Improve company productivity with a Business Account.Sign Up


Domain held ransom

Posted on 2006-06-14
Medium Priority
Last Modified: 2012-05-05
There is a client that we are bidding on.  He states a guy that has been doing his IT work purchased the company's domain name from godaddy a few years ago.  Now the guy wants a wad amount of cash for managed services for just a few pc's and 3 servers.  The guy owns that domain name.  What would be the correct steps for regaining access to that domain without reprisal from the previous tech???
Question by:mentisgroup
LVL 44

Expert Comment

by:zephyr_hex (Megan)
ID: 16906357
the company would need to talk to a business lawyer.  the IT guy hopefully did not purchase the domain with his own money (hopefully the company either reimbursed him or he used company funds to purchase it).  if the IT guy used the company's money to purchase the domain, then the domain belongs to the company and not to the IT guy.  but you will likely need a lawyer to sort that out.
if the IT guy bought the domain with his own money, then legally, he owns the domain and can do whatever he wants with it.
LVL 32

Expert Comment

ID: 16907526
Having been in a very similar situation myself, here are the steps that we took:

Since the client paid the consultant to get and setup the domain, legally he owned it.  So when the consultant tried to pull this stunt, the client wrote a strongly worded letter to him stating exactly what he wanted and when it had to be done by.  The letter said he was to transfer control of the domain to so-and-so by a certain date.  It also said that if it was not done that the next contact the consultant would receive would be from the client's attorney.

Co-incident with this, we changed the password on EVERYTHING since we were concerned with "reprisals".  While doing something like that is very foolish, some of these people have no business sense at all.  We wanted ALL the locks changed, literally and figuratively before this person had a chance to do anything.

The client had one "lever" that he also used.  The consultant was still owed his last couple of months of payment but he had not yet invoiced the client.  So even though he knew the money was due to the consultant, it was leverage and a fair amount of money.  The letter also stated that any outstanding payments due would be witheld until the issues were taken care of.

In the end the consultant did do everything he was requested to do and did it in a timely manner.  He got paid for his last two months of work and we bid him good riddance.  

Lesson: NEVER hire a consultant with the words "nerd" or "geek" in their company name!!  ;-)
LVL 32

Expert Comment

ID: 16907534
BTW, don't bluff or threaten.  Just state your requests using clear and proper business language.  If that fails, let your client's attorney take it further.  He'll know what to do and how to say what needs to be said.
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

LVL 18

Expert Comment

ID: 16908709
As a consultant you aren't really qualified to advise specifically, what you can do is help evaluate the validity of the claim and pass this information on to the attorney.  This sitatuion is a security threat.  As long as he keeps the domain, you can assume he is reading your email, etc.  Getting a TRO, temporary restraining order will cost a large sum of money.  (20-50K is reasonable.)

you might have a chance if the domain says it is registered to the company, but just happens to be managed by the userID of the ex-consultant.

Having been on both sides of this type of scenario, I can say that if I were holding some intangible property in leiu of payment, you can bet my attorney would tell me to ignore some stongly worded letter from the other party's attorney if not accompanied by a check.

Obviously don't sign up for managed services, just ask how much $$ to 'buy' the domain and get it over with.  I'd pay 1-5k.

Even if he billed you for the domain registration, you are fighting an uphill battle, he comitted fraud.  He stole ~$35 per year from you (as tangible property).   It will be tied up in civil forever.  In the mean time you can't use your domain for email or for anything for fear that.

It isn't acquiescing to use the fact that money talks, sad, but true in the real world.

Run plan B in parallel, which is to plan on dumping the domain and get a new one.  
LVL 44

Expert Comment

ID: 16909067
See my comments on this question, they are directly relevant to your situation, and take note....
LVL 16

Expert Comment

ID: 16909464
>See my comments on this question, they are directly relevant to your situation, and take note....


Cybersquatting is somewhat different than the circumstances here, but the solution is the same...

>What would be the correct steps for regaining access to that domain without reprisal from the previous tech???

Secure everything, log everything, and sue (if your legal team indicates that you have recourse) - if s/he attempts reprisals, that's just more evidence in your case.  Hope your budget can absorb the legal expenses ;-)



Accepted Solution

Okigire earned 2000 total points
ID: 16912593
If the domain is rightfully yours (the company's), reflects the company (name), and has already been in existance -- you should be able to dispute it.  I don't know if it pertains to certain trademarks/etc only, and I believe it costs a couple of thousands of $$$ to dispute, but that depends on who you deal with.  It may also depend on what the domain is (for gTLDs such as .COM, etc - this will apply... for ccTLDs such as, .ca, etc - different rules may apply).  ICANN has something they call the Uniform Dispute Resolution Policy (UDRP).

Uniform Dispute Resolution Policy:
"All ICANN-accredited registrars follow a uniform dispute resolution policy. Under that policy, disputes over entitlement to a domain-name registration are ordinarily resolved by court litigation between the parties claiming rights to the registration.... the uniform policy provides an expedited administrative procedure to allow the dispute to be resolved without the cost and delays often encountered in court litigation. In these cases, you can invoke the administrative procedure by filing a complaint with one of the dispute-resolution service providers."



I agree with what was said though - remain professional at all times.  Threatening action/etc can only cause trouble down the road when it goes beyond negotiating between you both.

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question