022)

I could be wrong but I thought if a domain is held at godaddy and sells at godaddy, then godaddy takes control of the domain and takes care of everything (for a push). And because of that the seller can’t renege since it’s in godaddys control at that point.

I believe it’s all done automatically, but not necessarily immediately. Maybe 2-3 days minimum to complete the transaction, 5 days max, if the buyer pays right away. As a buyer you should have the domain in 2-3 days I’d imagine, and the seller needs to wait maybe a day or two longer for the funds to be officially released to them. 

I definitely don’t think you have any reason to worry if you paid already and the domain is already at GD. Just give it a day or two.


----------



## rlm__ (Jan 9, 2022)

I'll be patient and give it a day or two.  It's just weird that I get an email receipt immediately, but no indication about what the next step is or when the expected timeline is.  Something would be nice.


----------



## silentg__ (Jan 9, 2022)

rlm said:
			
		

> I'll be patient and give it a day or two.  It's just weird that I get an email receipt immediately, but no indication about what the next step is or when the expected timeline is.  Something would be nice.



https://ca.auctions.godaddy.com/
Does it show the domain under the auction > Won page?


----------



## rlm__ (Jan 10, 2022)

silentg said:
			
		

> https://ca.auctions.godaddy.com/
> Does it show the domain under the auction > Won page?



Thanks for that.  I didn't realize that was even there.  I didn't go through the godaddy auctions pages, I simply visited the domain and hit buy.  So anyway, yes, they are there (I bought two actually) and they do say "processing".  That kind of stuff should really be better linked to my account.  When I log into my account, there's zero reference to it, not from the invoice, there's no "transfer center" like some registrars will have, etc...


----------



## MaiTaiMan__ (Jan 10, 2022)

If the domain is not enrolled in the "fast transfer" program, it could take up to a week or two before you get the domain, and the owner can back out of the deal days after you have submitted payment. Yes, not ideal scenario, that is for sure... Good luck, hope you get the domain.


----------



## rlm__ (Jan 11, 2022)

MaiTaiMan said:
			
		

> If the domain is not enrolled in the "fast transfer" program, it could take up to a week or two before you get the domain, and the owner can back out of the deal days after you have submitted payment. Yes, not ideal scenario, that is for sure... Good luck, hope you get the domain.



Thanks Bill.  GoDaddy support via chat was effing useless.  They just gave me bs canned answers, about what I expected.  Would be nice if their system had some transparency.  I like Escrow.com for that reason, they give a step-by-step status of what's going on...  I guess I'll just have to wait and see what I eventually get, 2 domains or 2 refunds...


----------



## DomainRecap (Jan 11, 2022)

rlm said:
			
		

> I guess I'll just have to wait and see what I eventually get, 2 domains or 2 refunds...



That's the Godaddy way.


----------



## Develop__ (Jan 11, 2022)

You can always check whois for the last UPDATED DATE to see if actions are occurring.


----------



## rlm__ (Jan 11, 2022)

Develop said:
			
		

> You can always check whois for the last UPDATED DATE to see if actions are occurring.



Yeah, I did, and they were updated the day I bought them.  What I didn't check was, what was the status before I bought it?  Right now, both domains show:

Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited

So in its current state, it cannot be transfered/deleted/updated.  However, those flags are in theory set by the registrar at the client's request (like when you turn "lock" on or off).  It could also be that GoDaddy is using those client*prohibited statuses to freeze a domain to prevent the owner from trying to transfer it away quickly.  Or it could be that the owner saw the sale, didn't like it and went in and turned "lock" on.  In theory that doesn't prevent it from being "pushed" though.  So its still anybodies guess what is actually happening...


----------



## DomainRecap (Jan 11, 2022)

I just remembered that these are both pushes, and were registrar locked beforehand, so it's neither here nor there.


----------



## rlm__ (Jan 13, 2022)

Well - I bought 2 domains in two transactions, a couple minutes apart.  Both from the same seller.

Weirdly, one showed up in my account today.  One not.  I assume they'll get around to working on the next one.

I notice that GoDaddy says I can't transfer the domain for 60 days - despite the fact that there was no transfer (the domain was already at GoDaddy) - it was just a registrant change.

[notify]richard.schreier[/notify] - can a registrar self impose a lock on my domain that isn't required by CIRA?  I feel like I should be able to transfer the domain immediately, no?


----------



## jaydub__ (Jan 14, 2022)

I thought a change of registrant info triggered a 60 day lock/hold with .ca Rob.


----------



## richard.schreier__ (Jan 14, 2022)

[notify]rlm[/notify] and [notify]jaydub[/notify], I think CA is a bit different than most registries. A change of RAR is called a transfer while a change in RANT (without changing RARs) is simply a domain update. After a successful "transfer" (the domain is now in the hands of a new RAR), the domain will be in a "serverTransferProhibited" status for 60 days, meaning it cannot be transferred again to another RAR for 60 days.

There are no restrictions placed on the domain status by CIRA when the RANT is updated but the domain remains at the same RAR. I'm not 100% sure but I think COM operates on the basis of a change in RANT as well and as a result many RARs have adopted a standard lock as part of their architecture.

There is no CIRA imposed lock if a domain name RANT is changed while the domain remains at the same RAR.


----------



## jaydub__ (Jan 14, 2022)

Thanks [notify]richard.schreier[/notify] *THUMBSUP*

So example..I push a domain to another eg.NamesPro account (which will automatically change the registrant info) and then they want to transfer it to another registrar…they could do it right away?


----------



## Eby__ (Jan 14, 2022)

jaydub said:
			
		

> Thanks [notify]richard.schreier[/notify] *THUMBSUP*
> 
> So example..I push a domain to another eg.NamesPro account (which will automatically change the registrant info) and then they want to transfer it to another registrar…they could do it right away?



yes, that should be possible.


----------



## richard.schreier__ (Jan 14, 2022)

Yes, that's correct. When you "push" the domain to another Namespro account only a domain update (the RANT changes) occurs and no locks are placed. The new owner of the domain now has full control (including access to the authorization code) and can now have the domain transferred in to any other RAR (or they could sell the domain to another individual and provide them the auth code to complete a transfer).


----------



## MapleDots__ (Jan 14, 2022)

Thank you for participating Richard  *THUMBSUP*


----------



## jaydub__ (Jan 14, 2022)

Thanks Richard!


----------



## rlm__ (Jan 14, 2022)

richard.schreier said:
			
		

> There is no CIRA imposed lock if a domain name RANT is changed while the domain remains at the same RAR.



Thanks Richard.

Yeah, this was the same issue that I had with Rebel a while back - where they also lock your domain after a registrant change.  That one was initially said to be 60 days, then changed to 7 days.  I just wanted to get an official statement of that. It just annoys me that a registrar can decide to make up their own rules and lock my name.  I don't think a registrar should be allowed do that.

Unfortunately, their support people don't know enough about .ca domains and I just get canned but clearly wrong answers.  If they want to lock it be default, fine, but if I request it to be unlocked they should do it.  Its not like they don't know who I am, I've been a customer for as long as they've been in existence.

In the end, it's not a big deal - this time, just annoying.


----------



## FM__ (Jan 18, 2022)

richard.schreier said:
			
		

> I'm not 100% sure but I think COM operates on the basis of a change in RANT as well and as a result many RARs have adopted a standard lock as part of their architecture.



The main reason the registrant changes for a .COM transfer is that the registry is still a thin registry, and thus the registry does not hold any of the contact data. So any transfer to another registrar is technically also a change of the contacts on the domain. 

Verisign was supposed (and had started) the transition to a "thick registry" (that would have held the contact data), but this transition was stopped due to GDPR.

The 60-day lock after Registrant changes is an ICANN requirement across gTLDs, but it's enforced by registrars, whereas the 60-day lock for new registrations is enforced by the registry:
https://www.icann.org/resources/pages/ownership-2013-05-03-en



			
				ICANN said:
			
		

> After 1 December 2016, registrars must impose a lock that will prevent any transfer to another registrar for sixty (60) days following a change to a registrant's information. Registrars may (but are not required to) allow registrants to opt out of the 60-day lock prior to the change of registrant request.


----------



## rlm__ (Jan 18, 2022)

I'm assuming that a ccTLD isn't strictly governed by ICANN policies for gTLDs, otherwise CIRA would have followed their lead across the board, but it seems CIRA has taken ICANN's policies as more of a compatibility guideline, clearly there is much good there to start with.  But I'm glad CIRA didn't follow along 100%, as I think everyone appreciates the instant transfers we get from CIRA the best - we are quite spoiled in that way. 

What is interesting with the two domains I purchased is that they aren't actually locked as per the whois results.  I just get the following:



> Domain Status: ok https://icann.org/epp#ok



However, when I try to request an auth code, I get this message:



> This domain was registered, transferred or underwent a change of registrant less than 60 days ago.
> 
> ICANN (the worldwide organization in charge of maintaining and coordinating domain names) doesn’t allow registrar transfers within 60 days of the these events:
> New domain registration
> ...



So they're not using the built in lock mechanism, they're just refusing to give me the auth code - and saying that it is ICANN mandated.

So [notify]FM[/notify] and [notify]richard.schreier[/notify], just what exactly is a CIRA certified registrar's obligation?  To follow ICANN rules or CIRA's rules?


----------



## FM__ (Jan 18, 2022)

rlm said:
			
		

> So [notify]FM[/notify] and [notify]richard.schreier[/notify], just what exactly is a CIRA certified registrar's obligation?  To follow ICANN rules or CIRA's rules?



CIRA has their own rules and obligations - as you already said, *ccTLDs are not regulated by ICANN*. ccTLDs are however part of the ICANN community and provide valuable input and may also partially decide to follow similar rules to ICANN rules.

Some registrars seem to apply ICANN rules across the board though. This may partially be related to the challenges of connecting to so many different TLDs with different rules, but of course, that doesn't relieve the registrar from following the ccTLD rules as well.


----------



## richard.schreier__ (Jan 18, 2022)

[notify]rlm[/notify] .CA Registrars are obligated to follow CIRAs rules per the registry agreement. The only clause related to the authorization code is Article 5 Registrar Obligations sub-clause (cc) which simply says:

"provide the Registrant with any and all information, materials, approvals, and authorization codes required to effect and/or facilitate a change of Registrar when requested by the Registrant;"

What you are getting is not uncommon where the logic implemented by the registrar is applied to all strings for ease of programming. We see similar issues with transfer protocols (and "ack"ing) which in CA do not exist, transfers are immediate. You need to contact your RARs support team and ask for the auth code on the phone, bypass the automatic response.


----------



## rlm__ (Jan 18, 2022)

Thanks for the thorough answers guys. Appreciated.


----------



## rlm__ (Jan 18, 2022)

[Rant mode On]
Ugh - man I hate godaddy.  Today, a seller was pushing in 13 domains I purchased.  Trying to accept those domains was a royal pain in the ass.  Jumped through all the forms to assign contacts multiple times - always just got mysterious errors with no explanation, like where a form had greyed out boxes expecting you to fill in stuff despite the fact it was greyed out.  After tricking the forms into allowing me to proceed by checking/unchecking certain boxes, I could at least get a "next" button to un-grey itself.  Making it to the end of 13 domains (even though I selected the "apply to all" button), I get to the end and it just hamster wheels, eventually dies, and says call support.  So while waiting on hold for 30 minutes, I try again, multiple times.  Nothing works.  Then I get support on the phone finally and they just tell me to do the same **** I already did, of course.  After a couple more failures, she wants screen shots.  After sending screen shots, she finally believes me that its not me. Then she wants screenshots from the email Godaddy sent to the old owner to prove that there was no button or link to approve the changes (which there wasn't, just a list of the domains that were being changed).  I try again, no dice.  Support person doesn't know what to do other than try again. So I try again, magically it works.  As soon as she said "I now see the domains in your account" I heard dial tone.  Well that was courteous!  I would never ever purposely use GoDaddy to hold my .CA's.
[/Rant mode off]


----------



## jaydub__ (Jan 19, 2022)

I agree completely Rob.
And as I mentioned in another thread..GD still doesn’t get the RANT change right. I still get expiration notices for names I sold a year ago or many years ago, meaning I am still listed in some of the registrant info. Never have liked that. I move out of GD asap when I have purchased names from a seller there.


----------

