<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [registrars] An Opportunity to Prove A Point - Hi-Jacked Name At GoDaddy
In my opinion, the suggestions that a registrant who doesn't like a
particular registrar policy can simply find another registrar is
flawed in this case due to the very reason we're discussing it in the
first place.
Whereas one registrar may convince a registrant why they should
transfer (perhaps for the reason we're discussing), once that process
begins, they may find it impossible to complete due to something as
simple as a contact change, which is often necessary to facilitate the
transfer in the first place. The registrant then decides to stay with
their original registrar, for the wrong reasons, and for reasons that
should be protected by the ICANN transfer policies.
I can appreciate that some registrants are perfectly happy with their
current registrar and may want to opt in for this type of added
security, or even opt to reject all transfer requests regardless of
contact changes. However, the majority of registrants probably don't
want this unknown restriction preventing them from choosing which
registrar they want to use at any given time. ICANN responded to
Elliot in Delhi that this was under review and they'd get back to us
within a week. Does anyone know where that stands?
Also, I'd appreciate if someone could explain why if somebody's domain
is hijacked, or better yet, if somebody's property is STOLEN, law
enforcement doesn't take over at that point? Why are there stories of
property being stolen for months when it's clear that fraud has been
committed and there's a digital trail? Are they not receptive? Could
someone please clarify this for the group?
While on the topic of transfers, I want to repeat another common
problem that I mentioned a while ago. There are many cases where we
deal with an unresponsive or otherwise unhelpful reseller, and when we
contact the actual registrar to resolve the issue, we are referred
back to the reseller, who continues to be unresponsive or unhelpful.
This often takes hours and days of work (over a single domain) until
we reach a point that the registrant gives up, or the domain becomes
due for renewal at the original registrar. I for one feel that the
registrar should be ultimately responsible for registrant services,
which they are according to ICANN policies but not so much in the real world.
In response to Champ's comments, I've been involved with domains since
1996 and I have a great deal of respect and admiration for
participants on this list, many of whom have helped take their
companies to impressive heights. I think it's healthy and perfectly
acceptable that when any of us disagree with a certain policy or
procedure, especially when we feel it is in conflict with an ICANN
policy that we must all adhere to, that we speak our mind and discuss
it. I wish even more people spoke up because I often hear from people
off list who have strong opinions but are uncomfortable joining the
discussion. Having said that, I would add that the (upcoming)
"private" list will be a much better venue so that comments don't
appear like public bashing, and so that people can speak their mind
without announcing it to the world.
Best Regards,
~Paul
:DomainIt
At 02:04 PM 2/22/2008, Nevett, Jonathon wrote:
>Let me throw another one out for consideration:
>
>7. A domain name was already in "lock status" provided that the
>Registrar provides a readily accessible and reasonable means for the
>Registered Name Holder to remove the lock status.
>
>In the example that Christine gave, Go Daddy locks a name after a Whois contact change for 60 days. If the customer tries to transfer during the 60 day period, then the transfer could be denied under #7 as it was already in lock status. The issue comes down to whether the customer has a reasonable means to lift the lock.
>
>Is it reasonable for a registrar to require a registrant to appear in person at the registrar's offices in order to authorize the transfer (I understand that one registrar actually does this)? The first reaction likely would be no. Would it change your mind, however, if this were the policy for only two or three character domain names valued at over $1 million? Would it change your mind if the customer was so worried about hijackings that it agreed to this requirement in writing as a security measure? What if the customer was a prior victim of hijacking and saw its domain name travel to three or four registrars around the world before getting it back six months later? Would it change your mind if the customer requested and actually paid the registrar to be provided with this additional security measure?
>
>Is it reasonable to deny transfers for 60 days after a Whois Admin or Primary Contact change, which is typical in hijacking cases? Is it reasonable to lock names for 60 days after a Whois Admin or Primary Contact change and require additional verification of the contact information in order to transfer during that 60 day period?
>
>Issues of reasonableness under law are anything, but black and white. Therefore, the rhetoric that we recently have read and heard about "clear violations" is just that -- rhetoric.
>
>Who should decide what is reasonable in these difficult scenarios? Should it be ICANN staff, the GNSO PDP process already looking at these specific issues, or the market? If customers don't like Go Daddy's (or Network Solutions') security policy, then the competitive marketplace could provide a solution. Other registrars could market to customers who care less about security and hijackings and don't want to wait 60 days or provide additional verification after a Whois Admin or Primary Contact change. In a competitive marketplace, there is a great deal of room for market differentiation. This could and should be a differentiator. We would be hurting registrants if we didn't have the ability to provide additional security protections.
>
>Thanks.
>
>Jon
>
>-----Original Message-----
>From: owner-registrars@xxxxxxxxxxxxxx [mailto:owner-registrars@xxxxxxxxxxxxxx] On Behalf Of John Berryhill
>Sent: Friday, February 22, 2008 9:39 AM
>To: G2L52; 'Christine Jones'
>Cc: 'elliot noss'; 'Bruce Tonkin'; 'Tim Ruiz'; 'Adam Dicker'; registrars@xxxxxxxxxxxxxx
>Subject: RE: [registrars] An Opportunity to Prove A Point - Hi-Jacked Name At GoDaddy
>
>
>
>> 1. Evidence of fraud
>
>One bit of evidence might be a contact change to the domain of an applicant
>in Colorado originating from an IP address in Iran. Of course, I was not
>suggesting that one data point constitute a totality of one's investigation.
>However, on top of the other data, having a reason to investigate further, a
>quick look at the quite neutral records of the Colorado Secretary of State,
>and at such domain data as that for marriage.org, along with the
>unlikelihood that a party with a definite view on the subject of marriage
>would suddenly sell a domain name after 12 years to someone advertising, for
>example, "extramarital dating sites", does paint a larger picture.
>
>I believe my point was obscured by some who had not attended the recent
>meeting. My intention was to point out a definite situation in which,
>regardless of one's interpretation of the policy, someone is breathing a
>deep sigh of relief over the fact that the domain name is not subject to a
>further registrar transfer for a while. My comments on this particular
>event appear to have been misinterpreted to some degree, since it was
>suggested emphatically to me that the anti-hijacking utility of the GoDaddy
>policy was some sort of fiction.
>
>We've heard from the anti-phishing group on the subject of "fast flux" DNS
>and its problems. Having to chase hi-jacked domains name hither and yon,
>suggests that there needs to be a balance between a distributed
>inconvenience for many, versus a catastrophic event for a few.
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|