Nov. 2004 Icann Rules An Invitation To Domain Hijacking

[schepperer]

Domain Hijacking? It can happen to anybody.

This one mail I received today:

" A request has been received to transfer the domain tapert.com away from the Registrar OpenSRS.
This request was entered at 20-JAN-2005 16:58:01 by Moniker Online Services, Inc"

"If we do not hear from you by Tue Jan 25 16:58:01 2005, the transfer will proceed."

wow

I declined of course by clicking the correct choice.

If you dont check your email for about 5 days there is pretty good chance your domain name will be stolen.

My request to moniker support about who tried to hijack my domain, oh wonder was unanswered.

I would say about 35% of domains remain unlocked and are at risk to be stolen.

I dont know who makes decisions at ICANN, these guys must be outsourced from a how-works-a-hairdryer call center.

In November ICANN opened the gates for such kind of criminal acts and nobody prevented them from doing so.

 

[Badger]

I fail to see your anger Schepperer...

1, this is a domain forum where we are all here to help one another.
2, you had an attempted hijack on one of your names which failed to transpire, so..... Maybe count yourself lucky
3, Monte posted earlier on in the thread that he was willing and able to help you.
& 4, I guess you dont know who JBerryhill is...?

Sure your angry, sure you want revenge. But is here the right place for all this? You seem to keep re-asserting your point in your threads.

Can I respectfully suggest that is moniker is as bad as you say they are - transfer out and forget the whole thing happened.

And go easy Bro, we are your friends.

 

[jberryhill]

Not by surprise moniker support doesnt reply to any emails.

Given your attitude, no, it's no surprise at all. But, considering that you are not a customer of theirs, they don't owe you support.

I sort out the possibility of any typo errors since bulk domains are registered via copy and paste of the names wanted.

BS. First off, Moniker has large customers and small customers alike. Secondly, if you weren't such a hotheaded shill for Registerfly, then you would realize that Monte already posted a likely scenario:

1. person registers domain tapert.com on a drop in 2003, among other domains caught at various registrars.

2. domain tapert.com expires in late 2004, person doesn't notice.

3. person decides in 2004 to consolidate their domains at Moniker, and either types or, yes, cuts and pastes a list which includes tapert.com

4. you get the email notification, and deny the transfer

Sorry pal, you have not shown that it was not a purely innocent situation. I can tell you from direct experience that some of the largest domain owners on the planet lose domains this way on a regular basis, and it generally takes just a few telephone calls and emails to sort out. One of the reasons why people who know what they are doing use Moniker is because Moniker requires very explicit approval for outbound transfer requests.

The bottom line here is that it doesn't matter what the Moniker email to you says, if your domains are locked at Registerfly, then they aren't going to go anywhere.

But is Moniker going to provide you with information about one of their customers so you can spew your threats? No way.

The joke here, of course, is that Robert Tapert is the executive producer of Xena the Warrior Princess, which I suppose explains the links on your site.

 

[schepperer]

4. you get the email notification, and deny the transfer

One of the reasons why people who know what they are doing use Moniker is because Moniker requires very explicit approval for outbound transfer requests.

The bottom line here is that it doesn't matter what the Moniker email to you says, if your domains are locked at Registerfly, then they aren't going to go anywhere.

4. "very explicit approval", LOL, What it helps you if you are just 5 days not on internet and you get email notification during that time.

Will you declare llegal to stay 5 days offline?

How can I be able to deny the transfer request then? Dont you understand?

You will be not able to give a guarantee that after some phone calls domain name is back.

at registerfly domain name will not be stolen if you are without internet for 5 days or even 5 months, locked or not no difference

moniker transfer policy makes domain hijacking possible

until moniker does not change transfer policy I have all reason to be angry or searching for revenge, its not just about me but all the other registrants with active names

registrants are at risk to get their domain stolen by monikers transfer requests and monte & co prefer to stay quiet about the subject

I dont like if somebody does not understand the serious situation.
We are at namepros, we have responsibility for all registrants that a domain cannot be stolen that easy. Yes we should help all eachother that moniker doesnt allow that any longer.

If monte would be really willing to help, fine.

Again its not just about me or my louzy domain tapert.com. We have to give safety back to domain owners.

 

[jberryhill]

4. "very explicit approval", LOL, What it helps you if you are just 5 days not on internet and you get email notification during that time.

Read the word "outbound" in what you are replying to, or work on your English.

How can I be able to deny the transfer request then? Dont you understand?

I understand quite well. You deny the transfer request by maintaining a lock on your domains at your current registrar. That not only prevents hi-jackings, but it also prevents inadvertent transfers due to an error. It doesn't matter whether Moniker issues a transfer request to the registry if your domain name is locked, and it doesn't matter what their notification email says.

YOU do not understand that. Explain why 1-4 above could not have happened here, and why you are so certain this was an intentional hi-jacking attempt. My point about "outbound" (look it up) transfer requests at Moniker was in the context of the reality that a lot of Moniker customers moved there because they have been the victims of hi-jackings in the past. Do you think that large registrants don't see a lot of mistakes, hi-jackings, and other strange things going on?

I have all reason to be angry or searching for revenge

Your character is your problem, and your behavior is unreasonable.

 

[mcahn]

schepperer,

Trust me, I am not staying quiet, just have not been back to this thread as I asked you to email me with the domain name in question, not post it back on this board. If you look at my post above, I asked for you to email me with the domain - you did not email me so I did not know that you were still posting about it.

Now that I have the domain, I have asked my staff to see why it was still left in the transfer out system and who it belonged to.

Just to clarify that domains are submitted by former owners all the time....especially large domain owners as they submit large lists and sometimes forget to remove them.

Although we cannot controll "attempted" hijackings to moniker, we certainly prevent them from moniker to other registrars by adding several levels of security to this process to prevent this. My bet this was just left on someones list and you are over-reacting.....especially since you did not even loose the domain.

In any case, I will let you and everyone know what the situation is once our transfer in system runs today with our report. As you can see, many know me and how our operation works. We are not out to get anyone upset and neither are our customers.

Thanks for the heads up - [email protected]

Mario - Also - your domain is not even locked:

Domain Name: TAPERT.COM
Registrar: TUCOWS INC.
Whois Server: whois.opensrs.net
Referral URL: http://domainhelp.tucows.com
Name Server: NS1.MYDOMAIN.COM
Name Server: NS2.MYDOMAIN.COM
Status: ACTIVE
Updated Date: 19-nov-2004
Creation Date: 19-nov-2004
Expiration Date: 19-nov-2005

leaving it open for theft by anyone. My advice is that you lock your domain immediately to protect it. Additionally, it is the responsibiliy of your registrar to help you protect your domains, not the gaining registrar.

I have just been informed this domain name was submitted for transfer by the previous owner and forgot to take the domain off their list when it expired. So my perception was correct.

If you would like higher security on your account and for your domains from this point on, I suggest you actually transfer them to Moniker.com. We have yet to have a domain theft - EVER.

Hope this clears this up for you Mario!

 

[schepperer]

To the key point:

If somebody doesnt notice your e-mail notification about a transfer request for 5 days, an active domain name is transferred anyway without current owner knowledge.

Registerfly doesnt allow that ( see notification links above)

Am I right or wrong?

 

[Dave_Z]

Mario/schepperer, no one begrudges you that at all. Most people definitely
share your concerns regarding safety to domain owners.

Now I understand (which I should've in the first place, no excuses) that your
domain name is not with Moniker: you got that email from your current domain
registrar.

until moniker does not change transfer policy I have all reason to be angry or searching for revenge, its not just about me but all the other registrants with active names

You're familiar with the new ICANN transfer policy, aren't you ? Just read it at
their site in case you aren't yet at http://www.icann.org/transfers/policy-12jul04.htm .

But this line will save you the trouble of searching for it:

Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default "approval" of the transfer.

So that's not Moniker's transfer policy or any registrar's policy for that matter.
Whoever your current registrar/Registrar of Record is has no choice but to
obey that rule.

But another detail bothers me: that means whoever initiated the request with
Moniker somehow confirmed it. I could be wrong, I don't know.

Now before venting your anger again at Moniker, if you read the policy, note
that the gaining registrar has to secure authorization somehow from the
"transfer contact" on record, be it the registrant or the admin contact based
on the WHOIS info. So assuming moniker indeed got confirmation, that means
they fully complied with ICANN's policy.

So some questions come to mind:

1. Didn't you get any email a few days before you got your current registrar's
auth email?

2. How was the transfer request confirmed first with Moniker before you got
your registrar's auth email?

3. Was your registrant or admin contact email changed anytime prior to you
getting the auth email?

4. If indeed the transfer request was confirmed but you didn't know anything
about it, whose email address was listed in WHOIS prior, again, to you getting
the auth email?

5. If yours was listed during that time, is there a chance it was compromised
or someone else has access to it?

Just an FYI, Mario: registrars are indeed under no obligation to tell you who
started the request if the transfer fails, especially if you're not their customer.
True, in a way, you deserve to know because it was your domain name that
got involved.

But because the transfer failed, and again because you're not a customer of
Moniker, Moniker doesn't have to tell you anything more. Nor does any other
registrar for that matter if you're not a customer of theirs, either.

Now it's also true you're entitled to your opinion that this could've been a
hijacking attempt. But hasn't it occurred to you that it could've been also a
typo mistake on the part of the one who started the request with the gaining
registrar?

Moreover, even if Monte did tell you who started the request, who's to really
know that person or org is indeed the one listed there? For all we know, it
could've been someone using another person's or org's info as well.

Welcome to the domain name world, Mario, where things are quite different,
unusual, and sometimes against common sense in the business world. But if
you take the time to learn more about how the domain name business works,
sometimes it helps the person to understand a little more.

Then again, I also read from somewhere the customer doesn't have to even
understand, much more care...

 

[mcahn]

Mario - I have also just been notified that you were in fact notified of this by our customer service team the day after you sent a message to us. You stated on this forum that we did not even contact you that we failed to respond, etc.

The point really is that you are not managing your domains by having them unlocked and not getting your emails and deciding to react rather than looking for the answers.

Hi,

Below is the e-mail we received on 1/20 regarding the issue and my response sent to him on 1/21 effectivedly closing the matter:


--------------------------------------------------------------------------------
From: Moniker.com Support [mailto:[email protected]]
Sent: Friday, January 21, 2005 3:14 PM
To: 'Mario Koch'
Subject: RE: tapert.com hijacking attempt



Dear Mr. Koch,

I hope this e-mail finds you well.

After researching the matter, it appears that the domain name tapert.com was provided to us in July 2004 for transfer by the previous owner of the domain name.

As the name was on LOCK at its current registrar and the previous owner never proceeded to UNLOCK the name, the transfer was never completed.

Therefore, it appears that the domain name expired, became available and was registerred new by you in November 2004. Since we were unaware of this occurrence, the transfer request for tapert.com remained in our transfer queue.

Now that you have contacted us and we have confirmed that the name was recently registerred and now belongs to you, we have since cancelled the transfer request.

We apologize to you for any inconvinience.

Sincerely,

Steven Le Vine
Customer Service Manager

Moniker.com
More Than A Name!
Phone:800-350-6923
Fax: (954) 969-9155
mailto:[email protected]

 

[Dave_Z]

To the key point:

If somebody doesnt notice your e-mail notification about a transfer request for 5 days, an active domain name is transferred anyway without current owner knowledge.

Registerfly doesnt allow that ( see notification links above)

Am I right or wrong?

Registerfly won't allow that as long as the domain name is locked. No registrar
will allow that, either.

BTW, as Monte pointed out based on your domain's WHOIS record, better
have your domain locked. And Monte's subsequent post apparently answered
some questions I have myself.

John, Monte, email sent. Thanks again, John, and my apologies, Monte. *sigh*

 

[schepperer]

Registerfly won't allow that as long as the domain name is locked. No registrar
will allow that, either.

BTW, as Monte pointed out based on your domain's WHOIS record, better
have your domain locked. And Monte's subsequent post apparently answered
some questions I have myself.

John, Monte, email sent. Thanks again, John, and my apologies, Monte. *sigh*

I talk about UNLOCKED domains which cannot be transferred away to requesting registrar registerfly (or whole enom registrars?).



Monte really really really I did never receive that mail from you.

So it was the chinese guy and it is not his fault then but monikers responsibility not taking the name off from routine!

registerfly, NSI and names4ever (here I know it) delete transfer requests 1 month after unsuccesful tries. I dont accept you try transfers for a half year.

I find it not usual that the domain stays since July 2004! or a half year in a transfer queue even without monitoring its status changes. Im pretty sure you handle a lot more name like this. You should overthink this procedure and also to not allow domains transfers without active acknowledging of the current registrant.

 

[jberryhill]

Monte really really really I did never receive that mail from you.

Mistakes happen. It may come as a shock to you.

What is interesting is that the only reason you have the domain name is the fact that the previous registrar wouldn't permit the transfer to Moniker.

 

[armstrong]

John, do you not find anything odd about Moniker's policy of keeping such a long transfer queue? Personally, I don't see how this policy can be justified. At enom, even before the new ICANN policy came out, transfer requests that fail are removed after a week; this is much more reasonable than keeping transfer requests alive (and waiting for the domain to be UNLOCKED) indefinitely.

 

[schepperer]

Im sorry that John does not understand the subject and tries attacking me instead monikers 6 month transfer queue and the we-move-your-domain-away-if-you-dont-check-your-mail-for-5-days business model.

What is interesting is that the only reason you have the domain name is the fact that the previous registrar wouldn't permit the transfer to Moniker.

No the only reason that I still have my domain is the fact that I denied actively the transfer request from moniker. Somebody who doesnt check his mail for 5 days for whatever reasons wont have that opportunity and domain name hijacking ends with success.

 

[smadison]

You're familiar with the new ICANN transfer policy, aren't you ? Just read it at
their site in case you aren't yet at http://www.icann.org/transfers/policy-12jul04.htm .

But this line will save you the trouble of searching for it:

[HIGHLIGHT]
Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default "approval" of the transfer.
​

[/HIGHLIGHT]

So that's not Moniker's transfer policy or any registrar's policy for that matter.
Whoever your current registrar/Registrar of Record is has no choice but to
obey that rule.

Dave, et al,

That's rather the point entirely, and I wholeheartedly concur with the topic of this thread, "Nov. 2004 Icann Rules An Invitation To Domain Hijacking."

ACK should never be the default, NACK should. If no response is received in 5 days, and the domain isn't locked down (or if someone has, say, broken into your NSI Account Manager and unlocked it...) then the default is to allow the transfer of the domain.

That's rubbish.

And yes, it is, granted, ICANN's rubbish, not the fault of any particular registrar.

 

[jberryhill]

Then what do you do with pool.com affiliates having $50 renewals and auto-nacking every transfer request?

The policy itself was a response to the problem of registrars who would simply never permit transfers. Where ICANN went wrong was not giving registrants access to the transfer dispute policy.

 

[AdoptableDomains]

To the key point:

If somebody doesnt notice your e-mail notification about a transfer request for 5 days, an active domain name is transferred anyway without current owner knowledge.

Registerfly doesnt allow that ( see notification links above)

Am I right or wrong?

Probably wrong. The new ICANN policy REQUIRES the losing registrar to transfer if the domain is no locked and no denial is sent in 5 days. They are many others still have response emails that are the same as before the policy changed. I would not put my too much trust in the wording of that email over the rules of ICANN. Especially since Registerfly is currently only a reseller of Enom, whose emails I last saw were also out of date, and who often changes policies without updating auto emails, help files, and FAQ's.

However, I do believe the Gaining registar is required to get acknowledgement before transferring the domain from the admin or registrant email of record on the domain. If I understand correctly, you would have to acknowledge this before it actually transferred, but NOT emails from the losing registrar.

I do think a transfer queue should be a limited amount of time however, and some intelligence should be built into the software to cancel it when a new create date occurs or when it hits pending delete status. I assume ICANN has no rules on this. With some registrars technically not droppping them, it could get harded to tell when they change ownership through abandonment.

 

[QBert]

Its my understanding that the gaining regester halsto receve some sort of confomashion from the admin via email i belete. This stops hijacking correct?

 

[jberryhill]

John, do you not find anything odd about Moniker's policy of keeping such a long transfer queue? Personally, I don't see how this policy can be justified.

Please read what I already wrote. One of my clients has been trying to unlock names from a variety of registrars for several months in order to consolidate its names at Moniker. Just one example of the nonsense we've been dealing with is a three-month battle with NSI to get them to unlock over 700 names that were there. It was bad enough dealing with NSI's string of broken promises to fix the situation without having to continually go back and re-submit transfer requests.

The continuing refrain here of "what Enom" or some other registrar does is a symptom of limited experience. There are now over 150 accredited registrars, and if you haven't spent time tracking down addressing transfer issues with some accredited moron who wrote a check to ICANN and now gets checks from Pool - and that is the extent of his knowledge of the domain name system - then you simply haven't lived.

Pool, and these sorts of registrars, would actually prefer that the domains you buy through them are not manageable. Some of these registrars actually don't have any mechanism for renewing names. So, you can't transfer them, and you can't renew them. The entire reason that tapert.com was dropped and registered by Schepperer here is that the prior registrant had the domain name stuck at one of these cheesy registrars and couldn't get it over to Moniker before it dropped.

Four months might be a long time, sure. I'm not running Moniker and I don't make their policy decisions. But huffing and puffing over it being "illegal" is way over the top here. Whether one considers a policy "odd" as you do is one thing. Ignoring your own email and claiming you weren't answered, and making continued unsupported accusations of criminal activity against another participant in this forum is another thing entirely.

Somebody who doesnt check his mail for 5 days for whatever reasons wont have that opportunity and domain name hijacking ends with success.

Someone who continually refers to a clerical error as a hijacking is incapable of learning, or of accepting that they may themselves be mistaken. One more time, no, if you lock your domains, they will not be transferred either by mistake or intentionally, and it does not matter what any other registrar's policy is. I've seen a lot of intentional domain hijackings, and they are not preceded by an opt-out email at all.

 

[mcahn]

Folks,

The transfer was put in the system by the customer. The customer is responsible for canceling or telling us to cancel the transfer request. The former customer actually does a pretty good job of notifying us when to cancel transfers....but not in this case. We do not let transfers stay in the system for 4 months as a general rule.

I think the important points here are that you should make sure your name is locked so you never have a chance of your domain being called without your authority and you did NOT loose this domain.

Also as John knows, we can help in getting many names out of both Pool and Snap regsitrars if anyone is stuck in that situation as well.

Monte

 

[schepperer]

Dont you feel that you run the marathon still backward?

Why I should lock my domains at a "variety of registrars" if it takes " several months" to get them unlocked again?

Dont you see you contradict yourself even in one post by recommending domain-locking?

namepros know that unlocking can be a mess and that active domains are at risk to be stolen or accidently taken away through registrars like monikers. Away is away and again not you or anybody can guarantee that you get your name back just after one or two phonecalls. (insert link for your unlocking probs)
John:


Yes in my eyes its not just unethical or problematic but illegal that a registrar tries again and again for 6 months (yes he said since july John!) by a routine to transfer a domain name away without monitoring the domain for whois changes and ignoring the fact that within 6 months a domain can change its status and owner several times. Its no excuse that the request came from a former domain owner.

I asked monte here several times to change his transfer policy but all answers were not really satisfying. Just explains and no yes this is wrong this will be changed answers which I expected.

A registrar has no right continously for 6 months to try to transfer domain names automatically by a routine away knowing domains can be hijacked if the 5 days rule grabs here and then. Yes I call it hijacking if a domain name is transferred without ACTIVE permission of the current owner.

John dont you get it?
35% of all domain names are unlocked most of owners dont know how domain locking works or what it means and never heard of it. It does not mean they have no rights. If you post here "lock your domains" these 35 % unlocked domain names wont be locked by tomorrow. Does it mean they should be at risk to lose their domains? Certainly no.

Everybody has right to ignore any emails as long he ever wants thats now something no illegal.

Everybody has right to ignore his emails without running at risk his domain name gets stolen. If its paid for a period long enough its also ok the registrant is offline for a year without the need of having bad dreams about possible domain hijacking. You ignore your emails? Its ok you have the right to do as long domain is paid and contact data are up to date.

That same rights have owners of unlocked or locked domains.


Oh Monte posted too:


Strongly disagree:

Customer should not be responsible for cancelling transfer requests!
And yes you MUST have a general rule to delete unsuccesful transfer jobs after a short period (1 month max.)

John says or you say "lock your domains" it wont lock all active domains by tomorrow or this year. (and you should pray that you never need to unlock it back, according to what John reported)

Owners of active domains have same rights that their domains cant be transferred away without an ACTIVE ACK.