Is Your Domain Name Safe? - webreference.com

home / content / domains / safe

Managed Services Subject Matter Expert (CA)
Next Step Systems
US-CA-San Ramon

Justtechjobs.com

Post A Job | Post A Resume

Developer News

Microsoft Shows Some Ankle With Visual Studio

Gentoo Linux Cancels Distribution

It's Official: Windows 7 at PDC, WinHEC

Is Your Domain Name Safe?

By Lee Underwood

There have been several recent news reports claiming that the ownership of domain names may be in jeopardy. The basis of these reports stems from the recent policy changes by ICANN regarding the transfer of domain names between registrars that went into effect November 12, 2004. The policy changes seem to have generated a wave of paranoia due to the news stories connected to it.

Transferring a Domain Name the Old Way

Prior to November 12, in order to transfer a domain name from one registrar (the "losing" registrar) to another (the "gaining" registrar), the domain name owner had to specifically approve the transfer with both the losing registrar and the gaining registrar. If the losing registrar did not receive approval, the transfer wasn't done.

The Problem

Several registrars were sending fake renewal notices to domain name owners in order to get them to transfer their accounts. Without looking closely at the notices, they seemed to be the real thing. While that would ultimately be the fault of the domain name owner, registration documents - even renewal notices - can look quite complex. Even attempting to transfer a domain name legitimately sometimes resulted in a nightmare.

In an effort to stop the loss of existing business and to remedy the problem of fake renewal notices, the losing registrar would not complete the transfer, even after receiving notice from the domain name owner.

Transferring a Domain Name the New Way

As of November 12th, all that has changed.

The new policy states that the gaining registrar must "obtain express authorization from either the Registered Name Holder or the Administrative Contact." That's done using a Standardized Form of Authorization with proper identification, either physical or electronic. If electronic, the identification must be in the form of an electronic signature or "consent from an individual or entity that has an e-mail address matching the Transfer Contact e-mail address." If done physically: "The acceptable forms of physical identity are: notarized statement, valid drivers license, passport, article of incorporation, military ID; state/government issued ID, [or] birth certificate... A transfer must not be allowed to proceed if no confirmation is received by the gaining registrar." It's in the best interest of the gaining registrar to make sure the identification is accurate.

The new policy also states that a domain name registration can be transferred without the approval of the losing registrar: "Failure by the Registrar of Record [the losing registrar] to respond within five calendar days to a notification from the Registry regarding a transfer request will result in a default 'approval' of the transfer." The losing registrar is not required to contact the domain name owner. In other words, the losing registrar must transfer the domain name, except in the case of:

Evidence of fraud.
UDRP [Uniform Domain Name Dispute Resolution Policy] action
Court order by a court of competent jurisdiction
Reasonable dispute over the identity of the Registered Name Holder or Administrative Contact.
No payment for previous registration period (including credit card charge-backs) if the domain name is past its expiration date or for previous or current registration periods if the domain name has not yet expired. In all such cases, however, the domain name must be put into "Registrar Hold" status by the Registrar of Record prior to the denial of transfer.
Express written objection to the transfer from the Transfer Contact. (e.g. - email, fax, paper document or other processes by which the Transfer Contact has expressly and voluntarily objected through opt-in means).
A domain name was already in “lock status” provided that the Registrar provides a readily accessible and reasonable means for the Registered Name Holder to remove the lock status.
A domain name is in the first 60 days of an initial registration period.
A domain name is within 60 days (or a lesser period to be determined) after being transferred (apart from being transferred back to the original Registrar in cases where both Registrars so agree and/or where a decision in the dispute resolution process so directs).

The Perceived Problem

The problem that many people are having, that was touched off by the Netcraft report, is the mistaken belief that ownership of a domain name can now easily be hijacked by anyone wishing to do so. The policy affects only the change of registrars, not the ownership of the domain name itself.

In addition, the new policy clearly states that the gaining registrar must have sufficient identification in order to proceed. Does this mean that someone could forge the identification and steal the domain name? That risk is always there, but the new policy allows for an easier remedy when something does go wrong. "Even in the event that a terrible mistake does happen [regarding domain transfers], you have recourse through arbitration that didn't exist before," said Ross Rader, author of the ICANN policy. "Typically, when registrants lose their name to a hijacker they never see it again unless they have the means or get lucky. Those safeties are guaranteed," Rader explained. In his November 11, 2004 blog, Rader elaborated, "... under the old policy, if a domain name was 'slammed' or 'hijacked' there was no formal recourse, outside of costly litigation, for a registrant to get their name back or reconnect it with the original and rightful supplier. Under the new policy, there are a series of administrative processes and arbitration mechanisms that give registrants a cost-effective means for ensuring that mistakes are made correct."

What Now?

The majority of domain name registrars are offering their customers the ability to "lock" their domain to prevent an unauthorized transfer. It's similar to what many of the telephone companies offer in order to prevent "slamming" — the unauthorized transfer of a telephone number to a different long distance company. What this does is it "locks" the account — it can't be transferred — until the owner changes its status to "unlock." You can contact your domain name registrar for futher information.

Another thing to remember, as I said before, this policy affects only the change of registrars, not the ownership of the domain name itself.

home / content / domains / safe

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Whitepapers and eBooks
IBM Whitepaper: Innovative Collaboration to Advance Your Business Internet.com eBook: Real Life Rails Avaya Article: Call Control XML - Powerful, Standards-Based Call Control Internet.com eBook: The Pros and Cons of Outsourcing Go Parallel Article: Scalable Parallelism with Intel(R) Threading Building Blocks Internet.com eBook: Best Practices for Developing a Web Site IBM CXO Whitepaper: The 2008 Global CEO Study "The Enterprise of the Future"		Avaya Article: Call Control XML in Action - A CCXML Auto Attendant Go Parallel Article: James Reinders on the Intel Parallel Studio Beta Program IBM CXO Whitepaper: Unlocking the DNA of the Adaptable Workforce--The Global Human Capital Study 2008 Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers Go Parallel Article: Getting Started with TBB on Windows HP eBook: Storage Networking , Part 1 MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts
Go Parallel Video: Intel(R) Threading Building Blocks: A New Method for Threading in C++ HP Video: Is Your Data Center Ready for a Real World Disaster? Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices HP On Demand Webcast: Virtualization in Action Go Parallel Video: Performance and Threading Tools for Game Developers		Rackspace Hosting Center: Customer Videos Intel vPro Developer Virtual Bootcamp HP Disaster-Proof Solutions eSeminar HP On Demand Webcast: Discover the Benefits of Virtualization MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits
Microsoft Download: Silverlight 2 Software Development Kit Beta 2 30-Day Trial: SPAMfighter Exchange Module Red Gate Download: SQL Toolbelt		Iron Speed Designer Application Generator Microsoft Download: Silverlight 2 Beta 2 Runtime MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos
IBM IT Innovation Article: Green Servers Provide a Competitive Advantage Microsoft Article: Expression Web 2 for PHP Developers--Simplify Your PHP Applications		Featured Algorithm: Intel Threading Building Blocks - parallel_reduce MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES

The latest from WebReference.com

Controllers: Programming Application Logic - Part 2 · How to Use JavaScript to Validate Form Data · Controllers: Programming Application Logic

Sitemap · Experts · Tools · Services · Email a Colleague · Contact

FREE Newsletters >

The latest from internet.com

Sprint Launches Mobile WiMAX Network · Albatron Downsizes with the KI780G Mini-ITX Motherboard · Can't Find a Wi-Fi Network? Make Your Own.

Created: January 7, 2004

URL: http://webreference.com/content/domains/safe/