Hi All,
OK, now we've beat the process to death. We all know that the process has
safeguards. There's no harm done -- and in the unlikely event there was, there
is a recourse. Please note from my post that I said:
>>Please don't go into the fact that these domains will not be transfered if I
simply don't acknowledge the request -- I WON'T; I KNOW THAT! My point is that
without punitive action these Slim Bags will continue this practice. <<<
The REAL issue here is what we do now that we KNOW this is fraud. They're both
my domains -- I am both a Tucows reseller as well as hold domains at other
Registrars. I believe that the offenders need some sort of punitive action and
that we need to police this ourselves.
Do I need to know exactly who the offender is? No. In fact, I don't even care.
I agree with William Walsh that we can't just publicly "expose" offenders as I
had suggested in my heated posting, so the Hall of Shame" will have to wait.
Rather, why not put these Slim Bags "on notice" of possible wire fraud.
Somebody knows who they are, either Tucows or the Resellers -- they did need a
credit card or a pre-paid account to initiate the transfer action, didn't
they?
I expect that any reputable reseller would see it's not in their best interest
to harbor criminals. The offenders would likely reframe from repeated attempts
simply be being advised -- they may not be aware that their action constitute
wire fraud (I suspect the offenders are mostly kids or otherwise-responsible
adults upset from losing a coveted domain). Right now, there may be no harm
done to my domains-- but without some explicit action offenders have no reason
not to try again!
Finally, I've personally had at least 50 attacks on domains. The theme is
clear -- the bad guys always go after the best domains. There must be more
than slamming in mind here.
Best, Loren
"David Harris" <[EMAIL PROTECTED]> wrote:
Chuck,
Thanks for clarifying where the notification is happening.
This all looks good. Glad to see that the RSP's aren't involved in the
authentication! :-) Some of the posts on the list seemed to indicate that
the RSP's were doing authentication, which was confusing/disconcerting.
I propose that you either:
(a) *remove* the optional notification to the loosing RSP that happens
before the admin approves/rejects the transfer. In registrar<->registrar
transfers we don't have this notification. In fact, OpenSRS is only notified
by the registry of a transfer request after the admin contact approves the
transfer with the gaining registrar. Removing this notification would make
RSP<->RSP and registrar<->registrar transfers even more similar and
potentially less confusing.
(b) place a big blaring banner on this notification saying "THIS TRANSFER
REQUEST HAS NOT YET BEEN APPROVED BY THE ADMINISTRATIVE CONTACT, AND MAY
NEVER COME TO FRUITION", so there is no potential confusion/panic for the
loosing RSP.
Additionally, I look and see in Loren Stocker's original e-mail the END USER
administrative contact approval e-mails are being quoted. Loren must be both
the RSP and the registrant. Not much you can do about people over-reacting
to transfer approval request e-mails. The system actually worked the way it
was supposed to in that the domains were not transferred without the
administrative contact's approval.
Perhaps in addition to this text in the transfer approval e-mail:
"If you do not wish to approve this transfer, you may simply ignore this
message and the request will be cancelled..."
add something like this:
"If you did not initiate this transfer, we apologize for this intrusion.
Rest
assured that by denying the transfer or by ignoring this e-mail (thus
causing
a denial) you have protected your domain from unauthorized transfer,
and our system has worked correctly to safeguard your interests.
And perhaps find a way to work in this sentence up near the top:
"We are committed to not taking any action without your explicit
confirmation."
That's my $0.02
David
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Charles Daminato
Sent: Tuesday, August 14, 2001 10:07 AM
To: [EMAIL PROTECTED]
Subject: RE: Transfer Fraud: Who are these losers!!!!
David...
RSP->RSP transfer works exactly the same as a regular transfer.
Notification is sent to the current Administrative contact for
authorization, but also to the losing and gaining RSP gets an email ONLY if
they have this configured. Transfers TO an RSP happen when the Admin
approves (or when transfer times out), Transfers FROM an RSP happen as soon
as the request is made, and when the Admin accepts/rejects the transfer.
All these are "on/off" (default is off).
Losing RSP has no role, just gets notification (you'd like to know when a
customer leaves so you can stop bugging them, or find out what went wrong,
or even sue them for the billions they still owe you).
So:
Order comes in. Email goes to Admin (optionally losing RSP). Admin
approves/rejects.
Approves: Optional messages to gaining and losing RSPs
Rejects: Optional messages to gaining and losing RSPs
If the order times out, email goes to order maker, and optionally gaining
RSP.
Tada!
Charles Daminato
OpenSRS Product Manager
Tucows Inc. - [EMAIL PROTECTED]
