Ive been concerned with the problem of domain theft for some time now, and the more I look into it the more I get concerned. Everyone who owns a domain needs to be concerned.
Domain theft is not like the threats that tend to get the headlines in spite of being largely theoretical and patchable. It can be very hard to defend yourself against domain theft. It always was, and now it appears that ICANN (the Internet Corporation For Assigned Names and Numbers), the organization that sets the rules for registrars to follow, has made things worse with a set of new rules that went into effect last year.
When I wrote in January about the high-profile domain theft of panix.com and some other lesser sites I didnt appreciate how bad the situation was.
The bottom line in that incident, it turns out, is that a reseller for Melbourne IT, a large Australian registrar, got manipulated into selling a transfer against ICANN policy and Melbourne IT performed the transfer; although Dotster, the previous registrar (known in domain transfer parlance as the "losing registrar"), claims that they had no information about a transfer. In fact, according to this story in The Register, Panix had actually locked their domain at Dotster and Melbourne IT registered it anyway. Incidentally, Yahoo! is a very large reseller for Melbourne IT, but they tell me they were not the reseller involved.
Were the new ICANN rules to blame? It was easy to guess that they were involved, since the new rules mandated that a transfer was to proceed unless the owner stops it, and the losing registrar cant do anything about it.
Ive expressed concern about these rule changes before, but was reassured by ICANN and their associates that the procedures in place were sufficient to deter fraud by registrars themselves, and that the new procedures to resolve disputes would make things orderly.
It was clear at the time that a large part of the motivation for the rule changes was the desire of smaller registrars to break the market power of Network Solutions. Actually, ICANN seems to engage in a fair amount of Netsol-bashing, such as threatening them over some sites with fake registry contact data in them. Such fake information is common, but as far as I can tell only Network Solutions gets hassled about it.
Will Melbourne IT be hassled? After all, grossly lax enforcement of their own policies and ICANN requirements led them to steal a domain. Even crazier, the next Monday morning when Melbourne IT went back to work (yes, they actually shut down to that extent over the weekend) they fixed things and transferred the domain back as quickly as possible. This would be the right thing to do, except that it also violated ICANNs rules.
Remember those new domain dispute resolution rules I mentioned? They set forth procedures that the owner of the domain (Panix in this case) has to follow in order to undo a completed transfer.
This doesnt happen in a day, so Melbourne IT essentially ignored other ICANN rules by moving so quickly. I specifically asked ICANN about this incident and whether there would be consequences to Melbourne ITs violations of the rules on both ends of the transfer, and they didnt get back to me.