Hi folks, Can someone explain to me the Icann logic for allowing a non-admin contact being permitted to initiate a domain transfer?
Why is anyone permitted to attempt a reg to reg transfer (and ownership change) of say, Opensrs.Org? Ross/Charles/Elliott/others? tx, Swerve > From: Herman Hanschke <[EMAIL PROTECTED]> > Date: Thu, 24 Oct 2002 16:16:26 -0400 (EDT) > To: George Kirikos <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: Best Practices for Domain Name Security at OpenSRS > > On Tue, 22 Oct 2002, George Kirikos wrote: >> Hello, >> >> Today I think someone tried to hijack one of my email accounts, >> possibly to steal a domain name. As far as I can tell, they failed. (I >> even got a virus email on a related email address at almost the same >> time, and I don't that is a coincidence). Anyhow, all my domains are >> now locked (most of the valuable ones were already locked). >> >> I'm wondering what other "best practices" people are following in terms >> of protecting their domains, and perhaps Tucows/OpenSRS might get some >> valuable input as to possible new features that can be implemented over >> time, to give peace of mind. > > I'm a little paranoid here as well. I watch my nameservers and mail > servers very closely, since I worry about the following scenario > happening: > > 1) Some jerk hacks into the nameserver belonging to a domain with an > admin email address, and repoints it elsewhere (probably to his own > machine). > 2) Some kind of transfer is initiated. > >> What other 'best practices' are folks following, or would like to see, >> to protect their own domains, and domains of their customers/prospects? > > Watch what goes into your logs (sensitive information/etc..), I have my > log files written to an old non-networked 486 by null-modem cable (best > version of a "write-only" file that I can think of). >
