Hi everyone,
I am a domain reseller.One of my client registered 1 domain name,and use it build a phishing website.
I am sure it is a phishing website,just copy a large,well-known website and then say "You won the prize!!!" and before you get it,you need send the tax to ....

Now what should I do?

PS:the site is not hosting with me,just the domain.

Thank you for any advice!

You need to ask? :eek:

You need to ask? :eek:

Sorry if you think I am stupid.
I am new in this business.

You close the domain and say that running a phishing site is against the TOS.

You close the domain and say that running a phishing site is against the TOS.

When you say "close",do you mean suspend and let it expire?
Or delete the domain because the domain is new and can be deleted?

Thank you!

I think that's up to you and your TOS.
You can also ask your registrar what they do in these positions.

I say delete the domain, because the user who did this probably isn't interested at all in changing his behavior (hence a warning is useless.)

All you can do is prevent your business from being known as accepting criminal activity on your domains, and thus you need to take action (imo)

I think that's up to you and your TOS.
You can also ask your registrar what they do in these positions.

I say delete the domain, because the user who did this probably isn't interested at all in changing his behavior (hence a warning is useless.)

All you can do is prevent your business from being known as accepting criminal activity on your domains, and thus you need to take action (imo)

Thank you very much for your help!

No. You first of all lock the domain so that it cannot be transferred and then you suspend it. If you don't lock it first the owner will simply move it somewhere else and carry on. For the take down to be effective you need to prevent that.

Be sure to retain copies of all evidence and notifications. They should be emailed automatically once they are suspended. Don't enter into any further correspondence with them until you are certain you know what to say in response should they contact you after getting the suspension email.

Best wishes. ;)

No. You first of all lock the domain so that it cannot be transferred and then you suspend it. If you don't lock it first the owner will simply move it somewhere else and carry on. For the take down to be effective you need to prevent that.

Be sure to retain copies of all evidence and notifications. They should be emailed automatically once they are suspended. Don't enter into any further correspondence with them until you are certain you know what to say in response should they contact you after getting the suspension email.

Best wishes. ;)

Thank you!

Yeah that may be all good in theory, but the sad truth is domains are really cheap and he will just get a new one elsewhere anyway.
But I guess for public image it's best to prevent the specific domain to be used immediately.

Yeah that may be all good in theory, but the sad truth is domains are really cheap and he will just get a new one elsewhere anyway.
But I guess for public image it's best to prevent the specific domain to be used immediately.

Year,I think so.They can just get a similar doamin and start again.
I have suspended his domain and it should stop working very soon.
Thank you.

You suspend the domain, make sure to keep record of the actual infraction. send them a notice. You do not have to renew the domain since it was used for illegal activities. I update the dns to non working domain servers.

Don't forget to prevent future registrations from that IP-adress if possible!

Thank you for all your help!
I have suspended the domain and it's not working now.
I send the client an email and he replid,"why other domain at godaddy is fine?I can not trust you anymore..."
Lol,hope he leave and never back!

Good luck with that they are usually using multiple ip ranges. I send them all through maxmind regardless.

Seems like this guy is pretty fresh, since he even bothered to respond to the suspension email.. and just because Godaddy hasn't suspended his other domain, doesn't mean they won't do it if they receive complaints!

Good job likerise!

Hi everyone,
I am a domain reseller.One of my client registered 1 domain name,and use it build a phishing website.
I am sure it is a phishing website,just copy a large,well-known website and then say "You won the prize!!!" and before you get it,you need send the tax to ....

Now what should I do?

PS:the site is not hosting with me,just the domain.

Thank you for any advice!
Kudos to you, likrise for doing the right thing. :agree:

Good job likerise!


Thank you!

Kudos to you, likrise for doing the right thing. :agree:
Thank you!

You need to ask? :eek:
I do NOT think it's THAT simple or straighforward.

No. You first of all lock the domain so that it cannot be transferred and then you suspend it. If you don't lock it first the owner will simply move it somewhere else and carry on. For the take down to be effective you need to prevent that.

I guess this is exactly what differentiates a good registrar and someone who thinks he can save the world. As a registrar (or a reseller of a registrar), the most (mind you, NOT the least) you should do is to make sure that illegal activities (such as phishing) are not involved in any of your business. Whether they are effectively taken down is NONE OF YOUR BUSINESS. It's business after all, not DC comics.

If you ask me, I wouldn't take ANY action until at least a formal complaint is received, if not a court order.

What should I do if my client builds a phishing website?

If it is in your TOS or AUP as a violation. Shut it down

Otherwise you have to wait for a complaint.

-Chris

If it is in your TOS or AUP as a violation. Shut it down

Otherwise you have to wait for a complaint.

-Chris

Yes,it violate both my TOS and AUP.

If you ask me, I wouldn't take ANY action until at least a formal complaint is received, if not a court order.

But what's the point of that?
Do you mean to say he should wait to suspend the domain even if he knows it is actively used for phishing?

But what's the point of that?
Do you mean to say he should wait to suspend the domain even if he knows it is actively used for phishing?
I guess the bottom line is, WHO is eligible to judge? Definitely not you and me.

Perhaps we are overly used to summary judgment after 9/11 that we forget how important "innocent until proven guilty" is. Registrars (or resellers like many here) are in the business of domain registration (or web hosting), and NOT on a crusade to curb phishing or spamming. When Batman starts taking the law into his own hand, LAW itself FAILS.

By the way, since when did registars or resellers start *monitoring* their clients' (registrants') CONTENT?

@ nameslave Both of your contributions so far are extremely naive and irresponsible. I doubt anything that human beings value is safe as long as people with your selfish, pragmatic and greedy attitude remain in business.

As with any common householders deciding who is allowed in their homes and what standards of behaviour are acceptable, Domain Registrars and web hosts have every right to decide who enters their service grid and what activities are conducted whilst in it.

Is it possible to build a highly successful business on an ethical model? Of course it is!

The op, likerise, has acted in an exemplary manner worthy of respect.

Long may the doors that human beings walk through be closed to those who would destroy them or attempt to steal from them.

As with any common householders deciding who is allowed in their homes and what standards of behaviour are acceptable, Domain Registrars and web hosts have every right to decide who enters their service grid and what activities are conducted whilst in it.

Is it possible to build a highly successful business on an ethical model? Of course it is!

The op, likerise, has acted in an exemplary manner worthy of respect.
I never said the OP did anything wrong. Like I said, it's okay (mind the italics) to suspend or even terminate a client who engages in suspicious activities which are contrary to most terms of service.

I am criticizing the TOTALLY UNPROFESSIONAL suggestion to "effectively taking down" the *suspected* phishing operation BY ILLEGALLY LOCKING the domain IN AN ATTEMPT to prevent transfer.

Ethical? Respect? Give me a break. This is not Guantanamo; we don't shoot first and investigate later.

I guess the bottom line is, WHO is eligible to judge? Definitely not you and me.

Perhaps we are overly used to summary judgment after 9/11 that we forget how important "innocent until proven guilty" is. Registrars (or resellers like many here) are in the business of domain registration (or web hosting), and NOT on a crusade to curb phishing or spamming. When Batman starts taking the law into his own hand, LAW itself FAILS.

By the way, since when did registars or resellers start *monitoring* their clients' (registrants') CONTENT?

I don't know what country you are from, but in the UK, if you host a clients website, and you notice it is hosting something that is illegal (phishing, racial/religious hate etc.,), and you choose to do nothing until you receive a complaint/court order, then you, as the webhost can be held legally liable (ie in the case of a phishing website, you could face criminal charges), because you knew the offending material was there, yet you did nothing about it.

The same thing would apply (in my opinion), to domain registrars. I know nominet, enom, have closed domains once they noticed, or where notified of domains being used as phishing sites etc.,

As a point of reference so that we are all singing from the same hymn sheet, let's all make sure that we understand the various terms and tools involved. I suggest we use: http://www.domaintools.com/domain-help/status-codes.php

@nameslave I get the impression you could cheerfully argue all day here to no real consequence so forgive me if I don't rise to the bait. ;) Haven't you got a web site to finish anyway? :stickout:

This is not Guantanamo; we don't shoot first and investigate later.

Before I take action,I confirmed this is a phishing website.He just copied a large,well-known website to start phishing,so I send an email,and then they confirmed all the actity are not authorized(including use their name and brand),the website is fake.

I understand your concern,no matter what I did,I make sure I didn't abuse my power,the power that I can suspend the domain.


By the way, since when did registars or resellers start *monitoring* their clients' (registrants') CONTENT?
I think since the first day,I need know what my client is doing,so I can know who is violate my TOS and/or AUP.That the least I can do.It's my social responsibility.
I don't think checking their website will violate any privacy protection rules.

I don't know what country you are from, but in the UK, if you host a clients website, and you notice it is hosting something that is illegal (phishing, racial/religious hate etc.,), and you choose to do nothing until you receive a complaint/court order, then you, as the webhost can be held legally liable (ie in the case of a phishing website, you could face criminal charges), because you knew the offending material was there, yet you did nothing about it.

The same thing would apply (in my opinion), to domain registrars. I know nominet, enom, have closed domains once they noticed, or where notified of domains being used as phishing sites etc.,
The question again is, how do you know? And web hosting and domain registration are two very different things. Registrars are NOT supposed to monitor website CONTENT AT ALL. Without at least a formal complaint, how on earth can a registrar tell a certain domain is used for phishing?

On the contrary, without EVIDENCE (of fraud, for example), locking a domain and preventing it from transferring away is at odds with ICANN's terms. Of course, evidence and law are not exactly in the jurisdiction of cowboy mentality.

Before I take action,I confirmed this is a phishing website.He just copied a large,well-known website to start phishing,so I send an email,and then they confirmed all the actity are not authorized(including use their name and brand),the website is fake.

I understand your concern,no matter what I did,I make sure I didn't abuse my power,the power that I can suspend the domain.

I think since the first day,I need know what my client is doing,so I can know who is violate my TOS and/or AUP.That the least I can do.It's my social responsibility.
I don't think checking their website will violate any privacy protection rules.
Like I said, I have no objection to your suspending the domain. However, I would definitely leave the detective work to responsible parties (like the police).

You posted this thread to ask, probably because you have doubts. I just hope you have found your answer.

The question again is, how do you know? And web hosting and domain registration are two very different things. Registrars are NOT supposed to monitor website CONTENT AT ALL. Without at least a formal complaint, how on earth can a registrar tell a certain domain is used for phishing?

On the contrary, without EVIDENCE (of fraud, for example), locking a domain and preventing it from transferring away is at odds with ICANN's terms. Of course, evidence and law are not exactly in the jurisdiction of cowboy mentality.Where are you getting all of these rules from? Post the sources here please.

Like I said, I have no objection to your suspending the domain. However, I would definitely leave the detective work to responsible parties (like the police).

You posted this thread to ask, probably because you have doubts. I just hope you have found your answer.

I just wants to let you know I did enough work before I take action.
And I am happy to hear two sides voices.
I learned a lot in this post.Thank you again for all you time reply my post and let me know your opinion.

nameslave, now I understand what you mean.
I agree that it shouldn't be registrars who check the content of their domains, but rather the police or some other authority.
I presume likerise is a smaller reseller and probably entered the website for curiosity reasons, but for bigger registrars/resellers it's easier to get away with abuse because someone has to report it first.

Also, the police doesn't have enough resources to check into every phishing site.
If someone fell victim to this and they send a report to the registrar, I think the registrar should be entitled to make their own investigation and suspend the domain, rather than calling the police. (Although they should hand over any information they have to the proper authorities) but the act of actually shutting down the domain is ultimately on their end.

I can understand the principle of registrars not getting involved, but this may also lead to an increase in phishing victims (and other fraud), when registrars could in theory be more pro-active if the evidence is clear..

nameslave, now I understand what you mean.
I agree that it shouldn't be registrars who check the content of their domains, but rather the police or some other authority.
I presume likerise is a smaller reseller and probably entered the website for curiosity reasons, but for bigger registrars/resellers it's easier to get away with abuse because someone has to report it first.

Also, the police doesn't have enough resources to check into every phishing site.
If someone fell victim to this and they send a report to the registrar, I think the registrar should be entitled to make their own investigation and suspend the domain, rather than calling the police. (Although they should hand over any information they have to the proper authorities) but the act of actually shutting down the domain is ultimately on their end.

I can understand the principle of registrars not getting involved, but this may also lead to an increase in phishing victims (and other fraud), when registrars could in theory be more pro-active if the evidence is clear..

Well put. The only issue as to whether Registrars should pro-actively get involved in these matters is actually just whether they have the will, initiative, human decency, common sense and resources to do so. There is a place for pragmatism but it is a much abused philosophy mostly misused and hi-jacked by those with vested interests wishing to circumvent personal and social responsibility.

EDIT
Still waiting for nameslave to post the ICANN regulations he cites as applicable.

Registrars are NOT supposed to monitor website CONTENT AT ALL.
Who says so? Or is that just your opinion?

Also, the police doesn't have enough resources to check into every phishing site.
If someone fell victim to this and they send a report to the registrar, I think the registrar should be entitled to make their own investigation and suspend the domain, rather than calling the police. (Although they should hand over any information they have to the proper authorities) but the act of actually shutting down the domain is ultimately on their end.

I can understand the principle of registrars not getting involved, but this may also lead to an increase in phishing victims (and other fraud), when registrars could in theory be more pro-active if the evidence is clear..
I agree that law enforcement agencies in many jurisdictions are not quite up to the standard when it comes to the Internet. However, I am more concerned with unelected "officials" (of registrars or even their resellers) are taking matters into their own hands in the name of protecting the people.

By the way, it's amazing that some people would think it's okay for registrars to monitor website content. Next, we'll be explaining our spoilers to parking lot cashiers.

You close the domain and say that running a phishing site is against the TOS.

/agree


People that build phishing websites really get on my nerves.

FIRST - CYA - Make sure you have a Bullet Proof TOS to prevent the slightest potential of him fighting back.

THEN - Terminate the Domain Service.

@nameslave As an "Alleged Cybersquatter", were that ever proven, let alone confessed, I can well understand your one-man campaign to manipulate this community by citing ICANN rules that don't exist in support of your interests, seemingly geared towards the circumvention of the rights of others in order to exploit their vulnerabilities.On the contrary, without EVIDENCE (of fraud, for example), locking a domain and preventing it from transferring away is at odds with ICANN's terms. Of course, evidence and law are not exactly in the jurisdiction of cowboy mentality.Yeeeeehaw! We're still waiting for these regs to appear.I am criticizing the TOTALLY UNPROFESSIONAL suggestion to "effectively taking down" the *suspected* phishing operation BY ILLEGALLY LOCKING the domain IN AN ATTEMPT to prevent transfer. Which Law are you referring to? Where's the evidence to back up your outrageous claims?However, I am more concerned with unelected "officials" (of registrars or even their resellers) are taking matters into their own hands in the name of protecting the people.I'm sure you are. How inconvenient that good people fight back when scumbags attempt to scam them or attack and even steal their property.By the way, it's amazing that some people would think it's okay for registrars to monitor website content. Next, we'll be explaining our spoilers to parking lot cashiers.All website content is publicly accessible to anybody who cares to read/monitor it unless protected, as is the source code. I'm even more surprised that, as an "Alleged CyberSquatter" yourself, you don't understand that the intended victims of criminal scumbags have have at least some degree of protection from amongst decent and right minded citizens.

FIRST - CYA - Make sure you have a Bullet Proof TOS to prevent the slightest potential of him fighting back.

THEN - Terminate the Domain Service.
I'd add that as resellers, we have all signed to abide by registrars' accreditation agreement with ICANN. So make sure your action does not contradict that, or your own reseller status may be at risk too.

As for those who are not familiar with ICANN policy on transfer, perhaps it's time to check out the newbie section instead of handing out "advice" here.

I agree that law enforcement agencies in many jurisdictions are not quite up to the standard when it comes to the Internet. However, I am more concerned with unelected "officials" (of registrars or even their resellers) are taking matters into their own hands in the name of protecting the people.

By the way, it's amazing that some people would think it's okay for registrars to monitor website content. Next, we'll be explaining our spoilers to parking lot cashiers.

Well, it's better to report phishing at the hosting level anyway, and yeah submit the site to the usual sites.
I guess this is the issue with registrars like godaddy that control the content on their domains.. I can't think of exactly why they can't, but I can appreciate the principle that registrars are not accountable, but rather the hosting.

Why is it so important that registrars do not do much? Is it because domains are so valuable?
Honest question.

Is it because domains are so valuable?
Honest question.Well, I don't see any Civil Rights groups complaining about Registrars pro-actively monitoring their domain liveries for illegal activities and subsequently taking appropriate action.

The only complaints about this increasing trend I have ever seen are the occasional bleatings from those with vested interests in continuing with their own cybercrimes without interference. In that sense, such domains are 'valuable' financially speaking, but have no value in any other sense, least of all socially. Indeed, they are a complete menace.

As we have already been advised, otherwise, non-heroic, self-appointed expert on domains, it is extremely important that ICANN (http://www.icann.org/) rules are strictly followed by Registrars and Resellers alike.

Well, it's better to report phishing at the hosting level anyway, and yeah submit the site to the usual sites.
I guess this is the issue with registrars like godaddy that control the content on their domains.. I can't think of exactly why they can't, but I can appreciate the principle that registrars are not accountable, but rather the hosting.

Why is it so important that registrars do not do much? Is it because domains are so valuable?
Honest question.
Yes, GoDaddy is a very good example. First of all, it's none of their business to meddle with website content when all they're supposed to do as a registrar is KEEPING RECORDS (of domain registration). But more importantly, they are picking up jurisdiction that is not properly authorized. Who on earth renders them the power to judge if a domain is actually used for phishing? Remember? They are not even hosting the files. It's like when we have a few self-appointed citizens acting not only as detectives but also judges and executioners.

And if you ask me, every domain name is valuable to its registrant. But let's not drift away too far. I am criticizing the reckless suggestion to LOCK a domain suspected of phishing IN ORDER TO block its transfer away. This is basically placing the OP in harm's way, and a good reminder that we have to filter out babble when seeking advice on a public forum.

It's everybody's business to "meddle" with criminal web site content as citizens by doing everything legally possible to bring such sites down permanently and, if there is subsequent financial loss so much the better. With less money they can do less damage. Why should these abusers be able to hide behind a mask of bureaucracy and threats of retaliatory litigation if, indeed, that is the only "harm" that nameslave has in mind?

Based on the responsible actions the OP has taken so far he is not to any extent in "harms way" and this threat, veiled or otherwise, is mere intimidation.

Between all the lines of sophistry and rhetoric, nameslave's motives are completely transparent and nothing more than a shallow public relations/propaganda campaign designed to rally support for his own continued interests in making money by unconscionably exploiting the vulnerabilities of other decent people whilst all the time masquerading as some heroic defender of civil liberties.

Uncivilised cybercriminals may not actually represent civil liberties under any kind of close scrutiny but they sure know how to take liberties! ;)

I have spent some time studying the applicable ICANN regulations over the last 24 hours or so and the OP has absolutely nothing to worry about.

In this particular instance, as the OP has already assured us and clarified several times, he had no doubts whatsoever and concrete evidence to support his responsible actions. It is just not in any way true, as nameslave continues to misleadingly assert, that this evidence did not exist in real form before such action was taken.

nameslave has been asked several times to produce the ICANN regulations that support his deceptive claims regarding the advice to lock the domain, thus preventing transfer pending resolution procedures, but has so far not produced anything whatsoever. I rest my case. :)

close it down right away, if you do not want to get in trouble with the law!

I have spent some time studying the applicable ICANN regulations over the last 24 hours or so
Good to know that.

I have spent some time on ICANN documentation over the last 8 (EIGHT) YEARS or so.

Talking about amateurs ... :rolleyes:

nameslave has been asked several times to produce the ICANN regulations that support his deceptive claims regarding the advice to lock the domain, thus preventing transfer pending resolution procedures, but has so far not produced anything whatsoever.
I don't babysit rude newbies.

This seminal document makes some very interesting regarding Phishing: Global Phishing Survey 1H 2008 (http://www.apwg.org/reports/APWG_GlobalPhishingSurvey1H2008.pdf) I'm just looking for the information advising domain locking and will post that here as soon as I've located it.

@nameslave If you can't be arsed to provide the regs you claim exist in support of your arguments for my benefit, not needed anyway, then at least have the good sense to do so for the benefit of supporting your own arguments to others in this community. Your continued inability to do so speaks volumes.

I'm glad it only took me 24 hours to grasp the essence of what you have evidently failed to understand in over 8 years of self-delusion. I doubt this community is fooled for a single second. ;)

This seminal document makes some very interesting regarding Phishing: Global Phishing Survey 1H 2008 (http://www.apwg.org/reports/APWG_GlobalPhishingSurvey1H2008.pdf) I'm just looking for the information advising domain locking and will post that here as soon as I've located it.

Thank you.

Here's the Google link I used. The full document has to be purchased.
Network Security : Prevention strategies for the next wave of ...
- 13 Jul
The time taken between discovery and takedown may vary from about six ... Like phishing attacks, an attacker sets up a capture site to collect identity information. .... Ensure that their DNS domain names are 'locked' by their registrar to ... short-term tactical steps for immediate action against further attacks, ...
linkinghub.elsevier.com/retrieve/pii/S1353485805702919 - Similar -
by P Hallam-Baker - 2005 - Cited by 1 - Related articlesUse this link to access the Google listing: http://www.google.co.uk/search?q=registrar+action+on+discovery+of+phishing+site&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a 5th listing down from the top.

Here's a useful link to report Phishing in the US
(http://www.us-cert.gov/nav/report_phishing.html)

This is what Nominet recently advise: http://www.nominet.org.uk/registrars/antiabuse/

As you will see, their advice actively recommends locking the domain and they even supply a Phishing Lock to Registrars. :D
Situations in which you should consider using the phishing lock:

* You receive notification from the police that the domain name is being used for phishing
* You become aware of facts that indicate credibly that the domain name is being used for phishing
* You receive an allegation with credible supporting information and evidence that the domain name is being used for phishing
* You receive multiple allegations from separate parties that the domain name is being used for phishing

Situations in which you should not use the lock:

* The registrant has not paid monies owed to you
* The registrant is suspected or accused of civil wrongs, e.g. a breach of contract or IP infringement (although you may wish to take other action if you are hosting the relevant content)
* The registrant has been accused of criminal activity by one person who does not supply supporting information or evidence of the criminality
* The alleged criminal activity has nothing to do with the registrant’s domain name
What does the lock achieve?Phishing lock
If you suspect a domain name is being used for phishing you may use our phishing lock from 6 May 2009. The phishing lock can be applied to individual domain names or whole accounts containing any number of domain names. The lock will:

* Remove the domain name from the zone file. This means that the domain name will not resolve to a web page and email directed to it will not be delivered.
* Lock all information relating to the domain name. This prevents registrant transfers, registrar changes, nameserver modifications and domain name cancellation.
* Set the domain name's status on the WHOIS to "suspended".
* If applied to an account, lock all domain names on the account. If applied to a single domain name only, that domain name will be locked. Other domain names in the same account will be unaffected.
* Not make any changes in respect of invoicing. If the domain name is not yet invoiced it will be invoiced as normal.

@nameslave It has been a pleasure to educate you. Two words spring to mind open to whatever interpretation you choose. 'Stone' is one. I wonder what the other is? Clue: Rhymes with ball. ;)

Sorry for the consecutive posts but I am supplying vital information in the best interests of the integrity of this thread to prevent further misleading hijacking for illicit and nefarious purposes.

As per:

Policy on Transfer of Registrations between Registrars

Revision Adopted 7 November 2008
Effective 15 March 2009

LINK: http://www.icann.org/en/transfers/policy-en.htm

The full text:A. Holder-Authorized Transfers

1. Registrar Requirements

Registered Name Holders must be able to transfer their domain name registrations between Registrars provided that the Gaining Registrar's transfer process meets the minimum standards of this policy and that such transfer is not prohibited by ICANN or Registry policies. Inter-Registrar domain name transfer processes must be clear and concise in order to avoid confusion. Further, Registrars should make reasonable efforts to inform Registered Name Holders of, and provide access to, the published documentation of the specific transfer process employed by the Registrars.

1.1 Transfer Authorities

The Administrative Contact and the Registered Name Holder, as listed in the Losing Registrar's or applicable Registry's (where available) publicly accessible WHOIS service are the only parties that have the authority to approve or deny a transfer request to the Gaining Registrar. In the event of a dispute, the Registered Name Holder's authority supersedes that of the Administrative Contact.

Registrars may use Whois data from either the Registrar of Record or the relevant Registry for the purpose of verifying the authenticity of a transfer request; or from another data source as determined by a consensus policy.

2. Gaining Registrar Requirements

For each instance where a Registered Name Holder requests to transfer a domain name registration to a different Registrar, the Gaining Registrar shall:

2.1 Obtain express authorization from either the Registered Name Holder or the Administrative Contact (hereafter, "Transfer Contact"). Hence, a transfer may only proceed if confirmation of the transfer is received by the Gaining Registrar from the Transfer Contact.

2.1.1 The authorization must be made via a valid Standardized Form of Authorization (FOA). There are two different FOA's available at the ICANN website. The FOA labeled "Initial Authorization for Registrar Transfer" must be used by the Gaining Registrar to request an authorization for a registrar transfer from the Transfer Contact. The FOA labeled "Confirmation of Registrar Transfer Request" may be used by the Registrar of Record to request confirmation of the transfer from the Transfer Contact.

The FOA shall be communicated in English, and any dispute arising out of a transfer request shall be conducted in the English language. Registrars may choose to communicate with the Transfer Contact in additional languages. However, Registrars choosing to exercise such option are responsible for the accuracy and completeness of the translation into such additional non-English version of the FOA.

2.1.2 In the event that the Gaining Registrar relies on a physical process to obtain this authorization, a paper copy of the FOA will suffice insofar as it has been signed by the Transfer Contact and further that it is accompanied by a physical copy of the Registrar of Record's Whois output for the domain name in question.

2.1.2.1 If the Gaining Registrar relies on a physical authorization process, then the Gaining Registrar assumes the burden of obtaining reliable evidence of the identity of the Transfer Contact and maintaining appropriate records proving that such evidence was obtained. Further the Gaining Registrar also assumes the burden for ensuring that the entity making the request is indeed authorized to do so. The acceptable forms of physical identity are:

* Notarized statement
* Valid Drivers license
* Passport
* Article of Incorporation
* Military ID
* State/Government issued ID
* Birth Certificate

2.1.3 In the event that the Gaining Registrar relies on an electronic process to obtain this authorization the acceptable forms of identity would include:

* Electronic signature in conformance with national legislation, in the location of the Gaining Registrar (if such legislation exists).
* Consent from an individual or entity that has an email address matching the Transfer Contact email address.

The Registrar of Record may not deny a transfer request solely because it believes that the Gaining Registrar has not received the confirmation set forth above.

A transfer must not be allowed to proceed if no confirmation is received by the Gaining Registrar. The presumption in all cases will be that the Gaining Registrar has received and authenticated the transfer request made by a Transfer Contact.

2.2 Request, by the transmission of a "transfer" command as specified in the Registrar Tool Kit, that the Registry Operator database be changed to reflect the new Registrar.

2.2.1 Transmission of a "transfer" command constitutes a representation on the part of the Gaining Registrar that the requisite authorization has been obtained from the Transfer Contact listed in the authoritative Whois database.

2.2.2 The Gaining Registrar is responsible for validating the Registered Name Holder requests to transfer domain names between Registrars. However, this does not preclude the Registrar of Record from exercising its option to independently confirm the Registered Name Holder's intent to transfer its domain name to the Gaining Registrar in accordance with Section 3 of this policy.

3. Obligations of the Registrar of Record

A Registrar of Record can choose independently to confirm the intent of the Registered Name Holder when a notice of a pending transfer is received from the Registry. The Registrar of Record must do so in a manner consistent with the standards set forth in this agreement pertaining to Gaining Registrars. In order to ensure that the form of the request employed by the Registrar of Record is substantially administrative and informative in nature and clearly provided to the Transfer Contact for the purpose of verifying the intent of the Transfer Contact, the Registrar of Record must use the FOA.

The FOA shall be communicated in English, and any dispute arising out of a transfer request, shall be conducted in the English language. Registrars may choose to communicate with the Transfer Contact in additional languages. However, the Registrar choosing to exercise such option is responsible for the accuracy and completeness of the translation into such additional non-English version of the FOA. Further, such non-English communications must follow the processes and procedures set forth in this policy. This includes but is not limited to the requirement that no Registrar shall add any additional information to the FOA used to obtain the consent of the Transfer Contact in the case of a transfer request.

This requirement does not preclude the Registrar of Record from marketing to its existing customers through separate communications.

The FOA should be sent by the Registrar of Record to the Transfer Contact as soon as operationally possible, but must be sent not later than twenty-four (24) hours after receiving the transfer request from the Registry Operator.

Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default "approval" of the transfer.

In the event that a Transfer Contact listed in the Whois has not confirmed their request to transfer with the Registrar of Record and the Registrar of Record has not explicitly denied the transfer request, the default action will be that the Registrar of Record must allow the transfer to proceed.

Upon denying a transfer request for any of the following reasons, the Registrar of Record must provide the Registered Name Holder and the potential Gaining Registrar with the reason for denial. The Registrar of Record may deny a transfer request only in the following specific instances:

1. Evidence of fraud
2. UDRP action
3. Court order by a court of competent jurisdiction
4. Reasonable dispute over the identity of the Registered Name Holder or Administrative Contact
5. No payment for previous registration period (including credit card charge-backs) if the domain name is past its expiration date or for previous or current registration periods if the domain name has not yet expired. In all such cases, however, the domain name must be put into "Registrar Hold" status by the Registrar of Record prior to the denial of transfer.
6. Express written objection to the transfer from the Transfer Contact. (e.g. - email, fax, paper document or other processes by which the Transfer Contact has expressly and voluntarily objected through opt-in means)
7. A domain name was already in “lock status” provided that the Registrar provides a readily accessible and reasonable means for the Registered Name Holder to remove the lock status.
8. The transfer was requested within 60 days of the creation date as shown in the registry Whois record for the domain name.
9. A domain name is within 60 days (or a lesser period to be determined) after being transferred (apart from being transferred back to the original Registrar in cases where both Registrars so agree and/or where a decision in the dispute resolution process so directs). "Transferred" shall only mean that an inter-registrar transfer has occurred in accordance with the procedures of this policy.

Instances when the requested change of Registrar may not be denied include, but are not limited to:

* Nonpayment for a pending or future registration period
* No response from the Registered Name Holder or Administrative Contact.
* Domain name in Registrar Lock Status, unless the Registered Name Holder is provided with the reasonable opportunity and ability to unlock the domain name prior to the Transfer Request.
* Domain name registration period time constraints, other than during the first 60 days of initial registration or during the first 60 days after a registrar transfer.
* General payment defaults between Registrar and business partners / affiliates in cases where the Registered Name Holder for the domain in question has paid for the registration.

The Registrar of Record has other mechanisms available to collect payment from the Registered Name Holder that are independent from the Transfer process. Hence, in the event of a dispute over payment, the Registrar of Record must not employ transfer processes as a mechanism to secure payment for services from a Registered Name Holder. Exceptions to this requirement are as follows:

(i) In the case of non-payment for previous registration period(s) if the transfer is requested after the expiration date, or

(ii) In the case of non-payment of the current registration period, if transfer is requested before the expiration date.

4. Registrar Coordination

Each Registrar is responsible for keeping copies of documentation, including the FOA and the Transfer Contacts response thereto, that may be required for filing and supporting a dispute under the dispute resolution policy. Gaining Registrars must maintain copies of the FOA as received from the Transfer Contact as per the standard document retention policies of the contracts. Copies of the reliable evidence of identity must be kept with the FOA.

Both the Gaining Registrar and the Registrar of Record must provide the evidence relied on for the transfer during and after the applicable inter-registrar domain name transaction(s). Such information must be provided when requested by, and only by, the other Registrar that is party to the transfer transaction. Additionally, ICANN, the Registry Operator, a court or authority with jurisdiction over the matter or a third party dispute resolution panel may also require such information within five (5) days of the request.

The Gaining Registrar must retain, and produce pursuant to a request by a Losing Registrar, a written or electronic copy of the FOA. In instances where the Registrar of Record has requested copies of the FOA, the Gaining Registrar must fulfill the Registrar of Records request (including providing the attendant supporting documentation) within five (5) calendar days. Failure to provide this documentation within the time period specified is grounds for reversal by the Registry Operator or the Dispute Resolution Panel in the event that a transfer complaint is filed in accordance with the requirements of this policy.

If either a Registrar of Record or a Gaining Registrar does not believe that a transfer request was handled in accordance with the provisions of this policy, then the Registrar may initiate a dispute resolution procedure as set forth in Section C of this policy.

For purposes of facilitating transfer requests, Registrars should provide and maintain a unique and private email address for use only by other Registrars and the Registry:

i. This email address is for issue related to transfer requests and the procedures set forth in this policy only.

ii. The email address should be managed to ensure messages are received by someone who can respond to the transfer issue.

iii. Messages received at such email address must be responded to within a commercial reasonable timeframe not to exceed seven (7) calendar days.

5. EPP - based Registry Requirements for Registrars

In EPP-based gTLD Registries, Registrars must follow the requirements set forth below.

Registrars must provide the Registered Name Holder with the unique "AuthInfo" code within five (5) calendar days of the Registered Name Holder's initial request if the Registrar does not provide facilities for the Registered Name Holder to generate and manage their own unique "AuthInfo" code.

Registrars may not employ any mechanism for complying with a Registered Name Holder's request to obtain the applicable "AuthInfo Code" that is more restrictive than the mechanisms used for changing any aspect of the Registered Name Holder's contact or name server information.

The Registrar of Record must not refuse to release an "AuthInfo Code" to the Registered Name Holder solely because there is a dispute between the Registered Name Holder and the Registrar over payment.

Registrar-generated "AuthInfo" codes must be unique on a per-domain basis.

The "Auth-Info" codes must be used solely to identify a Registered Name Holder, whereas the FOA's still need to be used for authorization or confirmation of a transfer request, as described in Section 2 and Section 4 of this policy.

6. Registry Requirements

Upon receipt of the "transfer" command from the Gaining Registrar, Registry Operator will transmit an electronic notification to both Registrars. In the case of those Registries that use electronic mail notifications, the response notification may be sent to the unique email address established by each Registrar for the purpose of facilitating transfers.

The Registry Operator shall complete the requested transfer unless, within five (5) calendar days, Registry Operator receives a NACK protocol command from the Registrar of Record.

When the Registry's database has been updated to reflect the change to the Gaining Registrar, Registry Operator will transmit an electronic notification to both Registrars. The notification may be sent to the unique email address established by each Registrar for the purpose of facilitating transfers or such other email address agreed to by the parties.

The Registry Operator shall undo a transfer if, after a transfer has occurred, the Registry Operator receives one of the notices as set forth below. In such case, the transfer will be reversed and the domain name reset to its original state. The Registry Operator must undo the transfer within five (5) calendar days of receipt of the notice except in the case of a Registry dispute decision, in which case the Registry Operator must undo the transfer within fourteen calendar days unless a court action is filed. The notice required shall be one of the following:

i. Agreement of the Registrar of Record and the Gaining Registrar sent by email, letter or fax that the transfer was made by mistake or was otherwise not in accordance with the procedures set forth in this policy;

ii. The final determination of a dispute resolution body having jurisdiction over the transfer; or

iii. Order of a court having jurisdiction over the transfer.

7. Records of Registration

Each Registrar shall require its customer, the Registered Name Holder, to maintain its own records appropriate to document and prove the initial domain name registration date.

8. Effect on Term of Registration

The completion by Registry Operator of a holder-authorized transfer under this Part A shall result in a one-year extension of the existing registration, provided that in no event shall the total unexpired term of a registration exceed ten (10) years.

B. ICANN-Approved Transfers

Transfer of the sponsorship of all the registrations sponsored by one Registrar as the result of (i) acquisition of that Registrar or its assets by another Registrar, or (ii) lack of accreditation of that Registrar or lack of its authorization with the Registry Operator, may be made according to the following procedure:

(a) The gaining Registrar must be accredited by ICANN for the Registry TLD and must have in effect a Registry-Registrar Agreement with Registry Operator for the Registry TLD.

(b) ICANN must certify in writing to Registry Operator that the transfer would promote the community interest, such as the interest in stability that may be threatened by the actual or imminent business failure of a Registrar.

Upon satisfaction of these two conditions, Registry Operator will make the necessary one-time changes in the Registry database for no charge, for transfers involving 50,000 name registrations or fewer. If the transfer involves registrations of more than 50,000 names, Registry Operator will charge the gaining Registrar a one-time flat fee of US$ 50,000.

C. Transfer Dispute Resolution Policy

Procedures for handling disputes concerning inter-registrar transfers are set forth in the Transfer Dispute Resolution Policy. Procedures in this policy must be followed by the applicable Registry Operators and ICANN accredited Registrars.I trust the precise situation is now abundantly clear.

@The OP: You did the right thing and need have no fear. But still all good! ;)
@Nameslave: These regs were first adopted by ICANN way back to 12th July 2004. So what do you mean by all of your misleading assertions above insisting you have been expertly involved in domains for the last 8 years? I think not, Sir. Good day to you!

http://www.icann.org/en/transfers/policy-en.htm
Okay, after all the fanfare, the right document has finally been found.

As a starter, every reseller should be well-versed with ICANN policies because your action is governed by them.

More importantly, those who care to read or have no problem with reading comprehension should know by now that there are VERY STRICT protocols for blocking transfer. As a reseller, you are basically NOT eligible to do that. (For those who have NOT gone through this, ICANN-accredited registrars do have the technicality to deny a transfer EVEN when a domain is UNLOCKED.) And to casually suggest locking a domain for the purpose of blocking its transfer away is CLEARLY out of the line.

Hmm ... let's see what I have posted earlier:

On the contrary, without EVIDENCE (of fraud, for example), locking a domain and preventing it from transferring away is at odds with ICANN's terms. Of course, evidence and law are not exactly in the jurisdiction of cowboy mentality.

Sorry if my bluntness in exposing that recklessness has incurred a lot of garbage posts in this thread. Frequent visitors to this forum should know very well that I very often don't even respond to trolls (and we don't have that many trolls here); but I honestly don't want other uninformed newcomers to get the wrong message.

And no, we're NOT Batman. When crimes happen, we dial 911.

I think that ICANN, Nominet and many other highly respected sources have amply cut through any smokescreens. I don't know about anybody else, but I certainly don't require any further clarification.

Beyond what has been posted here, there is a rapidly growing trend to encourage both Registrars and resellers to both lock and suspend known Phishing domains subject only to due diligence in complying with regulations in the process.

Clearly, not only do they actively encourage it, but all rules have been expressly altered to facilitate that process by every single Authority and, as with Nominet, the necessary tools have even been provided.

It seems to my mind that Nameslave just doesn't know when he's beaten and flogging a dead horse. Ah well. Not my problem.

Meanwhile, back in the real world, lock and suspend! Yeeeeehaw! This cowboy is all done and dusted. ;)