Proposed ICANN Changes to Make Domain Hijacking Easier

[David Farber <dave () farber net>]

Begin forwarded message:

From: Robspiere () aol com
Date: November 10, 2004 1:16:20 PM EST
To: dave () farber net
Subject: Proposed ICANN Changes to Make Domain Hijacking Easier

 For IP, if you wish:

From Netcraft
(http://news.netcraft.com/archives/2004/11/09/ 
domain_transfers_and_hijackings_to_become_easier.html):

Domain names could become easier to hijack as a change in domain  
transfer
rules takes effect Friday. Under new rules set by the Internet  
Corporation for
Assigned Names and Numbers (ICANN), domain transfer requests will be
automatically approved in five days unless they are explicitly denied  
by the account
owner. This is a change from current procedure, in which a domain's  
ownership and
nameservers remain unchanged if there is no response to a transfer  
request.

This could mean trouble for domain owners who don't closely manage their
records. Domains with incorrect e-mail addresses and outdated  
administrative
contact information are at particular risk, as the domain's WHOIS  
database
information will be used to inform domain owners of transfer requests.  
A non-response
becomes the equivalent of answering "yes" to a transfer request,  
according to
the ICANN policy change.

"Failure by the Registrar of Record to respond within five (5) calendar  
days
to a notification from the Registry regarding a transfer request will  
result
in a default 'approval' of the transfer," the new rules state. "In the  
event
that a Transfer Contact listed in the Whois has not confirmed their  
request to
transfer with the Registrar of Record and the Registrar of Record has  
not
explicitly denied the transfer request, the default action will be that  
the
Registrar of Record must allow the transfer to proceed."

As the deadline for the change approaches, domain registrars are  
contacting
domain owners and insisting that they update domain records to avoid  
unwanted
changes. "From November 8-10, we are sending an email to all domain  
customers
informing you of a new domain transfer policy, enforced by ICANN," Go  
Daddy
told its users. "This policy dictates that we must honor any transfer  
requests,
even if you do not personally confirm them. To prevent unauthorized  
transfers,
lock your domains." There are reports of other registrars providing  
stern
warnings to customers about the need to update their details within  
five days,
perhaps to establish which domains may have outdated info.

Domains have become valuable business assets, yet are often loosely  
managed
by business owners, who neglect to update their WHOIS information  
following
changes in staff or e-mail addresses. Companies that have let critical  
domains
lapse include The Washingon Post, the Gawker weblog and perhaps the most
embarassing gaffe yet, the UK domain for Ogilvy Mather.

ICANN appears to be anticipating a spike in disputes, and today  
announced
appointments to manage its domain dispute resolution policy.



-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/