 |
|
|
|
|
|
|
|
|
|
|||||||
 |
|
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
2004-11-19, 04:39 PM
|
#26 | ||
|
I Didn't Do It
Join Date: Aug 2003
Location: au
Posts: 795
 |
Quote:
I didn't really want to get into this as I already sound like half a panic merchant  But there is one other situation where you might want to take extra care.. it really isnt going to affect many people though.Register-Lock can't be removed without your account password... If you own a .org, .info .biz domain at godaddy... if/when you do transfer it, you will be required to give the gaining register what is called an Auth-Code which you get from GoDaddy.... Most places use a made up code.. GoDaddy decided it would smart to use your actual account password as the Auth-Code (the one needed to remove register-lock) So, if you ever do transfer one of these domains out of GoDaddy you would be best to change your acccount password there afterward. Quote:
Right now, if 2 transfer requests have come in to GoDaddy for your domain. They wont tell you they have recieved either yours or the bogus one... and the transfer status menu does not identify the gaining register... so if the bogus request arrives at GoDaddy prior to yours... and you have no idea it has been sent... it will be pretty hard to know that you are being tricked into clicking that approve link, and giving your doamin away... until its way too late. The scammer may also be hoping that you wont transfer or re-lock the domain fast enough and they will get it by default after 3-5 days... which is what GoDaddy support said is possible. Although I personally doubt that could be correct as lots of people should be screaming already if it was. The new system, as most people seem to understand it, says they shouldnt be able to get away with any of this. But it looks to me like they can... and it's a fairly safe to say the scammer thinks they can too... If you are alert and don't assume anything when doing transfers it can be done fairly safely... but its simply not 100% failsafe.. and definitely not as safe as before. Watch your transfers closely whilst they are proceeding. I doubt the ICANN rules will provide much relief once a domain is gone this way... and you can bet your bottom dollar GoDaddy cant/wont help you... Most of all, Dont assume it wont happen to you... from what I see.. if you have domains moving out of GoDaddy, particualrly any decent value ones, they are a good chance to be targetted.  |
||
|
|
|
2004-11-19, 04:57 PM
|
#27 |
|
Live and learn. And take very careful notes!
Join Date: Apr 2003
Location: Sunny Holland
Posts: 6,157
|
when i sold analbitch-pornlist.com last time, i was surprised that the guy who bought it said i just can ask for the domain at godaddy, but for real he couldnt, i had to give the info for the new domain onwer he couldnt get it like he told me, i am pritty sure i am save there, but still thanks for the info opti!!!
 |
|
|
|
|
2004-11-19, 05:15 PM
|
#28 |
|
You can now put whatever you want in this space :)
Join Date: Oct 2004
Location: Upstate NY
Posts: 541
|
i had an over anxious client try to initiate a transfer of a locked domain i had at godaddy right after he paid for a website. the transfer was blocked immediately due to it being locked. i just transferred a domain into my godaddy account a couple days ago and when the transfer completed, the domain showed up as locked in my godaddy account.
|
|
|
|
|
2004-11-19, 06:47 PM
|
#29 |
|
What can I do - I was born this way LOL
Join Date: Oct 2003
Location: ohio
Posts: 3,086
|
well reading all this I emailed my domain registar to ask about how to lock mine and here's what they said, I will not say who they are and a clue - they are expensive..
Dear marc Thank you for conatcting.... We do not have the "lock" facility available to domain name holders at present as the new transfer policy is so secure that Lock is now more of a perceived need than an actual requirement There has been some confusion regarding the New ICANN Transfer Registrar Policy that will be officially implemented by the registrar community on 12 November 2004. Despite reports to the contrary, the new Policy will have a positive impact on registrants and registrars which follow the new Policy, by clarifying and improving the Registrar Transfer process. It makes no other substantial changes. The new Policy now enforces the spirit of the original Registrar Transfer process by providing explicit guidelines on matters that have been of concern in the past to the Registrar and Registrant community, and which have restricted Registrants ability to transfer their domain names between Registrars. It clearly dictates what Registrars can and cannot do, and prohibits Registrars from practices which may have occurred in the past in which Registrants were caused confusion. Under the new transfer policy, Registrants will be safer and will have greater freedom to transfer their domains to any ICANN-accredited registrar of their choice. The new Policy ( http://www.icann.org/transfers/policy-12jul04.htm ) outlines that: i. All registrars must only use a clear standardized form of authorization as outlined by ICANN to obtain the express consent of the registrant prior to initiating a transfer. Authorisation forms are not to contain any other text not related to the actual transfer request. Benefit- This means that Registrars or their agents can no longer solicit transfers by sending confusing, deceptive or intentionally misleading emails to Registrants, which will assist in preventing customers from making uninformed decisions. ii. The administrative contact remains as the authorising entity and Registrars cannot initiate a transfer unless they have received explicit approval, either electronically from the same or by a physical process which involves certified identification. Benefit- Registrants will be safer from any risk of having their domains transferred to another registrar without their explicit consent. iii. The new policy prohibits Registrars from denying outgoing transfers on the basis of a registrant's alleged failure to "double-confirm" the transfer. This process is commonly referred to as 'Auto-knacking'. Benefit- The new policy will prohibit Registrars from denying outgoing transfers on the basis of a Registrant's alleged failure to "double- confirm" the transfer. Under the old policy, some transfer requests that had already been authenticated by the gaining Registrar were denied by the losing Registrar if technical problems, spam filters, language difficulties or other issues resulted in a Registrant not responding to a secondary confirmation e-mail from the losing Registrar. Losing Registrars will still be able to send a message to a Registrant that has authorized an outgoing transfer, but a clear and concise standardized form of message must be used, and the Registrar will not be allowed to deny the transfer if a response is not received from the Registrant. iv. The new transfer policy includes a robust dispute resolution policy for resolving disputes between Registrars involving alleged violations of the policy. As part of this mechanism, registries will be implementing a "transfer undo" functionality in order to be able to efficiently reverse any transfers initiated in violation of the policy. Benefit- If there is dispute, it will be dealt with using appropriate processes and if necessary by independent arbitration. Regards |
|
|
|
|
2004-11-19, 10:51 PM
|
#30 |
|
You tried your best and you failed miserably. The lesson is 'never try'
Join Date: Mar 2004
Location: Calgary
Posts: 165
|
I remember back when you actually had to fill out a huge form to transfer registrars and it would take weeks to get the transfer approved... my how the times have changed.
Glad to hear that asshole didn't get your domain. |
|
|
|
|
2004-11-20, 01:19 PM
|
#31 | |
|
I Didn't Do It
Join Date: Aug 2003
Location: au
Posts: 795
|
Well done Plateman!
Quote:
Although I am sure ICANN would argue the actual text in the E-Mails being sent isn't deceptive.... so it isn't a fault with their system. :\ Chances are your register still is secure Plateman.. even without a lock service. If you wanted to put your mind at ease, I would get 2 people with other register accounts to try and transfer one of your domains away at the same time and see how easy it is to spot what has happened from within your registry admin area.. and from any email alerts they send you. Is there any chance that you might not realise what had happened? Does both requests show up in your admin area or just one? Does it prominently show you the name of the gaining register and/or details of the person making the request in your admin area? Try and imagine you have started a valid transfer and someone has targetted you and sent one of their own.. if you werent expecting it, is there any possibility of accidently clicking approve on the wrong transfer request? If that all looks well thought out you are probably better off there with no register-lock than being at GoDaddy with it imho. Then ignore the e-mails that come from the requesting registries and see what happens. They will certainly fail.. but, if they havent emailled you alerts already, you want to see if your registry will have some record there so you know the attempts had been made if you only login irregularly. You can't rely on receiving an email from the registry used by the scammer to alert you... for one, a scammer would simply have to use an email address like viagra_casino@mail.com and have many people's own spam filters ensure you dont get the email. *** Interesting Development *** There was an attempt made to transfer away one of the same domains again, in the last few hours. It is not at GoDaddy now.. and it IS on register-lock If it is not possible to request a transfer for a locked domain under these rules... then how did this happen? I have a theory how it can happen.... But I will talk to my registry and work out for sure what has ocurred.. and let the thread know. |goodnight |
|
|
|
|
|
2004-11-21, 07:22 AM
|
#32 |
|
You can now put whatever you want in this space :)
Join Date: Sep 2003
Location: Louisiana
Posts: 511
|
Hi Ann,
I'm not familiar with DirectI but what you say does make sense. Their letter did state that if I did not approve the transfer then nothing would happen. It also gave me a link to click on to cancel the transfer, which I did. You are also correct, that prior to the 15th my domain was not locked. It was supposed to be, but through a communication error between my godaddy rep and me it did not happen. I caught it prior to the transfer request, and locked it. The purpose of my post was more to bring attention to everyone of the value of locking domains and to point out the name and e-mail address of the domain thief. |
|
|
|
|
|
|
Linear Mode
