Attempted hijack gets snotty reply from Schlund

[DomainBuyerBroker]

Just sitting here minding my own business and I get a transfer request from Schlund and Partners requesting that a domain I own be transferred away.

Usual text says that if I do not approve to ignore and the transfer will fail. Fine. However, I wanted to notify them that this was an obvious hijack attempt and that I would like to know who requested the transfer/hijack.

I got an email about two days later and here is the entire text, unedited:


Dear Mr. Sequin,

anyone can order any domain at any time, this isnt a crime.
You can agree to that process or ingore that, thats your choice.

-
Best regards.

Patrick Mayer
Transferteam
Schlund&Partner AG




So, Patrick, thanks for the snotty attitude. I thought that maybe other domainers (and maybe even your boss) would like to see what kind of crappy customer service you provide.

Best regards.
:hehe:

 

[movingconcierge]

1and1.com sucks!

Hey there...sorry for your troubles with 1and1.com, aka 1&1 Internet Services, Inc.

Would you mind adding your complaint to my 1and1.com sucks thread?

 

[DomainBuyerBroker]

Are they the same company?

 

[movingconcierge]

Yes. Where did you register the name?

 

[cdboard]

nah. too easy.

 

[ripley]

Are you kidding? Trying to transfer someone's DN away is now equated to "ordering" it? I suppose they would've just paid you whatever you'd asked for if you'd hit yes, right?

Wow, I'm pretty shocked.

ripley.

 

[Dave_Z]

Assuming schlund/1&1 was the gaining registrar, unfortunately that response is
to be expected. Although it's nice if they tell you, don't expect registrars to tell
you any specific info for a specific issue like this.

Many registrars feel they have to protect every potential client's data no matter
what. Besides, sometimes it's hard to say if it's authentic since anyone can be
virtually anonymous the moment they're online.

On the other hand, the gaining registrar's email might provide a clue as to who
might have made the request. If they don't state any, then that's just about it.

I actually agree with that Patrick's response that it's not a crime. Whether it is
or not depends on the intent behind it, and that's something usually not easy to
prove.

 

[ripley]

Regardless, good business practices and communication dictate at least a civil response, along the lines of "I apologize for the confusion/inconvenience." Seems the least you should expect.

ripley.

 

[Jo]

Time to transfer all your names out if you want to make a point.

 

[Lyte]

Customer service is very important to me! I'm glad to know this is what I can expect from them. I'll definately not have my domains there! :td:

Lyte

 

[DomainBuyerBroker]

None of my domains are at Schlund. Someone did a request for transfer from Schlund trying to steal one of my names.

 

[IAmAllanShore]

I actually agree with that Patrick's response that it's not a crime. Whether it is
or not depends on the intent behind it, and that's something usually not easy to
prove.

100% true.

However, and I'm not saying Dave thinks otherwise, but the issue here isn't the rep's decision not to release the info, but rather his attitude and lack of even semi-proper punctuation/grammar in what is a "professional" email.

-Allan :gl:

 

[Lyte]

....and lack of even semi-proper punctuation / grammar in what is a "professional" email.-Allan :gl:

Yes... that's a little disturbing! It suggests a very lax attitude and a disregard towards one's business and customers! :td:

Lyte

 

[AdoptableDomains]

I wish transfer requests weren't so anonymous. I recieved a request on one of my domains last week that I ignored. It would be nice to know who initiated it if it wasn't me. Theoretically, is should be me and they should be able to tell me it was me or who it was if it wasn't me.

Not all transfer requests are actual hijack attempts though. I myself once accidentally tried to do a transfer on a domain I owned and fell in the trap of putting .com instead of the actual TLD it really was. It wasn't even until I got the transfer failed notice that I knew of the mistake.

It would be a lot nicer of the owner of a domain were notified who attempted the transfer. First, it could reduce the chance of fraud since the person wouldn't be anonymous. Second, in the event of error, it could be caught quicker and corrected if somone replied that the TLD was wrong or the domain misspelled. Third, it would give a little more faith that it was an error and not a hijack attempt.

 

[Dave_Z]

On the side, I think netsol does indicate who made the transfer request if and
when you get the authorization email. Then again, it only states a name (which
anyone can anonymously use the moment they're logged in).

Providing specific info (e.g. IP address) is mostly considered confidential. Getting
it requires a Court order (unless the registrar is friendly enough to provide it or if
you have an insider).

If you guys feel the registrar should provide more info on who made the request,
then send your thoughts to ICANN. They won't necessarily do something about
this overnight, but at least let them know your thoughts.

 

[NewYorkBum]

Sorry for bringing up the old thread.
Let's say if whoever requested the transfer has an access to my email account. He made a request and then approved it himself, since he has my whois listed email snf password . Then changed the whois info to his favor. Such as in HZ.com situation (page 19).

iFly.com resold not recovered.
WiFi.com resold not recovered

http://www.icann.org/announcements/hijacking-report-12jul05.pdf [pdf file]
What can one do to protect himself against such actions , considring that most of us are not big companies and have small pockets?

 

[Domainate.com]

*deleted: ack, old thread*

 

[NewYorkBum]

*deleted: ack, old thread*

what is that suppose to mean ?

 

[Domainate.com]

I just thought it was a new thread about 1&1, so I made a post bashing 1&1, but I just saw that it was 4 months old. Nothing against you or anything.

To answer your question, the auth codes now hopefully have eliminated any kind of cases like this from happening. Sure, if your email gets compromised you could lose your domains, but that's why you keep tough passwords for your email accounts, so that doesn't happen.