Menu
  • Home
  • About Us
  • Contact
  • Advertise
  • Awards
  • Privacy Policy
  • Home
  • About Us
  • Contact
  • Advertise
  • Awards
  • Privacy Policy
  • Twitter
  • Facebook
  • RSS
TheDomains.com

ICANN Working Group Issues Recommendations Regarding Domain Hijacking

February 21, 2011 by Michael Berkens

The working ICANN working group published its recommendations on the proposal that would allow domain owners to claw back domains for up to six months in the case of theft of a domain.

Some worried that this provision would be used to undo a transaction by a seller that got a higher offer on a domain after a sale was made public or by someone who just changed their mind after a sale:

“”The GNSO Inter-Registrar Transfer Policy (IRTP) Part B Policy Development Process Working Group was tasked to address five issues focusing on issues related to domain hijacking, the urgent return of an inappropriately transferred name and “lock status”. ”

“Following review of the public comments received on the Initial Report and further deliberations, the Working Group now presents its proposed Final Report which contains nine (9) recommendations to address the five charter questions it was tasked with. ”

The Recommendations

Recommendation #1: The WG is considering recommending requiring registrars to provide an Emergency Action Channel (as described in SAC007 [PDF, 400 KB]). The WG recognizes that there are further details that would need to be worked out in relation to this proposal such as:

  • Within what timeframe should a response be received after an issue has been raised through the Emergency Action Channel (for example, 24 hours – 3 days has been the range discussed by the WG)?
  • What qualifies as ‘a response’? Is an auto-response sufficient?
  • Should there be any consequences when a response is not received within the required timeframe?
  • Is there a limited time following a transfer during which the Emergency Action Channel can be used?
  • Which issues may be raised through the Emergency Action Channel?
  • How/who should document the exchanges of information on the Emergency Action Channel?
  • Who is entitled to make use of the Emergency Action Channel?

The WG is requesting input from the ICANN Community on these questions and the recommendation itself, so this can be factored into the WG deliberations going forward.

Recommendation #2: The WG notes that in addition to reactive measures such as outlined in recommendation #1, proactive measures to prevent hijacking are of the utmost importance. ”

“As such, the WG strongly recommends the promotion by ALAC and other ICANN structures of the measures outlined in the recent report of the Security and Stability Advisory Committee on A Registrant’s Guide to Protecting Domain Name Registration Accounts (SAC 044). In particular, the IRTP WG recommends that registrants consider the measures to protect domain registrar accounts against compromise and misuse described in SAC044, Section 5. These include practical measures that registrants can implement “in house”, such as ways to protect account credentials and how to incorporate domain name registrations into employee or resource management programs typically found in medium and large businesses. It suggests ways that registrants can use renewal and change notifications from registrars as part of an early warning or alerting system for possible account compromise.”

Recommendation #3: The WG recommends requesting an Issues Report on the requirement of ‘thick’ WHOIS for all incumbent gTLDs. The benefit would be that in a thick registry one could develop a secure method for a gaining registrar to gain access to the registrant contact information. Currently there is no standard means for the secure exchange of registrant details in a thin registry. In this scenario, disputes between the registrant and admin contact could be reduced, as the registrant would become the ultimate approver of a transfer. Such an Issue Report and possible subsequent Policy Development Process should not only consider a possible requirement of ‘thick’ WHOIS for all incumbent gTLDs in the context of IRTP, but should also consider any other positive and/or negative effects that are likely to occur outside of IRTP that would need to be taken into account when deciding whether a requirement of ‘thick’ WHOIS for all incumbent gTLDs would be desirable or not.

Recommendation #4: The WG notes that the primary function of IRTP is to permit Registered Name Holders to move registrations to the Registrar of their choice, with all contact information intact. The WG also notes that IRTP is widely used in the domain name community to affect a “change of control,” moving the domain name to a new Registered Name Holder. The discussions within the WG and with ICANN Staff have determined that there is no defined “change of control” function. Therefore, the IRTP-B WG recommends requesting an Issue Report to examine this issue, including an investigation of how this function is currently achieved, if there are any applicable models in the country-code name space, and any associated security concerns.

Recommendation #5: The WG recommends modifying section 3 of the IRTP to require that the Registrar of Record/Losing Registrar be required to notify the Registered Name Holder/Registrant of the transfer out. The Registrar of Record has access to the contact information for the Registrant and could modify their systems to automatically send out the Standardized Form for Losing Registrars (“Confirmation FOA”) to the Registrant.

Recommendation #6: The WG does recognize that the current language of denial reason #6 is not clear and leaves room for interpretation especially in relation to the term ‘voluntarily’ and recommends therefore that this language is expanded and clarified to tailor it more to explicitly address registrar-specific (i.e. non-EPP) locks in order to make it clear that the registrant must give some sort of informed opt-in express consent to having such a lock applied, and the registrant must be able to have the lock removed upon reasonable notice and authentication. The WG recommends to modify denial reason #6 as follows: Express objection to the transfer by the Transfer Contact. Objection could take the form of specific request (either by paper or electronic means) by the Transfer Contact to deny a particular transfer request, or a general objection to all transfer requests received by the Registrar, either temporarily or indefinitely. In all cases, the objection must be provided with the express and informed consent of the Transfer Contact on an opt-in basis and upon request by the Transfer Contact, the Registrar must remove the lock or provide a reasonably accessible method for the Transfer Contact to remove the lock within five (5) calendar days.

Recommendation #7: The WG recommends that if a review of the UDRP is conducted in the near future, the issue of requiring the locking of a domain name subject to UDRP proceedings is taken into consideration.

Recommendation #8: The WG recommends standardizing and clarifying WHOIS status messages regarding Registrar Lock status. The goal of these changes is to clarify why the Lock has been applied and how it can be changed. Based on discussions with technical experts, the WG does not expect that such a standardization and clarification of WHOIS status messages would require significant investment or changes at the registry/registrar level. The WG recommends that ICANN staff is asked to develop an implementation plan for community consideration which ensures that a technically feasible approach is developed to implement this recommendation.

Recommendation #9: The WG recommends deleting denial reason #7 as a valid reason for denial under section 3 of the IRTP as it is technically not possible to initiate a transfer for a domain name that is locked, and hence cannot be denied, making this denial reason obsolete. Instead denial reason #7 should be replaced by adding a new provision in a different section of the IRTP on when and how domains may be locked or unlocked. The WG recommends that ICANN staff is asked to develop an implementation plan for community consideration including proposed changes to the IRTP to reflect this recommendation.

Share
Share on Facebook
Share
Share this
Share
Share on Google Plus
0Share
Share on LinkedIn0 shares on LinkedIn
0Share
Share on StumbleUpon0 shares on StumbleUpon

Filed Under: ICANN

About Michael Berkens

Michael Berkens, Esq. is the founder and Editor-in-Chief of TheDomains.com. Michael is also the co-founder of Worldwide Media Inc. which sold around 70K domain to Godaddy.com in December 2015 and now owns around 8K domain names . Michael was also one of the 5 Judges selected for the the Verisign 30th Anniversary .Com contest.

« House Rep. Promises Hearings On New gTLD’s: “We Want To Ask Them Why It Is Necessary & Important To Do That”
Afternic Changes Up Its Reporting Rules & Proves Sales are Sometimes Just a Numbers Game »

Comments

  1. Rich says

    February 21, 2011 at 10:02 pm

    Mike you beat me today ,quietspots.com

  2. the first domains funded NewSpaceAgency says

    February 22, 2011 at 2:35 pm

    Sex.com: Now Officially The Most Expensive Domain Name In The World

    techcrunch.com/2011/02/22/sex-com-now-officially-the-most-expensive-domain-name-in-the-world/


Recent Articles

  • Sedo weekly domain sales led by Law.ai
  • NameJet/SnapNames July 2025 Aftermarket report led by Ebot.com
  • Sedo releases three weeks of domain sales led by ZH.com

Recent Comments

  • Romel on Aqueduct.com closes at $72,000 at GNAME
  • Jose on Aqueduct.com closes at $72,000 at GNAME
  • Chad on BrandBucket Acquires Novanym
  • Blue Collar Domainer on Braden Pollock sells Sword.com for $1.5M and 7 other sales for good measure
  • MapleDots on Mega list of Custom Checkout Links & Bring Your Own Lead providers

Categories

Archives

Copyright ©2025 TheDomains.com