http://news.netcraft.com/archives/2004/11/09/domain_transfers_and_hijackings_to_become_easier.html
Domain names could become easier to hijack as a change in domain transfer
rules takes effect Friday. Under new rules set by the Internet Corporation
for Assigned Names and Numbers (ICANN), domain transfer requests will be
automatically approved in five days unless they are explicitly denied by the
account owner. This is a change from current procedure, in which a domain's
ownership and nameservers remain unchanged if there is no response to a
transfer request.
This could mean trouble for domain owners who don't closely manage their
records. Domains with incorrect e-mail addresses and outdated administrative
contact information are at particular risk, as the domain's WHOIS database
information will be used to inform domain owners of transfer requests. A
non-response becomes the equivalent of answering "yes" to a transfer request,
according to the ICANN policy change.
"Failure by the Registrar of Record to respond within five (5) calendar days
to a notification from the Registry regarding a transfer request will result
in a default 'approval' of the transfer," the new rules state. "In the event
that a Transfer Contact listed in the Whois has not confirmed their request
to transfer with the Registrar of Record and the Registrar of Record has not
explicitly denied the transfer request, the default action will be that the
Registrar of Record must allow the transfer to proceed."
As the deadline for the change approaches, domain registrars are contacting
domain owners and insisting that they update domain records to avoid unwanted
changes. "From November 8-10, we are sending an email to all domain customers
informing you of a new domain transfer policy, enforced by ICANN," Go Daddy
told its users. "This policy dictates that we must honor any transfer
requests, even if you do not personally confirm them. To prevent unauthorized
transfers, lock your domains." There are reports of other registrars
providing stern warnings to customers about the need to update their details
within five days, perhaps to establish which domains may have outdated info.
Domains have become valuable business assets, yet are often loosely managed
by business owners, who neglect to update their WHOIS information following
changes in staff or e-mail addresses. Companies that have let critical
domains lapse include The Washingon Post, the Gawker weblog and perhaps the
most embarassing gaffe yet, the UK domain for Ogilvy Mather.
ICANN appears to be anticipating a spike in disputes, and today announced
appointments to manage its domain dispute resolution policy.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:20:22 EDT