RE: [ga] Legitimate Hi-Jacking

["Michael D. Palage" <michael@palage.com>]

John:

I think you raise some interesting points that are important to closely
monitor. As originally designed, I believe that this mechanism was to
identify records in which the domain name applicants knowingly provided
false or inaccurate information. However, I believe ICANN will find out that
this mechanism is going to be used by numerous domain name registrants that
have not been unable to timely update their records due to poor customer
service by some registrars. I myself have been a victim of inordinate delays
in trying to update contact information associated with a non-functioning
email address, which directly impacted the ability of me to transfer my
domain name.

Other concerns that I have discussed with you deals with potential
false/abusive submissions submitted to ICANN. As you mentioned I am not
aware of any contractual or legal duty for a registrant to answer an email,
phone call or postal correspondence from a third party. Therefore if domain
name registrant X receives a cease and desist letter from Y. I know of no
obligation requiring registrant X to respond. This scenario could create a
potential burden for registrars that would then have to contact the
registrant to differentiate between a non-responsive registrant and one that
has provided false/inaccurate data. It is important to note that registrants
do have a contractual obligation in their agreements to respond to registrar
inquiries regarding false/inaccurate whois data.

I believe the easiest way to prevent the scenario you discussed is to
provide a longer runway prior to deleting the domain name for inaccurate
data. I believe that after not responding to a 15 day whois inquiry, the
domain name should be put on hold (removed from the zone files) but not
automatically deleted. I believe that this distinction is important during
the initial phases of this program to prevent the accrual of Redemption
Grace Period fees that are likely to be substantial. There must be a
distinction between a domain name that was placed on hold because of the
inability of a registrant to update whois information, versus a domain name
registrant that forgot to pay the bill.

Just some of my initial thoughts although I am open for other suggestions
and comments.

Mike




-----Original Message-----
From: owner-ga@dnso.org [mailto:owner-ga@dnso.org]On Behalf Of John
Berryhill Ph.D. J.D.
Sent: Wednesday, September 04, 2002 11:36 AM
To: [GA]
Subject: [ga] Legitimate Hi-Jacking



Since ICANN now seems to be moving seriously to enforce the 15-day
confirmation period for suspect whois data, it might be a good idea to let
the cat out of the bag, so that every one will have a fair chance.

Consider - the Wait-List Service has been approved, and you will soon be
able
to obtain a deleted name with certainty.  The trick, of course, is knowing
which domain names are going to be deleted, since you have to pay your money
up front.  The Redemption Grace Period adds further uncertainty to the
process.  However....

Now, we have the way to shake the tree and make the domain names fall out.
Look for domain names which have contact email address of defunct ISP, such
as home.com, and others which caused mass-strandings of domain name
registrants with no way to fix their whois data if email confirmation is
required.  Alternatively, try to find out or guess when the domain name
registrant of the name you want is away from their phone, email, or address
for two weeks.   Don't worry, if you guess wrong, you can try again.

The whois confirmation policy provides a 15 day "bed check" for the
registrar
to confirm these details are correct, and this is MUCH shorter than the
proposed redemption grace period.  So...

STEP 1 - Take out a WLS or Snapback on the name you want.
STEP 2- Complain loud and hard that the whois data for the domain name is
bad.
STEP 3 - Wait 15 days.
STEP 4 - Enjoy your new domain name.

What's nice about this method, as opposed to other hi-jacking methods, is
that if you score the name and your target wakes up and figures out what
happened, then he/she has virtually no recourse.

If you are concerned about the security of any of your domain names, keep in
mind that every domain name has a 15 day fuse to deletion (and you will not
likely be informed at day 1, so it is less than that), and act accordingly.
Email server down this week?  Kiss your domain names goodbye.



--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html

--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html