----- Original Message -----
From: "Scott Allan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, September 16, 2000 6:43 PM
Subject: Re: Registrar Accountability (was Register.com snaps up
Afternic.com)
> At 02:34 PM 9/16/00 -0500, Terry Knab wrote:
> >And I *must* state taht OpenSRS has to do something and FAST to protect
> >domains registered with us RSPs because of the fact that companies like
> >NameZero have this very bad habit of moving domains back to themselves
and
> >NSI without as much an email asking if this is *really* what you want.
> >
> >I've discovered that when I send transfers through, NSI does not check to
> >see if ANY of the contact information is valid. They just do transfer.
And
> >I'd rather not see OpenSRS be that way.
> >
> >(and for the record, I will NEVER do business with NSI again)
>
> This is not as big of a hole as you describe. Essentially, an registrars
> accreditation with ICANN is in serious risk if they abuse this. This has
> *serious* financial repercussions, even for the smallest registrar.
The problem being that with NameZero (or any other party) having hte ability
to steal domains is a MAJOR hole as far as I'm concerned, because it takes
them *6 * weeks to transfer a domain to its owner, and then NSI has the
balls to bill $35 to the new owner for a registration. And NSI won't
release the domain because a payment is due on it and/or the domain hasn't
been in the registry for 60 days. This can be quite messy to clean up, and
one BIG reason I'm moving every domain I have away from NSI and fast.
Someone needs to get a few cases of this happening with NSI together and go
after *their* accrediation (which poses one VERY big question, what happens
if a registrar goes out of business and/or loses accreditaiton? Who gets
the domains registered?)
> No question that having the gaining registrar be liable for the transfer
is
> a procedural weakness imposed by ICANN.
And I guess we can thank NSI for that one. I'm just concerned that NameZero
(I've got about 5 or so domains that belong to clients of mine that are
ex-NZ domains) could end up causing *me* more paperwork and trouble to clean
up their incompetence.
I'm just about to stop accepting domains registered via NZ untl someone has
a way to protect them.
> In _no way_ am I not advocating our putting a process in place to protect
> against this - it is very close to the top of the list.
What I'd like to see OpenSRS do is to have some sort of mailbot (the same
one that does incoming transfers?) send out an email to the admin/tech
contacts for the domain and have them go to a website and approve or decline
a transfer.
Or alternatively, have all transfers out of OpenSRS emailed to the RSP who
in turn contacts the customer for approval/denial.
The RSP would have to be on his/her toes to make sure they're on top of
this, but that would be an excellent way to keep the RSP in the loop as well
as protecting the registrant's rights. (I see one problem, what about an
RSP who refuses to release the domain? Is it possible for an RSP to hold a
domain?)
Another possibility is that some kind of flag in the OpenSRS registration
system, once set, that would block transfers to another registrar/RSP unless
they actually go to the manage interface and unblock it. (that makes a hell
of a lot of sense to me)
Any thoughts anyone?
