invincible said:
I've commented about this before on here. Make an advanced search on this forum for the key word "transfer" together with my username "invincible". Then read my comments in both the "snocap.co.uk stolen from me?" and "The tag for my domain name has been changed without my permission" threads.
I checked your comments and those of "bobby sands" who says he lost the domain; but unfortunately there are very few facts to go on in the thread. Someone mentioned that Nominet had supplied the facts regarding this transfer but that it would not be prudent to post them here.
invincible said:
Domain Names have been "stolen" by people performing fraudulent transfers in the past. I have argued that paper based transfers are possibly less secure then electronic ones because anyone can request the paperwork, complete it and sign it. Nominet don't have any way of validating a signature and they don't phone or email you to check you really want to make the transfer.
My own experience (and that of some clients) has been that electronic transfers are far more prone to fraud than paper ones. IMHO it is much too easy for a reseller to go into their account with opensrs or another Top Level Registrar and change the registrant name (on a .COM) to themselves; and getting a fraudulently transferred .COM back is a lot more hassle than getting a .CO.UK one back. Sticking my neck out a bit (cos I haven't checked with dah management) I would say if you make Nominet aware that a fraudulent transfer has taken place, they will act immediately to correct the situation and if they didn't, I'd want to know why. However, see my comments below!
invincible said:
This is why I have stated that in order to protect your valuable domain names you should either operate your own tag or have a great relationship with your tag holder. The tag holder, not the Registrant, will be notified of any registrant change via a PGP signed email. If you run your own tag, and someone does this, you can act immediately. If your domain names are on someone elses tag, the first you might know about a false transfer is when you WHOIS the domain name or try to make use of it somehow. If you've parked the domain name somewhere, you might not notice for ages. I think this is dreadful.
A tag holder is supposed to check the validity of each Tag Transfer request. Some do this by letter or fax, others may allow username/password access to an online system, and others by 'email of record'. Theoretically, if you keep your whois (contact) information up to date, this goes a long way to protecting your registrations. Whilst I agree that any fraudulent transfer is "dreadful", it's one of those issues where I'd need more evidence to suggest how best to combat the problem.
However, some of the problems I have personally encountered are where the current registrant hasn't (for whatever reason) updated the registrant field or the contact details. Legally, the person in the registrant field; whether they have sold on a domain name or not; can claim it back at any time. Then it's a court battle to decide if it was actually sold on in the first place because the person legally entitled to hold the registration is the one named in the registrant field.
This is why it is essential that domain names that are 'sold on' are transferred correctly so that the person buying it is actually cited as the registrant. I am referring back to what I was told about "sales" of domain names under 100 quid being accomplished simply by tag transfer, and not your actual proper 30 quid domain name process. Anyone doing it, is leaving the new registrant (whom they extracted said 100 quid from) open to all sorts of problems in the future and all for the want of a 30 quid transfer.
Them's the facts guys, so if you're doing it, please think twice before doing it again; cos sure as eggs are eggs, an accident waiting to happen eventually happens; and someone will eventually get sued over the practice; and all for the want of a 30 quid transfer.
Regards
James Conaghan
[PAB Member]
