[gnso-irtpd] Example email string
Dorrain, Kristine
kdorrain at adrforum.com
Thu Feb 6 15:33:05 UTC 2014
I can appreciate the concern here. I'm not a registrar, so I don't understand the nuances of transfer, but I do understand an FOA is needed. What if (and I don't know in this case, I'm talking generally), the FOA was fraudulent and the registrar "didn't suspect" fraud. I use quotes because I am asking (honestly, not rhetorically) what prevents a registrar from simply "not noticing" fraud? Does a registrar do any sort of validity check or "well, the request came from an authorized email account so who am I to ask questions"?
Is there anything currently being done to encourage or train Registrars to spot fraudulent transfer requests?
Sorry if my questions are very basic...
-----Original Message-----
From: owner-gnso-irtpd at icann.org [mailto:owner-gnso-irtpd at icann.org] On Behalf Of rob.golding at astutium.com
Sent: Thursday, February 06, 2014 9:23 AM
To: gnso-irtpd at icann.org
Subject: RE: [gnso-irtpd] Example email string
> But this type of issue is exactly the one Registrants are seeking a
> remedy for within ICANN.
The 'claim' is that the transfer (validly completed) was 'fraudulent'
because they allowed their details to be exploited/phished/socially engineered or whatever - that's going to need someone to investigate/prove/identify the details of the hack/exploit/scam.
Ideally that's a job for the courts and specialists, not ICANN, not a Registrar etc (in many cases) - a *crime* has been committed - we're not 'judges' or qualified to make decisions about that.
I hear the 'I've been hacked' story 100 times a week - usually after terminating a spammers services.
One of the funniest was Monday someone claiming they never ordered something, and that we're been 'illegally taking money' from their bank account - obviously they must have been 'hacked' (and accused us of doing it)
This is after the order came from their IP, it was paid (and 3d-secured at their bank) on their Debit card, they'd raised 3 support tickets/questions in the preceding month, we'd spoken to them by phone at least once ...
'I must have been hacked' translates into 'oh sh!t I forgot to cancel something I dont think I want anymore and rather than being reasonable and asking the company for a refund that they probably would have given without issue, I tried to fvck them over with bullcrap claims'
As to the email-chain that started the thread, who is to determine they didnt sell the domains and now have buyers-remorse ? Or had their assets seized by the FBI ? or a million other possibilities ...
> I disagree with the position that a party using illegally obtained
> credentials
I'm merely saying the *correct* credentials were used - if there is a claim that the obtaining of those is 'illegal' then go seek 'legal'
counsel.
Rob
More information about the Gnso-irtpd
mailing list