Ok, I have to paste this in time order so that the rest of you can play along.... it all started when I tried to transfer in a new domain name for - of all people, my future father in law. I am SO not screwing that up because I don't want to hear it at every family gathering.... Since my hunny bunny who is somewhat technical has been managing it, he wanted me take it over mainly so that we could host his email on the server I already run. I apologize in advance for the HTML email, but plain text just can't convey some things - including the phishy appearance of the official emails that come from these people. Email #1 - Dated May 4 * Aplus.Net 110 East Broward Boulevard, Suite 1650 Fort Lauderdale, FL 33301 Phone: 1.877.275.8763 * * Customer Information* Name: Jimi Thompson Customer number: * Amount due: * All amounts in US dollars. *Service Description* *Term* *Total* Domain Registration -- Domain name: XXXXXXX -- Ongoing fee from 2011-05-04 to 2012-05-04 1 year $12.99 1 month $0.00 *Total Savings* *$0.00* *Total Due Now* *$12.99* Keep in mind that this is just the domain registration - NO hosting. I do my own hosting. So I get this on May 5. Congratulations on your decision to host with Aplus.net! We're proud to have your business, and we're committed to making your web hosting experience a success. This email provides you with information on how to get started. Please keep this message for future reference. Thanks again for choosing Aplus.net! Best regards, Your Aplus.net Team Now what I can't paste in here are the several rather heated telephone conversations we had because they don't preserve the DNS servers when a domain name is transferred to them. Oh, no... YOU get a parking page until the transfer is complete and you can manage the name servers. And I was informed that the transfer would take at least 5 business days. And the user interface doesn't allow you to set the DNS servers until after the transfer is completed.With the weekend included, that was nearly a full week of down time. Completely unacceptable. Finally, they agreed to cancel the transfer. This missive arrives after a few hours of wrangling with their tech support and DNS support people, who incidentally are also unable to set the name servers until the transfer is complete. And during all this, I am required to recite both my user name and password. Since one phone call happened at Taco Bell during my lunch break, I'm understandably upset over having to give sensitive credentials in order to attempt to obtain some assistance. Dear Jimi Thompson We confirm that the following domain transfer has been cancelled. Followed Immediately By This Dear valued customer, Your email has been received by the Aplus.net Support Team. One of our technical support representatives will review and respond to your request. Should you have an immediate question or concern, please call us at 877.275.8763, or try our chat service at www.aplus.net (select Technical Support). Our reps are available 24 hours a day, 7 days a week. If you have questions related to the recent platform enhancements, please visit http://faq.aplus.net to view answers to many frequently asked questions. Thank you for choosing Aplus.net. We appreciate your continued business. Sincerely, Aplus.net And not long after that arrived, I got this: Hello Jimi, Thank you for contacting Aplus.net Technical Support! We have forwarded your question on to our Customer Service Department team, and they will be able to assist you with this issue. You will be hearing back from them directly. If you prefer to contact Customer Service Department directly, you can reach them at billing@cs.aplus.net or by phone 877-275-8763 option 3+1 for United States and 858-410-6929 option 3+1 Worldwide. For more information about the Aplus.net Upgrade or for answers to Frequently Asked Questions please visit our Aplus.net FAQ at http://faq.aplus.net. To find out more about how to set up your email account visit http://faq.aplus.net/email To find out more about domain registration visit http://faq.aplus.net/domain To find out more about how to connect to your site using FTP visit http://faq.aplus.net To find out more about new DNS settings visit http://faq.aplus.net/dns Did You Know? You can review or submit tickets to the Aplus.net Support Team through your control panel. To review or submit a ticket simply take the following steps: 1. Log into your control panel. 2. Select "My Account". 3. Click on the "Tickets" icon. To assist us in serving you better, please do not delete any portion of the Technical Support Specialist correspondences. For your convenience we are available 24 hours a day, 7 days a week and invite you to contact us if you have any additional concerns. Regards, Sylvia Y. Technical Support Specialist APLUS.NET <http://aplus.net/>, a Deluxe Company Phone: 877.275.8763 Email: support@aplus.net www.aplus.net I'm having a Foamy the Squirrel moment by this point. All I want is my dang $12.99 back and by now it's completely a matter of principle. After a few more phone calls during which I was forced to give both the user name and password yet again - full credentials - over my cell phone to the registrar, I finally get this. Having to give out my user name and password is flatly ridiculous. Fortunately, I'm able to find a private area where I can do this without being overheard. On May 5, 2011, a Refund of USD $ 12.99 was successfully applied to your credit card. Amount processed: USD $12.99 TOTAL: USD $12.99 Questions? Our staff of professionals are ready to assist you, 7 days a week, 24 hours a day. Contact us by email at support@cs.aplus.net or by phone toll-free at 877-275-8763. For billing assistance, please email billing@cs.aplus.net. We want to make sure you're satisfied with your Aplus.Net account, and we look forward to providing you with highest level of service possible. Please don't hesitate to contact us with any questions or concerns. On June 1, I log in to transfer some more domain names to my new domain registrar. I find that these <insert expletive here> are not only still showing my FIL's domain but have it set to autorenew. So I write to inform them that they are not the registrar of record and that this should be removed as they are not authoritative for it. Mind you that attached to this missive was the entire thread for the cancellation and the refund, which they could easily have verified on their end using their own transaction numbers. Note the multiple fonts and font sizes and how the last sentence cuts off. My hunny bunny thought it was a phishing attempt. Had I not initiated the contact with them, I would have too. Here's what I got back: Jimi, Good Morning, Thank you for contacting Aplus.net, a Deluxe company! For security we will need you to verify your registration number and the main account password please. Once verified we are able to process your request. If you have any questions we have agents available on the telephone and Regards, Billing Department APLUS.NET <http://aplus.net/>, a Deluxe Company 877-275-8763 International 858.410.6929 Option 3 then 1 At this point, I'm pretty angry and pretty fed up with their craptastic security model. And so yes, they got a very snarky reply. Why? Because they had the nerve to tell me over the phone that they are protecting me from the theft of my domains by asking me to send via an unecrypted email the necessary account information to log in and transfer those domains. WTF???? But wait... it gets better.... MUCH MUCH better, in fact. Wow... I'm supposed to hand over my log in credentials over the phone. I'm certainly NOT doing that via email. Seriously????? Do you people have any concept of security???????? At all? And I'm supposed to trust you with important business assets for myself and my customers.... Now I'm going to go off on you people - What kind of crack are you people smoking? If you even for a moment think that I'm going to email you what amounts to my user name and password to the entire account you are either A) very high in which case you think this o.k. to do or B) such complete window-licking morons who are obviously wearing your foam helmets cinched down a little to tight since they seem to have cut off the miniscule blood supply to your tiny brains. Considering that this is the email account you have on file, this is just another reason that I'll be changing registrars. I've already moved 5 of my domains and I'll keep moving the rest. The reply I get some hours later... Jimi, Good afternoon, to make any changes to your account you will need to verify yourself. You do this by verifying the main account password, if you do not have this we can send it to the email on file. If you are not comfortable emailing this information then you will need to call in and speak with an agent. Regards, Billing Department APLUS.NET <http://aplus.net/>, a Deluxe Company 877-275-8763 International 858.410.6929 Option 3 then 1 Since they started advertising that they're "a DeLuxe Company", I figured I'd hunt down the parent corp in the hopes that there is someone there who might have an idea of what a clue is. And the answer is no... Good morning. My name is Jocef Knapp and I am a member of Aplus.net's Escalations & Retentions team. I was hoping to speak to you regarding your post on the Deluxe Blog (copied below). We appreciate your business as well as any feedback regarding our services, support, and policies. While I understand your position and your worries about giving out information over the phone and email, please try to understand this practice. Webhosting and domain registration as an industry experiences a very high amount of attempted theft and fraud. In many cases once an account is compromised, rights to the domain name, files, and emails are unable to be fully recovered, and often will lead to lengthy legal battles. Therefore, security of our customers' accounts is of the upmost important to us, and we do our best to not divulge any account information or give account details away. This means that each request for support that may involve the slightest account details must first go through a procedure to verify that we are speaking only to the account holder, or a person to whom they have authorized account access. The goal is to provide the best customer support experience possible while protecting the account security of the customer and our company from litigation. In order to verify that we are speaking to an authorized user, it is our standard procedure to ask for the account password. This includes phone, chat, and email conversations. It is not flawless, as you said emails are never completely secure. However, I have been with Aplus.net for several years, and have seen several verification methods come and go, and this procedure seems to work best. Should you not feel comfortable sharing this information over email, we do offer both live chat and phone support 24 hours a day, 7 days a week. I understand that you may not feel comfortable giving this information over the phone in some environments, unfortunately we cannot control where you make your phone calls from, or who may be in earshot of your voice. We can simply secure our end of things, and provide you with alternative means to reach us for support. Should you not have your password or truly not feel comfortable at all sharing it, you may request that our support contact you directly at the home or business phone number on file for your account. We will get back to you as soon as possible. Should this still be unacceptable or if you have no access to your account information, your case may be escalated, however this may involve a slightly longer turn around time. Again, we appreciate your business and I am sorry that you are frustrated with our verification policies, I hope my email helps in this regard. If you have any questions or concerns regarding our verification policy, please do not hesitate to contact me Jocef Knapp Sr. Technical Lead Escalations and Retentions APLUS.NET <http://aplus.net/>, A Deluxe Company [image: Phone]1-888-771-7587 ext. 646808 [image: Email]jocefk@aplus.net [image: Aplus.net Logo] Thanks, Jimi