Help - Lost my Domain

[shou]

I accidently authorized a change of registrar for one of my domains after receiving an email requesting authorization for registrar transfer.

To cut the long story short, this domain had found a buyer at sedo and was in the process of being sold, pending the usual procedures. I have no excuse but to admit it was utter stupidity on my part as I had wrongly assumed the authorization was part of the transfer process when it clearly wasn’t. I was busy with a lot of things offline and hence just skimmed thru that email, clicked on the link to authorize it etc….I only realized something was wrong when sedo contacted me to push the domain to their account!

On closer look at the email now, it said that the registrar transfer request was requested by none other than myself! Obviously I did not make that request. And its now pretty obvious too that I’ve lost control over that domain as its has now moved a place where I have never even heard of and obviously do NOT have an account. I have tried contacting them via email, phone and fax and obviously have received no response.

The whois of this domain still shows that I am the owner, the name, address and contact details are still mine.

Is there any way to get my domain back or have I lost it for good thru my sheer stupidity? I probably have a lot of explaining to do as well to sedo. :sigh2:

Any help or advice would be appreciated.

 

[tekz999]

If the domain has been successfully transfered to the new registrar, keep contacting the *new* registrar, and urge them to lock the domain, until your lawyer will explain further.

 

[jazzpetals]

If the email address in the whois info is still yours, create an account at that registrar, then use the lost password function, that should generate an email being sent to you with the correct log in information, thus giving you control of the domain name.

 

[Raider]

Can you post the original email and X out the domain?....I would be very interested to see it and I think we can assist you better.

RG

If the email address in the whois info is still yours, create an account at that registrar, then use the lost password function, that should generate an email being sent to you with the correct log in information, thus giving you control of the domain name.

Excellent advice!...why didn't I think of that :doh:

 

[shou]

Really appreciate your responses. Here's a copy of the email with the domain name and a few other things X'd out.

STANDARDIZED FORM OF AUTHORIZATION

DOMAIN NAME TRANSFER - Initial Authorization for Registrar Transfer

Attention: XXX
Re: Transfer of XXX

eNom, Inc. has received a request from XXX on 09 May 2007 for us to become the new registrar of record.

You have received this message because you are listed as the Registered Name Holder or Administrative contact for this domain name in the WHOIS database.

Please read the following important information about transferring your domain name:

* You must agree to enter into a new Registration Agreement with us. You can review the full terms and conditions of the Agreement at

< http://transfer-approval.com/u.asp?id=XXX >

* Once you have entered into the Agreement, the transfer will take place within five (5) calendar days unless the current registrar of record denies the request.

* Once a transfer takes place, you will not be able to transfer to another registrar for 60 days, apart from a transfer back to the original registrar, in cases where both registrars so agree or where a decision in the dispute resolution process so directs.

If you WISH TO PROCEED with the transfer, you must respond to this message by using the following URL (note if you do not respond by 16 May 2007, XXX will not be transferred to us):

< http://transfer-approval.com/u.asp?id=XXX >

YOU MUST CLICK THIS LINK TO CONTINUE THE TRANSFER PROCESS

If you DO NOT WANT the transfer to proceed, then don't respond to this message.

If you have any questions about this process, please contact XXX.

The so called registrar looks scammy at best. Unfortunately, as of today, the whois has now reflected the new owner's particulars. Probably after receiving my emails, phone messages and faxes requesting for a return of the domain. I believe I've been well and truly had but nobody's fault but my own.

 

[namestrands]

Contact ENOM direct.. and explain the situation

-- dont enom need auth codes to transfer most domains now? or was this a non TLD

 

[Gramma]

Boy let this be a word of warning to us all!
When selling a domain through sedo - my experience has been that it is transferred to them (their escrow account) - and then they transfer it from there ... Never did an enom one though - only godaddys.

 

[namestrands]

SEDO also have ENOM accounts.. I had a sale with sedo the other week. Flawless transaction.

 

[dotNetKing]

I believe I've been well and truly had but nobody's fault but my own.

OK. may be you slipped up, but you aren't the only one who is at fault.

If the transfer request was a fraudulent one, then the person making it is primarily the person who is at fault.

Are you sure that the new owner isn't the person who is purchasing the domain?

Good luck in getting this sorted out satisfactorily.

 

[shou]

Contact ENOM direct.. and explain the situation

-- dont enom need auth codes to transfer most domains now? or was this a non TLD

I could contact ENOM but the fact was that I did authorise the registrar transfer. :sigh2:

SEDO also have ENOM accounts.. I had a sale with sedo the other week. Flawless transaction.

I've sold other domains at sedo prior to this and they went flawlessly as well. I slipped up big time here though.

OK. may be you slipped up, but you aren't the only one who is at fault.

If the transfer request was a fraudulent one, then the person making it is primarily the person who is at fault.

Are you sure that the new owner isn't the person who is purchasing the domain?

Good luck in getting this sorted out satisfactorily.

I actually wouldn't be surprised if the "thief" and the supposed buyer is one and the same person but that again is speculation on my part. The timings of all events leading up to this was pretty suspicious. Agreement was reached March 23. Received info from sedo that they have received payment on March 26. Domain unlocked on March 28. On the same day, was informed by sedo that "The buyer has started transfer request. Please confirm the next transfer request from eNom Inc.....". The transaction halted right here and after a couple of emails to sedo, was told they were unable to reach the buyer. In early May, I wrote sedo again and asked that they resolve this asap as its been over a month and a half. They agreed to contact the buyer again. It was exactly a day or 2 after that I received that email requesting authorisation for the transfer to another registrar. Like I said, it was my mistake due to my haste, I saw the words eNom, transfer etc. and assumed it was part of the transaction. Within 48 hours after the registrar transfer went thru, I received an email from sedo asking that i push the domain to their godaddy account. It was here that I realised my mistake. I tried repeatedly to contact the new registrar but obviously heard nothing back. For several days, the whois still showed me as the owner of the domain. About 24 hours ago, I faxed them saying that I was the rightful owner of the domain as reflected in the whois etc. and well, within 12 hours of that, the whois has changed, privacy protected of course.

I would probably have to chalk this up as a loss and a lesson learnt. Never again will I authorise anything based on assumption. Its just darn frustrating knowing that someone walked away with my domain for free. :upset:

 

[AlienGG]

Don't they require AUTH code?

 

[shou]

Don't they require AUTH code?

I do not recall having to provide any AUTH code when I mistakenly authorised the transfer. However, the AUTH code was given to sedo to give to the buyer, hence I suspect that the "thief" and "buyer" is one and the same person.

 

[dotNetKing]

I do not recall having to provide any AUTH code when I mistakenly authorised the transfer. However, the AUTH code was given to sedo to give to the buyer, hence I suspect that the "thief" and "buyer" is one and the same person.

May be this is sufficient for either sedo to release the payment to you, or for the issue to be taken up with the new registrar.

If the only parties to have access to the auth code were you, sedo and the purchaser, this would imply that it is the purchaser who initiated the transfer, even if he subsequently hides the WHOIS information.

I'm assuming sedo still have the payment in their escrow account and could release it to you. Although they will obviously want to cover themselves adequately.

 

[Brett Lewis]

It's sometimes difficult to get these things reversed, but don't let that stop you from informing eNom that you made a mistake. Also, if your contact info is still listed as the registrant, that might give you more of a basis with eNom to reverse the transfer.

Good luck!

 

[Raider]

I deal with Enom a lot...I really think this can be resolved if you give them a call, I see your in Singapore, if you want to do this by email instead, PM me and I can help you out..........We can do this in person but I dont hang out at Lucky plaza anymore :lol:

RG

 

[AlienGG]

I do not recall having to provide any AUTH code when I mistakenly authorised the transfer. However, the AUTH code was given to sedo to give to the buyer, hence I suspect that the "thief" and "buyer" is one and the same person.

Strange! If it's just pushing between accounts, Sedo should not ask you for AUTH code as it's not needed in that process.
The only possible reason for this is that the buyer told Sedo he wanted to transfer the domain, and later, he told Sedo again that he wanted to have it pushed to his account instead.