But if they did this, would this set some type of precedent, for all future (and perhaps previous) instances, of stolen domain sales at Escrow?
Here's the simple thing about being a decent person, which is anathema to the way that most people conduct business.
One day, I was walking down the sidewalk and some elderly guy had tripped, fallen in the street, and was having a hard time getting up, since he'd banged himself up pretty good. With the help of another bystander, we got him to his feet, I hailed a cab, gave the driver enough cash to get anywhere in Philly and told the driver to take him wherever he wanted to go.
Am I obligated to do that in every future instance? No.
I mean, if I did that every time, then before long there would be a conspiracy of old guys and cab drivers looking for me on the street, faking falling down, and getting my money!
Oh, well, I took a risk that maybe it wasn't a scam, and maybe things were, that day, exactly as they appeared to be. On the other hand, maybe some old guy and a cabbie made off with my money. But, it sure looked to me like some old guy had fainted, and it would be a good idea to just get him where he wanted to go.
Businesses can do the same thing at their discretion - i.e. take a risk once in a long while if the circumstances appear to them to be compelling. When, as a business, you decide to eat a mistake or do someone a favor out of sheer voluntary decency, you are
NOT obligated to do it every time, in every circumstance, for every customer. In fact, when doing so, you can point out that "we are not obligated to do this, but have decided to do so as a completely voluntary accommodation to you".
"But then we'll have millions at our door asking for the same consideration" is the argument against that.
Well, maybe, once in a million times, someone gets lucky, and that's all there is to it. Not every lottery ticket is a winner. Actually, that's the sort of risk that Netsol took when they decided they had enough to go on that it looked pretty much like a stolen name, and in the course of transferring it back to the original registrant, I can guarantee you that Netsol got an indemnification from the registrant against any other claims, and that Netsol had given that victim enough of a sniff test to decide they were good enough to issue that indemnification.
But what do we have here, really, and I mean no offense to anyone. We have some WHOIS history on what looks like a stolen name. We have a psedonymous posting on an internet message board, and a website claiming some facts.
Escrow.com did everything they were supposed to do here, within the limit of their contractual obligation. I like to give Jackson a hard time to keep him on his toes, but neither he, nor Escrow.com are obligated to do diddly-squat. That's where the "legal" part of this picture begins and ends. I participate here for free, and I just want to make sure that if Jackson is reading Namepros while getting paid, he has to earn it.
Jackson's going to repeat - correctly - that Escrow.com could get into a lot of trouble if they started handing out customer information. Yep, theoretically they could. There would be an element of risk for Escrow.com to give out that information, based on whatever level of confidence they could or could not develop that there was hanky-panky going on somewhere. Escrow.com does not have the information that, say, Netsol does with the account logs. They would certainly know, for example, whether "Patrick Sitrok" was the name on the bank account which received the funds, what country those funds went to, whether that makes sense in the context of a domain name registered to a business in Indiana, their own server logs, and so on. Based on that, they could assess the likelihood of the thief then identifying him/herself in an action against them premised on release of his/her confidential information. But they do not have to do any of that, and I certainly don't know what information they do or do not have.
That is why, early on, I had said, that one could file a John Doe lawsuit, subpoena the information from Escrow.com, and after burning through that pile of cash, one could get the data.
The thing about being "consistent" and "zero tolerance, no exceptions" policies is that lawyers believe in them almost as an article of religious faith with total blindness to what can be the consequences of "zero tolerance, no exceptions" policies. This is why, in the US, we lock up children for pretending a banana is a gun and why Escrow.com will "safeguard the confidentiality" of a thief. Now, and I probably can't say this enough, whether or not Escrow.com has sufficient information to satisfy some threshold of "maybe there isn't much risk here" is entirely up to whomever their largest shareholder might be.
Legality and humanity are not the same thing.
Against all that is also the skill that scammers can employ to construct a set of apparent facts which are not what they appear to be.
Let's take this hypothetical:
The company in Indiana is actually behind all this. They get together with someone in another country to make it look like their domain name is stolen. They have the "thief" sell the name, get the money, then go to Netsol to get the domain name back, split the proceeds, and now, with domainers aware that pdd.com is lightly used by someone who might want to sell it, they can sell the name again.
It's far-fetched, but is it impossible? Well, yeah, sure it's possible. Is it likely? No.
We tend to play the odds continuously in our own lives. If I hear hoofbeats approaching down the street from around a corner, I assume it is a horse and not a zebra. But the weird thing about it is that there seems to be legions of people who step out of normality from 9 to 5 when it comes to running a business and say, "Well, we can't just assume it's a horse, since it might be a zebra."
Once in a while - and it's a personal threshold - you just might want to not ask yourself "but what if it's a zebra? I can't take a chance on thinking it's a horse" to avoid the slow death of your own humanity in the world of "zero tolerance, no exceptions".
Finally, I like to pick on Jackson, and he knows that. That's why he makes the big bucks. Nobody's paying me a salary to read Namepros.
Clearly, what any customer using Escrow.com to transfer domain names should do, is to get past the "This is the safest, securest, most risky-free thing on the planet" advertising copy on the site, and should take a look at the helpful information that Escrow.com provides on their site about how things might go wrong, or what steps someone might take before assuming that Escrow.com is a completely sufficient mechanism for avoiding scams.
For example, take a look at Escrow.com's article "Before you buy a domain name" which explains how you can understand how to access whois history or website history information, and the various steps you might take in different situations to confirm the chain of title of a domain name.
Or, for example, take a look at Escrow.com's "Domain buying checklist" which provides a useful step-by-step reference for things you'll want to look at before you buy a domain name, like the simple step of seeing if an address makes sense by using Google maps and asking the other party why they live in a strip mall.
Escrow.com provides those useful articles on their site about how to protect yourself because they care about much more than collecting their fees from people pushing the buttons.
I mean, if it wasn't for the fact that Escrow.com provided all that useful information on additional steps to protect yourself from scams, then I might get the impression that they expected you to simply make the assumptions that their advertising copy suggests.