At work we use RapidSSL (a division of GeoTrust) for a handful of certs. Last night I received an email with a banner warning me, "Your certificate is ABOUT TO EXPIRE". The email goes on to list the expiration date as "Oct 12, 2011". Four months is certainly generous notice, but I've always taken this as a simple marketing attempt to maintain customer loyalty.
Usually I take these emails as tickler reminders and delete the first couple. When I eventually decide it's time to renew, I pull up the site by typing the URL into the browser. Upon reading this article, I wondered whether following the link in the email would result in a different pricing structure. As it turns out, the answer is yes, though after playing around, it doesn't appear to have anything to do with the email link.
The first page of RapidSSL's order form handles both new orders and renewals with a pair of radio buttons. Another section of the form allows you to specify the validity period from one to five years. The prices appear alongside the choices, and are currently the same for both initial orders and renewals.
First I visited "www.rapidssl.com" and clicked the "buy/renew" link for a single domain cert. I got an order form with the following prices for 1-5 years:
49, 86, 122, 159, 196
Then I pasted the link from the email (which contains a fairly simple query string that does not appear to have a unique identifier in it) into a different browser. I clicked the "buy/renew" link for a single domain cert, I get the same form with the following prices:
79, 138, 198, 257, 316
It's interesting to me that the difference in price actually increases as the validity period increases:
30, 52, 76, 98, 120
Still more interesting, after resetting the browser and pulling up "www.rapidssl.com" directly, the prices are completely different:
29, 51, 72, 94, 116
I tried the email link one more time and got the 49-86-122 pricing again. Then I tried it one more time and got 19, 33, 48, 62, 76. So clearly RapidSSL is varying their prices on the fly, presumably to gain insight as to what people are willing to pay. I was ready to claim the link in the email yielded higher prices, but that seems not to be the case. So I guess after all that, this isn't particularly interesting. I'll definitely hit the site a few times when it comes time to purchase though.
Unfortunately the pricing structure for a wildcard certificate never seemed to vary.
For what it's worth, I think it's fairly common practice these days. Not long ago I booked a car rental (I think on Avis.com). The first time I got a quote, I didn't book it right away as I was shopping for better prices elsewhere. When I came back the quoted price went up, and it basically went up every time I tried to get a new quote. I had to use Tor to get it to give me the original cheap price.
Most vendors who have channel partners don't want to compete with them, but they don't want to leave sales on the table, either. For bigger ticket items, the company generally sends you directly to a channel partners; for smaller ticket items, the company will often sell the item at "list" price and let the channel partners discount off of list.
Pretty standard operating procedure here and highly unlikely to be a comment on their customer's web savvy. :)
HAHAHAHA. Well, it actually gets worse. If you cancel the auto renewal, then go into Google and search for "ssl certificate" you'll get a wonderful ad (at the very top) that is for $12.99 (with the quote "why pay more"). You can then buy that cert and it gives you the exact same thing as the renewal (admittedly a bit more work, but is the convenience of auto-renewal really worth $37?).
Been doing this for the last 3 years: they are TRULY retarded for using such a scheme but hey! It catches some people, so I guess tactics like that got them the $2bn "investment" from the friends at Silver Lake.
I never understood why GoDaddy has such a monopoly-like status - even in the startup scene. I've only used their services once (because someone transfered a domain to me and prefered to do this as GoDaddy-internal transfer), but the first thing I did was transfering the domain to another registrar (the one that I typically also use for my other domains).
Reasons why I wouldn't use GoDaddy:
GoDaddy is not really one of the cheapest registrars.
I find their pricing "tactics" (as also mentioned in the article) very questionable.
Their whole website isn't just really appealing to me (I know, very subjective).
I use Dreamhost for all my domain registrations and most DNS. Great admin interface compared to the competition, still very cheap, domain transfer codes plainly visible, no unlocking or calling or any of that. You just transfer it away. They are the most honest of the bunch and you can move each part of your service off them as you outgrow it.
Easiest to setup a domain for Google Apps too, just click a button.
I used Dreamhost once, after I ended my hosting to move to a VPS, they locked me out of my administration panel completely. I still had my domain with them, but no access to it, and the website actually told me that I needed to open a hosting plan to get access. I had to go through their support process to get access (or really, to transfer out, there was no way I was staying after that).
I immediately transferred to Moniker - they're great, they let you configure absolutely everything. I think what I learned was to stay away from companies that do both domains and hosting. If they just do domains, they understand that you are always going to be sending your traffic elsewhere.
Great point, thanks. I have a hosting account there because I don't want to manage a VPS for my (static) blog and the other low traffic site I host. I didn't even realize you can't only use them for domains, that's a huge gotcha.
Cheap until you get roped into an auto-renewing thing with 3x the price you first paid. Why support a company like that? It's so slimy. Your cheap domains are effectively subsidized by GoDaddy preying on others.
Did you know the majority of car insurance firms (in the UK at least) will ramp up renewal prices by a few % each year? I did sales for one such company a few summers ago, and we were told this was intentional - and if someone calls in, and complains, we just offer them to new sign-up price.
I use GoDaddy because I manually renew all my domains at the same price as I signed up for. I agree their UX is awful, and they're not the most "good" company in the world... but it serves me for what I want out of a domain provider!
Renewal price hiking is a common practice... you just need to be a smart shopper if you want to save money!
We have a bank in the Netherlands that did the same with savings accounts and interest rates for them. The rates started high to draw people in and then lowered, till they had over 100 different savings accounts.
Every so often I have to do some minor maintenance work on a GoDaddy account, I can't stand their interface.
I may have said it elsewhere, but I'm a big fan of DirectNIC even though they are double GoDaddy's price. There interfaces are really clean, and any time I've transferred or sold a domain it has been an absolute breeze. And back in the day, when all the major registrars were shutting down their web-based WHOIS tools (NetSol et al), DirectNIC always kept their WHOIS tool open which always bought them a lot of good will in my book. (I wasn't aware of command line tools like 'whois' and 'nslookup' yet...)
I don't think you're reading it correctly. When it says part of the deal price is debt, that means the purchaser is using debt to finance the acquisition (taking loans or issuing bonds). It's nothing to do with GoDaddy's balance sheet.
I had the exact same thing happen to me. One of many reasons why I've not only stopped using GoDaddy for myself but also why I've decided to REFUSE to work with them for my clients. If my clients use GoDaddy, they can either get off GoDaddy or find another developer. Sometimes you have to force morality upon those without. :P
'Scam' is a really strong word and denotes an illegal action.
While these are shady practices, they are not illegal.
And the 1-month ahead renewal is not shorting you of a month. It's preventing you from getting into a situation where your cert expires because your CC details were invalid and it took to long to replace them. It also gives you time to configure your server, etc.
They are hardly the first company to offer a different initial price than the renewal, either. I hate that tactic, and watch for it, but it's not even unethical unless they don't tell you about it.
I'm sorry I must disagree. Its not a scam in the classical sense but it is one. Its like the real-estate sites that ask for a credit card and a free trial, to cancel you must CALL between 3-4pm on a Wednesday when their lines are busy AND they promptly close doors at 4pm or you will get charged perpetually.
However GD can offer whatever they want. HOWEVER this is deceptive marketing AND I am fairly sure you can take em to courts over this.
Okay, I use godaddy for domains and DNS. Never had a problem with them. But these 'godaddy sucks' posts and the godaddy buyout are starting to worry me. Who would you recommend as a replacement for registration and DNS?
My local ISP is a Tucows reseller. Domain names aren't generally attributed to Local Business, but you might want to ask around your local user groups and organizations to see if there is a small company near you that does the same. My ISP charges a flat $10.00 USD for initial domains, renewals, and transfers, and they're nice people.
I can't recommend DNSimple enough (http://dnsimple.com). Pretty straight forward pricing, nice one-click integration with stuff like Google Apps and they'll even give you a discount if you transfer domains off GoDaddy.
Looks nice, but it seems to have a significant price premium over GoDaddy (seems to be $14/domain/year + $120/year for DNS). Is the benefit worth the premium?
I'm not sure how many domains you handle, but in my case I have less than 10 domains so I pay $36 yearly + 8 per domain transfer from GoDaddy (or $14 as you mentioned). With one click you get stuff like Google Apps or Heroku setup for you.
After dealing with registrars for a long time I've realized that paying extra $5 per domain per year is totally worth it if you don't have to deal with companies like GoDaddy.
I'm not familiar with the Amazon service, but if it's $1 per domain per month then you'd save $0.7 for every domain using DNSimple.
EDIT: I should link to another HN discussion on the subject: http://news.ycombinator.com/item?id=2753471. One comment that resonates by jbyers: "Read your registrar's terms. See if you still want to save that $6 a year".
There are two separate costs: one is the domain registration and the other one is the hosted DNS solution.
With the hosted DNS solution you get access to stuff like the one click setups I mentioned earlier, API access, domain forwarding, vanity name servers and who knows what else. Keep in mind you can use their DNS service even if you don't register your domains with them.
I've used http://www.1and1.com/ for registration ($10/yr normal prices) for some time. The UI is awful, but aren't they all, and I basically never need to use it once it's set up, so it's OK by me.
The commonly named alternatives seem (all for .com):
Namecheap $10
Name.com $10
Moniker ???
DNSimple $14
Gandi 12,00 € (~ $17)
Joker.com $12.80
Name registration is a commodity. I go with the cheapest provider.
So is Coffee & Domains a reseller for GoDaddy (or another registrar) or did you put up the escrow money with the registries to become a full-fledged registrar?
http://www.startssl.com/ will give you a free ssl certificate for a single domain (actually, they'll give you one that covers a domain plus a single subdomain). Handy if you want to setup your own mailserver somewhere: the root certs are in all the main browsers & mail clients. You'll need to have your (web|mail)server serve up the intermediate cert as well as the leaf cert which can be a slight pain to setup, but apart from that it all works just fine.
The root cert is not in early versions of Android, due to a bug. I'm not sure when that was fixed. Unfortunately, you can't update root certificates in these versions.
I can't update my users' phones for them. Just pointing out that users stuck on older versions of Android, for whatever reason, may run into problems with the free cert. In the mail client, it will work if "TLS (if available)" is checked, but that's a departure from what other mail clients mean by that option.
DigiCert. I am currently going through the EV validation process with them and they are absolutely briliant. Very quick customer service (including online chat), well designed and easy to use website, good prices. What's more to ask?
The website http://www.sslcertificatereviews.net/ lists the prices of the different certificate authority's SSLs. Plus there's coupons on the site too. Looks like a good place to do some SSL homework.
GoDaddy doesn't take a month off the length of the cert. They do start sending you reminders 60 days ahead that say your cert needs to be renewed in 30 days, but you get your full extra year. I've had the pleasure of doing this dozens of times for our certificates, the last thing we buy from GoDaddy after moving our domain business elsewhere.
All profits come from cross-selling, up-selling, and shady tactics.
A registrar that has sold 1 million domains at $10/year price, and does nothing else, is one that will make at most about $25,000/year in profit max after various costs (reg fees, support, etc), but more likely will be in the hole.
I stopped blaming GoDaddy a long time ago. This is just the nature of the game.
Never liked GoDaddy's service. There are several reasons why. So moved to namecheap.
But the point here is GoDaddy by default puts all your services on auto-renewal. I am a bit paranoid over what goes on in my accounts ( especially PayPal) so i had disabled the auto renew when i saw it.
Talking about price hike, thats a marketing strategy. You usually don't get coupon codes for renewals ( if you do get, those are usually for bulk renewals ).
These service providers always lure you to register at special prices so you stick with them forever and in this case it auto renewed :\
About the cert. expiration, that seems a bit odd but better talk to GoDaddy Support, they would help you out.
Same thing would have happened to me but my credit card on file expired. Talked to customer service and was never charged. Despite some of the obvious disadvantages of using GoDaddy, I've always gotten great customer service from them.
Was start date of the renewal term synced to the end date of the expiring term? If so it doesn't sound so shady to me. It seems logical that they would notify you and confirm your desire for a renewal prior to the end of the previous term rather than wait until the absolute last moment, especially with something like an SSL cert.
I'm not saying GoDaddy isn't shady. And they certainly are aggressive with their auto-renew policies. Heck how do you think they afford Superbowl ads and Danica Patrick at the prices they charge :) But the experience you described doesn't sound like a scam to me.
The same thing happened with a Network Solutions hosting plan I had. They auto-renewed me when I had over one month before renewal. Their service had been horrible on Drupal sites. Just the DNS resolution to my hosting account was taking 2-3 seconds. I enlisted an up-time monitoring service and found that my site was down frequently even while I was paying for this renewal I did not want. Shame such a dominant company in the 90s has basically laid the road map for shady hosting.
Yes, network solutions is also terrible. I still have a domain with them, and it takes five clicks just to get to the DNS management interface. Every step in the way they try to make as unclear as possible by flashing banners and shiny buttons in your face to get you to buy more of their services.
Another "scam" I associate with GoDaddy is that when you pick to pay for the Whois Privacy protection, you also get a 'Business Registration' fee added (like $5/year or something trivial).
All this fee does is list your domain name or something similar in a GoDaddy ran business directory -- useless.
It's an extra charge they hope you don't notice, and it's only added to your cart when you add Whois Privacy protection.
I also use GoDady because they are cheap and it does the job. For DNS, I use DNS Made Easy because it's never a good idea to have your DNSes at your registrar (if you ever need to move).
The trick with GoDaddy, don't check the box to leave your credit card with them. You'll then have to manually renew all services and you never run into the risk of forgetting to uncheck some auto-renew option...
I don't really see the problem here. GoDaddy products can be had very cheaply, they are so cheap with coupon codes the probably potentially make very little per sale.
All insurance companies work the same way, try hard to get a new customer, milk them dry on the tail end because they are too lazy to search out a better deal.
This isn't really a scam. I have dozens of domains with GoDaddy, as well as some of their other services. "How can I get the cheapest price" is a game we all play with them. Revision3 has a handy page with GD discount codes, and I've been referring to that page for years. I am helping keep Digg in business from the affiliate fees.
Can we agree the "auto-renew" was not scammy? They didn't rip you off a year. Just reminding you 60 days early as they should.
Can we agree its not shady or unethical to charge different prices for 1st year versus a higher price for subsequent year renewals? Or different prices for different people, in some type of A/B test? Everyone does that. Even amazon.com shows different prices to different people.
Can we agree their customer support was really helpful to you?
It's unethical to charge someone one price for a recurring service and then more than triple the price, in an opt-out fashion.
If you raise prices, you need to do your due diligence to make sure your customers are aware they're paying more. This kind of a price increase should really be opt-in rather than opt-out.
I totally agree with you. The same thing happened to me with another registrar/hosting company (ipage). Hosting for a year went from around $50 to over $100 with auto-renew. I did receive an email notifying me of the upcoming renewal but no price was included in the email.
When I confronted them after the fact they told me that the information was on their home page where it says something to the effect of "Hosting only $50/year" and then right underneath in small print "(save 50%)".
Maybe I should have assumed that saving 50% now meant I would be charged twice as much the next time but I guess I'm not that bright.
Also, when asked for an explicit price list in a chat session, they gave me a link to a page buried in the FAQ to which, they acknowledged, you couldn't get directly in any easy way.
Gandi has been nothing but ethical in my dealings with them.
You don't have to deal with the abuses of the godaddys of the world, you just have to be willing to pay a bit more to support companies that aren't out to fuck you over.
Yes, it's a scam. The fundamental basis of a contract is a meeting of the minds. If people think they are buying a cheap thing and then it turns out to be expensive, then there wasn't a meeting of the minds.
It happens to be a legal scam, but that doesn't make it much better.
It's ethical to auto-renew. It's ethical to raise prices. It is not ethical to auto-renew a raised price. Just because the pieces are OK doesn't mean the whole is.
I had the same problem, signed up last year, set it up a month later and now I'm getting time to renew emails. Also although its 'easy' to disable the auto-renew I've had products that still renewed after disabling the auto-renew.
For anyone who needs SSL certificate without perks, consider free one from http://www.startssl.com/
It do not offer strong encryption and do not do personal identification (obviously - it is free), but it is very cost-effective solution to have https:// on your website to prevent eyes droppers sniff traffic.
(not sure if it is enough for e-commerce, like google checkout tho)
Now you have no excuse to not have https:// in your website where people enter their passwords =)
This makes me happy that we decided to go with Digicert. Although not the cheapest their customer service is above par. We just got a renew (not auto-renew) notice 60 days from expiration. Not only where they offering a 15% discount on renewal but for every day early we renew we get 2 days added to the new cert. I.E. renew 60 days early on a 12 month cert and they give us 14 months.
The $12.99 price is a special price and always has been. You can still find discount codes and apply it to them when you renew to get it at the same price.
Godaddy can be insanely cheap if you never auto renew and always manually renew with discount codes.
Though yes you need to get off Godaddy. As do I. Just waiting for a little more revenue from my site to move to Rackspace Cloud :)
So obviously they should disable auto-renew by default and start emailing you the day before expiry, right?
Except that's nuts -- many of their customer's certs would lapse before they renewed. That's so bad that most sites should even put up with the extra 30 bucks to reduce their risk.
It's well known that domain/hosting companies often offer great discount for first year/payment, then charge for full price later. For example, Godaddy's $1.99 .info or Namecheap's free first year Privacy Guard or Gandi offers a free domain with their SSL cert.
Pay the protection money, get a string of bits which cost the vendor nothing to produce. Or choose between zero security or users' browsers whining about "self-signed certificate" every time they visit your site.
I know people who work for GoDaddy and the confusing website is part of the upsell. That GoDaddy would screw people with SSL certificates is no surprise.
My requirements for hosting are always 'Anyone but godaddy."
I used to have an 'Anyone but godaddy" policy. Then I ended up with some names at eNom and they just emailed me my password. Now I'm shopping around to move.
>I called GoDaddy Support this Sunday afternoon. While it was a long distance call, I only had to wait about a minute to reach a person in their Billing Department. They were happy to refund me the $49.99 after I deleted the cert and sent me the instructions to disable auto-renewals I linked to above.
This times 1000
I experienced this exact same issue. I was pretty pissed to say the least but I called, got a human in about 60 seconds, and they refunded me as well as told me how to disable auto renew. I see no problem here.
Not with my money. You taking my money without specifically asking means that I will never, ever do business with you again. (And that I'll specifically warn other people against dealing with you.)
"It's better to ask forgiveness than permission" is not a universal truth to be applied to every aspect of startups/tech work. It is often a good idea when there's a lot of bureaucratic red tape and/or you need to get approval from other people about things. This is a very different situation: you're charging your customers ~4x more than they originally paid for something automatically. Are there other companies that do this sort of thing? Sure. Maybe it makes sense financially, but it's not a good way to treat your customers.
To be honest, I have no interest in running a startup, so I avoid business-oriented threads. But I don't really believe that they advocate overcharging customers like this, with no warning.
If I'm wrong, please include a few citations and I'll admit it.
Yes. But, if you want me as a customer, you better hope that all your competition has similar business practices... otherwise you won't get me as a customer. It wouldn't surprise me if PG felt the same way when buying services; he just prefers to invest in companies with sharp business practices.
But, I guess that makes me a bad customer from the point of view of an investor. There are plenty of people who will just take it, and I can certainly see why investors would prefer to focus on those people.
It's also important to note that not everyone in the community shares similar standards. Hell, over time the same person might not even have similar standards.
Just run the arbitrage between 200+% incremental revenue on one side and % of customers lost + cost of customer service calls for customers who talk them back down to the original price. I'm pretty sure that the former will win for a business like GoDaddy.
Let's face it -- their entire checkout process is designed to generate incremental revenue and it's been optimized to balance vs. abandoned checkouts. Doesn't exactly reek of high regard for the customer. Reeks of maximizing revenue.
I'm playing devil advocate here: You should do research before you buy things. And it seems that the author knew Godaddy is notorious for shady practices.
"Caveat Emptor" doesn't excuse shady business practices. If I lose my money to a scam artist, I may be partially to blame, but that does not mean that the scam artist is excused, from a moral point of view.
Yes, but I'd not call what Godaddy doing scam. The practice of discounting first payment is popular with subscription business model, to lure customer into signing up. I don't know what the situation in the US is, but here in Germany for example a lot of newspapers often try to get people signed up with first two weeks for free, after 2 weeks you will be billed. Annoying it is, if you don't read the fine-print, but it doesn't make the practice illegal.
I called, got a human in about 60 seconds, and they refunded me as well as told me how to disable auto renew. I see no problem here.
Three problems: 1) You had to notice the price change. If you have never not noticed anything, then you might have gotten taken. 2) You had to have the will to object. Willpower is a limited commodity. Is vendor bullshit what you could best be spending it on? 3) Your time is worth something, and GoDaddy just wasted it because they can make more money that way.
At my company, our rough rule of thumb is that a technical person's time is worth $250/hr. (We don't pay them that much, but we care more about opportunity cost.) Even if GoDaddy's shenanigans only take 10 minutes, that's still $41.67 lost. And that's not even counting the fact that next time I do something with them I have to spend time figuring out how they're going to try to cheat me.
Dealing with asshole vendors is rarely worth it once you take everything into account.
Godaddy is he only place I've found "Extended Validation" certs at a reasonable price - $99 instead of $499+. I hate their website and crosselling, but I do appreciate as the author points out that they have people you can call - how many registrars have that?
Are there any alternatives for EV certs that are not a ripoff?
How arduous was the EV process? What did you have to provide as proof? I tried to go down this route with Comodo and it was a colossal waste of time. The documents they require would make the FBI blush.
Complain all you like but it seems at any given time I'm working for at least one organization that is running an expired SSL certificate on a server I need to use. More of these organizations should be using auto-renew.
At work we use RapidSSL (a division of GeoTrust) for a handful of certs. Last night I received an email with a banner warning me, "Your certificate is ABOUT TO EXPIRE". The email goes on to list the expiration date as "Oct 12, 2011". Four months is certainly generous notice, but I've always taken this as a simple marketing attempt to maintain customer loyalty.
Usually I take these emails as tickler reminders and delete the first couple. When I eventually decide it's time to renew, I pull up the site by typing the URL into the browser. Upon reading this article, I wondered whether following the link in the email would result in a different pricing structure. As it turns out, the answer is yes, though after playing around, it doesn't appear to have anything to do with the email link.
The first page of RapidSSL's order form handles both new orders and renewals with a pair of radio buttons. Another section of the form allows you to specify the validity period from one to five years. The prices appear alongside the choices, and are currently the same for both initial orders and renewals.
First I visited "www.rapidssl.com" and clicked the "buy/renew" link for a single domain cert. I got an order form with the following prices for 1-5 years:
49, 86, 122, 159, 196
Then I pasted the link from the email (which contains a fairly simple query string that does not appear to have a unique identifier in it) into a different browser. I clicked the "buy/renew" link for a single domain cert, I get the same form with the following prices:
79, 138, 198, 257, 316
It's interesting to me that the difference in price actually increases as the validity period increases:
30, 52, 76, 98, 120
Still more interesting, after resetting the browser and pulling up "www.rapidssl.com" directly, the prices are completely different:
29, 51, 72, 94, 116
I tried the email link one more time and got the 49-86-122 pricing again. Then I tried it one more time and got 19, 33, 48, 62, 76. So clearly RapidSSL is varying their prices on the fly, presumably to gain insight as to what people are willing to pay. I was ready to claim the link in the email yielded higher prices, but that seems not to be the case. So I guess after all that, this isn't particularly interesting. I'll definitely hit the site a few times when it comes time to purchase though.
Unfortunately the pricing structure for a wildcard certificate never seemed to vary.