- Joined
- Dec 26, 2007
- Messages
- 7,357
- Reaction score
- 223
An organization requested that they would like to manage their domains instead of me now (I don't have an issue with this). I unlocked the domains and sent the EPP codes to the contact I have with the organization.
Well, she waited too long and the transfer out request expired. My contact had their treasurer contact Moniker in an attempt to get the domains from me (they're new to owning domains). I feel Moniker followed the proper procedures (asking me to send them the EPP codes if I am authorizing the transfers, they acknowledged that I unlocked the domains, etc.) but there was one small problem.
In their email to me they carbon copied myself and the person who requested the domains and used my registrar contact email address, not the WhoIs contact. My registrar contact email address is not published anywhere and is what I use for password resets, EPP codes, etc.
Now, they've given it to a complete stranger. While I'm sure the requester won't try to hack my account what if someone with malicious intentions did this?
Well, she waited too long and the transfer out request expired. My contact had their treasurer contact Moniker in an attempt to get the domains from me (they're new to owning domains). I feel Moniker followed the proper procedures (asking me to send them the EPP codes if I am authorizing the transfers, they acknowledged that I unlocked the domains, etc.) but there was one small problem.
In their email to me they carbon copied myself and the person who requested the domains and used my registrar contact email address, not the WhoIs contact. My registrar contact email address is not published anywhere and is what I use for password resets, EPP codes, etc.
Now, they've given it to a complete stranger. While I'm sure the requester won't try to hack my account what if someone with malicious intentions did this?
