RE: [registrars] Grave Robbing and SEDO Fencing

[Tim Ruiz <tim@xxxxxxxxxxx>]

Elliot, It's true that high profile hijackings do not occur
very often. However, we shouldn't also assume that because 
that's true other hijackings are not occuring. You and I both
know that they do.

I can gather information on how many transfers we don't allow
to start due to being within the 60-day new registration 
period. But that doesn't necessarily mean they are all 
attempts to hijack domain names. We don't currently prevent
transfers from starting within 60-days of a previous 
transfer, but are looking at whether or not that could be 
done technically.

What I can tell you is that we deal with hijacking or 
attempted hijacking issues every day. Though those names may
not be high profile, the registrants are just as concerned.
The problem with hijacking is that it can have a devasting
and long lasting affect. Current resolution processes, even
with cooperative registrars, often take days to complete 
and correct the situation. And there are cases where the
hijacker just plain gets away with it.

When multiple transfers occur as a part of the hijacking
it further complicates resolution, and may even make 
resolution impossible. The TF on that PDP summarized in 
their implementation notes:

"There are situations where domain names have been hijacked 
by initiating a large number of transfers through several 
registrars to make it difficult to trace the original 
registrant. There is also the issue of how to implement a 
transfer undo command when a transfer may keep occurring 
many times in quick succession. It would increase stability 
of the system to also put a 60 day block on a transfer to a 
registrar other than the original registrar after a 
transfer has completed."

It's unfortunate, in my opinion, that the current policy's
list of reasons for denying transfers are all lumped under 
the *may* qualifier. I think both 60-day reasons (after new 
registration and transfers) should be mandatory. 

Of course pursuing any change should be at the consensus of
the RC as a whole. Just presenting some food for thought 
based on our experiences.
 

Tim 


-------- Original Message --------
Subject: Re: [registrars] Grave Robbing and SEDO Fencing
From: elliot noss <enoss@xxxxxxxxxx>
Date: Tue, August 07, 2007 7:18 am
To: Tim Ruiz <tim@xxxxxxxxxxx>
Cc: Registrars Constituency <registrars@xxxxxxxxxxxxxx>

tim, I would also strongly urge to not use a single situation with a 
clear case of social engineering and a high-profile name to justify a 
policy that causes confusion, frustration and money to thousands on a 
regular basis. the fact that this is in front of us and, I expect, 
will be rectified appropriately shows that those restrictive policies 
are not needed. what would be instructive in this matter would be for 
go daddy to let us all know how many transfers a month are refused on 
this basis.

bad facts make bad law.

Regards