DOMAIN-JACKING - read this now

[SmokeyTheBear]

Ok well if there wasn't a good reason to lock your domains before , theres a new reason.

Everyone is aware of the new icaan rules by now , but heres a scam , making the rounds.

The thief fills the targets email box until it wont take any new emails then initiates a transfer on the domain, thus making the confirm email bounce .


----------------------------------------

We are sending customers an email regarding a new ICANN-enforced domain name transfer policy, effective 11-12-04. It dictates that IF WE RECEIVE A TRANSFER REQUEST (and your domain names are not locked) we must honor the transfer, even if you do not confirm it. You can eliminate ANY chance of your domain names being transferred away without your permission by locking your domains.

---------------------------------

[Eve]

nice...reminds of the AOL "hacking" days

[goBigtime]

I feel bad for people @ hotmail/yahoo/gmail etc.

[xclusive]

Thanks for the idea...Ummmm I mean thanks for the heads up...

[theking]

Quote:

Originally posted by SmokeyTheBear
Ok well if there wasn't a good reason to lock your domains before , theres a new reason.

Everyone is aware of the new icaan rules by now , but heres a scam , making the rounds.

The thief fills the targets email box until it wont take any new emails then initiates a transfer on the domain, thus making the confirm email bounce .


----------------------------------------

We are sending customers an email regarding a new ICANN-enforced domain name transfer policy, effective 11-12-04. It dictates that IF WE RECEIVE A TRANSFER REQUEST (and your domain names are not locked) we must honor the transfer, even if you do not confirm it. You can eliminate ANY chance of your domain names being transferred away without your permission by locking your domains.

---------------------------------

Is locking the domain fullproof?

[SmokeyTheBear]

Quote:

Originally posted by xclusive
Thanks for the idea...Ummmm I mean thanks for the heads up...

well i didnt tell you to take nambla.com and forward it to catholic.com

[Jonathan Quarkschowski]

So, you say if your mailserver would be down and the transfer email bounces the domain will get transfered?

STFUN, thanks.

[SmokeyTheBear]

Quote:

Originally posted by theking
Is locking the domain fullproof?

almost.. foolproof. nothing is foolproof.

[Juicy D. Links]

interesting , I bet alot of people will lose domains in the coming future.

[SmokeyTheBear]

Quote:

Originally posted by Jonathan Quarkschowski
So, you say if your mailserver would be down and the transfer email bounces the domain will get transfered?

STFUN, thanks.

yes ..

im sure they will retry , but if its not fixed in 5 days it will be transferred . try reading the post , thanx


or the very top of godaddy.com

pay close attention to the words EVEN IF YOU DO NOT CONFIRM

[Gynecologist]

hmmm,

I have sold a few domains the past few days and the transfer requests look the same as always. They say, "if this transfer is not legit don't click on the link"

So the transfer emails say to "do nothing" as usual unless I want to transfer the domain.

[BVF]

Quote:

Originally posted by goBigtime
I feel bad for people @ hotmail/yahoo/gmail etc.

How? Yahoo has a good spam filter. All of that shit would go straight to the bulk folder (which doesn't count towards your storage) and everything is gravy.

[skillfull]

Quote:

Originally posted by BVF
How? Yahoo has a good spam filter. All of that shit would go straight to the bulk folder (which doesn't count towards your storage) and everything is gravy.

nah a good mailer can fill your yahoo inbox with crap ;)

[detoxed]

Quote:

Originally posted by SmokeyTheBear
almost.. foolproof. nothing is foolproof.

a lot of things are fool proof. not a lot of things are smart proof

[William-Xfactor]

Quote:

Originally posted by BVF
How? Yahoo has a good spam filter. All of that shit would go straight to the bulk folder (which doesn't count towards your storage) and everything is gravy.

lol it will most likely put the domain confirmation in the bulk folder as well

got me stuffed why people use free email accounts for important stuff

[canplayer]

The emails haven't really changed, who cares if the email gets bounced. The email still has to be verified with the link inside, regardless if you get/view the email or not. If it bounces, then it will never get verified, thus no transfer will ever take place.

[Dawgy]

if a domain is locked, and you dont reply to the email, they dont transfer it? i guess my confusion is that i saw nothing about locking... its just a blanket "if you dont reply we transfer it" ...

[ricks]

Quote:

Originally posted by canplayer
The emails haven't really changed, who cares if the email gets bounced. The email still has to be verified with the link inside, regardless if you get/view the email or not. If it bounces, then it will never get verified, thus no transfer will ever take place.

yea there is alot of misunderstanding about this new policy

i think it is being propagated by the registrars who are all banking on 'locking' fees

[Esbee]

Seems overblown. I got this from my ISP

--------

Domain Locking
There has been some concern about a recent ICANN decision revising the procedures for transferring registration services from one provider to another. Various notifications have been sent to domain owners giving warning about the new procedures. As some of these notifications are somewhat alarming, (my ISP) is providing this document as an overview for how this new ICANN decision affects domain owners.

The full policy document is available online at http://www.icann.org/transfers/policy-12jul04.htm.

How a registrar transfer works
The new transfer policy still requires the "gaining" registrar to get positive confirmation from the domain owner before submitting the request to the registry. They do this by sending a conformation request to the domain's admin contact. This has not changed.

The domain owner must confirm the transfer as valid by replying to the confirmation request as noted in step 1. This has not changed.

Once the domain owner has confirmed a valid request, it is sent to the registry and they pass it along to the "losing" (or current) registrar. This has not changed.

The current (losing) registrar sends a second confirmation request to the domains admin contact. This has not changed.

What's changed
Currently, if the domain owner does not or cannot reply to this "2nd" confirmation request, the losing registrar can, at their discretion, decline the transfer.

As of Nov 12th, the transfer WILL complete even if the domain owner does not reply to the 2nd confirmation request.

Why this matters
It's important to note that the current and long standing policy of OpenSRS and some other respectable registrars is exactly the same as that which will be imposed on all registrars beginning on November 12th, 2004.

Many other registrars used the older policy to hinder the transfer of domains away from their companies. They used all kind-o sneaky tricks to keep domain owners from confirming the second transfer request.

This new policy does not increase the risk of domain hijacking and if fact hinders it because it also imposes requirements that the "gaining" registrar maintain "proof of domain owner authorization" for domains transferring to their system. Further, if the gaining registrar cannot provide proof, upon request, they are subject to a fine of $1500 per incident (domain) plus the possible loss of ICANN accreditation.

[SmokeyTheBear]

Quote:

Originally posted by Esbee
Seems overblown. I got this from my ISP
.

would you trust your isp , or one of the most popular registrars who has it printed on the top of the main page , that IF YOUR DOMAIN IS UNLOCKED AND YOU DONT REPLY TO THE EMAIL THEY WILL TRANSFER YOUR DOMAIN !!

see the very first words on www.godaddy.com

[vixm]

Shi*t Good Point :: That actually happened to one of my domains :: not hijacked but FrEaKiNg 'catch-all' filter was catching 1000's of Emails per hour.

Killing the server load :: just recently fixed it.