RE: [registrars] An Opportunity to Prove A Point - Hi-Jacked Name At GoDaddy
Hi all, As part of the popcorn eating audience I just wanted to say: thanks for putting on a great show J For us European registrars, this rare glimpse into the way US registrars interact on such matters is fascinating. Stéphane Van Gelder Directeur Général / General manager INDOM – Noms de domaine / Domain names 124-126, rue de Provence 75008 Paris. France 0820 77 7000 (Prix d'un appel local) De l'étranger (calling from outside France): + 33 1 76 70 05 67 www.indom.com <http://www.indom.com/> Mon blog/My blog : <http://www.domaines.info/> www.stephanevangelder.com From: owner-registrars@xxxxxxxxxxxxxx [mailto:owner-registrars@xxxxxxxxxxxxxx] On Behalf Of Christine Jones Sent: vendredi 22 février 2008 01:02 To: john@xxxxxxxxxxxxxxxxx Cc: 'elliot noss'; 'Bruce Tonkin'; 'Tim Ruiz'; 'Adam Dicker'; registrars@xxxxxxxxxxxxxx Subject: RE: [registrars] An Opportunity to Prove A Point - Hi-Jacked Name At GoDaddy John, Elliot and Esteemed Colleagues- I'm in my seventh year as Go Daddy General Counsel. Although I follow the spirited discussion of this group closely, I have never once posted a response to this group. I feel I must now break my silence, however, for a few reasons. First, although he never thought he would hear me say this, Rob Hall is right. Mostly. Phil Sbarbaro is not a sorry ass. Quite the contrary. Phil worked hard for some of the protections all registrars now enjoy. Since he is not able to defend himself here, we should leave the critical comments to those of us who can. For the record, Phil is not undefeated. I did beat up on him pretty badly in the Go Daddy v. VeriSign case (you all remember it, the one regarding deceptive advertising and forced domain name transfers). But, let's keep him out of this. Second, the short answer to t! he popcorn eating audience is this: Go Daddy will follow its standard operating procedure in this case, as we attempt to do in every case. The longer answer, for those who are still interested in the movie, follows. We instituted the 60-day lock after a Change of Registrant to prevent names FROM our registrar from being transferred shortly after they were hijacked. This is a case where (allegedly) the domain name was hijacked and transferred TO our registrar. But of course, we can help. And here is why: The registrant at the time of transfer is contesting the transfer. We draw from the Transfer Policy that states: "In the event of a dispute, the Registered Name Holder's authority supersedes that of the Administrative Contact." Since the domain name transferred over with "Marriage Ministries International" listed as the registrant, we should be able to help this entity recover the domain name, so long as this entity can prove who they say they are. Because we have a standard process concerning these matters, we have a form that they need to fill out in order for us to help them. Just have them contact undo@xxxxxxxxxxx. We do not require an Indemnification Agreement unless the previous registrant (or registrar) require that the name be transferred back to the previous registrar (remember the name will be locked for 60-days, which, of course, allows sufficient time for any complaining party to lodge a legal dispute). This is not why we would help this entity: Do you they really think that the registrar has the right to return a domain name simply based on the fact that the name is a high-profile name and the previous registrant is claiming the name was hijacked? Since when, did we, as registrars, become detectives or judges in these matters? Why would we be able to help the previous registrant of marriage.com (no matter what kind of documentation they (or any other non-legal body) gave us to prove the domain name was hijacked?) versus any other previous registrant? The answer is, we CANNOT! Unless (as mentioned above), we receive unbiased, standard documents to reflect that they were the registrants at the time of transfer, there is nothing we, as a registrar, can do. What other registrar has this unbiased, standard process in place? Likewise, why would "determining whether the originating IP address of the authorization is localizable to Colorado or to somewhere else" make a difference? IT DOES NOT!! Are registrars really relying on this type of evidence to determine whether or not they should return a name to the previous registrant? Seriously?!! (See, Kremen v. Cohen for why this is a bad idea.) I consider John Berryhill and friend of mine. But, here is why I am more afraid of some of the people in this email thread than any hijacker: They wasted time sending this email and are basically doubting the 60-day lock despite that it actually helps registrants when their name is hijacked. So, again, Go Daddy is here to save the day by relying on the Transfer Policy to assist this person. Unfortunately, when we (as the losing registrar) have gone to other registrars with this same scenario, the registrars have been unwilling (basically fearful) to reinstate the registrant at the time of transfer, despite the fact that the Transfer Policy supports this action. (Read: Elliot wasn't there to bail out my sorry ass.) Perhaps we can blame this on the administrators that receive these complaints as not really understanding the Transfer Policy. But how can we blame them? The real fault lies in the people that have the authority to apply the Transfer Policy to situations like these. In the end, GoDaddy.com (or any other registrar) is not required to help this previous registrant. In fact, referring them to the UDRP would not be WRONG. Why again is this GoDaddy's fault or problem to fix? And why, if we don't take any action, would we be the bad guy? We can rely on the TRANSFER POLICY to reinstate the previous registrant (if they provide valid documentation). But we don't have to. This is the way we have found to work within the confines of the Transfer Policy to help registrants. By the way, what do you do to help registrants without relying on your biased judgment or detective work? Incidentally, THANK GOODNESS that the domain name was not allowed to transfer away (due to the 60-day lock after the registrant changed). Because now, GODADDY knows exactly what to do and the previous registrar does not have to rely on another registrar that may not have any standard practices in place for these kinds of matters. Unfortunately, the department that needs to receive this request has not received any documents from the previous registrant. I understand that our support department could have possibly steered the previous registrant in a better direction. But really, all of this wasted time and energy on this subject could have been used to tell these people that they need to go to undo@xxxxxxxxxxx. We anticipate that either the previous registrar or registrant will contact us within the next 48 hours to make their claim. In the meantime, we have a placed a lock on this domain name. And please, if the previous registrant ends up getting this name back, don't think that it has anything to do with this email or any kind of effort or pressure you have placed on GoDaddy. Don't take any credit. We are just following our unbiased, SOP. Here is an opportunity for other registrars to prove a point: Get your own SOPs in order. Very truly yours, Christine Jones -------- Original Message -------- Subject: [registrars] An Opportunity to Prove A Point - Hi-Jacked Name At GoDaddy From: "John Berryhill" <john@xxxxxxxxxxxxxxxxx> Date: Thu, February 21, 2008 10:14 am To: "'Tim Ruiz'" <tim@xxxxxxxxxxx>, "'Christine Jones'" <cjones@xxxxxxxxxxx>, "'Adam Dicker'" <amd@xxxxxxxxxxxxxxxxxxx>, <registrars@xxxxxxxxxxxxxx> Cc: "'elliot noss'" <enoss@xxxxxxxxxx>, "'Bruce Tonkin'" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx> For those that enjoyed the Delhi fireworks show between myself and Elliot on the subject of Godaddy's interpretation of the transfer policy, a unique opportunity has arisen to provide an acid test of whether Godaddy is sincere, or whether the Transfer Policy is broken. As you know, Elliot Noss and others have expressed eloquent and enthusiastic skepticism concerning the "anti-hi-jacking" rationale of Godaddy's 60 day hold. Here's what landed in my lap this morning. Married.com has been registered since 1995 to Marriage Ministries International through Melbourne IT as follows: Domain Name.......... married.com Creation Date........ 1995-05-31 Registration Date.... 2002-11-23 Expiry Date.......... 2008-05-30 Organisation Name.... Marriage Ministries International Organisation Address. 9132 W. Bowles Avenue Organisation Address. _ Organisation Address. Littleton Organisation Address. 80123 Organisation Address. CO Organisation Address. UNITED STATES Admin Name........... Jason Phillipps Admin Address........ 9132 W. Bowles Avenue Admin Address........ _ Admin Address........ Littleton Admin Address........ 80123 Admin Address........ CO Admin Address........ UNITED STATES Admin Email.......... jasonphillipps@[xxxx] On or about February 5, 2008, it was hi-jacked and transferred to GoDaddy, most likely by compromise of the admin contact email address. Registrant: Domain Manager DomainManager2006@xxxxxxxxx <https://email.secureserver.net/pcompose.php#Compose> Sattarkhan Blvd. Copenhagen, 2400 Denmark The hi-jacker entered into a deal to sell the domain name through escrow.com for $100,000. I was contacted by the prospective buyer, who had contacted the former registrant in the course of his due diligence. The former registrant had no idea how the domain name was transferred to GoDaddy, and when they contacted GoDaddy support, he was told to "use the UDRP" and that there was nothing else GoDaddy could do. Of course, the UDRP is useless here, since "married" wasn't being used as a trade or service mark for marriage counseling, and GoDaddy support's advice is typical of the useless things that are told to parties in this instance. So, as the situation stands, and as I tried to convey to Elliot, it is in circumstances such as this one that I am GLAD the name is at GoDaddy, since it is at least not going anywhere for another 45 days. The remaining questions are these: 1. Is GoDaddy actually going to look into the situation and USE the 60 day period to resolve a domain hi-jacking? The initial indication from GoDaddy support is "no". 2. What is the mechanism by which a registrant may request his/her registrar to institute a Transfer Dispute Resolution Proceeding? This ball is in Bruce's court. Melbourne IT provides no information to registrants that is readily accessible which, as I have long argued, is the fundamental flaw of the TDRS - there is no coupling between the people who've had their names transferred without authorization, and the people who are in a position to invoke the policy. Now it may be that the registrant's admin email address was compromised. Still, both Melbourne IT and GoDaddy will be able to determine whether the originating IP address of the authorization is localizable to Colorado or to somewhere else. So, Elliot, let's fire up the oven, put on some crow, and find out who gets to eat it. Either (a) GoDaddy does nothing to investigate or remedy this hi-jacking, and their justification for the 60 day hold is a farce; (b) Melbourne IT does nothing, and the Transfer Policy dispute mechanism is a farce; or (c) the situation is appropriately resolved, and it turns out that GoDaddy's policy actually does help address hi-jackings. But, as it stands, the only hopeful point in the situation is that since the name is at GoDaddy, it is going to stay there for a while. The point is GoDaddy's to prove, or not. John Berryhill, Ph.d., Esq. 4 West Front St. Media, PA 19063 (610) 565-5601 (267) 386-8115 fax Attachment:
smime.p7s
|