RE: [registrars] FYI re: Transfers

["John Berryhill" <john@xxxxxxxxxxxxxxxxx>]

>I would love to see a log of every transfer that was 
>blocked and how many of those where because the registrant 
>was being hijacked.

It's tough to tell.  The cost of recovering of hi-jacked name can be
stellar, and I have seen plenty of situations, such as client.com (stolen
from NSI using a forged fax from a "Billy Bob Thornton") where the victim
simply does not have the means or ability to pursue legal action.  The "log
of blocked transfers" is not going to provide meaningful information on the
costs resulting from a hi-jacking (and that includes the lost time that we
all devote to trying to get these things resolved informally).

The transfers policy has been very effective at eliminating certain
practices, of which we need not recite the history, that were clearly
directed at shaking down registrants for renewals while denying transfers.
The policy does allow room for registrants to consent to a variety of
practices which are motivated by security.  I, for one, would like to see a
registrar that offers an option of "under no circumstances is this domain
name to be transferred to another registrar" for high value names.
Registrants *should* be able to select such a service, as long as it is
voluntary and with notice.

Of several hi-jackings I have seen lately, there has been a pattern of
altered whois just prior to renewal.  From this, I gather that some
hi-jackers are targeting names near expiration on the assumption that this
strategy will result in a higher yield of names that nobody will complain
about.  Figure, some names expire simply because the registrant has
abandoned them.  Hence, by targeting names near the end of expiration for
hi-jacking, that class of registrants who intended to abandon the names are
not going to be making complaints.  It is probable that many such
registrants just assume the name expired, so you aren't going to know "how
many" were hi-jacked, since the registrants never complained.

Another scenario I have seen a couple of times lately, is one in which the
hi-jacker engages in multiple registrar transfers, while keeping the name
servers the same, for periods of a year or longer.  By the time the
registrant notices, if the registrant notices, the underlying activity, and
any logs of it, are long past.  From the registrant's point of view, as long
as the domain name is working, there is no apparent problem.


>From yesterday's Wall Street Journal...

http://online.wsj.com/article/SB119068079815138145.html?mod=googlenews_wsj

Web-Address Theft Is Everyday Event
By KEVIN J. DELANEY
September 25, 2007; Page B3

[...]
"It's a complete rampage in our industry," says Monte Cahn, founder and
chief executive of Moniker Online Services LLC in Pompano Beach, Fla., which
handles domain services such as registrations and auctions.

Bob Parsons, chief executive officer of GoDaddy.com Inc., says the domain
registrar is aware of daily hijacking incidents, with the frequency having
increased as Internet use grows.
[...]

In Mr. Inowlocki's case, his registrar says it hasn't had any luck
recovering the domain from the registrar that yyy.com was transferred to --
Key-Systems GmbH in Germany. Key-Systems CEO Alexander Siffrin says that is
because Mr. Inowlocki's registrar, TierraNet Inc. unit DomainDiscover,
hasn't yet made a formal complaint or gotten a court order.