I would suggest that you explain the process to your customer.
The registrar transfer requirements are spelled out in Exhibit B of the Registry-Registrar Agreement at Verisign Registry: http://www.verisign-grs.com/registrar/dotcom/forms/rras.pdf (anyone know where to find a text or HTML copy of the current agreement?) Specifically, the *gaining* registrar must "obtain express authorization from an individual who has the apparent authority to legally bind the Registered Name holder (as reflected in the database of the losing Registrar). Since your customer has received the secondary check from OpenSRS, this means that the gaining registrar has told the registry that they have indeed received EXPLICIT APPROVAL from the registrant. Who is the gaining registrar in this case? They are the ones that must now be able to prove that they registrant has authorized the transfer. You can file a complaint with ICANN about the registrar in question at http://www.internic.net/cgi/registrars/problem-report.cgi On Fri, 28 Dec 2001, ST wrote: > I know this is a touchy subject which has been discussed a lot on this > list. However, feedback from my customers has led me to think that away > transfers should not go through if the admin contact does not respond to > the verification instructions. > > Someone tried to transfer one of my customers domains on Christmas day. > I assume they timed it hoping the real owner would miss the verification > because of the holiday. Even when he did read the e-mail he wasn't sure > if it was real or not, and didn't deny the transfer until I told him to. > Had he not denied the transfer, he would have lost the domain, from what > I understand. Here is what he had to say about it: > > <snip> > PLEASE, tell me this is bogus! If you, in fact, do allow for a domain > name transfer without EXPLICIT APPROVAL from the registrant, I will be > transferring all my domains to a more secure registrar immediately. > </snip> > > It might also be a good idea for OpenSRS to review all transfers that > were not acknowledged by the admin contact during this holiday break. It > just seems to easy to steal a domain if you know an office will be > closed for a week. > > ST > >
