I would suggest that your customer contact Network Solutions to see who they think is approving these transfers to them... It sounds like they are using a method other than contacting the administive e-mail contact.
On Fri, 28 Dec 2001, ST wrote: > Let see, where should I start... > > The gaining registrar in this case was Network Solutions. I find it > hard to believe that my customer approved the transfer if/when NetSol > sent their verification e-mail. Also, my customer notified me today > that he received another verification e-mail from OpenSRS. Another > transfer request for that domain was placed three days after the first: > > <snip> > A request has been received to transfer the domain <domain> > away from the Registrar Tucows. This request was entered at 28-Dec-2001 > 14:23:47 > by Network Solutions, Inc. > </snip> > > <snip> > A request has been received to transfer the domain <domain> > away from the Registrar Tucows. This request was entered at 25-Dec-2001 > 03:58:38 > by Network Solutions, Inc. > </snip> > > My customer is more freaked out then ever. How could he have > accidentally approved two separate verification e-mails from NetSol? > > Every day I deal with customers who are trying to transfer FROM NetSol, > but never receive their verification e-mail. Just today I had a guy > spend an hour on hold with NetSol. Eventually they told him they had > sent the verification e-mail already, and it could not be resent. He > never received it, the domains about to expire, but I can't even > resubmit it because NetSOl hasn't declined it so I've got to wait for it > to time out. My customers, many of who are well aware of NetSol's > tactics from first hand experience, are supposed to trust that NetSol > will follow the rules? Ha! > > Hopefully there's a good explanation for all of this. > > ST > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] > Sent: Friday, December 28, 2001 10:18 AM > To: ST > Cc: [EMAIL PROTECTED] > Subject: Re: away transfer verification > > > > I would suggest that you explain the process to your customer. > > The registrar transfer requirements are spelled out in Exhibit B of the > Registry-Registrar Agreement at Verisign Registry: > http://www.verisign-grs.com/registrar/dotcom/forms/rras.pdf > (anyone know where to find a text or HTML copy of the current > agreement?) > > Specifically, the *gaining* registrar must "obtain express authorization > from an individual who has the apparent authority to legally bind the > Registered Name holder (as reflected in the database of the losing > Registrar). > > Since your customer has received the secondary check from OpenSRS, this > means that the gaining registrar has told the registry that they have > indeed received EXPLICIT APPROVAL from the registrant. Who is the > gaining > registrar in this case? They are the ones that must now be able to > prove > that they registrant has authorized the transfer. You can file a > complaint with ICANN about the registrar in question at > http://www.internic.net/cgi/registrars/problem-report.cgi > > On Fri, 28 Dec 2001, ST wrote: > > > I know this is a touchy subject which has been discussed a lot on this > > list. However, feedback from my customers has led me to think that > away > > transfers should not go through if the admin contact does not respond > to > > the verification instructions. > > > > Someone tried to transfer one of my customers domains on Christmas > day. > > I assume they timed it hoping the real owner would miss the > verification > > because of the holiday. Even when he did read the e-mail he wasn't > sure > > if it was real or not, and didn't deny the transfer until I told him > to. > > Had he not denied the transfer, he would have lost the domain, from > what > > I understand. Here is what he had to say about it: > > > > <snip> > > PLEASE, tell me this is bogus! If you, in fact, do allow for a domain > > name transfer without EXPLICIT APPROVAL from the registrant, I will be > > transferring all my domains to a more secure registrar immediately. > > </snip> > > > > It might also be a good idea for OpenSRS to review all transfers that > > were not acknowledged by the admin contact during this holiday break. > It > > just seems to easy to steal a domain if you know an office will be > > closed for a week. > > > > ST > > > > > >
