Here's an excerpt from the verification e-mail my customer received from OpenSRS, which he forwarded to be. Skip to the last line for short version:
<snip> If you do not wish to approve this transfer, you must visit the URL above, and use the Domain Name and Password shown to Decline it. Accepting this transfer will change the registrar of record for your domain from Tucows, to Network Solutions, Inc..If you are receiving this email, you should have initiated, or at least been aware of this request already. If this is the first time that you've heard of this, do not accept the transfer until you are satisfied that the request is legitimate. The transfer request will be automatically completed within 5 calendar days if you don't either accept or decline the request. </snip> To be honest I kinda lost track of the away transfer process when it was being discussed, but I was under the impression that there was at least one verification step where action must be taken to approve the transfer, as there is with transfers to OpenSRS. Also, IMO, there is something weird about the wording in the following statement: <snip> If you do not wish to approve this transfer, you must visit the URL above </snip> To say "if you don't wish to do x, you must do y" doesn't seem to fit. "If you'd like to deny this transfer" would be better. ST -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, December 28, 2001 5:39 AM To: ST; [EMAIL PROTECTED] Subject: Re: away transfer verification Scott/Chuck? As far as i understand, the domain won't be transferred unless it is accepted by the admin person, but i'm not positive. It makes more sense to me if it says, do you accept this transfer? If you do not reply, then this transfer won't go thru. (perhaps a deny box as well, but this makes this a bit more confusing, although adds a level of reassurance.) Swerve > From: "ST" <[EMAIL PROTECTED]> > Date: Fri, 28 Dec 2001 04:54:18 -0800 > To: <[EMAIL PROTECTED]> > Subject: away transfer verification > > I know this is a touchy subject which has been discussed a lot on this > list. However, feedback from my customers has led me to think that away > transfers should not go through if the admin contact does not respond to > the verification instructions. > > Someone tried to transfer one of my customers domains on Christmas day. > I assume they timed it hoping the real owner would miss the verification > because of the holiday. Even when he did read the e-mail he wasn't sure > if it was real or not, and didn't deny the transfer until I told him to. > Had he not denied the transfer, he would have lost the domain, from what > I understand. Here is what he had to say about it: > > <snip> > PLEASE, tell me this is bogus! If you, in fact, do allow for a domain > name transfer without EXPLICIT APPROVAL from the registrant, I will be > transferring all my domains to a more secure registrar immediately. > </snip> > > It might also be a good idea for OpenSRS to review all transfers that > were not acknowledged by the admin contact during this holiday break. It > just seems to easy to steal a domain if you know an office will be > closed for a week. > > ST > >
