Ready For A Good Laugh

Jimi Thompson jimi.thompson at gmail.com
Fri Jun 10 03:22:09 UTC 2011


Ok, I have to paste this in time order so that the rest of you can play
along....

it all started when I tried to transfer in a new domain name for - of all
people, my future father in law.  I am SO not screwing that up because I
don't want to hear it at every family gathering....  Since my hunny bunny
who is somewhat technical has been managing it, he wanted me take it over
mainly so that we could host his email on the server I already run.  I
apologize in advance for the HTML email, but plain text just can't convey
some things - including the phishy appearance of the official emails that
come from these people.

Email #1 - Dated May 4

*
Aplus.Net
110 East Broward Boulevard, Suite 1650
Fort Lauderdale, FL 33301
Phone: 1.877.275.8763
*

  *
Customer Information*

Name: Jimi Thompson


     Customer number:
     *
Amount due:    *

   All amounts in US dollars.   *Service Description* *Term* *Total*  Domain
Registration -- Domain name: XXXXXXX -- Ongoing fee from 2011-05-04 to
2012-05-04 1 year $12.99
1 month $0.00  *Total Savings*   *$0.00*  *Total Due Now*   *$12.99*

Keep in mind that this is just the domain registration - NO hosting.  I do
my own hosting.  So I get this on May 5.

Congratulations on your decision to host with Aplus.net!
We're proud to have your business, and we're committed
to making your web hosting experience a success.

This email provides you with information on how to get started.
Please keep this message for future reference.

Thanks again for choosing Aplus.net!

Best regards,

Your Aplus.net Team


Now what I can't paste in here are the several rather heated telephone
conversations we had because they don't preserve the DNS servers when a
domain name is transferred to them.  Oh, no... YOU get a parking page until
the transfer is complete and you can manage the name servers. And I was
informed that the transfer would take at least 5 business days. And the user
interface doesn't allow you to set the DNS servers until after the transfer
is completed.With the weekend included, that was nearly a full week of down
time.  Completely unacceptable.    Finally, they agreed to cancel the
transfer.  This missive arrives after a few hours of wrangling with their
tech support and DNS support people, who incidentally are also unable to set
the name servers until the transfer is complete.  And during all this, I am
required to recite both my user name and password.  Since one phone call
happened at Taco Bell during my lunch break, I'm understandably upset over
having to give sensitive credentials in order to attempt to obtain some
assistance.

Dear Jimi Thompson

We confirm that the following domain transfer has been cancelled.
Followed Immediately By This

Dear valued customer,

Your email has been received by the Aplus.net Support Team. One of our
technical support representatives will review and respond to your request.

Should you have an immediate question or concern, please call us at
877.275.8763, or try our chat service at www.aplus.net (select Technical
Support). Our reps are available 24 hours a day, 7 days a week.

If you have questions related to the recent platform enhancements, please
visit http://faq.aplus.net to view answers to many frequently asked
questions.

Thank you for choosing Aplus.net. We appreciate your continued business.

Sincerely,
Aplus.net

And not long after that arrived, I got this:

Hello Jimi,

Thank you for contacting Aplus.net Technical Support!

We have forwarded your question on to our Customer Service Department team,
and they will be able to assist you with this issue. You will be hearing
back from them directly. If you prefer to contact Customer Service
Department directly, you can reach them at billing at cs.aplus.net or by phone
877-275-8763 option 3+1 for United States and 858-410-6929 option 3+1
Worldwide.

For more information about the Aplus.net Upgrade or for answers to
Frequently Asked Questions please visit our Aplus.net FAQ at
http://faq.aplus.net.

To find out more about how to set up your email account visit
http://faq.aplus.net/email

To find out more about domain registration visit http://faq.aplus.net/domain

To find out more about how to connect to your site using FTP visit
http://faq.aplus.net

To find out more about new DNS settings visit http://faq.aplus.net/dns


Did You Know?

You can review or submit tickets to the Aplus.net Support Team through your
control panel. To review or submit a ticket simply take the following steps:

1. Log into your control panel.
2. Select "My Account".
3. Click on the "Tickets" icon.

To assist us in serving you better, please do not delete any portion of the
Technical Support Specialist correspondences.

For your convenience we are available 24 hours a day, 7 days a week and
invite you to contact us if you have any additional concerns.

Regards,

Sylvia Y.
Technical Support Specialist

APLUS.NET <http://aplus.net/>, a Deluxe Company
Phone: 877.275.8763
Email: support at aplus.net
www.aplus.net


 I'm having a Foamy the Squirrel moment by this point.  All I want is my
dang $12.99 back and by now it's completely a matter of principle.  After a
few more phone calls during which I was forced to give both the user name
and password yet again - full credentials - over my cell phone to the
registrar, I finally get this.  Having to give out my user name and password
is flatly ridiculous.  Fortunately, I'm able to find a private area where I
can do this without being overheard.

On May 5, 2011, a Refund of USD $ 12.99 was successfully applied to your
credit card.

Amount processed: USD $12.99
          TOTAL: USD $12.99


Questions? Our staff of professionals are ready to assist you, 7 days a
week, 24 hours a day. Contact us by email at support at cs.aplus.net or by
phone toll-free at 877-275-8763. For billing assistance, please email
billing at cs.aplus.net.

We want to make sure you're satisfied with your Aplus.Net account, and we
look forward to providing you with highest level of service possible. Please
don't hesitate to contact us with any questions or concerns.

On June 1, I log in to transfer some more domain names to my new domain
registrar.  I find that these <insert expletive here> are not only still
showing my FIL's domain but have it set to autorenew.  So I write to inform
them that they are not the registrar of record and that this should be
removed as they are not authoritative for it.  Mind you that attached to
this missive was the entire thread for the cancellation and the refund,
which they could easily have verified on their end using their own
transaction numbers.  Note the multiple fonts and font sizes and how the
last sentence cuts off.  My hunny bunny thought it was a phishing attempt.
Had I not initiated the contact with them, I would have too.

Here's what I got back:

Jimi,

Good Morning, Thank you for contacting Aplus.net, a Deluxe company!
For security we will need you to verify your registration number and the
main account password please.
Once verified we are able to process your request.
If you have any questions we have agents available on the telephone and

Regards,

Billing Department
APLUS.NET <http://aplus.net/>, a Deluxe Company
877-275-8763
International 858.410.6929 Option 3 then 1



At this point, I'm pretty angry and pretty fed up with their craptastic
security model.  And so yes, they got a very snarky reply.  Why?  Because
they had the nerve to tell me over the phone that they are protecting me
from the theft of my domains by asking me to send via an unecrypted email
the necessary account information to log in and transfer those domains.
WTF????  But wait... it gets better.... MUCH MUCH better, in fact.

Wow...  I'm supposed to hand over my log in credentials over the phone.  I'm
certainly NOT doing that via email.  Seriously?????  Do you people have any
concept of security???????? At all?  And I'm supposed to trust you with
important business assets for myself and my customers....

Now I'm going to go off on you people - What kind of crack are you people
smoking?  If you even for a moment think that I'm going to email you what
amounts to my user name and password to the entire account you are either A)
very high in which case you think this o.k. to do or B) such complete
window-licking morons who are obviously wearing your foam helmets cinched
down a little to tight since they seem to have cut off the miniscule blood
supply to your tiny brains.

Considering that this is the email account you have on file, this is just
another reason that I'll be changing registrars.  I've already moved 5 of my
domains and I'll keep moving the rest.



The reply I get some hours later...

Jimi,



      Good afternoon, to make any changes to your account you will need
      to verify yourself. You do this by verifying the main account
      password, if you do not have this we can send it to the email on
      file.

      If you are not comfortable emailing this information then you will
      need to call in and speak with an agent.


    Regards,

Billing Department
APLUS.NET <http://aplus.net/>, a Deluxe Company
877-275-8763
International 858.410.6929 Option 3 then 1




Since they started advertising that they're "a DeLuxe Company", I figured
I'd hunt down the parent corp in the hopes that there is someone there who
might have an idea of what a clue is.  And the answer is no...

Good morning.  My name is Jocef Knapp and I am a member of Aplus.net's
Escalations & Retentions team.  I was hoping to speak to you regarding your
post on the Deluxe Blog (copied below).  We appreciate your business as well
as any feedback regarding our services, support, and policies.  While I
understand your position and your worries about giving out information over
the phone and email, please try to understand this practice.  Webhosting and
domain registration as an industry experiences a very high amount of
attempted theft and fraud.  In many cases once an account is compromised,
rights to the domain name, files, and emails are unable to be fully
recovered, and often will lead to lengthy legal battles.  Therefore,
security of our customers' accounts is of the upmost important to us, and we
do our best to not divulge any account information or give account details
away.  This means that each request for support that may involve the
slightest account details must first go through a procedure to verify that
we are speaking only to the account holder, or a person to whom they have
authorized account access.  The goal is to provide the best customer support
experience possible while protecting the account security of the customer
and our company from litigation.

   In order to verify that we are speaking to an authorized user, it is our
standard procedure to ask for the account password.  This includes phone,
chat, and email conversations.  It is not flawless, as you said emails are
never completely secure.  However, I have been with Aplus.net for several
years, and have seen several verification methods come and go, and this
procedure seems to work best.  Should you not feel comfortable sharing this
information over email, we do offer both live chat and phone support 24
hours a day, 7 days a week.  I understand that you may not feel comfortable
giving this information over the phone in some environments, unfortunately
we cannot control where you make your phone calls from, or who may be in
earshot of your voice.  We can simply secure our end of things, and provide
you with alternative means to reach us for support.

  Should you not have your password or truly not feel comfortable at all
sharing it, you may request that our support contact you directly at the
home or business phone number on file for your account.  We will get back to
you as soon as possible.  Should this still be unacceptable or if you have
no access to your account information, your case may be escalated, however
this may involve a slightly longer turn around time.

Again, we appreciate your business and I am sorry that you are frustrated
with our verification policies, I hope my email helps in this regard.  If
you have any questions or concerns regarding our verification policy, please
do not hesitate to contact me


 Jocef Knapp
Sr. Technical Lead
Escalations and Retentions
APLUS.NET <http://aplus.net/>, A Deluxe Company
[image: Phone]1-888-771-7587 ext. 646808
[image: Email]jocefk at aplus.net
[image: Aplus.net Logo]



Thanks,

Jimi



More information about the NANOG mailing list