Nov. 2004 Icann Rules An Invitation To Domain Hijacking

[schepperer]

Domain Hijacking? It can happen to anybody.

This one mail I received today:

" A request has been received to transfer the domain tapert.com away from the Registrar OpenSRS.
This request was entered at 20-JAN-2005 16:58:01 by Moniker Online Services, Inc"

"If we do not hear from you by Tue Jan 25 16:58:01 2005, the transfer will proceed."

wow

I declined of course by clicking the correct choice.

If you dont check your email for about 5 days there is pretty good chance your domain name will be stolen.

My request to moniker support about who tried to hijack my domain, oh wonder was unanswered.

I would say about 35% of domains remain unlocked and are at risk to be stolen.

I dont know who makes decisions at ICANN, these guys must be outsourced from a how-works-a-hairdryer call center.

In November ICANN opened the gates for such kind of criminal acts and nobody prevented them from doing so.

 

[schepperer]

To the key point:

If somebody doesnt notice your e-mail notification about a transfer request for 5 days, an active domain name is transferred anyway without current owner knowledge.

Registerfly doesnt allow that ( see notification links above)

Am I right or wrong?

 

[Dave_Z]

Mario/schepperer, no one begrudges you that at all. Most people definitely
share your concerns regarding safety to domain owners.

Now I understand (which I should've in the first place, no excuses) that your
domain name is not with Moniker: you got that email from your current domain
registrar.

until moniker does not change transfer policy I have all reason to be angry or searching for revenge, its not just about me but all the other registrants with active names

You're familiar with the new ICANN transfer policy, aren't you ? Just read it at
their site in case you aren't yet at http://www.icann.org/transfers/policy-12jul04.htm .

But this line will save you the trouble of searching for it:

Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default "approval" of the transfer.

So that's not Moniker's transfer policy or any registrar's policy for that matter.
Whoever your current registrar/Registrar of Record is has no choice but to
obey that rule.

But another detail bothers me: that means whoever initiated the request with
Moniker somehow confirmed it. I could be wrong, I don't know.

Now before venting your anger again at Moniker, if you read the policy, note
that the gaining registrar has to secure authorization somehow from the
"transfer contact" on record, be it the registrant or the admin contact based
on the WHOIS info. So assuming moniker indeed got confirmation, that means
they fully complied with ICANN's policy.

So some questions come to mind:

1. Didn't you get any email a few days before you got your current registrar's
auth email?

2. How was the transfer request confirmed first with Moniker before you got
your registrar's auth email?

3. Was your registrant or admin contact email changed anytime prior to you
getting the auth email?

4. If indeed the transfer request was confirmed but you didn't know anything
about it, whose email address was listed in WHOIS prior, again, to you getting
the auth email?

5. If yours was listed during that time, is there a chance it was compromised
or someone else has access to it?

Just an FYI, Mario: registrars are indeed under no obligation to tell you who
started the request if the transfer fails, especially if you're not their customer.
True, in a way, you deserve to know because it was your domain name that
got involved.

But because the transfer failed, and again because you're not a customer of
Moniker, Moniker doesn't have to tell you anything more. Nor does any other
registrar for that matter if you're not a customer of theirs, either.

Now it's also true you're entitled to your opinion that this could've been a
hijacking attempt. But hasn't it occurred to you that it could've been also a
typo mistake on the part of the one who started the request with the gaining
registrar?

Moreover, even if Monte did tell you who started the request, who's to really
know that person or org is indeed the one listed there? For all we know, it
could've been someone using another person's or org's info as well.

Welcome to the domain name world, Mario, where things are quite different,
unusual, and sometimes against common sense in the business world. But if
you take the time to learn more about how the domain name business works,
sometimes it helps the person to understand a little more.

Then again, I also read from somewhere the customer doesn't have to even
understand, much more care...

 

[mcahn]

Mario - I have also just been notified that you were in fact notified of this by our customer service team the day after you sent a message to us. You stated on this forum that we did not even contact you that we failed to respond, etc.

The point really is that you are not managing your domains by having them unlocked and not getting your emails and deciding to react rather than looking for the answers.

Hi,

Below is the e-mail we received on 1/20 regarding the issue and my response sent to him on 1/21 effectivedly closing the matter:


--------------------------------------------------------------------------------
From: Moniker.com Support [mailto:[email protected]]
Sent: Friday, January 21, 2005 3:14 PM
To: 'Mario Koch'
Subject: RE: tapert.com hijacking attempt



Dear Mr. Koch,

I hope this e-mail finds you well.

After researching the matter, it appears that the domain name tapert.com was provided to us in July 2004 for transfer by the previous owner of the domain name.

As the name was on LOCK at its current registrar and the previous owner never proceeded to UNLOCK the name, the transfer was never completed.

Therefore, it appears that the domain name expired, became available and was registerred new by you in November 2004. Since we were unaware of this occurrence, the transfer request for tapert.com remained in our transfer queue.

Now that you have contacted us and we have confirmed that the name was recently registerred and now belongs to you, we have since cancelled the transfer request.

We apologize to you for any inconvinience.

Sincerely,

Steven Le Vine
Customer Service Manager

Moniker.com
More Than A Name!
Phone:800-350-6923
Fax: (954) 969-9155
mailto:[email protected]

 

[Dave_Z]

To the key point:

If somebody doesnt notice your e-mail notification about a transfer request for 5 days, an active domain name is transferred anyway without current owner knowledge.

Registerfly doesnt allow that ( see notification links above)

Am I right or wrong?

Registerfly won't allow that as long as the domain name is locked. No registrar
will allow that, either.

BTW, as Monte pointed out based on your domain's WHOIS record, better
have your domain locked. And Monte's subsequent post apparently answered
some questions I have myself.

John, Monte, email sent. Thanks again, John, and my apologies, Monte. *sigh*

 

[schepperer]

Registerfly won't allow that as long as the domain name is locked. No registrar
will allow that, either.

BTW, as Monte pointed out based on your domain's WHOIS record, better
have your domain locked. And Monte's subsequent post apparently answered
some questions I have myself.

John, Monte, email sent. Thanks again, John, and my apologies, Monte. *sigh*

I talk about UNLOCKED domains which cannot be transferred away to requesting registrar registerfly (or whole enom registrars?).



Monte really really really I did never receive that mail from you.

So it was the chinese guy and it is not his fault then but monikers responsibility not taking the name off from routine!

registerfly, NSI and names4ever (here I know it) delete transfer requests 1 month after unsuccesful tries. I dont accept you try transfers for a half year.

I find it not usual that the domain stays since July 2004! or a half year in a transfer queue even without monitoring its status changes. Im pretty sure you handle a lot more name like this. You should overthink this procedure and also to not allow domains transfers without active acknowledging of the current registrant.

 

[jberryhill]

Monte really really really I did never receive that mail from you.

Mistakes happen. It may come as a shock to you.

What is interesting is that the only reason you have the domain name is the fact that the previous registrar wouldn't permit the transfer to Moniker.

 

[armstrong]

John, do you not find anything odd about Moniker's policy of keeping such a long transfer queue? Personally, I don't see how this policy can be justified. At enom, even before the new ICANN policy came out, transfer requests that fail are removed after a week; this is much more reasonable than keeping transfer requests alive (and waiting for the domain to be UNLOCKED) indefinitely.

 

[schepperer]

Im sorry that John does not understand the subject and tries attacking me instead monikers 6 month transfer queue and the we-move-your-domain-away-if-you-dont-check-your-mail-for-5-days business model.

What is interesting is that the only reason you have the domain name is the fact that the previous registrar wouldn't permit the transfer to Moniker.

No the only reason that I still have my domain is the fact that I denied actively the transfer request from moniker. Somebody who doesnt check his mail for 5 days for whatever reasons wont have that opportunity and domain name hijacking ends with success.

 

[smadison]

You're familiar with the new ICANN transfer policy, aren't you ? Just read it at
their site in case you aren't yet at http://www.icann.org/transfers/policy-12jul04.htm .

But this line will save you the trouble of searching for it:

[HIGHLIGHT]
Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default "approval" of the transfer.
​

[/HIGHLIGHT]

So that's not Moniker's transfer policy or any registrar's policy for that matter.
Whoever your current registrar/Registrar of Record is has no choice but to
obey that rule.

Dave, et al,

That's rather the point entirely, and I wholeheartedly concur with the topic of this thread, "Nov. 2004 Icann Rules An Invitation To Domain Hijacking."

ACK should never be the default, NACK should. If no response is received in 5 days, and the domain isn't locked down (or if someone has, say, broken into your NSI Account Manager and unlocked it...) then the default is to allow the transfer of the domain.

That's rubbish.

And yes, it is, granted, ICANN's rubbish, not the fault of any particular registrar.

 

[jberryhill]

Then what do you do with pool.com affiliates having $50 renewals and auto-nacking every transfer request?

The policy itself was a response to the problem of registrars who would simply never permit transfers. Where ICANN went wrong was not giving registrants access to the transfer dispute policy.

 

[AdoptableDomains]

To the key point:

If somebody doesnt notice your e-mail notification about a transfer request for 5 days, an active domain name is transferred anyway without current owner knowledge.

Registerfly doesnt allow that ( see notification links above)

Am I right or wrong?

Probably wrong. The new ICANN policy REQUIRES the losing registrar to transfer if the domain is no locked and no denial is sent in 5 days. They are many others still have response emails that are the same as before the policy changed. I would not put my too much trust in the wording of that email over the rules of ICANN. Especially since Registerfly is currently only a reseller of Enom, whose emails I last saw were also out of date, and who often changes policies without updating auto emails, help files, and FAQ's.

However, I do believe the Gaining registar is required to get acknowledgement before transferring the domain from the admin or registrant email of record on the domain. If I understand correctly, you would have to acknowledge this before it actually transferred, but NOT emails from the losing registrar.

I do think a transfer queue should be a limited amount of time however, and some intelligence should be built into the software to cancel it when a new create date occurs or when it hits pending delete status. I assume ICANN has no rules on this. With some registrars technically not droppping them, it could get harded to tell when they change ownership through abandonment.

 

[QBert]

Its my understanding that the gaining regester halsto receve some sort of confomashion from the admin via email i belete. This stops hijacking correct?

 

[jberryhill]

John, do you not find anything odd about Moniker's policy of keeping such a long transfer queue? Personally, I don't see how this policy can be justified.

Please read what I already wrote. One of my clients has been trying to unlock names from a variety of registrars for several months in order to consolidate its names at Moniker. Just one example of the nonsense we've been dealing with is a three-month battle with NSI to get them to unlock over 700 names that were there. It was bad enough dealing with NSI's string of broken promises to fix the situation without having to continually go back and re-submit transfer requests.

The continuing refrain here of "what Enom" or some other registrar does is a symptom of limited experience. There are now over 150 accredited registrars, and if you haven't spent time tracking down addressing transfer issues with some accredited moron who wrote a check to ICANN and now gets checks from Pool - and that is the extent of his knowledge of the domain name system - then you simply haven't lived.

Pool, and these sorts of registrars, would actually prefer that the domains you buy through them are not manageable. Some of these registrars actually don't have any mechanism for renewing names. So, you can't transfer them, and you can't renew them. The entire reason that tapert.com was dropped and registered by Schepperer here is that the prior registrant had the domain name stuck at one of these cheesy registrars and couldn't get it over to Moniker before it dropped.

Four months might be a long time, sure. I'm not running Moniker and I don't make their policy decisions. But huffing and puffing over it being "illegal" is way over the top here. Whether one considers a policy "odd" as you do is one thing. Ignoring your own email and claiming you weren't answered, and making continued unsupported accusations of criminal activity against another participant in this forum is another thing entirely.

Somebody who doesnt check his mail for 5 days for whatever reasons wont have that opportunity and domain name hijacking ends with success.

Someone who continually refers to a clerical error as a hijacking is incapable of learning, or of accepting that they may themselves be mistaken. One more time, no, if you lock your domains, they will not be transferred either by mistake or intentionally, and it does not matter what any other registrar's policy is. I've seen a lot of intentional domain hijackings, and they are not preceded by an opt-out email at all.

 

[mcahn]

Folks,

The transfer was put in the system by the customer. The customer is responsible for canceling or telling us to cancel the transfer request. The former customer actually does a pretty good job of notifying us when to cancel transfers....but not in this case. We do not let transfers stay in the system for 4 months as a general rule.

I think the important points here are that you should make sure your name is locked so you never have a chance of your domain being called without your authority and you did NOT loose this domain.

Also as John knows, we can help in getting many names out of both Pool and Snap regsitrars if anyone is stuck in that situation as well.

Monte

 

[schepperer]

Dont you feel that you run the marathon still backward?

Why I should lock my domains at a "variety of registrars" if it takes " several months" to get them unlocked again?

Dont you see you contradict yourself even in one post by recommending domain-locking?

namepros know that unlocking can be a mess and that active domains are at risk to be stolen or accidently taken away through registrars like monikers. Away is away and again not you or anybody can guarantee that you get your name back just after one or two phonecalls. (insert link for your unlocking probs)
John:


Yes in my eyes its not just unethical or problematic but illegal that a registrar tries again and again for 6 months (yes he said since july John!) by a routine to transfer a domain name away without monitoring the domain for whois changes and ignoring the fact that within 6 months a domain can change its status and owner several times. Its no excuse that the request came from a former domain owner.

I asked monte here several times to change his transfer policy but all answers were not really satisfying. Just explains and no yes this is wrong this will be changed answers which I expected.

A registrar has no right continously for 6 months to try to transfer domain names automatically by a routine away knowing domains can be hijacked if the 5 days rule grabs here and then. Yes I call it hijacking if a domain name is transferred without ACTIVE permission of the current owner.

John dont you get it?
35% of all domain names are unlocked most of owners dont know how domain locking works or what it means and never heard of it. It does not mean they have no rights. If you post here "lock your domains" these 35 % unlocked domain names wont be locked by tomorrow. Does it mean they should be at risk to lose their domains? Certainly no.

Everybody has right to ignore any emails as long he ever wants thats now something no illegal.

Everybody has right to ignore his emails without running at risk his domain name gets stolen. If its paid for a period long enough its also ok the registrant is offline for a year without the need of having bad dreams about possible domain hijacking. You ignore your emails? Its ok you have the right to do as long domain is paid and contact data are up to date.

That same rights have owners of unlocked or locked domains.


Oh Monte posted too:


Strongly disagree:

Customer should not be responsible for cancelling transfer requests!
And yes you MUST have a general rule to delete unsuccesful transfer jobs after a short period (1 month max.)

John says or you say "lock your domains" it wont lock all active domains by tomorrow or this year. (and you should pray that you never need to unlock it back, according to what John reported)

Owners of active domains have same rights that their domains cant be transferred away without an ACTIVE ACK.

 

[jberryhill]

And yes you MUST have a general rule to delete unsuccesful transfer jobs after a short period (1 month max.)

And this imaginary law makes it illegal at 1 month + 1 day, or does this imaginary law set a different limit? On what day does it become "illegal" according to this law?

Unlocking names at some registrars is difficult because some registrars do not follow the rules. If you are so incredibly happy with Registerfly, then go ahead and lock your names. You are intentionally attempting to confuse the fact that Moniker keeps trying transfers because it is extremely difficult to unlock names which are at non-compliant registrars.

Now, duh, if you think about that for a minute, you don't have to lock your names which are at registrars that refuse to unlock names.

Owners of active domains have same rights that their domains cant be transferred away without an ACTIVE ACK.

I believe we have made our opinions of reality clear, and that any interested readers can go read the ICANN policy.

 

[Dave_Z]

Why I should lock my domains at a "variety of registrars" if it takes " several months" to get them unlocked again?

Then may I suggest using a single registrar that lets you unlock your domain
in real time? I don't really know about Moniker's, but I think it is, though only
Monte or any of Moniker's users can say.

Also, despite unlocking it at the registrar, it takes time until it reflects it's no
longer locked at the registry level.

active domains are at risk to be stolen or accidently taken away through registrars like monikers.

Remember, the gaining registrar must secure authorization first. The
request to transfer won't go thru unless that first part is hurdled successfully.

And if the domain's unlocked at its current registrar, then the likelihood of it
being stolen or accidentally taken away becomes strong.

Just remember those two vital details and your domain/s will be fine.

BTW, tapert is still active. How come it's not locked yet?

35% of all domain names are unlocked

Where'd you get that figure?

Everybody has right to ignore his emails without running at risk his domain name gets stolen.

True. But it's also everyone's right to keep abreast of developments going on.
It's called "progress", however beautiful or ugly it may be in the eye of the
beholder.

If its paid for a period long enough its also ok the registrant is offline for a year without the need of having bad dreams about possible domain hijacking.

Unfortunately this is the reality each and every domain name must be aware
of. No one has to like it, but everyone should know anyway.

A bit off-topic, but the tsunami that occured months back is a reality no one
wanted, either. Every hurricane, earthquake, genocide etc. is a reality no one
wants, but we should still be aware of them and be prepared, if possible.

Boy scouts' motto, schepperer: always be prepared.

You ignore your emails? Its ok you have the right to do as long domain is paid and contact data are up to date.

You don't even know half of it. Tell that to those who have their domains
registered thru a hosting provider or a webmaster and they register it under
their own names instead of their respective clients.

Owners of active domains have same rights that their domains cant be transferred away without an ACTIVE ACK.

Now this part is best placed at ICANN's transfer policy feedback site:
http://icann.org/announcements/announcement-12jan05.htm. Have a go!

 

[mole]

Unlocking names can be very tricky on certain account control panels that work funny. Best way is to contact support and ask them to do it for you.

I agree that the new ICANN policy is a bit of good, and bad, depending on which registrar you are talking about.

I've learnt to treat domain transfers as a game of successfully getting that Princess out of the House Of Hades. Keeps me amused and lowers my blood pressure.

 

[Dave_Z]

I've learnt to treat domain transfers as a game of successfully getting that Princess out of the House Of Hades. Keeps me amused and lowers my blood pressure.

If your Princess is named Eurydice, make sure not to look back at her when
you're almost out. :D

 

[mcahn]

Mario,

Registerfly is not even an ICANN Accredited Registrar so they may not be following ICANN policy anyway.

BTW, your domain is STILL NOT LOCKED!

Lock your domain to protect it or move it here to Moniker.com and we will do it for you!

Domain Name: TAPERT.COM
Registrar: TUCOWS INC.
Whois Server: whois.opensrs.net
Referral URL: http://domainhelp.tucows.com
Name Server: NS1.MYDOMAIN.COM
Name Server: NS2.MYDOMAIN.COM
Status: ACTIVE
Updated Date: 19-nov-2004
Creation Date: 19-nov-2004
Expiration Date: 19-nov-2005

 

[jberryhill]

Lock your domain to protect it or move it here to Moniker.com and we will do it for you!

Naw... I'll move it to Moniker "for" him.

(Just kidding, Schep... put the knife down)

 

[schepperer]

registerfly dont initiate transfer aways without ACK so they do well being out of the ICANNOT gang and stay on the we-dont-hijack and dont transfer-typo-errors-domains side. Thats the side I prefer. Im pretty sure I wont sell tapert.com and also in unlocked mode it will be save at registerfly then. Thats the deciding difference to moniker.

Monte:

I missed your statement to your 6months-to-unlimited transfer queue handling and that a domain stays in queue until customer tells you to delete.

Do you leave it like it is or what are you going to change?

We await your post.

 

[jberryhill]

Keep asking for six months.

 

[mcahn]

we typically do not leave domains in the transfer out system like we did this domain...but that does not matter. The customer is in charge of cancelling that transfer and this customer rarely submits a domain that does not come over. The reason is that our transfer in system (unlike any I have seen) actually calls for the domain every day until cancelled. So, if you win a domain from pool or snap, you can call for your domain to transfer on the first day you catch it. On the 61st day, the domains usually come over automatically. That is what our customers love about leaving in the system. Generally, they eventually come over.

In this case, their former registrar allowed the domain to expire then delete even thought it was being called for every day. You only have this domain because of a mistake/error by the former owner's registrar - isn't that Ironic to you??

But John is right....keep asking...

 

[AdoptableDomains]

registerfly dont initiate transfer aways without ACK so they do well being out of the ICANNOT gang and stay on the we-dont-hijack and dont transfer-typo-errors-domains side. Thats the side I prefer. Im pretty sure I wont sell tapert.com and also in unlocked mode it will be save at registerfly then. Thats the deciding difference to moniker.

That may be what the email said, but I wouldn't bet on it. Registerfly's back end is just Enom. I have nothing against RF, I have about 800 domains there. Even though they have one of the best management interfaces in the industry, don't believe everything you read or see, as they do have their share of problems just like most other registrars, and more often large resellers accesssing the registrar via API's.

Locking your domains IS good advice.