ICANN/DNSO
DNSO Mailling lists archives

[nc-whois]


<<< Chronological Index >>>    <<< Thread Index >>>

[nc-whois] [fwd] [ga] Legitimate Hi-Jacking (from: john@johnberryhill.com)


fyi.
-- 
Thomas Roessler                        <roessler@does-not-exist.org>




----- Forwarded message from "John Berryhill Ph.D. J.D." <john@johnberryhill.com> -----

From: "John Berryhill Ph.D. J.D." <john@johnberryhill.com>
To: "[GA]" <ga@dnso.org>
Date: Wed, 4 Sep 2002 11:35:54 -0400
Subject: [ga] Legitimate Hi-Jacking
X-No-Spam: whitelist


Since ICANN now seems to be moving seriously to enforce the 15-day
confirmation period for suspect whois data, it might be a good idea to let
the cat out of the bag, so that every one will have a fair chance.

Consider - the Wait-List Service has been approved, and you will soon be able
to obtain a deleted name with certainty.  The trick, of course, is knowing
which domain names are going to be deleted, since you have to pay your money
up front.  The Redemption Grace Period adds further uncertainty to the
process.  However....

Now, we have the way to shake the tree and make the domain names fall out.
Look for domain names which have contact email address of defunct ISP, such
as home.com, and others which caused mass-strandings of domain name
registrants with no way to fix their whois data if email confirmation is
required.  Alternatively, try to find out or guess when the domain name
registrant of the name you want is away from their phone, email, or address
for two weeks.   Don't worry, if you guess wrong, you can try again.

The whois confirmation policy provides a 15 day "bed check" for the registrar
to confirm these details are correct, and this is MUCH shorter than the
proposed redemption grace period.  So...

STEP 1 - Take out a WLS or Snapback on the name you want.
STEP 2- Complain loud and hard that the whois data for the domain name is
bad.
STEP 3 - Wait 15 days.
STEP 4 - Enjoy your new domain name.

What's nice about this method, as opposed to other hi-jacking methods, is
that if you score the name and your target wakes up and figures out what
happened, then he/she has virtually no recourse.

If you are concerned about the security of any of your domain names, keep in
mind that every domain name has a 15 day fuse to deletion (and you will not
likely be informed at day 1, so it is less than that), and act accordingly.
Email server down this week?  Kiss your domain names goodbye.



--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html

----- End forwarded message -----


<<< Chronological Index >>>    <<< Thread Index >>>