In a pinch, GoDaddy and Typepad let a customer down
Following with the theme of my recent posting, Some companies you can trust, and some you can't, I ran across a blog posting from Alan Shimel of StillSecure (More frustrations with web infrastructure) that details how GoDaddy and Typepad let him down in his time of greatest need. Mr. Shimel was the victim of a cyber crime - his blog and domain were stolen out from under him.
GoDaddy
The first indication of trouble came to Mr. Shimel as an email message from GoDaddy stating that his domain was switched from a locked* to an unlocked status, a change that he didn't initiate. This started a long dialog with GoDaddy which led Mr. Shimel to refer to them as "the hackers best friend."
I find stories like this unusually illuminating. Anyone reviewing a service, such as the domain registration that GoDaddy offers, can easily cite the features and costs and kick the tires. But, the true test of a company comes in your hour of greatest need and for a domain owner, that hour is when your domain has been stolen out from under you. In this case, GoDaddy did not perform well.
I have a number of domains registered with GoDaddy and have recommended them in the past. Their prices can't be beat and my few interactions with tech support were reasonably handled. My biggest gripe was their busy and always confusing website. In light of this story though, it's hard to recommend GoDaddy going forward.
directNIC
My favorite registrar (and I've used my fair share) is directNIC. This opinion was cemented in an hour of great need. I had been a steady customer when they screwed up a transaction and transferred a domain away from a client. This was not a case of malicious hacking, the circumstances of the domain registration transfer were extremely unusual, and one that their computer systems had probably never seen before.
The initial response from tech support, was disappointing to say the least. I used other words to describe it at the time. That was out of character, my previous interactions with directnIC tech support were handled very well.
As I noted previously, it's not the problem that I remember, it's how the problem is dealt with. In this case, I was able to reach a higher authority at directNIC and get things straightened out. At one point, they even called me to verify that all was well and they admitted the first response was not up to par.
Typepad
Mr. Shimel's blog posting also details his experience trying to get Typepad to restore a stolen blog and restore postings the bad guys had deleted. It didn't go well. If your blog is very important to you, you may want to host it with a company that offers telephone based support. Typepad does not.
Update August 20, 2008: Mr. Shimel also had poor experiences dealing with Yahoo trying to reclaim his email account. See Why Google is now my homepage instead of Yahoo.
Update August 20, 2008: Someone claiming to be Anil Dash, a Vice President at the company behind Typepad, Six Apart, left a long comment below. I'm trying to verify that it really was Mr. Dash...
*A locked domain can't be transferred to another registrar. It has nothing to do with the state of a web site or email. Locking a domain is a standard security procedure, but it may not be the default status when you register a new domain. If you control any domains, you may want to verify with the registrar that they are locked.
See a summary of all my Defensive Computing postings.
Michael Horowitz is an independent computer consultant and the author of several classes on Defensive Computing. He is a member of the CNET Blog Network, and is not an employee of CNET. Disclosure. 
First, we're sorry Mr. Shimel has gone through all of this frustration and stress, and we're happy to be helping him recover from it. It seems fairly clear that, after his email account was compromised, it was fairly easy for the malicious party here to retrieve his login information for any number of other services and wreak havoc; His TypePad account was one of those services that were affected.
That being said, the nature of the problem with the account was not immediately clear but *as soon as it was*, Mr. Shimel received a personal phone call from our Vice President of Products, who led the effort to lock down Mr. Shimel's account and prevent any further data deletions. Since that time, our team has been working diligently to restore his data, and expects to have restored all of the blog's content shortly.
It does take more time than we'd like to perform this task, however that's simply because, well, we've optimized the system to make sure that data that our users delete stays deleted. Now that our team knows it wasn't Mr. Shimel doing the deleting, the problem is being fixed.
Put simply, at Six Apart, we stand behind TypePad with the best support in the business. We were the first to offer professional support on any blogging platform anywhere, and we were the first to offer business-class support for members whose blogs are critical to their work.
At a higher level, we at Six Apart have also invested extensively in technology, inventing things like OpenID and then spending even more resources to evangelize them to the entire tech industry so that we simply won't have to use the same password on many sites, or so that a single compromised email address doesn't necessarily have to result in many accounts being compromised. We discourage the practice, which many sites require, of providing your email address and login in order to discover friends in a social network, and we've provided robust, open, free technologies that make such unsafe practices less necessary. All that is on top of having an exemplary security record for our applications, far better than other similar blogging platforms.
The bottom line: We're sorry Mr. Shimel has gone through this, and we're paying direct attention to it at all levels at Six Apart, from our senior executives on down. And we'll get his blog back to 100%. But it's irresponsible to present TypePad as having let a customer down when we're doing more than anyone else in the industry to try to prevent the entire situation in which these kinds of compromised accounts can result in a cascading series of vulnerabilities.
I strongly applaud the time you take to be an advocate for regular people on the web, Michael, and I hope when you hold companies accountable, you do so in a context that considers the many factors that go into issues like privacy, security, and reliability. Finally, we welcome and invite any future conversations of this sort to include responses or replies from our team -- if you'd like to quote us the next time you cover TypePad and Six Apart, I'm sure you'll find, as Mr. Shimel hopefully has, that we're not hard to reach.
My personal cell phone number is 646-541-5843 -- the same as the first day I joined Six Apart as its first employee, and just as back then, I'm happy to take calls and questions from our customers at any time if I can be of help.