The other day, I received an email from Go Daddy telling me that action was required for a domain name I had sold months ago. The email I received was the standard email that is sent when a transfer is initiated for a Godaddy-registered domain name, and it contained the security code and password needed to transfer the domain name.
For whatever reason, when I sold the domain name and it was transferred to Godaddy, my contact information was retained for the domain name. If you do a Whois lookup for this domain name, you will still see all of my information listed, as if I had never sold and transferred the domain name. Since the DNS had been changed by the buyer, I know it is in his account and he has control of the domain name, despite the Whois information.
If I had nefarious intentions, I could possibly transfer the domain name out of Godaddy, put privacy on it, and pretend to know nothing about it. Of course, I don’t have these intentions, but it is conceivable and that is problematic. At the very least, it would make proving an ownership change difficult if Escrow.com was used and the buyer decided to not acknowledge the transfer.
When you buy a domain name and transfer it to a new registrar, I strongly recommend you do a Whois search to be sure that you actually are listed as the registrant. It can take up to 24 hours for the new information to be reflected, but it’s important to note. If the information is not accurate, you should change it in your account as soon as possible.
One would hope your business colleagues are honest, but there are plenty of people that wouldn’t think twice about screwing you over and claiming it was an accident “oops, I forgot that I had sold the name!”
I think GoDaddy has an issue in their software. I’ve had this same kind of whois thing happen more than once.
It also seems to happen with the annual ICANN whois info confirmations. The domain doesn’t show in your account, but the ICANN whois notice still has the old info before it was sold and transferred.
That has happened to me before too, and I would guess it’s a related issue.
Another important thing to do is to CHANGE the EPP auth-info code too, after the transfer completes. Otherwise, the old registrant would have that knowledge (and if the domain name was ever unlocked, could transfer it away).
Registrars should be randomizing the EPP code so that it’s reset to a new value after a successful transfer, to save one having to do it oneself. Fortunately, I don’t do very many transfers, as I focus only on a small number of good domain names.