auctions GoDaddy Expired Auctions can be tricked

[Furquan]

Twitter user and Chinese domain investor posted that Godaddy Auctions allows people to use two bidder accounts on the same name and a lot of people are using it for tricking the auctions.
 

https://twitter.com/x/status/1678228128194256896

 

 

[Michael]

This topic is something I keep a closer eye on than most people. Let me start off by saying that I believe the only correct and fair way to do it, with the least possibility of gaming the system, is to re-auction the domain when the winning bidder doesn't pay. There is no legitimate reason this shouldn't be possible to do if they really wanted to.

Rolling back all the winner's bids is the next most fair, but it basically encourages abuse. You can run the bids up from practically nothing to an amount nobody else will participate in the span of a few minutes using two accounts, and you get the domain for a steal. I believe GoDaddy manually watches out for this and tries to remedy it before the auctions close, but they're clearly not perfect at it or the perpetrators would have given up by now. It has been an issue for a very long time.

I think the "fingerprint" should be fairly easy to identify, as the fake bidding war has to happen fast to ensure nobody else jumps in and sets a new floor for the rollback. Generally over a few minutes. And it also has to happen early in the auction before legitimate bidders join in. A typical auction would have most of the activity towards the end not the beginning, so it should be reasonably obvious to spot. But still, no matter how hard you try and how diligently you police it, people will find a way to game this.

Let's dig in to some actual data though. I took a 10 day window from June 8th through June 17th, during which time there were 18,486 expired auctions that ended with bids. Of those, 65 were rolled back any amount (0.35%), for a total dollar volume of rollbacks of $163,207. The average rollback amount was $2,510.88 and the median was $343.

But many of those were not rolled back because of the system being gamed, they were obviously just non-paying bidders. For example, nobody is going to create a fake account and waste time bidding to steal 09305․com for $35 instead of $80 (one of the actual rollbacks).

This is where it gets a little subjective, but I defined "gaming the system" as a rollback of > 40% of the original close price, AND a rollback dollar volume of at least $1k. These weren't chosen arbitrarily, I manually looked at the ones that were now excluded and none were questionable. Based on that, I would say 20 of the auctions were potentially gamed with this strategy (0.1%) during those 10 days, although some of them could have still been a standard non-paying bidder scenario.

Some of most egregious examples were:

5047․com from $6,205 to $1,225.
Spend․org from $15,251 to $6,456.
SsangYong․com from $46,000 to $135.
501․cc from $32,500 to $10,099.
CasinoChain․com from $9,014 to $1,136.
ProRadio․com from $6,640 to $665.
BellsNWhistles․com from $4,257 to $127.

Anecdotally, it seems to happen most often on numeric and SEO names at this point. Also keep in mind it's happening on around 1 in 1,000 auctions with bids, not 1 in 1,000 of total auctions. I'm not sure how many expired auctions there were in total during this period, but the percentage of total auctions gamed would be drastically lower. I'm guessing GoDaddy won't change much of anything with such a low percentage making it past what they're currently doing.

Anyway, hopefully this helps shed some light on the scope of the problem.

 

[Michael]

LETT.com just instantly skyrocketed from $50 to $23,000 with 10days left in auction. I looked, and sure enough it was only two bidders.

Latitudes.com and Oasis.org are also being gamed. Maybe HelloSociety.com too. Oasis was driven up from $250 to $16.5k between two bidders in the span of 10 minutes with 11 days left.

It doesn't inspire a lot of confidence in these new measures being announced that it takes all of a few minutes to find 3-4 auctions being actively gamed while they're supposedly being extra vigilant about it.

How many decades and how many millions in lost revenue will it take for GoDaddy to finally admit that the rollback system is fundamentally flawed and no half-measures can stop the abuse? It seems blatantly obvious to everyone except GoDaddy.

You have to re-auction the names, or if you can't be arsed to figure that out you need to delete anything with a 25%+ rollback, and let it end up at DropCatch where a fair and legitimate auction can actually take place. Never deliver a domain to a thief, period. No exceptions. Or it will not stop.

 

[Michael]

Some more interesting rollbacks:

1158․com from $113,000 to $30,500
MV․net from $37,555 to $1,025
TopWash․com from $7,000 to $415
ConnectApp․com from $5,700 to $370

 

[AbdulBasit.com]

I'm aware that sometimes if the winning bidder fails to make the payment at GoDaddy, then GD doesn't offers the domain to the 2nd highest bidder and lets it drop completely.


That's why we see sometimes the domain is reported at NameBio.com showing it sold for an X amount at GoDaddy but eventually selling it again in the next two months or so after going through an entire drop process and sometimes DropCatch or SnapNames grab it and auction it off.

 

[bmugford]

5065.com from $20,250 to $15…

@GoDaddy is making a mockery of domain auctions.

People are paying more for GoDaddy closeouts than scammers are paying for (5) figure domains.

There seems to be no actual sense of urgency to address this fraud.

Unless there is some hidden benefit to GoDaddy, like inflating the revenue when it comes to accounting or there are some insider shenanigans, the lack of action on this doesn't make any sense.

The amount of income this is costing GoDaddy in a couple weeks is likely higher than dedicating the resources to actually fix it.

GoDaddy has the data and could follow the trail to track down who is abusing the system.

If the rollback is automated, that is an issue.

If it was manual, it means someone at GoDaddy actually looked at this and thought $15 was reasonable.

Brad

 

[bmugford]

4172.com rolled back from $13,750 to $205

What a bunch of nonsense.

The scammers continue to be rewarded by getting valuable domains for peanuts.

This is a real black eye for GoDaddy. It is hard to trust any of the auction results at this point.

Outside one comment by Joe on Twitter, I have seen nothing else from GoDaddy regarding this very serious issue.

@Paul Nicks @Joe Styler @James Iles

Brad

 

[Michael]

In the case I mentioned earlier, that abuse was egregious.

(2) bidders ran the domain from $5K to $100K+

https://www.thedomains.com/2014/03/04/discoverindia-com-updated-and-now-closing-price-is-5047/

However, it would also not be possible without (2) bidders bidding $105K+ each.

I seems implausible that the "winning" bidder was actually willing to pay $105K...but got it for $5K.

As you can see from the comment that scheme blocks other legitimate bidders.

One comment says -

"I was willing to pay $7k for this domain, as I have a invested outside interest in it. I was unable to do that, because bogus bozos had it into 6 figures."

An example you gave is a perfect illustration of how this scheme can work, in a less egregious manner.

5047․com from $6,205 to $1,225.

All of a sudden the domain went from around market value to like 20% of market value.

There are certainly many people who would be willing to pay more than $1,225 for this domain but never had a chance to bid.

Brad

I'm not sure what you're driving at. I understand exactly how it works and the repercussions it has. That's why I'm saying a re-auction is the only way to do it. To be clear I mean an open re-auction, not just between the bidders of the failed auction.

But you can't re-auction expired domains. There's a limited time window. They might possibly re-do it faster at the expense of closeouts but they would need to modify their system and exclaim it's a re-auction and there will be no closeout.

Sure they can, they just pay to renew it. Even if 100% of them get no bids in the re-auction, I'm pretty sure they can swing $65 a day. And within a few weeks it'll stop happening entirely because it will be impossible to game.

 

[the_poet]

Why not require everyone who wants to bid over a certain amount a special certification or something similar, which is more in line with what Sedo does for bids over $10k.

 

[bmugford]

BQ․net from $37,500 to $1,630
7124․com from $14,000 to $5,100

So that is 2 LL.net that were rolled back into the $1K range.

Gee, I wonder if there is some funny business going on with the current auction MH.net at $57K.

or 1789.com at $110K
b66.com at $54K

or any the other CCC and NNNN at inflated prices.

Is @GoDaddy planning on doing anything about this?

@Paul Nicks @Joe Styler @James Iles

Brad

 

[Michael]

Did gifsoup.com sell for the 21350 final bid?

Nope, it was rolled back to $120.

Some other rollbacks since my last post:

MoonDog.com from $12,500 to $10.
MillionDollarIdeas.com from $7,200 to $515.
X8Bet.com from $67,666 to $10.
MyUniversity.com from $12,150 to $22.
AdPerk.com from $5,800 to $10.
UnleashedLife.com from $4,000 to $35.
FloHome.com from $30,278 to $25.
0241.com from $35,005 to $5,300.

GoDaddy would be doing themselves a huge favor if they would acknowledge that the rollback system is fundamentally flawed, and stop being content with band aids like manual policing.

 

[Michael]

Latitudes.com and Oasis.org are also being gamed. Maybe HelloSociety.com too. Oasis was driven up from $250 to $16.5k between two bidders in the span of 10 minutes with 11 days left.

It doesn't inspire a lot of confidence in these new measures being announced that it takes all of a few minutes to find 3-4 auctions being actively gamed while they're supposedly being extra vigilant about it.

How many decades and how many millions in lost revenue will it take for GoDaddy to finally admit that the rollback system is fundamentally flawed and no half-measures can stop the abuse? It seems blatantly obvious to everyone except GoDaddy.

You have to re-auction the names, or if you can't be arsed to figure that out you need to delete anything with a 25%+ rollback, and let it end up at DropCatch where a fair and legitimate auction can actually take place. Never deliver a domain to a thief, period. No exceptions. Or it will not stop.

Is GoDaddy selectively re-auctioning expired names? Latitudes.com was being auctioned in late August and was clearly being gamed, and it looks like the auction got cancelled before it ended. Then it just closed yesterday for $27,500 as an expired auction.

Another one I was keeping an eye on for clearly being gamed was MH.net which ended at $57,566 on July 30th. That wasn't ever rolled back, but it just closed at $12,595 yesterday as an expired auction.

Then you have Oasis.org which was being gamed at the same time as Latitudes. Seems that auction was also cancelled before ending. But that's somehow not being auctioned again, and is instead listed for sale on Efty by Nof Investments for $200k. How did he get it if the auction never closed and it wasn't re-auctioned? Are they now doing private, backroom deals for expired inventory too?

Really curious what is going on...

I haven't posted in a while because for the past couple months almost all of the rollbacks have been for SEO names, not names with intrinsic value, or the rollbacks have been very minor. The only ones I can think of recently that were worth noting was:

BornRich.com rolled back from $8,417 to $720.
Corrosion.com rolled back from $25,500 to $12,001.
8662.com rolled back from $15,250 to $6,655.
H48.com rolled back from $6,600 to $210.

Several 5Ns getting rolled back in a big way too, but otherwise it's junk names or minor rollbacks. Here's a pretty typical day of rollbacks to give you an example:

rcltexas.com from 5436 to 83.
52878.com from 4320 to 95.
cirtuks24.com from 2827 to 30.
flightsbank.com from 1025 to 290.
breezeby.com from 729 to 370.
bo778.com from 668 to 25.
feldsparpetspa.com from 652 to 65.
materiel-sage-femme.com from 597 to 55.
dixiebeverageliquor.com from 596 to 41.
storymorie.com from 551 to 26.
selfnote.com from 544 to 524.
mangwondo.com from 513 to 26.
hotelpuccini.com from 485 to 57.
campchyoca.com from 437 to 185.
cradle-song.com from 419 to 22.
pausewithpittsburgh.com from 405 to 205.
gfcv.com from 397 to 149.
exguides.org from 357 to 227.
sierraclubfloridanews.org from 349 to 335.
keo88.org from 60 to 35.
naturesbreath.org from 50 to 30.
sproutyield.com from 30 to 25.
katcha.co from 30 to 25.
modernessentialsshop.com from 15 to 10.

 

[Omega Assets]

BQ․net from $37,500 to $1,630
7124․com from $14,000 to $5,100

Who knows for how many years this has been going on. Some people have gotten some incredible deals. No reply from @James Iles yet? or @Paul Nicks ?

 

[Michael]

3270․com rolled back from $9,988 to $1,165. Nice deal, congrats to the buyer

 

[GNP]

This is what Dynadot are trying to combat by offering the domain to the 2nd bidder for their top bid instead of retracting all the top bidders bids. Shill bidding will always be a problem but I'm not sure there's a way to combat it and make everyone happy

And what Dyandot is doing is arguably shill bidding too, since either ALL the bids by the "shill" are shill bids or NONE of them are. ARBITRARILY deciding that their top bid is a "shill" bid, while their lower bid(s) are NOT shill bids makes no logical sense. (Though it does present the opportunity for shills to work for/on behalf of the marketplace, to increase the fees received. I believe there have been cases where this has happened.)

There are several things that COULD be implemented to help greately reduce shill bidding, IF domain marketplaces actually wanted to restrict it. On the other hand, since marketplaces likely gain financially from it, they seemingly choose to ignore it instead working on fixing it.
#1. Make it so if the domain price is over X amount the bidder has to be verified (say a scan of their ID, passport, business registration with the government, etc), in order to bid.
#2. Make it so a bidder is only allowed ONE domain AUCTION account per person / registered business, see #1. Account restriction is ONLY for auctions, does NOT apply to having accounts for holding domains and/or for BIN / Best Offer type transactions.
#3. Make it so a % of the bid amount is automatically charged (say 5% to 50% "earnest money" depending on risk factors) or must be kept in the bidding account. If they win the domain that amount counts toward the purchase price, if they fail to pay the remainder, they forfeit the amount charged.

The two MAIN reasons shill bidding works is the one-time FREE non-payment + easy of creating a new auction account. (I understand that it can be difficult to control creating new accounts, especially for international bidders, but if the "scammers" know they would have to pay 10% of their 30K winning bid, even if they refuse to pay the rest, they won't shill bid, since it would COST them more money than the domain is worth.)

 

[mdent]

There is actually an easy solution to this issue, I'm surprised nobody is doing it.

Allow bids UNDER the current price.

At any time during the auction, you may enter any amount as your proxy bid, regardless of the current price.

Here's an example scenario to demonstrate how it works:

Let's say they're auctioning a decent 4L domain, liquid value around $500. ShillBidder & BullshitKing enter in a bidding war right as the auction becomes available, and they finally stop $5000, with ShillBidder in the lead. If they were to roll back all bids from ShillBidder, BullshitKing would take the domain for $20.

However, BuyEverything entered a late proxy bid of $350, HugeEverything entered a late proxy bid of $450, and I also entered a late proxy bid of $495. The auction ends.

When ShillBidder doesn't finalize the purchase, they are removed from the auction, penalized, and we go to the next highest bidder, which is BullshitKing. Since I was able to enter the auction after their shill bidding, the auction is only rolled back to my bid plus the $5 increment, $500 total. If BullshitKing also declines to complete to purchase at this price, their bids are also removed, and the auction is rolled back to me. I complete the purchase at the high bid of HugeEverything plus increment, $455 total. If I also turn out to be a scam artist, HugeEverything gets a crack at the domain for $355. Etc.

I think it's an intuitive system that can be explained simply to retail customers, too.

 

[bmugford]

https://twitter.com/x/status/1684975050104168448

Screenshot if you can't see it:
Show attachment 243764

It is basically the best names, and specifically certain formats.

People are not using this scam to get $100 domains for $20. They are using it to get domains worth thousands, or tens of thousands, for peanuts.

GoDaddy needs to do more than some random quote on Twitter.

This is a problem that has been going on for years.

This issue causes damage to legitimate bidders, their venue, and the domain industry itself.

At this point the auction results are highly questionable.

Does anyone really believe current auction MH.net is going to get paid for at the current top bid of $57K+, when two other LL.net were rolled back into $1K range? How about the top bidder on 1789.com at $110K+, or all the other CCC and NNNN.

These rollbacks of valuable domains make it nearly impossible to trust the auction results.

Brad

 

[bmugford]

I created a thread on another forum about this issue in March 2014. Even at that point, this issue had existed for years. That thread ended up with 474 comments and many examples.

Here is an example of it in action -

https://www.thedomains.com/2014/03/04/discoverindia-com-updated-and-now-closing-price-is-5047/

In that case they rolled back the bids, but you can see how a domain went from $5K to $100K+ with people playing games.

You can even see my comment there -

Brad Mugford says

MARCH 4, 2014 AT 7:07 PM

Paul,

I have seen this type of bidding activity before many times. I explained what normally happens in the other thread. I have also pointed out specific examples of this in the past to various parties @ GoDaddy.
In summary, this normally involves at least two bidders running an auction up past a reasonable price, then the high bidder does not pay and the 2nd bidder gets it for a huge discount with their bids removed.
One thing you have to realize in this specific situation is it took 2 bidders to run the price up to $106,000. Even if one bidder is a shill, the current high bidder also had to bid for the price to make it there.
Is it plausible someone would legitimately bid $100K+ on this domain name? I don’t think so.
The fact that GoDaddy allows public anonymous bidding just leaves this open to games like this. Changes really need to be implemented to stop this sort of thing from happening as often as it does.


That was 9+ years ago.

Brad

 

[Sutruk]

This is what Dynadot are trying to combat by offering the domain to the 2nd bidder for their top bid instead of retracting all the top bidders bids. Shill bidding will always be a problem but I'm not sure there's a way to combat it and make everyone happy

I have to point out that I would support this case only if the auction house offers the domain to the 2nd highest bidder for their top bid as an option, and never as a must.

I mean, the proper process should be:

1. Offer the domain to the second bidder for their top bid, but as an option, not as a must.
2. If the second bidder rejects, then repeat the auction.

Sometimes, if the winning bidder has inflated the auction so much, the second highest bidder may not want to purchase the domain for their second top bid.

But, other times, the second highest bidder would like to purchase the domain for their top bid, because the winning bidder (and non payer) did not inflate the auction that much.

And I say this because it once happened to me, when I was the second highest bidder. And in that case I would have purchased the domain for my top bid, which I finally couldn't because the auction was not repeated for that domain.

 

[nametrekker]

I'm naive, I guess

I assumed such activity would be criminal but I guess things like this happen in auctions, whether domains, art, homes, etc --- they need to implement a system to obviate shill bidders and/or make the fake high bidders make payments with debit cards or bank accounts that reflect funds avail in real-time

 

[Future Sensors]

What a bunch of nonsense.

The scammers continue to be rewarded by getting valuable domains for peanuts.

This is a real black eye for GoDaddy. It is hard to trust any of the auction results at this point.

Outside one comment by Joe on Twitter, I have seen nothing else from GoDaddy regarding this very serious issue.

@Paul Nicks @Joe Styler @James Iles

If they don't want to react, a list of GoDaddy Analyst contacts is on this page:

https://aboutus.godaddy.net/investor-relations/stock-information/default.aspx

 

[clarkemarketing]

LETT.com just instantly skyrocketed from $50 to $23,000 with 10days left in auction. I looked, and sure enough it was only two bidders.

 

[bmugford]

That's actually a cool strat I was unaware of. So the buyer actually gets it for the starting price, right?

Question is, how on earth does GoDaddy not care about that? That looks like something that would lose them heaps of money and they are all about money.

Also, I guess the new "shill" accounts get banned, but can they not see when a person is constantly bidding in 2-person auctions where the other account is new and doesn't pay?

Well, this is one of the reasons people like myself rarely bid on GoDaddy auctions anymore.

As a legitimate bidder, I am not all that interested in playing auction games.

I consider the practice to be unethical, but GoDaddy has known about these issues for a long time. I have brought this up with many people at GoDaddy over the last decade plus.

It is bad for everyone involved, other than the people scamming the system.

It blocks a lot of legitimate bidders from even being involved in the first place.

All you need is what $4.99 to create a burner auction account?

GoDaddy needs to fix their system. There are multiple ways they could do it.

Brad

 

[Michael]

This main point is this is a problem that has existed for many years.

My guess is the scheme is going to target domains with obvious value, like NNNN.com for example.

People are only going to do this when it is worthwhile.

In that 5047.com example the 2nd bidder essentially made at least a few thousand dollars from the top bidder not paying.

If the secondary bidder was involved or not, who knows, but the system needs to be fixed.

As the system is designed now, it incentivizes abuse.

Let's take a look at GoDaddy expired auctions right now -

9081.com $29,000 (10 days left)
7860.com $21,500 (9 days left)
8794.com $12,750 (4 days left)

Who knows what to actually believe on these.

Brad

During the window I looked at there were four NNNN.com auctions at GoDaddy and only one of them was rolled back. And I'm guessing it was probably actually a standard non-paying bidder, as it wasn't wildly above wholesale. But obviously no way to be sure.

Here are some other liquid/short name rollbacks going back another 35 days from the initial window:

26x․com from $4,444 to $550
oAir․com from $9,088 to $15
6v․net from $8,100 to $15
8y․net from $7,500 to $520
6y․net from $7,200 to $15
NDTC․com from $3,800 to $45
GBQP․com from $4,750 to $60
2006․com from $91,000 to $20,250
2875․com from $31,399 to $8,100
994488․com from $4,850 to $128
TD7․com from $4,000 to $15
ZS8․com from $6,600 to $1,100
588888․com from $34,500 to $45
TWCI․com from $3,250 to $265
883․cc from $55,500 to $15,050
OHTY․com from $3,000 to $62
F6․net from $9,088 to $32

Pretty nutty...

 

[Michael]

Yeah, this is the problem.

OAIR.com $15. TD7.com $15.
(3) CC.net for under $32.

These NNNN.com are worth far more than their adjusted prices.

Complete nonsense.

It shows exactly how the system can be abused for desirable domains.

Some people are making thousands and thousands of dollars with this scheme.

Thanks for sharing this info.

Brad

If you look at the CC.net ones that were obviously gamed, unsurprisingly they're under privacy. But three of them are pointed at 4.cn and two of the three have this very specific description in the listing:

买域名找4.cn-luky

If you do a Google search for this:

site:4.cn "买域名找4.cn-luky"

You get a bunch of results. If you check the domains that have this exact description in their listing, most of them are under privacy, but so far I've found three that were not:

73297.com
37592.com
31912.com

All of them had the same registrant, whose email is associated with several CC.com and CC.net. Weird huh.