For those of you using GoDaddy services, please reconsider. Here is a nightmare experience of a company losing their domain name after nearly 3 decades.
A Lancaster, PA-based IT firm called Flagstream Technologies lost control of a client’s domain — one in active use for 27 years — after a GoDaddy internal user transferred it out of the account without any advance notice. The domain had full ownership protection and dual two-factor authentication enabled, none of which mattered. The transfer wiped the DNS zone, taking down the websites and email of an entire national nonprofit organization across 20 locations. Over the next four days, Flagstream made 32 calls totaling nearly 10 hours on hold, emailed multiple shifting support addresses, and filed formal transfer disputes with proper documentation — only to be told at the end that GoDaddy had determined the domain now belonged to someone else, and considered the matter closed.
The situation unraveled further when it emerged that the recipient of the domain — an executive assistant named Susan at a regional chapter of the same nonprofit — had never submitted any documentation at all. GoDaddy’s recovery team apparently noticed her email signature referenced a subdomain of the parent domain and transferred the entire parent domain into her account. A link GoDaddy sent her to upload supporting documents expired before she used it, and the transfer was approved anyway. Susan, realizing something was wrong, tracked down Flagstream herself, and the domain was restored via a direct account-to-account transfer in under five minutes — a resolution that came entirely from her initiative, not from GoDaddy’s support chain. The incident has prompted Flagstream to consider migrating all of their domains off GoDaddy, concluding that it’s the only meaningful protection available.
Source: GoDaddy Gave a Domain to a Stranger Without Any Documentation.