[gnso-irtp-pdp-jun08] Domain Name "Hijacking" and transfer disputes: How Common?

["James M. Bladel" <jbladel@xxxxxxxxxxx>]

<html><body><font color="#000000"><font size="2"><font 
face="verdana,geneva"><br></font></font></font>Colleagues:<br><br><br>During 
yesterday's call I was tasked with gathering some data on the frequency of
this issue, and the prevalence of (alleged) domain name "hijacking."&nbsp;
Barbara mentioned that Verisign has addressed approximately 250
incidents since the IRTP was adopted in 2004, but I would submit that
this figure represents only those cases in which the Registrars
involved have failed to reach an accord, so they involve the
Registry and/or file a TDRP.<br><br>For example, our Domain Services
team has the equivalent of 1-2 full-time employees dedicated to work on this
specific issue.&nbsp; Since January 2008, this team has received over 1000 
claims
of domain name "hijacking," and has taken action to restore the
original registrant in 533 of these cases, and upheld the transfer in
another 504.&nbsp;&nbsp; On average, the investigation of each claim takes 5-10
business days.<br><br>Some of these incidents are internal (e.g. Change
of Registrant) transfers, versus inbound transfers from other
registrars.&nbsp; I apologize that I do not have the exact breakdown of each
type.&nbsp; But it should be noted that AuthInfo keys are only involved in the 
latter case.<br><br>The bottom line is that the prevention and
remediation of domain name "hijacking" is a significant operational
burden for registrars, and the figure reported by Verisign is just the
tip of the iceberg.&nbsp; We should consider this in our discussions of
Question II, as it pertains to security concerns.&nbsp; Of course, the loss
of even a single domain name through "hijacking" can be personally and
financially disruptive to a registrant, and involve a significant
liability potential for the affected 
registrar.<br><br>Thanks--<br><br>J.</body></html>