Gerard Hughes
Established Member
- Impact
- 18
As some may have seen on domaingang, my 19 year old personal website and email domain, ghh.com, was stolen on 4/7/17. (My registration was paid through 2021.) I'm looking for some best practices for getting it returned. I've read the interview with David Weslow on domainsherpa and have been working to get a bit of a crash course on security and domain crime.
The hacker got access to my ICANN account of record, transferred the domain to eNom, and proceeded to attempt to negotiate sales in my name using the hacked account while the domain is on 60 day ICANN lock.
I've since recovered the email account, but getting the registrars to reverse this rather obvious case of transfer fraud is something I'm still working on. It's frustrating that ICANN, in effect, pretends to consider temporary access to, say, my car keys as proof of permanent legal title to my car. That's simply false as a matter of law. So it is surprising to me that the transfer has not been reversed already, especially given that the hacker clearly has violated their terms of service, has no legal title to the domain, cannot indemnify the registrar, and cannot show up in court to defend this fraud. So, from even just an ordinary risk management perspective, I'd have thought the receiving registrar would be eager to avoid the costs and liabilities of not returning the domain.
Does anyone have suggestions on the best was to communicate to the registrars that it will be most cost effective for them to return it without protracting the issue? Or, for that matter, the best way to communication the the registrars? So far, the responses have been less, well, responsive, than I'd hoped.
The hacker got access to my ICANN account of record, transferred the domain to eNom, and proceeded to attempt to negotiate sales in my name using the hacked account while the domain is on 60 day ICANN lock.
I've since recovered the email account, but getting the registrars to reverse this rather obvious case of transfer fraud is something I'm still working on. It's frustrating that ICANN, in effect, pretends to consider temporary access to, say, my car keys as proof of permanent legal title to my car. That's simply false as a matter of law. So it is surprising to me that the transfer has not been reversed already, especially given that the hacker clearly has violated their terms of service, has no legal title to the domain, cannot indemnify the registrar, and cannot show up in court to defend this fraud. So, from even just an ordinary risk management perspective, I'd have thought the receiving registrar would be eager to avoid the costs and liabilities of not returning the domain.
Does anyone have suggestions on the best was to communicate to the registrars that it will be most cost effective for them to return it without protracting the issue? Or, for that matter, the best way to communication the the registrars? So far, the responses have been less, well, responsive, than I'd hoped.
Last edited: