Chuck,
The ability to "NAC" an outgoing transfer is something OpenSRS added with
the Transfer Enhancements which went live on Tuesday (there was a few
announcements regarding this).
However, our policy is a little different. While this feature allows
added security, if the user does not reply to the email the transfer will
still go through (default action is to allow the transfer), which is the
opposite of other Registrars, which has their default action to deny the
transfer.
Charles Daminato
TUCOWS Product Manager
[EMAIL PROTECTED]
On Sat, 23 Jun 2001, Chuck Hatcher wrote:
> I just got one of these confirmation emails from OpenSRS for a transfer to
> Internet Domain Registrars that I did not initiate or approve.
>
> First of all, I am disturbed that Internet Domain Registrars processed a
> registrar transfer without my consent.
>
> Second, in this case I am glad I have a way to block the transfer.
>
> But... since when did OpenSRS start requiring confirmation for transfers to
> other registrars? I thought Tucows was on record as opposing this behavior
> by Register.com and NSI. Did we suddenly change our stance? I say "our"
> because my name (as RSP) is at the bottom of the message!
>
> I'm not against this change of policy, especially if Internet Domain
> Registrars is on a domain hijacking spree. But this is the first I've heard
> of it. Since I'm "signing" these messages it would be nice if I knew about
> them.
>
>
>
> ----- Original Message -----
> From: "Genie" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Saturday, June 23, 2001 12:11 PM
> Subject: Re: can we track who requested Transfer Away from OpenSRS?
>
>
> > Thanks Chuck, that's what I thought - we'll attempt contacting
> > "winning" registrar Internet Domain Registrars and try to investigate with
> > them:
> > 1) How did they as winning registrar authenticate transfer request
> > 2) Who initiated it
> >
> > I think the chances on receiving response are slim but then we do have a
> > good contact
> > email address for chief compliance officer at ICANN
> > cheers
> > Genie
> >
> > ----- Original Message -----
> > From: "Charles Daminato" <[EMAIL PROTECTED]>
> > To: "genie" <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Saturday, June 23, 2001 10:42 AM
> > Subject: Re: can we track who requested Transfer Away from OpenSRS?
> >
> >
> > > Genie,
> > >
> > > There is no way to find out who the requestor is, as all we are doing is
> > > parsing the registry notification of domain transfers, and sending an
> > > email to the correspondent. All we get is the 'gaining' registrar, and
> > > the domain name.
> > >
> > > Charles Daminato
> > > TUCOWS Product Manager
> > > [EMAIL PROTECTED]
> > >
> > > On Sat, 23 Jun 2001, genie wrote:
> > >
> > > > Also, there is NO WAY that this hijacker could have authenticated the
> > > > request at Internet Domain Registrars side - since the domain in
> > question
> > > > has a valid email address of our Customer.
> > > >
> > > > That makes me question Internet Domain Registrars security processes
> if
> > they
> > > > DO NOT AUTHENTICATE transfer requests properly and just send those
> out -
> > > > this is against ICANN rules! Time to contact [EMAIL PROTECTED]
> me
> > > > thinks.
> > > >
> > > > cheers
> > > > Genie
> > > > eyeondomain.com
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "opensrs" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Saturday, June 23, 2001 5:42 AM
> > > > Subject: RE: can we track who requested Transfer Away from OpenSRS?
> > > >
> > > >
> > > > > same here. it just happened on wednesday
> > > > >
> > > > > -----Original Message-----
> > > > > From: [EMAIL PROTECTED]
> > > > > [mailto:[EMAIL PROTECTED]]On Behalf Of genie
> > > > > Sent: Friday, June 22, 2001 11:04 PM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: can we track who requested Transfer Away from OpenSRS?
> > > > >
> > > > >
> > > > > A customer of ours just received transfer away request from OpenSRS
> > > > request
> > > > > for one of their domains....
> > > > >
> > > > > They have not applied for it and suspect someone is trying to hijack
> > their
> > > > > domain... the OpenSRS message does not disclose anything about the
> > party
> > > > > attempting to do transfer away request.
> > > > >
> > > > > <snip>
> > > > > A request has been received to transfer the domain ****.com
> > > > > away from the Registrar Tucows. This request was entered at
> > 22-Jun-2001
> > > > > 14:12:02 by Internet Domain Registrars If this is a valid
> request
> > and
> > > > > you ...
> > > > > <snip>
> > > > >
> > > > > Is there a way we/customer can get more details (email address...
> > name...
> > > > > anything?) on the requestor? It would be nice to be able to track
> > them
> > > > > down.
> > > > >
> > > > > cheers
> > > > > Genie Livingstone
> > > > > eyeondomain.com
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> >
>
>
