Breach of Domain Privacy

[Bloom]

I own a portfolio of few domains (.com & .net) related to a city. They all have been privacy protected from day one through "Moniker Privacy Services". So, there was no way someone could find my email address. Recently I renewed them and also I made sure that all sub products (especially privacy) were renewed before expiry date.

However, to my surprise, I received an email today (same email address under which I have these domains registered under Moniker), asking me if I am willing to sell two of these domains (two .coms, related to this particular city).

I politely said "no" as they are generic geo names and are lined up for development soon.

My question is how did this person come to know that I own these domains (to send the email to the correct email address) while they are privacy protected.
Can someone shed some light on this, please?

Because now it appears to me that there is no point in protecting domains through "Privacy Services".

- Thanks in advance.

 

[katherine]

Have you checked the whois ? It could be that the control panel says privacy is on, but doesn't reflect reality.
Are the domains parked or hosted on a dedicated IP address, that makes it easy to trace the owner and connect the dots ?

 

[Bloom]

@katherine

Well, at moniker.com WHOIS and also domaintools WHOIS, they are all "Moniker Privacy Protected".

They are neither parked nor on dedi IP. Never been parked.
But url forwarded (through moniker registry control panel) to a Public Domain webpage.

- Thanks

 

[angel69]

I think I know exactly what happened, no worries, I'm almost certain your domains have the privacy feature on them working just fine

The email you got, it "looks" as though it was sent to your real email address (or the one you use for the Moniker acct), when you see the email the recipient reads like your actual email address, but view the full header, most webmail services have that option, public (free) ones have it in some form, and even if you use one of your domains as your email address it exists in some form. There you will see where the email you got actually came from, and it'll read [email protected], or something like that. The email originated from the other guy's email service but went through the assigned Moniker privacy email servers before it was redirected to you

With other registrars you see that the sender is [email protected] (when it's a GoDaddy privacy) or something like Xc%^h78K&@XRegistrarPrivacy.com. And with others you will even see the recipient be [email protected] or Yt%20aB2#@SecureServer.net and it's then sent to your inbox automatically

It raises a red flag with many at first when you see your own address and you paid for privacy but I bet 99% that's exactly what happened. Having said that, when you add privacy to a Moniker domain at handreg or transfer-in time, sometimes it'll be in your acct but in a deactivated form, you need to go to Settings and activate (enable) it manually, it doesn't happen that often anymore but keep that in mind, it has happened to me a few times

 

[angel69]

Oh, I forgot....one last thing

Too bad you already replied to him because now he saw your actual email address as the sender, I'm not sure if that's the same email you use for Moniker but when you know the guy ran into privacy and doesn't know who you are, you may choose not to reply from an email address you value, I try to keep that in mind in case I want to stay as anonymous as possible. Before I answer anyone's email if they're strangers I always check which email appears on the WhoIs for that domain if I'm not sure or if I use more than one. That way you only give strangers what they absolutely need

Go Daddy was infamous for disclosing your actual info and violating your privacy with just about anyone who asked as recently as a couple of years ago. But I haven't heard that happening to anybody I know recently. Back then I'd pay for GD privacy only to have a guy call me at home and leaving a VM mentioning he was looking for me (my full name), and others would email me for other private domains and there was no privacy email filter, again mentioning my full name. So I know for a fact phone #s, email addresses, full names (and perhaps even street addresses) were being given out by GD reps left and right, that would make me just livid.....

Any registrar who wants to be serious about getting paid for privacy and delivering on it should restrict who gets to see the info underneath the privacy, ie general reps should not even have that option for ex, a supervisor should always be required. Since this is the Moniker section I do want to give them credit for a well-publicized incident some time ago where a broker got fired for disclosing private info on a customer to some interested party

 

[Bloom]

@angel69

Yes. That is what has happened exactly.
I checked the email headers. The message was redirected from 'Moniker Privacy Service'.
Unfortunately, there was no indication whatsoever in the message itself (the msg was clean as if it came directly from the sender).

Thanks so much for the info.

+++


BTW, I would like to suggest to moniker.com to add all the missing info in the message itself.
It will benefit all of us immensely.

- Rgds