Slashdot Mirror
New Rules Make Domain Hijacking Easier
Tanktalus writes "Netcraft seems to have a little ditty about new rules from ICANN that take effect on Friday making it easier to hijack domain names. Essentially, if someone tries to take your domain, and you don't answer within 5 days, they now assume you are okay with the transfer. Previously, the default answer was no, and you had to explicitly state your acceptance of the domain transfer. Owners of small domains, beware: no more computerless vacations that last more than 4 days at a time!"
someone give me a sample of the email notice and I'll whip up 4 lines of perl to take care of that.
The upside is this will all end after the first lawsuit against ICANN.
Which should be in about 7 days.
I realize that the primary use of tracking graphics is for spam, but wouldn't something like that be useful here?
If someone is unable to read the email in a way that loads the tracking image, then the server can just assume that the email was never received. Once the image has been downloaded, the request countdown can begin at T-minus 5 days.
This wouldn't even affect pico mail users because the image wouldn't load in the first place, thus the countdown would never begin. If they receive the email, they can always respond, even if the tracking image does not get loaded and the countdown does not get started.
I swear to god, as soon as some huge website run by billionaires gets its domain transferred out from under them, heads will roll and this assinine "rule" will get changed.
Or perhaps someone at icann.org is asleep at the switch themselves? (hint hint)
Of course, I just doublechecked that warrenernst.com has the correct contact info. ;-)
I switched to GoDaddy for this exact reason. They also happen to have great 24/7 phone support unlike my previous very, very,crappy registrar.
Who is General Failure, and why is he reading my hard disk?
I'm not bothered by this. I never had any faith in ICANN in the first place. They seem to be good for nothing except taking expensive vacations.
More importantly than the crap ICANN spews is your choice of a registrar. At least once a month, I end up in a wrestling match over a client-domain that is being held hostage by a fly-by-night, cheapie registrar. The latest happened about two weeks ago where this dumbass registrar decided to deactivate domains a month before they were set to expire if they weren't renewed. ICANN has done nothing to crack down on unethical registrar behavior. They're good for NOTHING.
Choose a solid registrar that has a good track record. My choice is Dotster, but even NSI is better than most of the crap registrars out there. Friends don't let friends get held hostage by $4.95 domain registrars.
Was that your idea, or theirs? :-)
sigs, as if you care.
I've got upwards of 45 domains at godaddy, and have never received a single "spam" from them.
Registering a domain name at the same ISP who is hosting the website, etc., is a VERY bad idea. It makes it REALLY difficult to switch to a different hosting ISP. It may be convenient to do such things for little throwaway domains like "thesmithfamily.com" but for anything important you want to use a real registrar so that you are not locked in.
From the usual shitfights I've gone through trying to get a domain transferred even though I own it.
Network solutions has an outdated email address listed for the admin and technical contact, and in order for you to change it the require faxed copies of a passport, credit card, finger prints, a 500ml sample of your blood and any children or pets you might have as hostages.
2 years and several attempts later and, although they occassionally manage to transfer the domain OK, the email address is still fricken wrong. These new ICANN rules could make my life much easier next time we change ISPs.
:wq
Why don't thousands of us request a transfer of their domain so that they couldn't possibly respond to all of us.
Done.
I agree about the tons of ads in GoDaddy, but it's bad only while you're checking out stuff (so unless you buy domains on a daily basis you should be fine). Never got any spam from them either, their service (including helping out with a borked transfer from Netsol) has been excellent, and their automated interface is very good, unlike (say) Register.com which charges a bundle but has one of the lousiest web faces I know.
Well, I can see the convenience in this. At least 99% of the mail you are blocking is no doubt spam. However, there are reasons for having contact information available publicly and (painful though it is) I would spend 5 minutes a week deleting the spam, or filter with Spam Assassin, rather than take the risk of losing legitimate emails.
First, the current registrar must approve a transfer of domain without obtaining the registrant's approval. This is contrary to common sense. If the purpose is to stop registrars from unreasonably holding domain names, then the appropriate response is to require the current registrar to approve a transfer request when the registrant has approved it. If the registrant approves, and the current registrar rejects, that's an appropriate cause for complaint.
After all, isn't it more important to protect existing domains from unscrupulous transfers, than to prevent rogue registrars from accepting legitimate transfers? I may have one legitimate reason to move my domain from one registrar to another but there are a large number of scammers who would gladly capture my domain for fraud or other purposes.
It's a bit ridiculous that every registrar should be forced to implement a locking function, and every domain holder should be forced to lock every domain, all at once, in order to protect themselves from fraud.
Secondly, the "unlock" action required prior to a legitimate transfer opens a window of time in which a domain can be stolen - in programming parlance, a race condition. It's a problem with the protocol.
Just the other day I transferred several domains from Joker to GoDaddy. Joker isn't very easy to deal with, and GoDaddy is cheaper, so I decided to move the Joker ones to GoDaddy.
When I jumped through the Joker hoops to tell them that I wanted to transfer my domain name, they opened a "transfer window". I was shocked when they said that, during the transfer window, _any_ registrar could grab my domain. Not just GoDaddy. Not just me. Any user of any other registrar could have issued a transfer request for my domain name, through their registrar to Joker, and Joker would have accepted it, if the request arrived before my legitimate request from GoDaddy. Indeed, any user of GoDaddy could have done the same thing, because there's nothing in the request itself to say that it was me who instigated that request.
What happened to the good old days when a request for a transfer resulted in an email from my registrar to me, asking for my approval. If I approve, the transfer will go through. If I'm not there or indisposed, overseas or not reading my email, then the transfer will not happen.
their little red wagon can be fixed easily.
time to have someone start jacking big domains like google, microsoft, ibm, etc...
I'm thinking that getting ICANN sued into a pile of dust by some big guns would solve this problem in a hurry.
This is the Litigation Age, Let's use it to our advantage.
Do not look at laser with remaining good eye.
Ah, wonderful. Now if, say, someone starts sending out spam with your domain, I can't contact you to tell you about it.
Twit.
Why, just think if all the spamhauses did this. It's a valid email address,and mail from a registrar will get through, but no one can contact them to complain via email.