Mail undeliverable - .COM name, hijack?

[mole]

As normal, I would usually send out a couple of offers every month to .COM owners to see if I get a bite. I just got a confirmed bounceback of a dead email addy and the domain is not LOCKED.

With the new ICANN transfer policy, anyone could hijack that name by initiating a transfer.

What do I do? If I wait for it to drop, some smarty pants could just grab it off before expiration date and claim it to be theirs and nobody will be the wiser especially if the registrant is truely out of the picture. If I transfer it, I could be accused of fraud and theft. I hold very strict ethics on these kind of things.

But I can see the loophole someone could exploit at any moment.

Any advise? Thanks.

 

[Ed30]

I'd inform the registrar, who should then write to the registrant at the whois address. If they get no joy I assume the name will go through the normal drop process.
Alternatively you could snail-mail the registrant yourself.

 

[mole]

I'd inform the registrar, who should then write to the registrant at the whois address. If they get no joy I assume the name will go through the normal drop process.

Yeah, good idea, ed. Got to protect that name. Would rather play the auction gauntlet than to be accused of a thief :-(

Done, asked them to lock that name. Damn, this new ICANN thingy is full of pot-holes.

 

[skylight]

even if the domains is not lock and no response is needed to the losing registrar, the registrant still need to click the email link from the gaining registrar to approve the transfer.

 

[Biggie]

Mole.......forever digging!

 

[Steen]

even if the domains is not lock and no response is needed to the losing registrar, the registrant still need to click the email link from the gaining registrar to approve the transfer.

not under the new rules :huh:

 

[Domainut]

Under the new rules, the gaining registrar still has to get approval from the registrant. Only the losing registrants email does not require a response. That is my interpretation of the new rules.

 

[mole]

The registrar of the name reverted to say they couldn't lock the name without the registrant's explicit permission. So the name remains exposed as beached whales and dolphins.

I hope you are right, nut. I'm not going to try and find out.

 

[Anthony Ng]

As normal, I would usually send out a couple of offers every month to .COM owners to see if I get a bite. I just got a confirmed bounceback of a dead email addy and the domain is not LOCKED.

With the new ICANN transfer policy, anyone could hijack that name by initiating a transfer.

What do I do? If I wait for it to drop, some smarty pants could just grab it off before expiration date and claim it to be theirs and nobody will be the wiser especially if the registrant is truely out of the picture. If I transfer it, I could be accused of fraud and theft. I hold very strict ethics on these kind of things.

But I can see the loophole someone could exploit at any moment.

Any advise? Thanks.

First off, even with the new ICANN transfer policy, a domain name would NOT be transferred away just because somebody initiates a request. Actually, to some registrars, this has ALWAYS been the case: the responsibility of verifying the transfer request lies in the winning registrar who would usually send an e-mail to the Administrative Contact for acknowledgement.

I'd applaud mole's decision not to "just transfer it". But seriously, that is not only unethical but illegal.

 

[Domagon]

File a Whois Data Problem Report instead ... it's a huge security hole that few folks know about; even many knowledgeable domain folks don't truly appreciate the security risks the Whois Data Problem Report System presents to all registrants.

Anyways, click over to this url and simply fill in the form and submit ...

http://wdprs.internic.net/

Then check the domain status - pay particular attention to lock status and DNS changes ... if either happens, then the domain will likely be deleted (available at a drop) soon.

Filing a Whois Data Problem Report is so easy - every registrar I've contacted so far will suspend/delete a reported domain if the registrant doesn't respond within as little as 5 days! Anyways this is a method of grabbing domains that most domain folks still don't know about.

Good luck ... and I encourage domain speculators to use this method as much as possible ... eventually ICANN / registrars will tighten security and better protect registrants ... but until then it's open season ... I myself am considering using this above method to grab domains if ICANN doesn't close this hole soon ... there is no penality for filing a Whois Data Problem Report - especially if there really is a legitimate problem in the Whois data, such as the lack of a country code in the phone number field.

Ron

 

[GoldName.com]

Actuality, a lot of domains are under of hijacking.
However, is protecting domain ownership by method differing in each registrars.
They will have to change this to most reasonable and secure method.
Also, we will have to LOCK in all own domains and manage well.
Besides, there may not be alternative thing.

 

[seeker]

mole, it is not about ethics.
I applaud your stand, however, not having an acurate whois email address...
the person is asking for trouble, and it IS illegal to NOT update the whois adddress.

 

[mole]

Filing a Whois Data Problem Report is so easy - every registrar I've contacted so far will suspend/delete a reported domain if the registrant doesn't respond within as little as 5 days! Anyways this is a method of grabbing domains that most domain folks still don't know about.

Excellent advise, value. Thanks for that tip!, one of those insights singularly worth more than the $300 I paid for my membership here :santa:

 

[Domagon]

And unlike submitting bogus transfers, the Whois Data Problem Report method allows one to grab a domain LEGALLY; darn near impossible for the original registrant to get it back because it's actually deleted/dropped. That alone makes the method very appealing.

And to reiterate, registrar-lock, account passwords, etc offer ZERO security when it comes to Whois Data Problem Reports ...

On an aside, I too have found membership here to be well worth the money ... learned a lot, met many friendly folks, and done much productive business with others here

Ron

 

[Honan]

File a Whois Data Problem Report instead ... it's a huge security hole that few folks know about; even many knowledgeable domain folks don't truly appreciate the security risks the Whois Data Problem Report System presents to all registrants.

Anyways, click over to this url and simply fill in the form and submit ...

http://wdprs.internic.net/

Then check the domain status - pay particular attention to lock status and DNS changes ... if either happens, then the domain will likely be deleted (available at a drop) soon.

Filing a Whois Data Problem Report is so easy - every registrar I've contacted so far will suspend/delete a reported domain if the registrant doesn't respond within as little as 5 days! Anyways this is a method of grabbing domains that most domain folks still don't know about.

Good luck ... and I encourage domain speculators to use this method as much as possible ... eventually ICANN / registrars will tighten security and better protect registrants ... but until then it's open season ... I myself am considering using this above method to grab domains if ICANN doesn't close this hole soon ... there is no penality for filing a Whois Data Problem Report - especially if there really is a legitimate problem in the Whois data, such as the lack of a country code in the phone number field.

Ron

Wow!!
Thanks Ron
Great Post!!
Now, what is the id of that DNF member who uses fake whois name, address and phone number?
LOL

 

[mole]

Now, what is the id of that DNF member who uses fake whois name, address and phone number?

Adam?

 

[mole]

After my ICANN report, this is what happened to the name from my Godaddy alert.

We've noted that the following changes occurred between 12/04/2004 and 12/05/2004:

The domain status has been changed:
OLD: ACTIVE
NEW: REGISTRAR-HOLD
on the following name:

_________.COM

 

[Domagon]

Wow, that was fast!

At this rate, the domain could "drop" by the end of the month. The 30 day hold/redemption period may not apply in instances where the Whois Data is "wrong" - makes the security hole even bigger, but on the bright side, folks seeking to grab such domains can do so even quicker - keep an eye on the "drops" - not sure if GoDaddy always deletes domains or if they often resell them like Network Solutions, etc do through their own/partner drop services.

Ron