RE: [SPAM] [gnso-irtp-b-jun09] GoDaddy holding domains "hostage" via so-called "opt-in" procedures?

["Michael Collins" <mc@xxxxxxxxxxxxxxxxx>]

Hi George,

Welcome to the IRTP group. There has been much discussion about this issue.
I understand the frustration. I have personally been inconvenienced by this
policy. As usual, there is a delicate balance between security and
convenience. One thing that came up in discussions is that hijackers will
often make a registrant change immediately before an inter-registrar
transfer. This leaves the hijacking victim without the ability to use TDRP
or our proposed ETRP to recover a hijacked domain name because they are not
the registrant at the time of the inter-registrar transfer.

A 60-day lock increases the opportunity for the registrar or victim to
discover a hijacking before the domain can be transferred away. Despite the
potential inconvenience to registrants, I thought we should consider making
the lock mandatory for all registrars. My desire is to reduce sales of
hijacked domains and I thought this might help. The majority of the group
prefer leaving this and other security measures up to the registrar.

Best regards,
Michael Collins

-----Original Message-----
From: owner-gnso-irtp-b-jun09@xxxxxxxxx
[mailto:owner-gnso-irtp-b-jun09@xxxxxxxxx] On Behalf Of George Kirikos
Sent: Thursday, June 17, 2010 9:49 PM
To: Gnso-irtp-b-jun09@xxxxxxxxx
Subject: [SPAM] [gnso-irtp-b-jun09] GoDaddy holding domains "hostage" via
so-called "opt-in" procedures?


Hi folks,

I saw some interesting comments on Twitter from an ordinary user in
relation to GoDaddy's so-called "opt in" hold. It should perhaps serve
as a reminder why rules about transfers between registrars were
created originally:

http://twitter.com/wedschilde/status/16429902106

@godaddy FAIL. having to fight to transfer domain for
threecrowpress.com. giving 24 hours. ICANN complaint already filed.
#godaddyfail

http://twitter.com/wedschilde/status/16430649817

@Beshter @brk_nlssn i hate having to fight for something that's mine.
major #godaddy fail. sighs.

http://twitter.com/wedschilde/status/16430757083

@Hoshiko_Malfoy i need a tweetwar. godaddy (@godaddy) doesn't want to
release my domain name. i demand it release the hostage.

http://twitter.com/wedschilde/status/16430802773

@Beshter i've already filed an ICANN. they do this all the time. it's
commonplace. & in @godaddy math, 8.10.10 is 60 days from now.

http://twitter.com/wedschilde/status/16431350059

@brk_nlssn Holding threecrowpress.com hostage because for "internally"
opt-in security rules. i told them no. release it. bad @godaddy

I think this example goes directly to points (c) and (d) of the charter:

"c) Whether special provisions are needed for a change of registrant
when it occurs near the time of a change of registrar. The policy does
not currently deal with change of registrant, which often figures in
hijacking cases;

d) Whether standards or best practices should be implemented regarding
use of a Registrar Lock status (e.g. when it may/may not,
should/should not be applied);"

and in particular, whether some registrars use a creative
interpretation of "opt-in" to a process which registrants can't
opt-out of, except via a denial of service (which doesn't make it
"opt-in" at all).

What are the "costs" to the public vs. the benefits? These are real
costs in terms of inconveniencing real users.

Sincerely,

George Kirikos
416-588-0269
http://www.leap.com/