ICANN/GNSO GNSO Email List Archives

[registrars]


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [registrars] An Opportunity to Prove A Point - Hi-Jacked Name At GoDaddy


Hi all,

 

As part of the popcorn eating audience I just wanted to say: thanks for
putting on a great show J

 

For us European registrars, this rare glimpse into the way US registrars
interact on such matters is fascinating.

 

Stéphane Van Gelder
Directeur Général / General manager

INDOM – Noms de domaine / Domain names
124-126, rue de Provence
75008 Paris. France
0820 77 7000
(Prix d'un appel local) 
De l'étranger (calling from outside France): + 33 1 76 70 05 67
www.indom.com <http://www.indom.com/> 

Mon blog/My blog :  <http://www.domaines.info/> www.stephanevangelder.com

 

 

 

From: owner-registrars@xxxxxxxxxxxxxx
[mailto:owner-registrars@xxxxxxxxxxxxxx] On Behalf Of Christine Jones
Sent: vendredi 22 février 2008 01:02
To: john@xxxxxxxxxxxxxxxxx
Cc: 'elliot noss'; 'Bruce Tonkin'; 'Tim Ruiz'; 'Adam Dicker';
registrars@xxxxxxxxxxxxxx
Subject: RE: [registrars] An Opportunity to Prove A Point - Hi-Jacked Name
At GoDaddy

 

John, Elliot and Esteemed Colleagues-

I'm in my seventh year as Go Daddy General Counsel.  Although I follow the
spirited discussion of this group closely, I have never once posted a
response to this group.  I feel I must now break my silence, however, for a
few reasons.

First, although he never thought he would hear me say this, Rob Hall is
right.  Mostly.  Phil Sbarbaro is not a sorry ass.  Quite the contrary.
Phil worked hard for some of the protections all registrars now enjoy.
Since he is not able to defend himself here, we should leave the critical
comments to those of us who can.  For the record, Phil is not undefeated.  I
did beat up on him pretty badly in the Go Daddy v. VeriSign case (you all
remember it, the one regarding deceptive advertising and forced domain name
transfers).  But, let's keep him out of this.

Second, the short answer to t! he popcorn eating audience is this: Go Daddy
will follow its standard operating procedure in this case, as we attempt to
do in every case.

The longer answer, for those who are still interested in the movie, follows.

We instituted the 60-day lock after a Change of Registrant to prevent names
FROM our registrar from being transferred shortly after they were hijacked.
This is a case where (allegedly) the domain name was hijacked and
transferred TO our registrar.  But of course, we can help.  And here is why:

 

The registrant at the time of transfer is contesting the transfer.  We draw
from the Transfer Policy that states: "In the event of a dispute, the
Registered Name Holder's authority supersedes that of the Administrative
Contact."  Since the domain name transferred over with "Marriage Ministries
International" listed as the registrant, we should be able to help this
entity recover the domain name, so long as this entity can prove who they
say they are.  Because we have a standard process concerning these matters,
we have a form that they need to fill out in order for us to help them.
Just have them contact undo@xxxxxxxxxxx.  We do not require an
Indemnification Agreement unless the previous registrant (or registrar)
require that the name be transferred back to the previous registrar
(remember the name will be locked for 60-days, which, of course, allows
sufficient time for any complaining party to lodge a legal dispute).  

 

This is not why we would help this entity:

 

Do you they really think that the registrar has the right to return a domain
name simply based on the fact that the name is a high-profile name and the
previous registrant is claiming the name was hijacked?  Since when, did we,
as registrars, become detectives or judges in these matters?  Why would we
be able to help the previous registrant of marriage.com (no matter what kind
of documentation they (or any other non-legal body) gave us to prove the
domain name was hijacked?) versus any other previous registrant?  The answer
is, we CANNOT!   Unless (as mentioned above), we receive unbiased, standard
documents to reflect that they were the registrants at the time of transfer,
there is nothing we, as a registrar, can do.  What other registrar has this
unbiased, standard process in place?  Likewise, why would "determining
whether the originating IP address of the authorization is localizable to
Colorado or to somewhere else" make a difference?  IT DOES NOT!!  Are
registrars really relying on this type of evidence to determine whether or
not they should return a name to the previous registrant?  Seriously?!!
(See, Kremen v. Cohen for why this is a bad idea.)

 

I consider John Berryhill and friend of mine.  But, here is why I am more
afraid of some of the people in this email thread than any hijacker:

 

They wasted time sending this email and are basically doubting the 60-day
lock despite that it actually helps registrants when their name is hijacked.
So, again, Go Daddy is here to save the day by relying on the Transfer
Policy to assist this person.  Unfortunately, when we (as the losing
registrar) have gone to other registrars with this same scenario, the
registrars have been unwilling (basically fearful) to reinstate the
registrant at the time of transfer, despite the fact that the Transfer
Policy supports this action.  (Read: Elliot wasn't there to bail out my
sorry ass.)  Perhaps we can blame this on the administrators that receive
these complaints as not really understanding the Transfer Policy.  But how
can we blame them?  The real fault lies in the people that have the
authority to apply the Transfer Policy to situations like these.

 

In the end, GoDaddy.com (or any other registrar) is not required to help
this previous registrant.  In fact, referring them to the UDRP would not be
WRONG.  Why again is this GoDaddy's fault or problem to fix?  And why, if we
don't take any action, would we be the bad guy?  We can rely on the TRANSFER
POLICY to reinstate the previous registrant (if they provide valid
documentation).  But we don't have to.   This is the way we have found to
work within the confines of the Transfer Policy to help registrants.  By the
way, what do you do to help registrants without relying on your biased
judgment or detective work?  

 

Incidentally, THANK GOODNESS that the domain name was not allowed to
transfer away (due to the 60-day lock after the registrant changed).
Because now, GODADDY knows exactly what to do and the previous registrar
does not have to rely on another registrar that may not have any standard
practices in place for these kinds of matters.

 

Unfortunately, the department that needs to receive this request has not
received any documents from the previous registrant.  I understand that our
support department could have possibly steered the previous registrant in a
better direction.  But really, all of this wasted time and energy on this
subject could have been used to tell these people that they need to go to
undo@xxxxxxxxxxx.  We anticipate that either the previous registrar or
registrant will contact us within the next 48 hours to make their claim.  In
the meantime, we have a placed a lock on this domain name. 

 

And please, if the previous registrant ends up getting this name back, don't
think that it has anything to do with this email or any kind of effort or
pressure you have placed on GoDaddy.  Don't take any credit.  We are just
following our unbiased, SOP.  

 

Here is an opportunity for other registrars to prove a point: Get your own
SOPs in order.

 
Very truly yours,
Christine Jones





-------- Original Message --------
Subject: [registrars] An Opportunity to Prove A Point - Hi-Jacked Name
At GoDaddy
From: "John Berryhill" <john@xxxxxxxxxxxxxxxxx>
Date: Thu, February 21, 2008 10:14 am
To: "'Tim Ruiz'" <tim@xxxxxxxxxxx>, "'Christine Jones'"
<cjones@xxxxxxxxxxx>, "'Adam Dicker'" <amd@xxxxxxxxxxxxxxxxxxx>,
<registrars@xxxxxxxxxxxxxx>
Cc: "'elliot noss'" <enoss@xxxxxxxxxx>, "'Bruce Tonkin'"
<Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>



For those that enjoyed the Delhi fireworks show between myself and Elliot on
the subject of Godaddy's interpretation of the transfer policy, a unique
opportunity has arisen to provide an acid test of whether Godaddy is
sincere, or whether the Transfer Policy is broken.

As you know, Elliot Noss and others have expressed eloquent and enthusiastic
skepticism concerning the "anti-hi-jacking" rationale of Godaddy's 60 day
hold.

Here's what landed in my lap this morning.

Married.com has been registered since 1995 to Marriage Ministries
International through Melbourne IT as follows:

Domain Name.......... married.com
Creation Date........ 1995-05-31
Registration Date.... 2002-11-23
Expiry Date.......... 2008-05-30
Organisation Name.... Marriage Ministries International
Organisation Address. 9132 W. Bowles Avenue
Organisation Address. _
Organisation Address. Littleton
Organisation Address. 80123
Organisation Address. CO
Organisation Address. UNITED STATES

Admin Name........... Jason Phillipps
Admin Address........ 9132 W. Bowles Avenue
Admin Address........ _
Admin Address........ Littleton
Admin Address........ 80123
Admin Address........ CO
Admin Address........ UNITED STATES
Admin Email.......... jasonphillipps@[xxxx]

On or about February 5, 2008, it was hi-jacked and transferred to GoDaddy,
most likely by compromise of the admin contact email address.

Registrant:
Domain Manager DomainManager2006@xxxxxxxxx
<https://email.secureserver.net/pcompose.php#Compose> 
Sattarkhan Blvd.
Copenhagen, 2400
Denmark

The hi-jacker entered into a deal to sell the domain name through escrow.com
for $100,000.

I was contacted by the prospective buyer, who had contacted the former
registrant in the course of his due diligence. The former registrant had no
idea how the domain name was transferred to GoDaddy, and when they contacted
GoDaddy support, he was told to "use the UDRP" and that there was nothing
else GoDaddy could do.

Of course, the UDRP is useless here, since "married" wasn't being used as a
trade or service mark for marriage counseling, and GoDaddy support's advice
is typical of the useless things that are told to parties in this instance.

So, as the situation stands, and as I tried to convey to Elliot, it is in
circumstances such as this one that I am GLAD the name is at GoDaddy, since
it is at least not going anywhere for another 45 days.

The remaining questions are these:

1. Is GoDaddy actually going to look into the situation and USE the 60 day
period to resolve a domain hi-jacking? The initial indication from GoDaddy
support is "no". 

2. What is the mechanism by which a registrant may request his/her
registrar to institute a Transfer Dispute Resolution Proceeding? This ball
is in Bruce's court. Melbourne IT provides no information to registrants
that is readily accessible which, as I have long argued, is the fundamental
flaw of the TDRS - there is no coupling between the people who've had their
names transferred without authorization, and the people who are in a
position to invoke the policy.

Now it may be that the registrant's admin email address was compromised.
Still, both Melbourne IT and GoDaddy will be able to determine whether the
originating IP address of the authorization is localizable to Colorado or to
somewhere else.

So, Elliot, let's fire up the oven, put on some crow, and find out who gets
to eat it. Either (a) GoDaddy does nothing to investigate or remedy this
hi-jacking, and their justification for the 60 day hold is a farce; (b)
Melbourne IT does nothing, and the Transfer Policy dispute mechanism is a
farce; or (c) the situation is appropriately resolved, and it turns out that
GoDaddy's policy actually does help address hi-jackings.

But, as it stands, the only hopeful point in the situation is that since the
name is at GoDaddy, it is going to stay there for a while.

The point is GoDaddy's to prove, or not.


John Berryhill, Ph.d., Esq.
4 West Front St. 
Media, PA 19063
(610) 565-5601
(267) 386-8115 fax



Attachment: smime.p7s
Description: S/MIME cryptographic signature



<<< Chronological Index >>>    <<< Thread Index >>>