Well, this will be the first thread I've initiated in a while...
Working where I do I get to hear some interesting stories. An interesting
one just crossed my path - since this is new I have to keep specific names
out of this, but I'll tell you about the concept.
A domain is registered with a typo for the Admin contact email (for the
whole handle, at a registrar that uses handles). Someone registers the
mistyped domain, waits a while, then sets the MX to themself and creates a
catch-all email account. They request a transfer, and gets the
confirmation from the gaining registrar. The losing registrar sends an
accept as well - of course to the misspelt admin email, which is also
approved. Domain gets transfered.
Now clearly this is a hijacking, but who is at fault? Both the gaining
and losing registrar sent a verification to the Admin on record, which is
(according to what we're all holding sacred) the person approved by the
Registrant. This all goes within ICANN mandate.
Do you blame someone? No... but man, is this going to make an interesting
story.
Charles Daminato
TUCOWS Product Manager
[EMAIL PROTECTED]
