New Rules Make Domain Hijacking Easier
Tanktalus writes "Netcraft seems to have a little ditty about new rules from ICANN that take effect on Friday making it easier to hijack domain names. Essentially, if someone tries to take your domain, and you don't answer within 5 days, they now assume you are okay with the transfer. Previously, the default answer was no, and you had to explicitly state your acceptance of the domain transfer. Owners of small domains, beware: no more computerless vacations that last more than 4 days at a time!"
You can also rest easy since the registrar originating the transfer is required to validate the request with the current registrant, using the information in whois, and get an affirmative resposne from them before even initiating the transfer. All this new policy does it set out the reasons why a losing registrar can deny an outgoing transfer. In domain transfers, since the registry/registrar split happened, the gaining registrar has ALWAYS been responsible for validating the transfer request with the proper registrant, and not assume that the data given in a transfer order is corrent. The article is not thorough or complete in explaing what is really happening here.
I used to work on that support floor. Its not all that great if you don't want to buy something from them. Their support ethics were getting worse and worse everyday I worked there.
Subject: From the Honorable Janissary Robert M. Jacobson
Hello sirs,
Writing this letter comes at a times of great anguishes to my community. We have obtained funds in the amount of US$3,000,000 from the Nigerian government, after the passing of Prince Montebu Wilson, to whom we are the singlest heirs. However, due to political difficulties we are unable to secure the actual cash moneys ourselves. We require your assistance, for which we would thankfully provide a commission of $500,000 for your troubles. In order for this transaction to be completed, we hereby requests that your domain, www.coolinternetstuffthatisgreatandfun.com, be transferred to us immediately. Lack of action will be assumed as an affirmative response after five days.
Do YOU ever read more than a few words into those?
-- I prefer the term "karma escort."
The scary thing isn't for people who don't notice the letter - it's for people who don't have the correct contact information to begin with. If you gave incorrect details when you registered the domain, it can be taken by anyone that puts their mind to it.
I don't think for a minute that they haven't considered this - it looks like a deliberate move against people who don't want to tell the world who they are. ICANN would love to force these people to list their details.
Addendum:
Registrar-Lock (domain "locking") offers ZERO protection in regards to one's domain possibly being suspended / deleted due to a "Whois Problem Report" merely being filed.
I have strong recommendations for Joker. I know a lot of this comes standard with a lot of places, but lemme list the talking points: Cheap ($~12), good support, free nameservers, easy administration interface, and if you use their nameservers they'll let you use their MX forwarding, and if you do, you can use their spam filters. I have a lot of clients who have never heard of a DNS entry much less the process for domain administration, and none of them has ever had issue with using their site to create and use an account.
I suppose my one catch is, they seem to be somewhat Euro-centric (this, of course coming from my US-centric mind), so some of my new users are confused by if they need to pay VAT, or why some of the transfer processes are bound by German (I think) telecom laws designed to protect the consumer (e.g., for one action on a domain, you used to be required to sign a form and fax it to them). It works out well, though, since they protect the user from any sort of fudgery as mentioned above.. like five day steals.