Network Solutions Fights Back
I spoke to Champion Mitchell, CEO of Network Solutions, and its clear hes fed up with ICANN. Mitchell warned ICANN in advance of the new rules that they would encourage domain "slamming" by which registrars would grab domains without permission or through misleading e-mails. There has already been an example of this involving Domain Registry of America (a reseller for eNom) which sent out a notice to users that their domains were expiring and that it needed to renew, but in fact they were initiating a transfer. The FTC went after them for this practice.Since the notice of the transfer likely comes from the gaining registrar, with whom the domain owner has no relationship, they are likely to ignore the message, leaving the transfer free to proceed. Many users would assume that not responding to a transfer request would deny the transfer, but in fact the default is just the opposite. And when the domain gets slammed its not just the domain name that gets moved. Very often users will lose their e-mail service, their web service and more. It could be devastating to a small Internet-based business. And ICANNs provision for such people is a long and drawn-out process that probably looks less appealing than just caving in to the slammer. In a final irony, since the losing registrarthrough no fault of their ownstopped providing a service already paid for to their customer, they may be legally liable. Nobody knows the law on this yet, but its only fair to assume the worst from the situation. So what can users actually do to protect themselves? First, READ YOUR E-MAIL. Theres no guarantee that a slamming or theft attempt will involve an e-mail notification, but theres a good chance it will, and you can at least deny the request, call up and scream bloody murder at that point. Secondly, if your registrar hasnt done it for you already, lock your domain. Officially, this prevents changes to the domain without your permission. Of course, it appears that it didnt save Panix.com, but its an easy measure to take. If you dont mind the extra record keeping, set different userids and passwords for your administrative, billing, and technical contacts in your registry records. This makes it much harder for someone to steal your domain by using one account to gain access to another. And, of course, the information in the records should be accurate, or you wont get the notification that your domain is about to be stolen. Finally, use a private registration facility like Godaddys DomainsByProxy or Network Solutions similar facility so that your personal information doesnt show up at all in the whois record. This also stops your whois from turning into a source of spam attacks. (Why is this contact information public anyway? More craziness from ICANN rules.) If the point of changing transfer rules was to break the Network Solutions monopoly, then ICANN needs to wake up and look at their own business. Network Solutions no longer has a monopoly. The problem today is fraud, and sadly ICANN is being part of the problem. Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
More from Larry Seltzer
Mitchell points out that the new rules facilitate slamming and that novice users are very likely to fall for it.