New Rules Make Domain Hijacking Easier

[pynchon]

Saw This on Slashdot. Sorry if someone else had already posted it.

Netcraft seems to have a little ditty about new rules from ICANN that take effect on Friday making it easier to hijack domain names. Essentially, if someone tries to take your domain, and you don't answer within 5 days, they now assume you are okay with the transfer. Previously, the default answer was no, and you had to explicitly state your acceptance of the domain transfer. Owners of small domains, beware: no more computerless vacations that last more than 4 days at a time!"

 

[nRnF]

So better "lock" all of your domains !

 

[sharename]

registrars are now locking by default

locking by default eliminates the hijacking problem assuming only the registrant can do the unlocking.

sharename

 

[stargate.com]

Hijacking domains does not become easier under this policy. That is a misconception. Each Registrar is still responsible for gaining authorization from the Name Holder or Administrative contact through a Standard Form of Authorization. If you don't respond to the FOA or reject the transfer, the transfer will be declined and not processed. Each losing registrar is responsible for sending a notification to the Registrant notifying them of the transfer away, but are not required to take any action unless the Registrant notifies the losing Registrar to reject the transfer.

-Tom

 

[jj2ii3344]

That means make sure your contact information is valid and up to date!

 

[drmaximus]

Hijacking domains does not become easier under this policy. That is a misconception. Each Registrar is still responsible for gaining authorization from the Name Holder or Administrative contact through a Standard Form of Authorization. If you don't respond to the FOA or reject the transfer, the transfer will be declined and not processed. Each losing registrar is responsible for sending a notification to the Registrant notifying them of the transfer away, but are not required to take any action unless the Registrant notifies the losing Registrar to reject the transfer.

-Tom

I am not sure that I agree with what you said here. This is the email I got from DirectI which states that if I do not explicitly disagree to a transfer within 5 days, it will go ahead. Which means that: if my domain is somehow not locked, and I am away on a long vacation. Somebody requests a transfer and I am not here to deny it. I return from the Caribbean and find that I had been robbed of ABC.com.

IMP: If the Registrant or the Administrative contact does not respond within 5 calendar days, the transfer will proceed. A no-reply, thus, shall be considered a positive acknowledgement, and the transfer shall not fail unless the Registrant or the Administrative Contact explicitly denies the same. Until now, we used to fail the transfer if we do not receive any response from the Transfer Contact. We will no longer be able to do so and will have to allow a transfer even if we do not receive any response from the Transfer Contact unless the domain name has been locked.

Please correct me if I am wrong and set my heart at ease.

 

[stargate.com]

That is correct from the LOSING Registrar. It is still the responsibilty of the GAINING Registrar to gain proper authorization for the transfer from the Name Holder or the Administrative contact, if the proper authorization is not received the domain transfer will be rejected. The only difference now, the losing registrar cannot arbitrarily deny a transfer. It seems registrants are confusing the responsibilites of the Losing registrar and the Gaining registrar. This policy is designed to help clarify that.

-Tom

 

[Tippy]

Mr. Stargate,

Why do you charge to lock a Domain when no other Registrar does that I have used?

Thanks,

Mike

 

[stargate.com]

Mr. Stargate,

Why do you charge to lock a Domain when no other Registrar does that I have used?

Thanks,

Mike

Actually, we just recently changed that. Domain Locking is included (e.g. FREE) with all domains now. Just login to your account or register a new domain to activate.

-Tom

 

[Tippy]

Thanks Mr. Stargate

I'm heading in your direction now...

Mike

 

[Dave_Z]

That is correct from the LOSING Registrar. It is still the responsibilty of the GAINING Registrar to gain proper authorization for the transfer from the Name Holder or the Administrative contact, if the proper authorization is not received the domain transfer will be rejected. The only difference now, the losing registrar cannot arbitrarily deny a transfer. It seems registrants are confusing the responsibilites of the Losing registrar and the Gaining registrar. This policy is designed to help clarify that.

-Tom

Hi Tom!

There may be one slight problem with those new policies: gaining registrars
who only need a fax to request transferring to them.

If you don't mind, I don't want to go into detail due to the possibility that
someone might be reading these threads and exploit it.

 

[pynchon]

I see alot of dn been taken and resold. Then it is the person that selled out cash for the stolen domain is going to be left holding the empty wallet. This is going to be bad. Really bad.

 

[Anthony]

I've gotten notices from several (but not all) registrars, saying they will automatically lock all domains on a certain date to safeguard them. Of course, they can be unlocked by their owners after that...

 

[1rrr1]

i don't think that it will be easier to hijack names