[registrars] Grave Robbing and SEDO Fencing
John Berryhill
john at johnberryhill.com
Tue Aug 7 14:29:14 UTC 2007
> I would also strongly urge to not use a single situation with
>a clear case of social engineering and a high-profile name to
>justify a policy that causes confusion, frustration and money
>to thousands on a regular basis.
It was posed as a "suggestion to consider".
Mr. Lecoultre's note on maintaining good communications are well-taken, as
any system will result in errors, and being able to rectify them will always
be important. There are also registrants who prefer being able to transfer
domains more easily than others, and features such as ease of transfer and
security are competitive trade-offs that differentiate registrar services.
ICANN policy should merely set a baseline.
The EPP system has cut down considerably on registrar transfers as a primary
mode of hi-jacking, and as Mr. Lau points out, most hi-jackings appear to be
precipitated by an identity theft external to the domain registration system
(expired or hacked admin contact email address, control of nameservers for
the admin contact, and so forth). Accordingly, a registrar transfer of a
hi-jacked name will now normally be preceded by a whois change at the losing
registrar.
It would seem that, at the time of a sale, the marketplace participants
would have an incentive to confirm the buyer and seller are real entities,
and that the whois data is correct, particularly in circumstances where
there appears to have been a sequence of rapid or recent changes leading up
to the sale. Registrars cannot confirm whois data on all domains at all
times.
Pawn shops generally require positive identification of someone who drops
off goods to be sold. Obviously, someone walking through the door with a
diamond ring is in "control" of the ring, and there may not be a good way to
determine if he/she "owns" the ring. However, that person's identity can be
confirmed entirely apart from the mere fact of having possession of the ring
upon entering the shop. Confirming seller authority "in band" - i.e. by
confirming that the purported seller can be contacted through the admin
contact email address - is not entirely reliable, as there is no separate
"title" system for domain names apart from the whois data itself.
For example, one "out of band" method for maintaining contact with a
registrant is described in this document:
United States Patent Application 20060031330
Kind Code A1
Ruiz; Tim February 9, 2006
Notification system and method for domain name registrars
Abstract
A system and method of the present invention allow communication via
electronic messages between a Customer and a domain name Registrar, avoiding
traditional electronic mail (email) communication. Email messages may not be
delivered to the Customer for various reasons including the situations where
the Customer employs anti-SPAM protective technologies. The system and
method of the present invention establish a Communication Link between a
Customer's Computer and Registrar's Server, which avoids anti-SPAM
protective technologies and email messaging altogether. The implementation
of this invention would result in a higher rate of delivered messages to the
Customer.
Inventors: Ruiz; Tim; (Cedar Rapids, IA)
More information about the registrars
mailing list