GNSO Email Archives: [registrars]

ICANN/GNSO GNSO Email List Archives

[registrars]

<<< Chronological Index >>> <<< Thread Index >>>

Re: [registrars] Grave Robbing and SEDO Fencing

To: "'Registrars Constituency'" <registrars@xxxxxxxxxxxxxx>
Subject: Re: [registrars] Grave Robbing and SEDO Fencing
From: "Paul Lecoultre (CORE secretariat)" <secretariat@xxxxxxxxxxx>
Date: Tue, 07 Aug 2007 14:39:03 +0200
Ax-md5sum: 4CzYEnmVSvR0/uhtI5EUJw
In-reply-to: <20070807050000.4a871ae7d05d2c98d9abb595d392cd69.3d794c1cfe.wbe@email.secureserver.net>
References: <20070807050000.4a871ae7d05d2c98d9abb595d392cd69.3d794c1cfe.wbe@email.secureserver.net>
Sender: owner-registrars@xxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.12 (Macintosh/20070509)

Hi,

Although I welcome initiatives, I don't think that a 60
days obligatory lock after every transfers, modifications
will help registrars, it will only complicate transfers
by adding an unnecessary burden. The authinfo code has
proved to be effective, even if exceptions are possible,
such the raven.com case. The 60 days automatic lock done
by Godaddy and others is an internal registrar rule that
neither ICANN nor the registries are requesting(at the
recent exception of PIR, if I'm right).

In case of exceptional cases, we still have the Transfer
dispute policy, which allow the registries to reverse
wrong or fraudulent transfers that occurred in the past
6 months. In addition the ICANN radars is providing the
direct email of people handling transfers and usually
such cases are solved in a timely manner.

I don't see the need to act in this specific case,
we only need to increase the already well working
communications between registrars (yes there are
exceptions...).

Best regards,
Paul Lecoultre



Tim Ruiz wrote:

Thanks Donny. You're right, it does say *may.* So perhaps that's another
thing the RC should consider trying to change. I realize it may pose an
inconvenience for customers who want to flip names as you describe, but
it wouldn't prevent it. What it would do is add a layer of protection
against hijacking.

I think the raven.com issue illustrates the potential problem with
assuming that if someone has the authcode, the name must be theirs. I
thought the same way about the authcode at one time, but various
experiences have changed my mind. I think authcodes are a good tool, but

only one piece of the security issue.Tim

-------- Original Message --------
Subject: RE: [registrars] Grave Robbing and SEDO Fencing
From: "Donny Simonton" <donny@xxxxxxxxxxxxxxx>
Date: Tue, August 07, 2007 6:27 am
To: "'Tim Ruiz'" <tim@xxxxxxxxxxx>,  "'Registrars Constituency'"
<registrars@xxxxxxxxxxxxxx>

Tim,
The ICANN transfer policy says that I "may" deny a transfer within the
60
days after a domain is transferred to us, it doesn't say that we "must"
deny
the transfer. As more and more registrants start selling domains
stopping
them from transferring a domain just causes more problems. We have many
customers who flip domains every day. With the hopes of making a few
hundred bucks here and there.

Ever since Verisign switched to EPP, my rule has been if you have the
auth-info code you can do whatever you want with the domain, because
it's
yours.

Donny

Follow-Ups:
- RE: [registrars] Grave Robbing and SEDO Fencing
  - From: Lau

References:
- RE: [registrars] Grave Robbing and SEDO Fencing
  - From: Tim Ruiz

<<< Chronological Index >>> <<< Thread Index >>>