Someone tried to steal my domain!

[AmeliaG]

Someone tried to transfer my domain gothicsluts.com away from me today. With the new ICANN rules, apparently some registrars can make a transfer go through if someone requests it and the owner does not happen to respond to the transfer request for five days. Used to be, you had to actively do something to transfer your domain. Clearly, this is going to be used by domain thieves. I sure do not understand the reason they put this new rule in place. Does anybody else understand it?

Monday, I am going to attempt to pursue finding out who was behind the transfer attempt, although the registrar does not want to give me that information. Any suggestions on how to compell them to do so? I mean, that is a pretty big deal that someone tried to steal that domain. That site is important to me. For now, I have added domain lock service to all of my domains.

[WickedVenus]

Lock all your doimains so it doesnt happen again.

[Jace]

new icann regulations, nothing you can do about it except lock your domains like everyone else has

you want to put your domain into registrar lock mode

[KRL]

Yeh, same here.

[xclusive]

Damn caught me but Men.com will be mine in a few days...But seriously this is a shitty rule...

[mardigras]

I give props to DirectNic for the one button click "lock all domains"

[Warden]

Quote:

Originally posted by WickedVenus
Lock all your doimains so it doesnt happen again.

I was just gonna say this. Although it does make it a pain in the ass to actually move them from registrar. But, well worth the hassle.

[AmeliaG]

Quote:

Originally posted by mardigras
I give props to DirectNic for the one button click "lock all domains"

That is a cool feature. I think I got freaking carpal tunnel today having to select each individual domain and add the domain lock to it.

[polish_aristocrat]

Quote:

Originally posted by AmeliaG
With the new ICANN rules, apparently some registrars can make a transfer go through if someone requests it and the owner does not happen to respond to the transfer request for five days.

Can someone say once for all, if this statement is true or not?

[abadfish]

Quote:

Originally posted by mardigras
I give props to DirectNic for the one button click "lock all domains"

That's why I have always paid directnics $15 a year when other places sell them for $5-8.00 a year... its the peace of mind having all my domains stored under one roof with all of the features I need to stay up to date and secure.

[faxxaff]

Strange .... when I try to lock my domains with the registrar I do get the following error message:

You don't have the permissions to modify the lock on this domain

Anybody know what that means?

[sickkittens]

Quote:

Originally posted by faxxaff
Strange .... when I try to lock my domains with the registrar I do get the following error message:

You don't have the permissions to modify the lock on this domain

Anybody know what that means?

Not sure. I'd contact your registrar if I were you.

[Dcat]

Quote:

Originally posted by AmeliaG
With the new ICANN rules, apparently some registrars can make a transfer go through if someone requests it and the owner does not happen to respond to the transfer request for five days.

Quote:

Originally posted by polish_aristocrat
Can someone say once for all, if this statement is true or not?

Yes, this is 100% true.

http://www.icann.org/announcements/a...nt-12nov04.htm

[lagwagon]

yes yes very crazy, make sure to lock your domains or you could be in trouble.

[brtfly88]

How to see if the domain is locked?

[Mr. Mike]

[prezzz]

OK so, just in theory, what if someone steals your domain this way? What's the way of getting them back, besides suing the thief (which would be nearly impossible if he lived several thousand miles away)?

[fris]

shitty deal

[Chris]

Quote:

Originally posted by KRL
Yeh, same here.

someone tried to steal gothicsluts from you too ?

[shuki]

Godaddy has the lock all feature too

[wyldblyss]

We locked every single on of our domains the moment we heard the news a week or two ago. It is worth doing it just to be on the safe side.

[AmeliaG]

Go Daddy is telling me that they can not tell me who tried to steal gothicsluts.com from me. They are claiming that by law they can't tell me.

Has anyone ever heard of a law that they can't reveal who tried to initiate an unauthorized transfer? It seems to me that, by helping conceal the identity of the person who attempted the theft, they would become accessories after the fact.

[Babagirls]

Quote:

Originally posted by WickedVenus
Lock all your doimains so it doesnt happen again.

[Honeyslut]

Unfortunately the majority of laws are to protect the freaking criminals..



Thanks for sharing this so everyone can check their domain names and lock them.

[Illicit]

damn and I thought I could steal that one easily... hmmm maybe sex.com is a good target

[Nicky]

The only thing that is negative with the lock is that Thehun dont accept submissions from domains that are locked

[oldnewbie]

Quote:

Originally posted by abadfish
That's why I have always paid directnics $15 a year when other places sell them for $5-8.00 a year... its the peace of mind having all my domains stored under one roof with all of the features I need to stay up to date and secure.

Yup.

[prezzz]

Quote:

Originally posted by Nicky
The only thing that is negative with the lock is that Thehun dont accept submissions from domains that are locked

Not true. The Hun doesn't accept submissions from domains that have locked (or cloaked) domain WHOIS information and therefore owner of the domain can't be determined. Those are 2 completely different things.

[Illicit]

Quote:

Originally posted by prezzz
Not true. The Hun doesn't accept submissions from domains that have locked (or cloaked) domain WHOIS information and therefore owner of the domain can't be determined. Those are 2 completely different things.

yup your correct, I got rejected for private whois info once

[SleazyDream]

i think amelia has a point - you SHOULD be allowed to see who is trying to steal your domaigns - otherwise icannis supporting theives

[MrJackMeHoff]

Quote:

Originally posted by Dcat
Yes, this is 100% true.

http://www.icann.org/announcements/a...nt-12nov04.htm

No it is not true..

The only thing that happend is the new registrar who is trying to get the domain has to get a response from the original domain owner.. The registrar where the domain is currently residing does not get a say in the matter.. Therefor you still have to allow it to happen.. Please know wtf your talking about..

[AmeliaG]

Quote:

Originally posted by SleazyDream
i think amelia has a point - you SHOULD be allowed to see who is trying to steal your domaigns - otherwise icannis supporting theives

At this point, Go Daddy has told me to interface with their abuse team instead of their support team and I'm waiting on the abuse team contact info they left out.

But no way am I going to let this slide.

I hate to spend the dough, but, if Go Daddy has not come up with the info on who was essentially trying to mug me, then I'll have my law firm interface with them and they will find them far less pleasant than my charming self.

[JFK]

Quote:

Originally posted by wyldblyss
We locked every single on of our domains the moment we heard the news a week or two ago. It is worth doing it just to be on the safe side.

we had all our domains locked as soon as the service was offered. Its just good business practice

[arg]

Amelia, to answer your question of why ICANN made this change, it was to address the problem of some registrars not approving legitimate outgoing transfer requests of domain names in their control. Whether through incompetence, laziness, or intentional obstruction of losing business, some registrars made it very hard to transfer domains away from them.

MrJackMeHoff, regarding your post, *theoretically* "you still have to allow it to happen," however in practice several registrars have procedural weaknesses that allow it to happen regardless of a domain owner's approval. ICANN's internal transfer mechanism does nothing to assure that the gaining registrar really did contact the domain owner, and ICANN doesn't detail specific procedures for gaining registrars to verify a transfer request. Fraudulant transfer attempts like Amelia's have been occurring since the rule change.

Amelia, regarding your question as to what can be done, following up cooperatively with GoDaddy's abuse team sounds most promising. They're a reputable company with a reputation for fighting fraud, and I think are good people, if a little misguided. In this case it sounds like they've favored their privacy protection policy over fighting an act of fraud. It's not necessarily that they're being assholes, as that they've got competing ideals from which to choose.

On the other hand, they've obviously got some sort of problem in their transfer process, and they've now been informed about it, which could make future lawsuits against them more damaging if they enable future domain thefts. Pointing this out to them may at least persuade them to investigate and fix what went wrong, even if they still refuse to identify the culprit or the problem to you.

Legally, you haven't suffered actual damages, so a successful lawsuit seems unlikely. You could file a police report for something like attempted theft, but it almost certainly won't go beyond police taking down the report. You can file a Registrar Problem Report Form with ICANN, but they usually just forward them to the problem registrar. Perhaps your attorney can think of an effective approach.

[digifan]

Godaddy sucks anyway, I have read lots of horror stories about them.

[iridium69]

Yes godaddy more than sucks ;)
BTW they are the best example of a registrar that did everything to make it very difficult to get domains to transfer out from them.

[Chrome]

Amelia... where are you based? I'm a shooter up in portland, oregon.

my icq is 35805493

[Pete-KT]

Hey Amelia, I just registered with spookey cash to promote your site, if you get a chance ICQ me so we can talk about a few things please.

Pete

[polish_aristocrat]

Quote:

Originally posted by Nicky
The only thing that is negative with the lock is that Thehun dont accept submissions from domains that are locked

what?

[misty_dayz]

Quote:

Originally posted by arg
Amelia, to answer your question of why ICANN made this change, it was to address the problem of some registrars not approving legitimate outgoing transfer requests of domain names in their control. Whether through incompetence, laziness, or intentional obstruction of losing business, some registrars made it very hard to transfer domains away from them.

MrJackMeHoff, regarding your post, *theoretically* "you still have to allow it to happen," however in practice several registrars have procedural weaknesses that allow it to happen regardless of a domain owner's approval. ICANN's internal transfer mechanism does nothing to assure that the gaining registrar really did contact the domain owner, and ICANN doesn't detail specific procedures for gaining registrars to verify a transfer request. Fraudulant transfer attempts like Amelia's have been occurring since the rule change.

Amelia, regarding your question as to what can be done, following up cooperatively with GoDaddy's abuse team sounds most promising. They're a reputable company with a reputation for fighting fraud, and I think are good people, if a little misguided. In this case it sounds like they've favored their privacy protection policy over fighting an act of fraud. It's not necessarily that they're being assholes, as that they've got competing ideals from which to choose.

On the other hand, they've obviously got some sort of problem in their transfer process, and they've now been informed about it, which could make future lawsuits against them more damaging if they enable future domain thefts. Pointing this out to them may at least persuade them to investigate and fix what went wrong, even if they still refuse to identify the culprit or the problem to you.

Legally, you haven't suffered actual damages, so a successful lawsuit seems unlikely. You could file a police report for something like attempted theft, but it almost certainly won't go beyond police taking down the report. You can file a Registrar Problem Report Form with ICANN, but they usually just forward them to the problem registrar. Perhaps your attorney can think of an effective approach.

great post....it is nice to see something informative like this on GFY