Dear All, There's more. Much more.
We've had two domains stolen and neither of the transfers were initiated or acknowledged by us. Apparently a certain Registrar -- to be named soon -- had a glitch that sent confirmations to the requesting party, not the admin. The ICANN rules require that the gaining Registrar do the validity checking, not the losing Registrar. In fact, the losing Registrar need not check or even advise you or your client as to the transfer. I'm down on Verisign too, but at least their safeguards minimize possibility of hijacking. We're composing a demand letter and prepared to file with the courts next week. I see no role for the UDRP; The thief -- or the "fence" -- should have nothing to say about the recovery. Rather, this is a breach of the Registrars/Registry duties to safeguard our records. If anyones had experience with this situation, or thoughts, please let me know at once. This could happen to anyone -- and may have already without your knowing it. Best, Loren Loren Stocker <[EMAIL PROTECTED]> wrote: Hi Mike, Right now my inquiry is hypothetical. As this situation unfolds, I will share more. For now, I can tell it was not OpenSRS. Nor is it now with OpenSRS. Best, Loren [EMAIL PROTECTED] wrote: Purely out of curiosity, was this domain registered via OpenSRS, or was it registered at NSI and stolen there? If it was an OpenSRS name, how was it possible for a third-party to steal it, given the requirement of a username/password to manage it? My interest here is purely hypothetical, so we can take appropriate security measures -- one of the selling points we make to customers is that, by using OpenSRS, we give them a secure way to manage their domains and protect their intellectual property, versus the "leaks like a sieve" security that NSI has. Mike > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Daminato > Sent: Monday, December 03, 2001 7:33 AM > To: Loren Stocker > Cc: [EMAIL PROTECTED] > Subject: Re: Stolen Domains > > > Contact our Compliance department ([EMAIL PROTECTED]) with all the > details on the domain, etc, and they will help you out. I can't say the > process is quick and easy, since each scenario is invariably > different. Your mileage may vary. > > Charles Daminato > TUCOWS Product Manager > [EMAIL PROTECTED] > > On 2 Dec 2001, Loren Stocker wrote: > > > Hi All, > > > > Has anyone recovered a stolen domain? What did you do? Was it > quick? Cheap? > > > > We may have a domain that was taken totally without our knowledge or > > permission. It was paid, yet gone in the dark of night. We just > want it back. > > Any ideas would be greatly appreciated. > > > > Best, Loren > > > > > >
