ICANN Still Steal Your Domain

By Larry Seltzer  |  Posted 2005-02-25

ICANN Still Steal Your Domain

Ive been concerned with the problem of domain theft for some time now, and the more I look into it the more I get concerned. Everyone who owns a domain needs to be concerned.

Domain theft is not like the threats that tend to get the headlines in spite of being largely theoretical and patchable. It can be very hard to defend yourself against domain theft. It always was, and now it appears that ICANN (the Internet Corporation For Assigned Names and Numbers), the organization that sets the rules for registrars to follow, has made things worse with a set of new rules that went into effect last year.

When I wrote in January about the high-profile domain theft of panix.com and some other lesser sites I didnt appreciate how bad the situation was.

The bottom line in that incident, it turns out, is that a reseller for Melbourne IT, a large Australian registrar, got manipulated into selling a transfer against ICANN policy and Melbourne IT performed the transfer; although Dotster, the previous registrar (known in domain transfer parlance as the "losing registrar"), claims that they had no information about a transfer. In fact, according to this story in The Register, Panix had actually locked their domain at Dotster and Melbourne IT registered it anyway. Incidentally, Yahoo! is a very large reseller for Melbourne IT, but they tell me they were not the reseller involved.

Were the new ICANN rules to blame? It was easy to guess that they were involved, since the new rules mandated that a transfer was to proceed unless the owner stops it, and the losing registrar cant do anything about it.

Ive expressed concern about these rule changes before, but was reassured by ICANN and their associates that the procedures in place were sufficient to deter fraud by registrars themselves, and that the new procedures to resolve disputes would make things orderly.

It was clear at the time that a large part of the motivation for the rule changes was the desire of smaller registrars to break the market power of Network Solutions. Actually, ICANN seems to engage in a fair amount of Netsol-bashing, such as threatening them over some sites with fake registry contact data in them. Such fake information is common, but as far as I can tell only Network Solutions gets hassled about it.

Will Melbourne IT be hassled? After all, grossly lax enforcement of their own policies and ICANN requirements led them to steal a domain. Even crazier, the next Monday morning when Melbourne IT went back to work (yes, they actually shut down to that extent over the weekend) they fixed things and transferred the domain back as quickly as possible. This would be the right thing to do, except that it also violated ICANNs rules.

Remember those new domain dispute resolution rules I mentioned? They set forth procedures that the owner of the domain (Panix in this case) has to follow in order to undo a completed transfer.

This doesnt happen in a day, so Melbourne IT essentially ignored other ICANN rules by moving so quickly. I specifically asked ICANN about this incident and whether there would be consequences to Melbourne ITs violations of the rules on both ends of the transfer, and they didnt get back to me.

Next page: Network Solutions fights back.

Network Solutions Fights Back

I spoke to Champion Mitchell, CEO of Network Solutions, and its clear hes fed up with ICANN. Mitchell warned ICANN in advance of the new rules that they would encourage domain "slamming" by which registrars would grab domains without permission or through misleading e-mails.

There has already been an example of this involving Domain Registry of America (a reseller for eNom) which sent out a notice to users that their domains were expiring and that it needed to renew, but in fact they were initiating a transfer. The FTC went after them for this practice.

Mitchell points out that the new rules facilitate slamming and that novice users are very likely to fall for it.

Since the notice of the transfer likely comes from the gaining registrar, with whom the domain owner has no relationship, they are likely to ignore the message, leaving the transfer free to proceed. Many users would assume that not responding to a transfer request would deny the transfer, but in fact the default is just the opposite.

And when the domain gets slammed its not just the domain name that gets moved. Very often users will lose their e-mail service, their web service and more. It could be devastating to a small Internet-based business. And ICANNs provision for such people is a long and drawn-out process that probably looks less appealing than just caving in to the slammer.

In a final irony, since the losing registrar—through no fault of their own—stopped providing a service already paid for to their customer, they may be legally liable. Nobody knows the law on this yet, but its only fair to assume the worst from the situation.

So what can users actually do to protect themselves?

First, READ YOUR E-MAIL. Theres no guarantee that a slamming or theft attempt will involve an e-mail notification, but theres a good chance it will, and you can at least deny the request, call up and scream bloody murder at that point.

Secondly, if your registrar hasnt done it for you already, lock your domain. Officially, this prevents changes to the domain without your permission. Of course, it appears that it didnt save Panix.com, but its an easy measure to take.

If you dont mind the extra record keeping, set different userids and passwords for your administrative, billing, and technical contacts in your registry records. This makes it much harder for someone to steal your domain by using one account to gain access to another. And, of course, the information in the records should be accurate, or you wont get the notification that your domain is about to be stolen.

Finally, use a private registration facility like Godaddys DomainsByProxy or Network Solutions similar facility so that your personal information doesnt show up at all in the whois record. This also stops your whois from turning into a source of spam attacks. (Why is this contact information public anyway? More craziness from ICANN rules.)

If the point of changing transfer rules was to break the Network Solutions monopoly, then ICANN needs to wake up and look at their own business. Network Solutions no longer has a monopoly. The problem today is fraud, and sadly ICANN is being part of the problem.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

More from Larry Seltzer

Rocket Fuel