GoDaddy, as a root CA, offer a service of issuing SSL certificates on any domain. Although the procedure of issuing a new certificate includes validation with the domain owner, a malicious user is capable of spamming the owners with validation emails, hoping for the owner to accidentally approve the certificate. Attempts to contact GoDaddy’s abuse team or general support have no effect, and the validation emails keep coming in.
More information provided on Security.StackExchange article: https://security.stackexchange.com/questions/258014/reporting-a-root-ca-non-compliance