ICANN Digs into Panix.com Domain Theft—but Not Too Deep

By Larry Seltzer  |  Posted 2005-04-04

ICANN Digs into Panix.com Domain Theft—but Not Too Deep

In my continuing series on domain name theft I have observed the problem shift as the technology and standards have shifted. The problem used to be sloppy registrar practices. We still have that, although some registrars have gotten better. However, new domain name transfer rules issued by ICANN last year have greased the wheels for domain slamming, in which domains are fraudulently switched from one registrar to another, probably as part of stealing ownership of the domain itself.

We had our first significant slamming incident in January, the theft of the panix.com domain. Panix is the oldest ISP in New York and one of those beloved companies that can scare up some sympathy fast, and so it happened in this case. An uproar ensued, and Panix got its name back relatively quickly.

But what about domains with smaller fan bases? When theres no public outrage to scare ICANN and the registrars, will you get your domain back quickly? Will you get it at all? The developing news on the matter is not encouraging.

ICANN told me that it does not know of any big problem with domain slamming and asked me for examples. If youve had a problem with a domain being stolen, please contact me about it and I will see to it that senior ICANN officials get the information.

ICANN investigated the Panix incident by requesting an account of what happened from the two registrars involved, Melbourne IT and Dotster. Click here to read the letter from ICANN reviewing the matter and links to the other correspondence.

Almost everyone comes out looking bad from this, and we dont even know who all the parties are. The domain slammer in this case acquired the domain through a Melbourne IT reseller. ICANN is not willing to disclose who the reseller is, stating that it does not have a relationship with that reseller, and neither Melbourne IT nor Dotster replied to my inquiries. Incidentally, if youre interested, nobodys saying who the actual domain thief was, but the whois data for the new panix.com owner pointed to a "vanessa Miranda" of Las Vegas.

Next page: ICANN responds.

ICANN responds

ICANN did talk to me, saying the investigation is ongoing, although one wonders how much more information can be obtained with the passage of time. Tim Cole, ICANNs chief registrar liaison, said in the correspondence that "there is no indication that recent changes to the Transfer Policy had any bearing on this incident (the same abuse could have occurred under either the old or new policy)."

I have to disagree. Correspondence from Dotster demonstrates that it relied on the new transfer policy in its decision not to take any action in response to the notification. But if not for this inaction, predicated on the new policy, the transfer would not have proceeded.

Like I said before, lots of people look bad here, and Dotster is among them. It had the option, under the new policy, of letting the transfer proceed, but it also had the option of confirming it with Panix.com, the party with whom it had a relationship. Domain customers everywhere should take this into account when shopping for a registrar; Dotster wont stick up for you when the slammers come. Like I said, it didnt respond to my inquiries.

In fact, I have to scratch my head over Panix.coms behavior too. According to a whois search on Sunday the domain is still registered with Dotster, although now at least it has REGISTRAR-LOCK set. If I were Panix, after service like that, I would take the first train out of Dotstertown, but perhaps Panix is so cheap it wants to use up the rest of the $6.95 it spent for the domain this year. The fact that the domain wasnt locked until after Dotster got it back speaks badly of both Dotster and Panix. Panix customers should take note. Panix also didnt return my e-mails.

Ironically, the most negligent party of all, the reseller who initiated the illicit transfer, is the only one who gets away with a relatively unscathed reputation, because nobody will identify it.

The role of resellers is another interesting issue here. In ICANNs letter to Melbourne IT it said:

    "We are also very concerned by Melbourne ITs explanation that the incident happened because Melbourne IT had purportedly delegated to a reseller the critical responsibility for obtaining the consent of the registrant prior to submitting a transfer request to the registry."
But this expression of surprise rings hollow, since the practice of using resellers for this purpose was discussed while the new transfer policy was being formed and their banishment from this role was considered and rejected. The word "solely" was removed from "The Gaining Registrar is solely responsible for validating Registrant requests to transfer domain names between Registrars." Obviously the point was to allow other parties to be responsible for validation.

I asked ICANN about this in light of recent events, and it said its the registrars responsibility to see that the owner confirmation is obtained and that all these rules are under consideration. That doesnt sound like what was said in the letter, but I guess well see how it plays out.

I also thought it was interesting that the reversal of the improper transfer happened so quickly. The ICANN transfer policy includes a provision for an "undo" procedure involving software written specifically for the purpose. I dont have access to the software, but according to a GoDaddy representative, the actual undo software is lousy:

    "The new registry tool to reverse a transfer does not seem to be an efficient mechanism in many cases. It can take several days to complete although both registrars have agreed to it. We have also had instances where canceling a first-level dispute, after coming to agreement with the other registrar, can take several days."
.And, in fact, it turns out that the undo procedure was not used in the case of Panix.com. ICANN says that it was not necessary in this case, so both registrars just reversed the transfer without using the formal undo. What, I asked, is the point of undo, if registrars can just avoid it when they think its proper to do so? ICANN said that using it is an option they have.

By the way, since Yahoo is a Melbourne IT reseller I specifically asked it if it was the reseller at issue. It denied that is was, and it also told me that it has 24/7 access to Melbourne IT support people in case something like a domain theft occurs.

I do know that you can get to Yahoos support people at all hours because I called them this past Saturday night to report that they were hosting a Paypal phishing attack, the domain for which had also been registered through Yahoo Domains. The site was down by Sunday morning, but since the domain was "paypal-cgi.us" you have to think that Yahoo and Melbourne IT dont scrutinize names for trademark violations very carefully.

Finally, Im curious about damages in this case. Perhaps Panix.com would rather put it all behind it, but it suffered damages and I wouldnt blame Panix for trying to recover.

But from whom? From Melbourne IT? From Dotster? From ICANN? How about vanessa Miranda? And in what court?

All I know now is that there is no ICANN process under which Panix can seek damages, and since this is an international affair and its silly to expect slamming victims to seek redress in foreign courts, that too represents a failure of ICANN.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

More from Larry Seltzer

Rocket Fuel