Let see, where should I start... The gaining registrar in this case was Network Solutions. I find it hard to believe that my customer approved the transfer if/when NetSol sent their verification e-mail. Also, my customer notified me today that he received another verification e-mail from OpenSRS. Another transfer request for that domain was placed three days after the first:
<snip> A request has been received to transfer the domain <domain> away from the Registrar Tucows. This request was entered at 28-Dec-2001 14:23:47 by Network Solutions, Inc. </snip> <snip> A request has been received to transfer the domain <domain> away from the Registrar Tucows. This request was entered at 25-Dec-2001 03:58:38 by Network Solutions, Inc. </snip> My customer is more freaked out then ever. How could he have accidentally approved two separate verification e-mails from NetSol? Every day I deal with customers who are trying to transfer FROM NetSol, but never receive their verification e-mail. Just today I had a guy spend an hour on hold with NetSol. Eventually they told him they had sent the verification e-mail already, and it could not be resent. He never received it, the domains about to expire, but I can't even resubmit it because NetSOl hasn't declined it so I've got to wait for it to time out. My customers, many of who are well aware of NetSol's tactics from first hand experience, are supposed to trust that NetSol will follow the rules? Ha! Hopefully there's a good explanation for all of this. ST -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Friday, December 28, 2001 10:18 AM To: ST Cc: [EMAIL PROTECTED] Subject: Re: away transfer verification I would suggest that you explain the process to your customer. The registrar transfer requirements are spelled out in Exhibit B of the Registry-Registrar Agreement at Verisign Registry: http://www.verisign-grs.com/registrar/dotcom/forms/rras.pdf (anyone know where to find a text or HTML copy of the current agreement?) Specifically, the *gaining* registrar must "obtain express authorization from an individual who has the apparent authority to legally bind the Registered Name holder (as reflected in the database of the losing Registrar). Since your customer has received the secondary check from OpenSRS, this means that the gaining registrar has told the registry that they have indeed received EXPLICIT APPROVAL from the registrant. Who is the gaining registrar in this case? They are the ones that must now be able to prove that they registrant has authorized the transfer. You can file a complaint with ICANN about the registrar in question at http://www.internic.net/cgi/registrars/problem-report.cgi On Fri, 28 Dec 2001, ST wrote: > I know this is a touchy subject which has been discussed a lot on this > list. However, feedback from my customers has led me to think that away > transfers should not go through if the admin contact does not respond to > the verification instructions. > > Someone tried to transfer one of my customers domains on Christmas day. > I assume they timed it hoping the real owner would miss the verification > because of the holiday. Even when he did read the e-mail he wasn't sure > if it was real or not, and didn't deny the transfer until I told him to. > Had he not denied the transfer, he would have lost the domain, from what > I understand. Here is what he had to say about it: > > <snip> > PLEASE, tell me this is bogus! If you, in fact, do allow for a domain > name transfer without EXPLICIT APPROVAL from the registrant, I will be > transferring all my domains to a more secure registrar immediately. > </snip> > > It might also be a good idea for OpenSRS to review all transfers that > were not acknowledged by the admin contact during this holiday break. It > just seems to easy to steal a domain if you know an office will be > closed for a week. > > ST > >
