The problem with most the solutions proposed to date assume that the
RSP/reseller is active in the management of the domain and fully aware of
any and all changes that are made by the domain owner.
Under the OpenSRS system that simply is not true.
OpenSRS simply does not give the RSP/reseller much of a role in the managing
of the domain names. All we can do is collect and submit the fees to
OpenSRS from the domain owner and request OpenSRS send passwords to the
domain owner if they lose their password.
If it is a hosting client then we would have information on his current
status. In case of doubt with hosting clients we ask for the last four
digits of the credit card number used. But if he is just one of the many
who use us to register the domain name and then either park it or host it
elsewhere we would not be involved in the management process for the domain
name.
We still have a few domain names with BulkRegister.com. At one time when a
domain name was transferred away from BulkRegister.com they would send us an
email asking us to verify the request from our client, giving us just a few
days to verify the information. Very few of these clients ever responded to
our emails asking if they did in fact wish to transfer the domain name to
another registrar. BulkRegister discontinued this practice so I assume they
received as few responses as we received.
So I don't think these alternative proposals will work.
----- Original Message -----
From: "POWERHOUSE" <[EMAIL PROTECTED]>
To: "Charles Daminato" <[EMAIL PROTECTED]>; "David Denney"
<[EMAIL PROTECTED]>
Cc: "Dave Warren" <[EMAIL PROTECTED]>; "opensrs discuss"
<[EMAIL PROTECTED]>
Sent: Tuesday, March 19, 2002 2:41 PM
Subject: Re: hijacking, AGAIN
> Well, Two Jason Ingrams is not common, and OpenSRS made that mistake, what
> about someone with My name,
> Richard Jones, of which there is about 2 to 10 in EVERY single City I've
> been ever been in.
>
> Why don't they just make a short email that goes out to the current email
> before it is changed, that simply says something to this
> effect...
>
> my $mailprog = '/usr/sbin/sendmail';
> open (MAIL, "|$mailprog -t") or dienice("Can't access
> $mailprog!\n");
> print MAIL "From: RSP Business Name <RSP Contact Email>\n";
> print MAIL "To: Admin Contact name <Admin Contact Email>\n";
> print MAIL "BCC: Admin Contact name <New Contact Email>\n"; # BCC because
if
> it is FRAUDULENT, the real contact
> # does not have the email address of the thief
> print MAIL "Reply-to: RSP Business Name <RSP Contact Email>\n";
> print MAIL "Subject: Requested Change for [insert domain name] received
and
> being acted upon...\n\n";
> print MAIL <<"WARNTHEM";
>
> This is just to let you know that we received your fax and are acting upon
> it. We have sent this to both the Current email
> as well as to the new email. If this is NOT authorized please contact the
> company which you Registered the domain with,
> within 24 hours, OR AS SOON AS POSSIBLE!
>
> The email address will be changed VERY soon, in accordance with (ICANN's
> policy, or Our Policy, or whatever policy...) for
> changes through fax.
>
> If you hit reply to this email it will go to [RSP Business Name] Where you
> registered this domain.
>
> Thank you for YOUR PROMPT attention to this matter!
>
> WARNTHEM
> close(MAIL);
>
> Then make a form that all you have to do is enter the name of the admin
> contact, the email and have the script lookup the RSP automatically, and
> insert
> their information. Then it would only take a few seconds to notify the
admin
> contact.
>
> This would make it to where if there IS a screw up, Hey, at least the
fault
> lays with either the RSP for not responding to the admin contact if they
> notify
> them, OR the admin contact if they don't respond to the email, either soon
> enough, or not at all.
>
> Thanks
> Richard.
> http://www.firstratehosting.com/indexx.cgi "Your Host With the Most!"
> http://register.firstratehosting.com/cgi-bin/index.cgi Register your
Domain
> with prices starting at ONLY $8.50 Per Year!
> https://www.firstratehosting.com/register/cgi-bin/name.cgi Pre-Register
your
> .name domain TODAY!
>
> ----- Original Message -----
> From: "Charles Daminato" <[EMAIL PROTECTED]>
> To: "David Denney" <[EMAIL PROTECTED]>
> Cc: "Dave Warren" <[EMAIL PROTECTED]>; "opensrs discuss"
> <[EMAIL PROTECTED]>
> Sent: Tuesday, March 19, 2002 3:03 PM
> Subject: RE: hijacking, AGAIN
>
>
> > When we get a request to change the admin contact, it's typically
because
> > the current email address is out of date/not working, so we update it,
and
> > then notify the reseller (which was done in this case) to contact the
> > registrant and sort out the (changed) username/password details. There
> have
> > been thousands of such changes, it's an unfortunate reality that there
was
> > two Jason Ingrams which obfuscated the process.
> >
> > Charles Daminato
> > OpenSRS Product Manager
> > Tucows Inc. - [EMAIL PROTECTED]
> >
> > > -----Original Message-----
> > > From: David Denney [mailto:[EMAIL PROTECTED]]
> > > Sent: March 19, 2002 3:52 PM
> > > To: Charles Daminato
> > > Cc: Dave Warren; opensrs discuss
> > > Subject: Re: hijacking, AGAIN
> > >
> > >
> > > I would still like to know why the ORIGINAL admin contact
> > > is never notified when a FAX is used to change the admin
> > > information? I dont see it as our job to make sure you are
> > > not handing our customers domains over to third parties.
> > >
> > > (They send the RSP notice when they are changing info based on
> > > a fax, but we have no way of knowing if that fax was real or
> > > not, so it seems like we must follow up on every one of those
> > > just because opensrs does NOT notify the original admin contact
> > > when an over-ride occurs. LAME LAME LAME LAME LAME.)
> > >
> > > Good thing my customer was only 'parking' that domain you
> > > gave away, and not actively using it.
> > >
> > > Can we somehow get the domain LOCKED so the thief christian singer
> > > doesnt steal it, YET AGAIN? (He stole it once before it was with
> > > opensrs, while NetSlo still had their monopoly.)
> > >
> > > On Tue, Mar 19, 2002 at 01:30:27PM -0500, Charles Daminato wrote:
> > > > Well, this has been resolved to our understanding and satisfaction.
I
> > > > cannot divuldge details since it would be plainly imprudent, but we
> have
> > > > done extensive research into this contacting several parties
> > > from both sides
> > > > of the coin (including the previous registrar) and feel that
> > > the action we
> > > > are taking is within our bounds and the appropriate thing to do.
> > > >
> > > > All parties that are involved are being contacted accordingly.
> > > >
> > > > Charles Daminato
> > > > OpenSRS Product Manager
> > > > Tucows Inc. - [EMAIL PROTECTED]
> > >
> > > --
> > > David Denney | D i m e n s i o n a l C o m m u n i c a
> > > t i o n s |
> > > [EMAIL PROTECTED] | DSL * Wireless * ISDN * Frame * ATM *
> > > PtP * Co-Lo |
> > > 303-285-INET voice | http://www.dimensional.com/
> > > [EMAIL PROTECTED] |
> > > 888-3-DIMCOM tollfree | Based in Denver, serving the Front-Range
> > > and beyond |
> > >
> > > ...they can have my ssh when they pry the keyboard out of my
> > > cold, dead hands!
> >
> >
> >
>
