On Mon, Apr 01, 2002 at 04:45:17PM -0500, Chuck Hatcher wrote: > This is disturbing, since I was not aware the customer was in the process of > having the address changed. Previously OpenSRS required the consent of the > RSP to effect this kind of change, and I question the wisdom of changing the
The policy was not changed, its been full of holes the whole time. It should AT LEAST include additional notifications and verifications. Anybody who sends in a fax of their driver's license with the correct name (how hard is it to forge a FAX?) can steal any one of your customer's domains pretty easily. And if they do it on a Friday afternoon, OpenSRS will not do ANYTHING until at least monday. They dont even bother to notify the old contact before changing the data. Better make sure you have indemnified yourself agaist your customers, because OpenSRS sure as hell is against you and your customers. This whole issue was brought up about two weeks ago, under the thread "hijacking, AGAIN". I was lucky that the hijacked domain was not actively in use by my customer. -- David Denney | D i m e n s i o n a l C o m m u n i c a t i o n s | [EMAIL PROTECTED] | DSL * Wireless * ISDN * Frame * ATM * PtP * Co-Lo | 303-285-INET voice | http://www.dimensional.com/ [EMAIL PROTECTED] | 888-3-DIMCOM tollfree | Based in Denver, serving the Front-Range and beyond | ...they can have my ssh when they pry the keyboard out of my cold, dead hands!
