Lock your domain names, now.


ICANN is implementing a policy where domains will automatically be transferred if the registrant fails to negate the transfer and the gaining registrar authorizes it. Basically this makes it easier to hijack domain names if you are not paying very close attention.

http://www.icann.org/transfers/policy-12jul04.htm

All answers from webpage above.

Who can authorize?

The Administrative Contact and the Registered Name Holder, as listed in the Losing Registrar's or applicable Registry's (where available) publicly accessible WHOIS service are the only parties that have the authority to approve or deny a transfer request to the Gaining Registrar. In the event of a dispute, the Registered Name Holder's authority supersedes that of the Administrative Contact.

Registrars may use Whois data from either the Registrar of Record or the relevant Registry for the purpose of verifying the authenticity of a transfer request; or from another data source as determined by a consensus policy.




How can they transfer my domain away?
Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default "approval" of the transfer.






This is a very scary policy and it hsa been highly recommended by many resellers and registrars that you lock ALL your domain names unless you are transferring them.

Great Post, Kevin.

This is important information... can you make this into a sticky for the next month or so?

Very scary new policy. I hope it gets changed to something more logical. I mean... even if you lock all your domains, as advised, what if you unlock a domain to transfer it, isnt there a slim window of opportunity presented to someone who may be monitoring your domain?

i moved ALL of my domains to one registrar and locked them, so hopefully this will prevent the need for transfers. And hopefully any domain names I buy in the future are all there as well :)

Originally posted by kohashi
i moved ALL of my domains to one registrar and locked them, so hopefully this will prevent the need for transfers. And hopefully any domain names I buy in the future are all there as well :)

ditto! I have been doing this over the past 3 months myself.

Its pretty bad when we have to keep all of our eggs into one basket to feel safe...

Originally posted by ericv8
Its pretty bad when we have to keep all of our eggs into one basket to feel safe...

Indeed, but make the best of a bad situation. Choose the registrar who you think will treat you best and do their best to protect you. And do it QUICK. I only managed to finish transferring all my domains a couple days ago.

Originally posted by ericv8
Very scary new policy. I hope it gets changed to something more logical. I mean... even if you lock all your domains, as advised, what if you unlock a domain to transfer it, isnt there a slim window of opportunity presented to someone who may be monitoring your domain?

Especially if someone devised a script to first continually check if
the name is unlocked, then strike! :eek:

Seriously, there has GOT to be a better way. Amazing that ICANN cannot see these possibilities. Let's hope this works better in practice than it sounds like it could.

I have a question sometimes transferring domain to eNom fails to collect whois information from Uwhois and don't send out verification email. Similarly Directi sometimes has issue in picking up whois admin email address and continuously tries to pick up whois contact information every few hours, as reported by the system.

If I issue a transfer request and authorize it from gaining registrar and Directi fails to retrieve whois email address and ultimately fails to send authorization email to the registrant email , the domain would still transfer after November 12th ?

We just locked down our own domains, among a few other personal ones.

Thankfully Dotster offers this free of charge and it's a simple procedure through their control panel. (I've always been a bit fan of their system, especially right now).

As far as ICANN goes I've exhausted my 'potty mouth' to my wife who alerted me of this. But in the end, all I can say is, "What the f*ck is ICANN thinking?"

We have customers who I know don't check their e-mail for a week or more at a time, and they're put a five day limit on their response to a domain transfer??

Stupidity of the highest order...

Situations like this sure make me thankful for the global/bulk edit feature. For those of us who have a lot of names, having to do each name individually would be a real pain. I agree that this seems to be a step backwards in security, and find it very unsettling.

I can't help but think this decicion will not last long ;)

Are you guys sure that if Admin doesn't respond then also it'll be transferred away?

Seems Directi have updated their Transfer procedure based on the new ICANN rulings http://www.logicboxes.com/sample/mails/foa-auth-12jul04.htm

but it clearly mentions:
(Note: If you do not respond by <date>, <domain name> will not be transferred to us)

oops that was for Transfer-In to Directi case.

for Transfer-Out from Directi :
http://www.logicboxes.com/sample/mails/foa-conf-12jul04.htm

its mentions-
If we do not hear from you by <insert date>, the transfer will proceed.

But then according to this the Gaining Registrar must get confirmation from the Domain Admin.

So still its ok as far as i think.

mewcat,
the way it is now, most places require you to authorize with losing registrar and gaining registrar. Taking away one of those checks is lessening the security, wouldn't you agree?

The rules don't remove anything that's currently in place. What it
did was add a "work around" to the current process.

While the gaining registrar still has the "first burden" of gaining
confirmation from the contacts on record, what if that registrar
requires it only by fax, then notifies the Registry and the Registry
notifies the losing registrar in turn?

One of the nice things about Domainmonger (and presumably all OpenSRS registrars) is the ability to "select all" domains and regisrar lock them all with one click. I'm glad I consolidated all domains I manage in one place a long time ago.

consolidation does seem like a good idea now.

if the registrar has an expected (standard) email response for a customer to deny a domain transfer, I wonder if setting the contact email acount to auto-respond with the "standard denial verbiage" might be an ok thing to do (not paranoid?).

also, this new procedure may increase the value of private whois options. meaning, how could a gaining registrar claim they had contacted you, if they could not have.

Originally posted by Gen-T
Situations like this sure make me thankful for the global/bulk edit feature. For those of us who have a lot of names, having to do each name individually would be a real pain. I agree that this seems to be a step backwards in security, and find it very unsettling.

You are right.... but now I'm having problems using this feature at enom... Hopefully they resolve this soon.

Originally posted by zoli
You are right.... but now I'm having problems using this feature at enom... Hopefully they resolve this soon.

could be due to the huge volume of people doing this? I did mine a week ago without a problem.

It could be... I don't even bother them with a ticket... hopefully I will resolve this tommorrow morning CET when all you guys from US are sleeping... (well, not exactly all but most of you). :)

Only a few hours left before the rules take effect. Whatever
happens, I love you guys. :D

Originally posted by akashik
We have customers who I know don't check their e-mail for a week or more at a time, and they're put a five day limit on their response to a domain transfer??
What about those who hide their identity and info behind a domain proxy service? I would imagine having an intermediary could further delay notifications. (?)

Originally posted by davezan
Only a few hours left before the rules take effect. Whatever
happens, I love you guys. LOL :D

I was wondering whether eNom is delaying transfers until this change goes into effect. Normally when I put in a transfer request with them, I get a confirmation email within two hours.

On Tues, I was trying to circle the wagons and consolidate my domains in one place. So, I put through a bunch of transfers with eNom to transfer from various registrars. Mysteriously, they are reporting: "Unable to retrieve current domain contacts from UWhois"

Hmmm... I've never gotten that error before. And all the Whois contact information comes up perfect for me at Uwhois.com and Whois.sc. It is ALL correct. :confused:

I guess I'll just wait it out to see what happens until tomorrow.

Good Luck, All ;) ... Time to "Lock" and Load :D

Originally posted by 4solutions
Time to "Lock" and Load :D
Time to lock and load
Time to get control
Time to search the soul
And start again

...Bob Seger (It's A Mystery, 1995)

Seemed appropriate ;)

Originally posted by ericv8
What about those who hide their identity and info behind a domain proxy service? I would imagine having an intermediary could further delay notifications. (?)

That's just for show. The registrar will still send the auth email to
either the registrant or admin email in their internal records,
whoever they see fit to send to.

Originally posted by ericv8
Time to lock and load
Time to get control
Time to search the soul
And start again

...Bob Seger (It's A Mystery, 1995)

Seemed appropriate ;)

I second that! :D

Originally posted by davezan
Only a few hours left before the rules take effect. Whatever
happens, I love you guys. :D
LOL Dave, you knucklehead. :love: :D

By the way guys, RegisterFly has done away with the bulk feature for domain locking, but if you have a lot of names, you can submit a ticket asking them to lock them all for you, so you won't have to do each name individually. They just did mine for me. :)

This is just totally moronic...someone needs to give those guys heads over at ICANN a shake.

I suspect this was done to prevent domain registration hijacking by the likes of ItsYourDomain.com and DomainsNext.com, who as losing registrars require a notarized letter, copy of your original credit card, and a fee to transfer your domains out.

Originally posted by fshagan
I suspect this was done to prevent domain registration hijacking by the likes of ItsYourDomain.com and DomainsNext.com, who as losing registrars require a notarized letter, copy of your original credit card, and a fee to transfer your domains out.

BINGO!

********************
From GoDaddy.com
********************

Dear Valued Go Daddy Customer,

Effective November 12, 2004, the Internet Corporation for Assigned Names and Numbers (ICANN) will institute a new transfer policy for all accredited domain name service providers.

The previous ICANN policy allowed us to deny requests to transfer your domain names to another registrar unless you explicitly confirmed to us your intent to transfer. The new ICANN policy removes that protection. Starting November 12, when we receive a request to transfer your domain name to a new registrar, we will still attempt to contact you to confirm that you authorized the request. However, if you do not respond, or are not able to respond within 5 days, your domain name WILL be transferred.
********************
Domain Hijacking news from NetCraft

http://news.netcraft.com/archives/2004/11/09/domain_transfers_and_hijackings_to_become_easier.html

"Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default 'approval' of the transfer," the new rules state. :eek:
********************

To review the new ICANN transfer policy, please visit: http://www.icann.org/transfers/policy-12jul04.htm

All I can say is, WTF? :angry:

I guess its to try and stop all these companies holding onto domains when a client wants to transfer it.

guys who are having problem transferring domains out from registrars like totalnic are gonna warmly welcome the ICANN new transfer policy, and it might be interesting to see how ICANN, registries and registrars alike will handle the sure to increase domain registrar transfer disputes.

ICANN is trying to make it convenient for domain holders to transfer domains as they wish, but as most domain holders register their domains through resellers this could cause serious problems between the resellers and domain holders. Who should have right to approve or reject a domain transfer would be the key, ICANN only recognize the one listed as the admin or registrant on the losing registrar's whois database.

I guess its to try and stop all these companies holding onto domains when a client wants to transfer it.


or ICANN found an alternate way to replace WLS. A much much better way.

gaining registrar is resposible about authenticating the administative/registrant contacts.

yet most resellers/hosting companies uses their email in this field which is totally wrong.

customer's info should be there... its a matter of educating the customers after all.

Bashar, you are absolutely right, and I am sure that with the new transfer policy coming out more and more domain resellers will change the admin and registrant info of their customers' domains to be theirs, so that they would have peace of mind that the domains won't be transferred out, that in turn, will bring more disputes to the domain community.

Originally posted by Gary111
Bashar, you are absolutely right, and I am sure that with the new transfer policy coming out more and more domain resellers will change the admin and registrant info of their customers' domains to be theirs, so that they would have peace of mind that the domains won't be transferred out, that in turn, will bring more disputes to the domain community.

That is what I am afraid of, I have a client that has had his domain reverse hijacked for 2 years, maybe now we can get it out, his is the registered owner name and all the other names too, but names4ever wouldn't transfer it because he couldn't respond to the email address that he couldn't remember the password for, they relied on the reseller (a local that was mad he changed hosting providers) for what to do about the transfer we had tried at that time.

Originally posted by kloch
One of the nice things about Domainmonger (and presumably all OpenSRS registrars) is the ability to "select all" domains and regisrar lock them all with one click. I'm glad I consolidated all domains I manage in one place a long time ago.

Godaddy also has the same feature, Just FYI.

oh this is so confusing , what if there is email communication issue ??

Let’s say I have a domain is unlocked and somebody making the transfer request but due to email communication error, I am not getting the email from the new register transfer request, will I still loose the domain after 5 days of the original request from somebody else??

Yes you will still loose the domain if a transer request is made and you haven't received it to decline. I am still not sure about one situation when transfer request was made before the domain is locked, what might happen then?

From google I found out that if transfer request is made and domain is locked later lets say 2 days after the request and pending; domain will still get transferred. Is it true?

Does anyone know for sure that "registrar lock" will prevent the
transfer under all circumstances?

And, what is to stop the predatory registrars from locking
and not allowing you to unlock them?

Originally posted by kloch
Does anyone know for sure that "registrar lock" will prevent the
transfer under all circumstances?

And, what is to stop the predatory registrars from locking
and not allowing you to unlock them?

nothing. The system is flawed as it is, this just makes it more vulnerable, it doesn't fix many things, but it does fix some (if you need to get out of a bad registrar that doesn't lock a domain in).

Originally posted by kloch
Does anyone know for sure that "registrar lock" will prevent the
transfer under all circumstances?

Ideally, at the very least, registrar-lock prevents the domain name
registration from transferring from registrar to another.

Originally posted by kloch

And, what is to stop the predatory registrars from locking
and not allowing you to unlock them?

Nothing in this world takes the place of persistence. ;)

Originally posted by UH-Matt
I guess its to try and stop all these companies holding onto domains when a client wants to transfer it.

There has to be another reason, I am sure ICANN could simply say that it prohibits registars from holding or charging a fee when the owner requests to transfer it out instead.

I dunno, whatever the reason is. I am sure there is gonna be a few people that will try to take advantage of this

Until you're held hostage by one of these "domain jailers" you will never know the frustration of having transfer request after transfer request denied for NO reason or some made-up reason.

ICANN needed to do something, but only time will tell if this was the right response by them to solve what was a growing problem.

From ICANN:

Instances when the requested change of Registrar may not be denied include, but are not limited to:

Domain name in Registrar Lock Status, unless the Registered Name Holder is provided with the reasonable opportunity and ability to unlock the domain name prior to the Transfer Request.
--------------

so even if the registrar or their reseller lock you domain and won't allow you to unlock it, the transfer can still go through if you are the administrative contact or named registrant.

Thanks for the clarification Lightweb!

Is there anything wrong with the following email that I just received today ?

Its says that If you DO NOT WANT the transfer to proceed, then don't respond to this message. ???

Then what about the new rule?


Attention: admin@xxx.xxx

Re: Transfer of the following domain names

Domain Name Current Registrar

12333.COM ONLINENIC, INC.


Network Solutions, LLC has received a request from xxxxx on November 12, 2004 7:21:22 PM EST for us to become the new registrar of record. You have received this message because you are listed as the Registered Name Holder or Administrative contact for this domain name in the WHOIS database. Please read the following important information about transferring your domain name:

You must agree to enter into a new Registration Agreement with us. You can review the full terms and conditions of the Agreement at http://goto.networksolutions.com/service-agreement.
Once you have entered into the Agreement, the transfer will take place within five (5) calendar days unless the current registrar of record denies the request.
Once a transfer takes place, you will not be able to transfer to another registrar for 60 days, apart from a transfer back to the original registrar, in cases where both registrars so agree or where a decision in the dispute resolution process so directs.

If you WISH TO PROCEED with the transfer, you must respond to this message. Please go to our secure website https://registrar-transfers.com/?h=173eb1b30e5dff08273e2656d80b9dc86e2 to confirm. If you do not respond by November 27, 2004 9:21:35 PM EST, the domain names listed above will not be transferred to us.

If you DO NOT WANT the transfer to proceed, then don't respond to this message. If you have any questions about this process, please contact Customer Service at registrar@networksolutions.com.


Sincerely,

Network Solutions Customer Support






This e-mail was sent from a notification only address and cannot receive incoming messages.

© Copyright 2004 Network Solutions, LLC. All rights reserved.

First of all, you have serious issues or a whole lot of excess cash laying around if you are transferring TO NetworkSolutions. :confused:

Secondly, this is a postitive confirmation sent by the GAINING registrar, Network Solutions, to confirm that you, the REGISTRANT of the domain, wants the domain to be transferred. You MUST respond to transfer the domain. If you DON"T respond then the transfer will be cancelled.

This email looks pretty normal to me and is exactly how the new rules are supposed to work. ;)

Originally posted by 4solutions
this is a postitive confirmation sent by the GAINING registrar, Network Solutions, to confirm that you, the REGISTRANT of the domain, wants the domain to be transferred. You MUST respond to transfer the domain. If you DON"T respond then the transfer will be cancelled.

This email looks pretty normal to me and is exactly how the new rules are supposed to work. ;)

So is the GAINING registrar required to receive a possitive affirmation under the new rules? That is a good thing if so. That would solve both issues. Would it be possible then for fraudulent registrars to fake a possitive affimation? If not then I am going to have to say this ICANN move may have been a good one after all. IF THIS IS THE CASE, and the GAINING registrar ARE required to receive a possitive affirmation under the new rules!!!!!!!!! Which does seem to be what the policy is saying. :)

Would it be possible then for fraudulent registrars to fake a possitive affimation


we've isolated the problem. People can forge documents (some registrars still accept faxes) to transfer a domain and if they forge it properly, you will never be contacted and the domain could potentially be transferred away without you being notified.

Right so the policy is still bad. People should have to fight with bad registrars to have their domains transfered rather than ICANN making it easier to steal domains in any way.

I'm a little worried by all this talk of domain hijacking... After reading this thread, I've locked all my domains, which makes me feel safer. Thanks people :)

From reading this thread, I understand it would be possible to get domains that are registered by people like netster, etc. I'm just wondering if it's legal to do this? - basically, there is a particular domain that I would like, which is registered by one of these people - can I request it be transferred to me, without getting their legal department breathing down my neck?

Originally posted by LightWeb
From ICANN:

Instances when the requested change of Registrar may not be denied include, but are not limited to:

Domain name in Registrar Lock Status, unless the Registered Name Holder is provided with the reasonable opportunity and ability to unlock the domain name prior to the Transfer Request.
--------------

so even if the registrar or their reseller lock you domain and won't allow you to unlock it, the transfer can still go through if you are the administrative contact or named registrant.

No Lightweb. It meant that the "registered name holder" must
unlock the domain name first before making the transfer request.

Originally posted by LoonyPandora
From reading this thread, I understand it would be possible to get domains that are registered by people like netster, etc. I'm just wondering if it's legal to do this? - basically, there is a particular domain that I would like, which is registered by one of these people - can I request it be transferred to me, without getting their legal department breathing down my neck?

It's legal as long as you comply with all their requirements. They
can then use those to protect themselves, if possible.

On the other hand, theft will always be theft no matter what. But
it has to be proven.

Ok, so, I actually want to transfer my domain, so I can lock and unlock it--as my current registrar has apparently disabled my ability to do so by any means other than contacting them (well, that's just inconvenient for me).

But this e-mail seems to contradict itself. If I don't want the transfer to go through, I should go to this page. But I have to enter information to make sure the transfer proceeds?

I understand this new policy, but I'm not sure the registrars have got their e-mails in order yet.


ENGLISH VERSION

Attention: xxxxxxx@xxxxxxxl.com

Re: Transfer of xxxxxxxxxxx.net

Tucows received notification on Tue Nov 16 12:59:13 2004
that you have requested a transfer to another domain name registrar.

If you want to proceed with this transfer, you do not need to respond to thismessage.

If you wish to cancel the transfer, please contact us before Sun Nov 21 12:59:13 2004 by going to our website,

https://opensrs.net/transfers/index.cgi?away= to confirm.

You will need to enter the following information to complete the transfer:

Domain Name: xxxxxxxxxxxx.net
Transfer Key: xxxxxxxxxxxxxxx

If we do not hear from you by Sun Nov 21 12:59:13 2004, the transfer will proceed.


So do I need to do something or should I not do anything? I'm not doing anything, but I thought this was funny.

Originally posted by davezan
No Lightweb. It meant that the "registered name holder" must
unlock the domain name first before making the transfer request.



It's legal as long as you comply with all their requirements. They
can then use those to protect themselves, if possible.

On the other hand, theft will always be theft no matter what. But
it has to be proven.

Instances when the requested change of Registrar may not be denied include, but are not limited to:

Domain name in Registrar Lock Status, unless the Registered Name Holder is provided with the reasonable opportunity and ability to unlock the domain name prior to the Transfer Request.

I think you missed the part about the Registered Name Holder being given the reasonable opportunity and ability to unlock, otherwise even if the domain is locked and the gaining registrar is given proper evidence that you are the owner, then the transfer can go through. I believe that is the reason for the changes to begin with, domains held hostage.

Originally posted by LightWeb
Instances when the requested change of Registrar may not be denied include, but are not limited to:

Domain name in Registrar Lock Status, unless the Registered Name Holder is provided with the reasonable opportunity and ability to unlock the domain name prior to the Transfer Request.

I think you missed the part about the Registered Name Holder being given the reasonable opportunity and ability to unlock, otherwise even if the domain is locked and the gaining registrar is given proper evidence that you are the owner, then the transfer can go through. I believe that is the reason for the changes to begin with, domains held hostage.

Not at all. I just hoped I simplified it by saying that the registered
name holder has to unlock it first with the registrar they're going
away from before starting the transfer request. Otherwise, if the
transfer has started but the name itself is still locked, it won't go
thru.

I don't know if most if not all registrars, if in the gaining position,
will automatically deny the transfer once their systems detect the
name is locked. Probably not since it's the losing one's burden to
unlock it and eventually let it go, anyway.

One problem, though, is that the owner might not be aware of it
until it's too late and the transfer gets denied. Whether that's
good or bad is up to the owner to decide. *shrugs*

Hmmm... its seems like different . different register’s using different transfer templates? they are not up to date with the new rule?

Originally posted by 123x
Hmmm... its seems like different . different register’s using different transfer templates? they are not up to date with the new rule?

Ideally all registrars must follow the standard authorization forms
for gaining and losing registrars per ICANN's new policy. If there
are any, somebody better notify ICANN about them.

The next question, though, is will ICANN do something about it
afterwards.

see the difference

networksolutions

If you DO NOT WANT the transfer to proceed, then don't respond to this message. If you have any questions about this process, please contact Customer Service at registrar@networksolutions.com.




Tucows
If we do not hear from you by Sun Nov 21 12:59:13 2004, the transfer will proceed.

123x,
Also you have to realize which registrar is gaining and which is losing. The gaining registrar sends a notice about not wanting transfer to proceed and the losing registrar sends out a notice about the domain will transfer unless you say otherwise. That is how the new system works.

Well, it looks like ItsYourDomain.com and their resellers, DomainsNext.com and others, can no longer hold my domain names hostage. I transferred one out today, and got the "Please confirm" link from DirectI, clicked it, and DirectI indicated that the request was authorized.

I'd advise everyone to transfer their domains from the registrars they don't like during this "window" of opportunity. I'm sure ItsYourDomain and the others will find a way to circumvent the new rules eventually.

For now, I'm glad to have control of my property back.

If I don't have access to the email account on the domain I want to transfer I wont be able too?

Andrew

Originally posted by NetHosted-Andrew
If I don't have access to the email account on the domain I want to transfer I wont be able too?

Andrew

It appears that if you have lost access to the email account and the current registrar or their reseller won't allow you access to the domain account to fix it, that you could do the transfer by fax, if you are the registered name holder with proof, like a driver license, business license etc..

Originally posted by LightWeb
It appears that if you have lost access to the email account and the current registrar or their reseller won't allow you access to the domain account to fix it, that you could do the transfer by fax, if you are the registered name holder with proof, like a driver license, business license etc..

You know, I really doubt registrars would really follow that. They'd
most likely tell the customer to restart the request.

If they're that hardworking, then you have an exception. But I
wonder if anyone can report of such a registrar having done that
these past few days...

Just found out that idotz.net charges $2/year per domain for domain locking. That's gotta be a joke.
Looks like I will be transferring domains for a client.

HL

Hooray! Looks like the new policy works!


The transfer out of YOURDOMAIN.TLD has been approved and successfully transferred
to Direct Information Pvt. Ltd., dba DirectI.com. If you have any questions regarding this domain in the future,
you must contact the current Registrar. This domain has been removed from our
control, and will be available within 12 hours or less in the Gaining
Registrar's system.

ItsYourDomain.com
support@iyd.com
http://www.itsyourdomain.com


The long nightmare is over! My domains are now under my control!

helo everyone pls xplain this lamer

i have some doubts regarding this new policy.


Q.assume my account is active, not locked. now someone else sends a transfer request to my registrar. i get an email from my registrar telling me that someone requested for transfer, but i dint reply for 5 days.
now,before transfering the domain, will my registrar check whether the person requesting person and me are the same? or is this the job of the gaining registrar? or is this necessary in the first place?

Q.my friend gives a 100 bucks in cash in exchange for a domain. we both hav accounts at different registrars. should the transfer go like this - he sends a transfer request, i approve it or dont respond to it for 5 days- and the my domain is transfered to him. is this rite?


i read somewhere on the internet that this 5 day policy is for registrar change only, not ownership change. What does this Mean???

does it mean that if some rogue requests for a transfer, and i dont respond to it, one of the registrars(losing or gaining) will try to confirm whether that rogue and me are the same? or will they just carry on with the transfer?
if theyl try to confirm, how will they?

hope ul help me with the answers
thank u

see i have a friend arguing with me on 2 points.
he says that this 5 day thing is not about ownership transfer but only about registrar transfer. is that rite?
his second point is that this 5 day rule applies only for the transfer between the same person frm one registrar to another registrar, he says this 5 day rule doesnt apply if the transfer is between two parties. is he rite?


eagerly waiting to know wats for real

Originally posted by Action123
helo everyone pls xplain this lamer

Hello lamer...I mean, Action123 (just kidding :D )


Originally posted by Action123
i have some doubts regarding this new policy.

Join the club. ;)

Originally posted by Action123

Q.assume my account is active, not locked. now someone else sends a transfer request to my registrar. i get an email from my registrar telling me that someone requested for transfer, but i dint reply for 5 days.
now,before transfering the domain, will my registrar check whether the person requesting person and me are the same? or is this the job of the gaining registrar? or is this necessary in the first place?

The registrar can't and won't check if the person making the
transfer request is the same as the domain name contacts on
record. Anyone can start a transfer request, but they have to fully
complete and comply with all the requirements needed by the
gaining registrar first.

Assuming the requesting party does, the gaining registrar will
notify the Registry of that extension of the transfer. The Registry,
in turn, will notify the current or losing registrar about it.

Originally posted by Action123

Q.my friend gives a 100 bucks in cash in exchange for a domain. we both hav accounts at different registrars. should the transfer go like this - he sends a transfer request, i approve it or dont respond to it for 5 days- and the my domain is transfered to him.


See above. But assuming your friend does start, the gaining party
must gain authorization from you if you're the listed contact of the
domain name, most popularly via email.

If you don't even get the email from the gaining registrar or if you
do but don't reply, the transfer won't push thru. But if you do get
it and confirm it, then wait until your current registrar notifies you
about it in turn.

Originally posted by Action123
i read somewhere on the internet that this 5 day policy is for registrar change only, not ownership change. What does this Mean???

Registrar change refers to transferring the domain name to the
other registrar. Ownership change refers to transferring the
ownership of the domain name to another party within the
registrar its currently with.

Originally posted by Action123

does it mean that if some rogue requests for a transfer, and i dont respond to it, one of the registrars(losing or gaining) will try to confirm whether that rogue and me are the same? or will they just carry on with the transfer?

The gaining registrar has the first burden of getting approval from
the contacts on record. No approval, no transfer.

Originally posted by Action123

if theyl try to confirm, how will they?

Unfortunately one exception to this (and potential problem) is if
the gaining registrar requires authentication and approval from
the domain name's contacts on record via fax only and takes it at
face value without actually notifying the contacts.

If that happens, the current registrar will eventually notify you
about it. If you don't reply within the mandated 5 days, then it
pushes thru.

Originally posted by Action123

hope ul help me with the answers
thank u

You're welcome. :)

Originally posted by Action123

see i have a friend arguing with me on 2 points.
he says that this 5 day thing is not about ownership transfer but only about registrar transfer. is that rite?

Yes and no. Some registrars actually allow an ownership transfer
to take place upon successful registrar transfer, like NetSol.

However, many registrars don't do this because this may create
unwanted data transfer problems. It's best to do any domain
name record change (except registrar transfers) with the current
registrar before transfer or with the new registrar after transfer.

Originally posted by Action123

his second point is that this 5 day rule applies only for the transfer between the same person frm one registrar to another registrar, he says this 5 day rule doesnt apply if the transfer is between two parties. is he rite?

The 5-day rule applies to both the gaining and losing registrar
when doing a registrar transfer. How long it takes to transfer the
ownership of the domain name depends on how soon all the
requirements asked by the registrar are complied with and how
soon the registrar completes the ownership change.

Originally posted by Action123

eagerly waiting to know wats for real

Wait no more. :cool:

Am I the only one that likes this new policy? I have worked in the registrar services industry for quite a while and know as much as the new person that registrars that block your domain from transfering sucks. This new policy still requires you to approve the first portion of the transfer with the gaining registrar via the admin contact, but does not require you to approve it with the CURRENT registrar. This means you can yank a domain from your bad registrar by approving it with a new registrar. I like it.

or... someone else can yank it from you.

Originally posted by kohashi
or... someone else can yank it from you.

Has that happened yet?

I am not sure to be honest. When domains are hijacked it is often not noticed for some time. Only time will tell about this new policy. If removes one safeguard to help consumers, but without that safeguard, one would expect more abuse. That is just a possibility, but I would rather be safe than sorry.

But the whole hijacking thing only works if the hijacker has access to your admin email address for the first approval. This is still required.

Agreed. There's actually one other way to go around that, though
I'd rather not say here publicly lest someone gets funny ideas.

PM me if you wanna know.

http://gnso.icann.org/mailing-lists/archives/ga/msg02020.html

http://it.slashdot.org/article.pl?sid=05/01/16/0027213&from=rss

Domains get hijacked in the new system. George writes quite a detailed response to the problem, worth reading. If you think this new system is keeping you safe, think again.

Kevin, you have a whois.sc account, don't you? Can you check if
panix.com's whois info was changed and the domain unlocked
prior to the hijack?

It appears Melbourne IT's only fault was not sending the auth
email to confirm before notifying the Registry . Or was the reseller
supposed to do this?

I don't have an account there unfortunately (not willing to spend 100$ for that). Bashar might, not sure. I will look into getting the records.

http://news.netcraft.com/archives/2005/01/18/lapse_at_melbourne_it_enabled_panixcom_hijacking.html

A security hole which allowed an unverified transfer to occur. Anyone who had praised the new system I hope this is a wake up call. It is more dangerous for hijacking with less safeguards.

Hi!

How much time is given before (to the user who acutally registered the domain) the domain is registered so he can deny the domain name ?

Thanks!

Originally posted by Tapan
Hi!

How much time is given before (to the user who acutally registered the domain) the domain is registered so he can deny the domain name ?

Thanks!

Can you be more specific? Or cite an example?

Hi!

I mean if you have a doamin and i send a transfer request and you don't respond to email or anything then after how many days the domain will get transfered to me ?

Thanks!

The domain still has to be authorized by the admin email, but only once (the recieving registrar side).

Hi!

But what if he does not ? And keeps on ignoring or what of the email is wrong (not working) ?

Thanks!

Originally posted by Tapan
Hi!

But what if he does not ? And keeps on ignoring or what of the email is wrong (not working) ?

Thanks!

Then the request won't go thru, no matter what. The gaining
registrar has to secure authorization somehow.

Some registrars, such as alldomains, don't require E-mail authorization. Authorization is done by fax.

Originally posted by speedy99
Some registrars, such as alldomains, don't require E-mail authorization. Authorization is done by fax.

And that's one area where the problem occurs. :(

I just found out from circle ID that Bruce Tomkin replied to my post
re: panix.com: its WHOIS info wasn't changed prior to the hijack
and it was unlocked.