Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Daily Diamond

Sedo allows ME to edit YOUR listings. Yes, really!

Status
Not open for further replies.

ImageAuthors

Level 8
Legacy Exclusive Member
Joined
Jul 11, 2011
Messages
1,259
Reaction score
147
This morning I logged in to Sedo and was surprised to notice that I had access to somebody ELSE's domain listings in addition to some of my own.

While Sedo was in the middle of assuring me that these were only "pending listings", I changed the price of Ability.info (not my domain) from over $6,000 to just $100 and proceeded to buy it. However, since Ability.info was "mine" (it isn't, remember), Sedo wouldn't allow the transaction to proceed. Sedo didn't seem to understand why this would be a problem. Perhaps you'd like to buy Ability.info for 1/60th the price set by its rightful owner and educate Sedo about why this matters.

Meanwhile, who knows who can edit my listings or yours.

Below is my complete conversation with Sedo from just minutes ago. I've changed the individual's names and nothing else:


Sedo Employee: Hi, my name is Sedo Employee. How may I help you?

Me Myself and I: By firing somebody. I don't know who yet.

Sedo Employee: Hello

Me Myself and I: I just logged into my account and found that I have control of somebody ELSE'S domains.

Sedo Employee: Okay, just one moment

Me Myself and I: Some of mine are there.

Me Myself and I: But many domains belong to some other person.

Sedo Employee: okay, have you recently updated your domain list?

Sedo Employee: these domains may be pending verification

Me Myself and I: I sent Sedo a bulk upload spreadsheet in January ... which you guys are still trying to figure out.

Sedo Employee: just one moment

Me Myself and I: It hasn't been processed yet, to my knowledge.

Me Myself and I: I cannot verify that all of my domains are present in my own account.

Me Myself and I: For all I know, somebody ELSE is now in control of my domain listings.

Sedo Employee: Just one moment, I've sent a message to our security and compliance department

Sedo Employee: domains can only be listed in one account at a time, so if the domains are listed in your account, they cannot be listed elsewhere

Me Myself and I: I also sent an email to Mr. So-And-So (my contact at Sedo) a few minutes ago.

Me Myself and I: Not according to what I see. I found numerous domains from somebody else's account in my "My Domains" tab.

Me Myself and I: And the total number of domains in my account is now less than it was before.

Me Myself and I: So some of mine have gone missing.

Sedo Employee: okay, I can also check with your account manager

Sedo Employee: do you have an up to date Excel file that you could send us? That way we can make sure all your domains remain listed

Me Myself and I: The one I sent around January 30 is close enough to up to date.

Me Myself and I: I've sent it twice, I believe.

Sedo Employee: okay

Sedo Employee: I've had our security and compliance department reject some, have you received emails to your gmail account?

Sedo Employee: I want to make sure you're not going to receive multiple emails

Me Myself and I: Yes, there are emails coming in.

Sedo Employee: okay, how many?

Me Myself and I: 10 at this point.

Sedo Employee: okay

Me Myself and I: These aren't mine:

Me Myself and I: inspiredpress.com

landscapingcatalog.com

loveconcepts.com

aag.info

4x4adventuretours.com

401kplans.info

ability.info

abnormaldesigns.com

abilityfitness.com

1031exchange.info

21k.info

accepted.info

academicsmart.com

accentbydesign.com

abnormalphotography.com

academicsoftware.info

academicscholarships.info

absurd.info

actingschool.info

activeatlanta.com

acidphotography.com

accidentinjurylaw.info

accidentinjurylawyer.info

accomplish.info

accountspayable.info

activeextreme.com

activebodynutrition.com

activeencounters.com

activeboston.com

activedetection.com

activedallas.com

activecatering.com

activelasvegas.com

activelifecoach.com

activehonolulu.com

activefitnesstraining.com

activeinvestigations.com

activelounge.com

activeintervention.com

activemiami.com

activesingles.info

activesinglesclub.com

activesanfrancisco.com

activeneighbors.com

activeoutpost.com

activereferrals.com

activeworkout.com



Me Myself and I: I have no idea where they came from.

Me Myself and I: There may be others that aren't mine apart from that list, but these are easily identifiable because they're Fixed Price; and all mine were Make An Offer.

Sedo Employee: yes, you can disregard that

Me Myself and I: Sedo now has 6653 listings in my account--which include the domains that aren't mine. I should have around 8000, give or take.

Sedo Employee: yes, we can make sure none of those get added to your account, but you will likely receive emails notifying you that they were declined

Sedo Employee: the domains you see are pending, which means that they are not actually added to your account unless we approve them, which we won't

Sedo Employee: since this is a technical issue, we're going to have them removed manually so that you don't have to receive emails for these domains that do not belong to you

Sedo Employee: I wanted to see if you were receiving the emails about it. since you shouldn't be, our tech team can likely have them removed

Me Myself and I: Is this a glitch associated with the bulk upload spreadsheet being processed? Or has that bulk upload not begun yet?

Sedo Employee: Either way, none of these domains will actually be added to your account

Sedo Employee: yes, it looks like a technical issue. We will get it straightened out ASAP

Me Myself and I: But why would they ever be added to my account? I certainly didn't include them in my spreadsheet.

Me Myself and I: Presumably, these were the domains that Mr. So-And-So kept referring to as belonging to someone else--which postponed my spreadsheet's being processed.

Me Myself and I: And presumably these domains have been delayed for their rightful owner too.

Sedo Employee: Yeah, I will check with Mr. So-And-So and make sure everything is good to go, but no domains should be taken out or put into another account

Sedo Employee: our Security and compliance department manually reviews any domains being transferred into other accounts

Sedo Employee: I've spoken with them to make sure everything is being taken care of

Me Myself and I: Can you tell whether a bulk upload spreadsheet has been processed or not for this account in the last day or so?

Sedo Employee: i can't confirm that. I did see one from February 2nd

Me Myself and I: The spreadsheet was not processed on February 2nd because no changes have appeared in my account.

Me Myself and I: --Until this change, that is.

Sedo Employee: okay, well I've notified Mr. So-And-So that we're having our tech team work on this issue

Sedo Employee: so he should be able to give you an update once we sort it out

Me Myself and I: I understand that you're hinting that the matter is resolved. But from my perspective, I don't know that I can trust Sedo to keep other people's domains out of my account or to keep my domain listings in my own. And I don't even know how the wires got crossed.

Me Myself and I: It's bad enough that it takes over 1 month to update those listings. But at least I thought they'd stay put!

Sedo Employee: we do have a process that we have to manually verify the domains before they are listed. This is to make sure the listing process is secure.

Me Myself and I: Yes, I understand that. Sedo has manually rejected a lot of domains that I own for inexplicable reasons; so I'm familiar with domains being rejected. But, like you said earlier, domains can only be in 1 account at a time. So while this guy's domains are "Pending Review" in my account, they're not active in his. And vice versa, probably.

Me Myself and I: Let me ask a simple question:

Me Myself and I: Who put this guy's domains in my account?

Me Myself and I: It's nice that Sedo would have rejected them. But why should Sedo have to?

Me Myself and I: Let me ask another simple question:

Me Myself and I: What prevents somebody from putting my domains in somebody else's account?

Sedo Employee: well they would still be active in the other user's account

Me Myself and I: Granted, they'd be rejected on Whois reasons ...

Sedo Employee: unless they were newly added domains, in which case those are separately checked as they have not been added before

Me Myself and I: I saw price settings for his domains. Are you telling me that I could not have edited those settings?

Sedo Employee: the checking process we have ensures that you cannot put domains into somebody else's account

Me Myself and I: His domains seemed to be in my account. What would have happened if I'd lowered his prices? Nothing?

Communication with the RightNow Chat service has been lost. Please wait while attempts are made to restore the connection.

Disconnection in 240 seconds.

Connection resumed.

Sedo Employee: yes, they should not be listed for sale while pending verification

Sedo Employee: and any changes to the pricing information would be removed once the domains were checked and not added to the account

Sedo Employee: if you look in the "Sales Settings" tab, the domains pending verification shouldn't even be listed there

Me Myself and I: Do you suppose there's any connection between the month-long wait and the mis-handling of domains? Criss-crossing them between different people's accounts? After all, "they should not be listed for sale while pending verification"; and this would cause them to pend and pend and pend.

Sedo Employee: I'll have to check with one of the account managers

Sedo Employee: if you've ever experienced a month long wait for domains to be added, please let us know and we'll make sure that it gets expedited

Me Myself and I: Your last statement is incorrect. I just went to the "sales Settings" tab.

Me Myself and I: There I see multiple domains that aren't mine.

Me Myself and I: For example, Ability.info is listed at $4997. I'm going to change it.

Me Myself and I: It is now for sale at $100.

Sedo Employee: okay, just one moment, I can check

Me Myself and I: Too late.

Me Myself and I: I just bought it.

File attachment upload has started.

The file Sedo Incompetence.tiff (53.23KB) was received.

Me Myself and I: So here's the situation.

Me Myself and I: Ability.info is SOMEBODY ELSE'S domain.

Me Myself and I: It's in my account.

Me Myself and I: I lowered the price on Sedo.

Me Myself and I: The lowered price is reflected for everybody to see.

Me Myself and I: I bought the domain.

Me Myself and I: Fortunately for Sedo, I can't continue the transaction because Sedo claims this domain (which isn't mine) IS mine.

Me Myself and I: And I'm not allowed to buy "my own domain".

Me Myself and I: But I can lower all these prices.

Sedo Employee: are there multiple other domains listed in the account?

Me Myself and I: Then I can call my buddy.

Me Myself and I: And he can buy them all

Me Myself and I: And transfer them to me.

Me Myself and I: This way, I effectively have robbed the rightful owner of 20-30 domains in his portfolio.

Sedo Employee: I understand the issue, I'm trying to assist

Me Myself and I: Sedo has a VERY BIG problem

Sedo Employee: also, please keep in mind, you cannot transfer the domain names unless you are the owner at the registrar

Sedo Employee: Sedo is not a registrar, so the domains are only listed with us

Me Myself and I: Well, I'm not actually trying to steal.

Me Myself and I: But Sedo is a listing service.

Sedo Employee: yes, but no one can sell a domain that they do not own, because they do not technically have control of it. They cannot edit the DNS, and they cannot initiate a transfer at the registrar

Me Myself and I: And I think I've demonstrated that--as a listing service--things couldn't be worse, in this case.

Sedo Employee: but I understand that this is an issue and our technical team is certainly working to fix it

Me Myself and I: What happens when the real owner of Ability.info gets an email from Sedo saying that he's just sold the domain for $100 when he thought he had it listed for around $6000?

Me Myself and I: Does he remain a customer?

Me Myself and I: Granted, the domain won't actually be transferred because he has control at the registrar.

Sedo Employee: how many other domains are listed in the account in the sales settings section, that you do not own?

Me Myself and I: It's the same list that I quoted above. Lots of "A" domains.

Sedo Employee: I want to make sure that the technical team has the full list

Me Myself and I: There may be others, as I've said; but those leap out because they are Fixed Price listings.

Me Myself and I: landscapingcatalog.com

loveconcepts.com

aag.info

4x4adventuretours.com

401kplans.info

ability.info

abnormaldesigns.com

abilityfitness.com

1031exchange.info

21k.info

accepted.info

academicsmart.com

accentbydesign.com

abnormalphotography.com

academicsoftware.info

academicscholarships.info

absurd.info

actingschool.info

activeatlanta.com

acidphotography.com

accidentinjurylaw.info

accidentinjurylawyer.info

accomplish.info

accountspayable.info

activeextreme.com

activebodynutrition.com

activeencounters.com

activeboston.com

activedetection.com

activedallas.com

activecatering.com

activelasvegas.com

activelifecoach.com

activehonolulu.com

activefitnesstraining.com

activeinvestigations.com

activelounge.com

activeintervention.com

activemiami.com

activesingles.info

activesinglesclub.com

activesanfrancisco.com

activeneighbors.com

activeoutpost.com

activereferrals.com

activeworkout.com

Me Myself and I: So my question from before remains:

Me Myself and I: If I can alter this other person's sales listings, then what prevents him from editing MY sales settings?

Me Myself and I: That's the real trust issue.

Me Myself and I: Sedo can stick some other guy's domains in my account and tell me it's alright because they're not real.

Communication with the RightNow Chat service has been lost. Please wait while attempts are made to restore the connection.

Disconnection in 240 seconds.

Disconnection in 120 seconds.

Connection resumed.

Sedo Employee: this issue is related to a technical issue and your listings would not be editable

Me Myself and I: The other guy's listings are certainly editable.

Sedo Employee: well they would need to be cleared through the complaint check

Me Myself and I: I just edited them. You could buy Ability.info for $100 right now and cause a mess that would need some editing.

Sedo Employee: I can suggest following up with your account manager to make sure everything is correctly resolving

Me Myself and I: I probably will.

Sedo Employee: I have made sure our technical team is aware of it and they are currently working to fix the issue

Me Myself and I: I'm also going to post this conversation online, and I'm going to notify the owner of the domains that were in my account. Don't worry, your name will be changed. But sometimes the only way to get a company to fix its blunders is to publicly embarrass it.

Sedo Employee: well please understand, I'm doing everything I can to assist you

Me Myself and I: Yes, and I appreciate it.

Sedo Employee: and this issue should be fixed as soon as possible

Me Myself and I: But Sedo shouldn't allow this glitch to happen. You didn't cause the glitch.

Me Myself and I: You're just caught in the middle.

---------- Post added at 08:24 AM ---------- Previous post was at 07:27 AM ----------

As of this moment, I can control the price settings for all of the domains listed above. None of them are mine. If you would like to "buy" one, just let me know what you'd like the price to be. Since they're not mine, anything goes!
 
Domain Summit 2024

mvl

Level 8
Legacy Exclusive Member
Joined
Sep 24, 2006
Messages
1,327
Reaction score
34
I am stunned that things like this still happen at Sedo. Years ago Sedo allowed session-id's in urls so that when someone was logged in and copy-pasted a url to a forum, anyone clicking that url before the session expired, would be logged in as that user. That was even worse though, because you would have full access to someone's account, including payapl and bank account numbers.
 

M.U.

CEO of Thinkk
Legacy Exclusive Member
Joined
Jan 6, 2012
Messages
91
Reaction score
28
I am stunned that things like this still happen at Sedo. Years ago Sedo allowed session-id's in urls so that when someone was logged in and copy-pasted a url to a forum, anyone clicking that url before the session expired, would be logged in as that user. That was even worse though, because you would have full access to someone's account, including payapl and bank account numbers.

This actually happened to me a couple of years ago. Not to my own account, but i got access to another persons account just like you describe. I contacted Sedo, but they denied it would be possible and didn't accept the error, I never heard anything from them since then. lol

I of course didn't change anything on the account that wasn't mine. Just e-mailed the owner and told him what happened. Never heard anything from him. :)
 

mvl

Level 8
Legacy Exclusive Member
Joined
Sep 24, 2006
Messages
1,327
Reaction score
34
Sedo Employee: also, please keep in mind, you cannot transfer the domain names unless you are the owner at the registrar

What about enabling "Sedo MLS pro", which comes with an "InstantTransfer" feature ?
 

DN BROKER

Level 10
Legacy Exclusive Member
Joined
Oct 12, 2005
Messages
5,697
Reaction score
235
i closed my account at sedo, its pointless if you want to make money. Its flooded by rookie domainers who post nothing but garbage and offer you pennies for your gems. Your better of developing a single page yourself and forwarding all domains to your page (sales page). If you want to make money from PPC then you're out of luck.. PPC is dead.

This is officially my 6000th POST
 

Theo

Account Terminated
Joined
Feb 28, 2004
Messages
30,318
Reaction score
2,217
So assuming you found a hole, a glitch, a bug or a security issue - why don't you give Sedo the time to address it? Also plastering the full private communication is extremely tasteless.
 

ninjadomain

Level 8
Legacy Exclusive Member
Joined
Jun 3, 2009
Messages
2,170
Reaction score
181
I checked myself, lol, just out of curiosity and it was changed to make offer with $250k price.
Of course it would be wrong to cheat the seller and buy at that price, and the seller would no doubt not push the domain anyway.
 

silentg

Level 8
Legacy Exclusive Member
Joined
Feb 4, 2010
Messages
2,306
Reaction score
284
Someone else bought it. Domain has been removed form the sale but it still shows up in the search on Sedo with the bin.
 

JuniperPark

Level 9
Legacy Exclusive Member
Joined
Aug 3, 2003
Messages
2,911
Reaction score
90
I've been in contact with Sedo, and very quickly got a response that it was a human error and was being fixed immediately. Thank you OP for letting me know, and thank you Sedo for fixing this quickly.

Sedo has really stepped up in the last couple of years and a made a lot of sales for me, and it's been a very long time since I've had a non-paying bidder so their efforts to validate buyers has really paid off.
 

ImageAuthors

Level 8
Legacy Exclusive Member
Joined
Jul 11, 2011
Messages
1,259
Reaction score
147
So assuming you found a hole, a glitch, a bug or a security issue - why don't you give Sedo the time to address it? Also plastering the full private communication is extremely tasteless.

Because this is the Exclusive Club on DNForum and only a relatively small audience has access here, I will give a more candid answer than I would do elsewhere.

Why didn't I give Sedo time to fix the issue?

First of all, because the Sedo representative I was conversing with clearly did not understand the problem's potential significance to Sedo users; he was mistaken at a technical level about what was happening; and he seemed mostly interested in getting on to the next customer.

Second, because I had already sent an email--which never received a reply, by the way--to my account representative at Sedo. I didn't know how widespread or recent this problem was; and I wanted to shine a spotlight on the breach so that the right people at Sedo would see it, see that others saw it, and fix it quickly.

Third, my experience with Sedo over the past half year has been one of continued procrastination. For instance, I've attempted 2 bulk uploads; the first took over a month, and the second has already taken that long without being processed. Based on that experience, it would have been irresponsible of me to have let Sedo take care of this problem (or cover it up) at their own leisurely pace while who-knows-how-many Sedo accounts were cross-wired.

And last of all, when normal attempts at resolving problems have met with failure and there's an issue that merits immediate attention, sometimes external pressure has to be applied. So I reached out to publicize the problem. Not my problem, you understand, but a problem of unknown scope at one of the industry's largest marketplaces.

Was my action "tasteless"? If it were my first negative encounter with Sedo, I might have given them the benefit of the doubt--giving them time to resolve an internal issue, in spite of the fact that other people's portfolios may have been breached. So I can understand how publicizing this incident so quickly might seem disproportionate to some, who may have been fortunate enough not have been given the run around by Sedo before. I'm also not the sort of person to make a scene without first calculating the effects. My goal was to cause Sedo enough public embarrassment that they would fix their process.

Sedo has really stepped up in the last couple of years and a made a lot of sales for me, and it's been a very long time since I've had a non-paying bidder so their efforts to validate buyers has really paid off.

In spite of some trouble with my own portfolio at Sedo and today's worrisome case of domain mismanagement, I'm still very much pro-Sedo. Everybody in the domain industry--even those who no longer list with Sedo--benefit from the exposure Sedo brings to domains and--especially--Sedo's reputation for reliability. They can't afford to lose that reputation in the eyes of end users, and we can't afford to let them. Now that Sedo has been called out in front of domainers, Sedo will pay more attention to their reputation for reliability. And that already seems to be the case.
 

mvl

Level 8
Legacy Exclusive Member
Joined
Sep 24, 2006
Messages
1,327
Reaction score
34
[Sedo] ... Its flooded by rookie domainers who post nothing but garbage and offer you pennies for your gems.
Lowballers are all around, you can't blame Sedo for that. My experience is that after some years in which they neglected technology and security, Sedo really have improved a lot. The amount of sales I made through Sedo also increased and the price-level increased. Of course there are a few thing I don't like. Especially the fee-rise from 10% to 15% (which is actually a huge 50% increase) is annoying. And the 20% fee for sales through the MLS network is imo outrageous.
 

DN BROKER

Level 10
Legacy Exclusive Member
Joined
Oct 12, 2005
Messages
5,697
Reaction score
235
Because this is the Exclusive Club on DNForum and only a relatively small audience has access here, I will give a more candid answer than I would do elsewhere.

Watch your back, the DOMAIN GANG is strong and has many operatives sniffing out intel!

http://acro.net/blog/domains/why-some-blog-trolls-chase-after-sedo/

---------- Post added at 09:10 PM ---------- Previous post was at 09:08 PM ----------

Lowballers are all around, you can't blame Sedo for that. My experience is that after some years in which they neglected technology and security, Sedo really have improved a lot. The amount of sales I made through Sedo also increased and the price-level increased. Of course there are a few thing I don't like. Especially the fee-rise from 10% to 15% (which is actually a huge 50% increase) is annoying. And the 20% fee for sales through the MLS network is imo outrageous.

Paste all the domains that sold at end user pricing. I'm not interested in exchanges of domains among Domainers, which seems to be the #1 bidders on all the crap that's listed among few Priceless .coms!
 

mvl

Level 8
Legacy Exclusive Member
Joined
Sep 24, 2006
Messages
1,327
Reaction score
34
...
Paste all the domains that sold at end user pricing. I'm not interested in exchanges of domains among Domainers, which seems to be the #1 bidders on all the crap that's listed among few Priceless .coms!
All my Sedo sales are for enduserprices. Resellerprice at Sedo doesn't make sense because of the high commission fees.
 
Status
Not open for further replies.

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members Online

Sedo - it.com Premiums

IT.com

Premium Members

AucDom
UKBackorder
Register for the auction
MariaBuy

New Threads

Our Mods' Businesses

UrlPick.com

*the exceptional businesses of our esteemed moderators

Top Bottom