homepage Welcome to WebmasterWorld Guest from 54.197.130.16
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Domain Names
Forum Library, Charter, Moderators: buckworks & webwork

Domain Names Forum

    
Unsolicited Domain Transfer Requests
Godaddy refuses to tell me who submitted it.
woop01




msg:4389247
 1:55 am on Nov 21, 2011 (gmt 0)

We got an unsolicited domain transfer request a few days ago from Godadddy.

We ignored it and replied to Godaddy that we didn't authorize it and would like to know who exactly it was that attempted to transfer our domain.

They are balking and saying they cannot let us know who submitted a domain transfer request for our domain for security reasons.

Is that legit? What exactly is being protected by not telling a person who tried to steal their domain?

 

bwnbwn




msg:4389442
 4:23 pm on Nov 21, 2011 (gmt 0)

Did you make sure the domains were still locked? Or was this a domain move within Godaddy from on account to another?

woop01




msg:4389651
 12:28 am on Nov 22, 2011 (gmt 0)

The domain is locked and on NetSol, that's not the issue.

I want to know who tried to transfer it.

Webwork




msg:4389702
 3:46 am on Nov 22, 2011 (gmt 0)

Good luck.

Wanna push the envelope? Take back "the night"?

Do you think it's "just a mistake" OR do you have a good faith basis to believe someone is attempting to engage in a) fraud?; b) deception?; c) an unlawful taking of your property?; etc.

Who would you document and report that to, and, possibly, demand an investigation?

A State Attorney General? A State's consumer protection agency? Who?

Would that person or agency demand cooperation from GoDaddy?

What if you hired a local attorney to sue a "John Doe" defendant AND that State allowed you to join GoDaddy as a party defendant "for the purpose of discovery"?

What if you kept getting stymied and started to blog about your experience? Contacted media outlets? Brought that matter to the attention of any U.S. agency?

I don't know what would happen, but I'd sure like to know, because I'm sick and tire of the "line" that "for security reasons" a victim of a fraud isn't given access to ANY information about who is targeting that victim. For whose protection? And the same information can be garned by subpoena or litigation? So, again, WHO is being "protected" by concealing, hiding, withholding, denying a victim access to the information about who is attempting to victimize them?

That protects who from what? But a subpoena or court order makes it "less dangerous"? Really?

Go git 'em! :)

woop01




msg:4389791
 11:59 am on Nov 22, 2011 (gmt 0)

I assume from that reply that this is pretty common and they simply refuse to explain the logic of the 'security concerns'.

Webwork




msg:4389865
 2:59 pm on Nov 22, 2011 (gmt 0)

Until compelled they will ignore you. I think that's wrong, so I've suggested no cost (except your time) ways to "challenge their logic".

It's probably more economically efficient for GoDaddy to allow fraudsters to maintain their anonymity versus having to pay staff to collect fraud info, relay identifying information to the victims, cooperate with any agency charged with arresting fraudsters, etc.

wheel




msg:4389875
 3:13 pm on Nov 22, 2011 (gmt 0)

Don't expect stand up business ethics from a company who's lead is basically selling T&A. Move your business down the road.

tim222




msg:4390346
 4:34 pm on Nov 23, 2011 (gmt 0)

If it was only one attempt then it's easily explained as an accident. In addition, the thief would need to steal your domain transfer code from Network Solutions. So far I don't think GoDaddy has a reason to reveal the information. Consider a person who makes an honest mistake by entering a typo. I don't think their personal information be given to the domain owner. Even if you feel there's no way it could be a typo, GoDaddy's policy needs to protect people from honest mistakes, and they can't change the policy based on speculation.

woop01




msg:4390461
 9:00 pm on Nov 23, 2011 (gmt 0)

What exactly are they being protected from?

jecasc




msg:4390467
 9:12 pm on Nov 23, 2011 (gmt 0)

What exactly are they being protected from?

Vigilantism.

If you feel someone has tried to steal your domain, report it to the police and then they might investigate and a court might order Godaddy to reveal the information to the police. That's the way things work - or at least are supposed to work. Where I live it works. Often slowly but it does.

Imagine it was the other way round and you had made a mistake when initiating a domain transfer and the provider would reveal your private information and then somebody would start posting warnings all over the internet that "company X" or "person Y" is trying to steal domains. Then you would probably be here asking for advice on how to proceed against this outrageous breach of privacy from Godaddys side.

wheel




msg:4390472
 9:26 pm on Nov 23, 2011 (gmt 0)


Imagine it was the other way round and you had made a mistake when initiating a domain transfer and the provider would reveal your private information

That's right up there with the kind of mistake you make when I catch you in the parking lot trying to jimmy the locks on my car. Oh, you thought it was you're car? Hey, no problem - you've got the right to privacy even though you're trying to jack my car/domain. Uh, no. As soon as you make the effort to steal something - deliberately or not - then you've no expectation of privacy.

It's typical 'protect the crooks not the victims' nonsense.

jecasc




msg:4390501
 11:20 pm on Nov 23, 2011 (gmt 0)

@wheel
If you believe someone is trying to steal your car you have every right to hold the person, call the police and they will find out the persons identity and see if the story he tells is any good. If you think someone is trying to steal your domain you can do the same. I can't see in any way how this 'protects the crooks'.

Companies are not allowed to simply give out private information to anybody calling or writing an email and telling a story and make accusations that might or might not be true. A crook might not have a right to privacy, but only after the proper authorities have determined that there really is a crook.

wheel




msg:4390508
 11:31 pm on Nov 23, 2011 (gmt 0)

If someone tries to break into your car jecasc, I won't be giving anyone a description, not without a court order proving that they're crooks. I'm not allowed to simply give out that information, not until you determine that they really are a crook.

eyeroll. Sometimes just giving your head a shake works wonders. Someone's clearly trying to rip this person's domain. But since we can't prove it first, they're going to get away with it, unscathed.

jecasc




msg:4390618
 8:25 am on Nov 24, 2011 (gmt 0)

If someone tries to break into your car jecasc, I won't be giving anyone a description, not without a court order proving that they're crooks.


Yes, exactly. That's how it works. As a witness you make your testimony to the proper authorities and if you refuse to give a statement to the police only a court can force you to testify - as long as you are not related to the suspect or incriminiate yourself with your statement. What would I do with a description of a suspect? Search the thief and beat him up?

But since we can't prove it first, they're going to get away with it, unscathed.


You do not need to proove anything, you do not need to do anything. You tell the police and they investigate. Godaddy will then have to reveal the information to the authorities - and they will question the suspect. And then it will turn out if the suspicion it was a domain thief is confirmed or it was an honest mistake by some company secretary filling out transfer forms.

What could you do if Godaddy told you it was company X from Y? Drive over and beat them up? Spread the news in forums and then get sued for libel, when it turns out things were not as they seemed?

I have been in ecommerce for ten years, at least once a month there is a fraud or fraud attempt, I have been blackmailed once, once someone forged my signature and transfered money from my account. I give that information to the police, they investigate, the court convicts. That's how it works.

If you suspect a crime don't wait, don't waste time trying to investigate yourself, report it immediately and without exception.

Status_203




msg:4390619
 9:12 am on Nov 24, 2011 (gmt 0)

Not impressed with this car metaphor.

My wife has before now taken the other car shopping, come out of the shop and stood outside the wrong car (same make and model as hers) trying to get the remote locking to unlock (could hear it going on and off but door wouldn't open, actual car was behind her). There was no intent to "steal a car", just an honest mistake.

Real owner was obviously faster on the uptake. After watching for a while he walked up and said "Here, try mine". Cue "They work, that's not very good is it!... Oh!"

woop01




msg:4391091
 7:04 pm on Nov 25, 2011 (gmt 0)

jecasc, if I submitted the transfer for the wrong domain, it should be up to me to explain why I did it. Bottom line, I'm the one that initiated it and I don't see how I would have any sort of reasonable expectation of privacy with respect to the real owner for an attempt to get a domain I had no right to, mistake or not.

I've given up on thinking going to the police is anything but an absolute waste of time when it comes to things online. The hoops I've seen authorities jump through to shift the jurisdiction to anybody but themselves are nothing short of amazing. They've got too much 'real' crime to take care of and I don't fault them for that.

Status, good example. In that case, your wife would have the opportunity to show that she wasn't trying to steal the car and it was an honest mistake. To make the car example apply to this, it would need to be a masked person and the store would need to be the one refusing the tell them to take the mask off.

I'm not asking for a random person's information. I'm asking for the information of somebody who initiated the transfer.

For the record, I know this is just a rhetorical argument, the only thing I can do is make sure GoDaddy's tech support costs are increased marginally.

davezan




msg:4391184
 1:36 am on Nov 26, 2011 (gmt 0)

Imagine it was the other way round and you had made a mistake when initiating a domain transfer and the provider would reveal your private information and then somebody would start posting warnings all over the internet that "company X" or "person Y" is trying to steal domains. Then you would probably be here asking for advice on how to proceed against this outrageous breach of privacy from Godaddys side.

+1

As soon as you make the effort to steal something - deliberately or not -

Um, doesn't the effort to steal something require a deliberate intent in the first place? Why do it if one didn't intend to?

Someone's clearly trying to rip this person's domain.

In my ex-registrar life, I've had few customers mistakenly start transfers for domain names closely resembling those they intended to move in. We cancelled those orders upon being contacted, and we didn't charge them anyway.

Of course, one can opine. But without further specifics, especially from Go Daddy and/or the person who made that transfer, there is simply no (almost) infallible way to determine if that someone intended to "rip this person's domain".

jecasc, if I submitted the transfer for the wrong domain, it should be up to me to explain why I did it.

Then I suppose you won't mind the registrar submitting your information to the domain registrant or admin contact upon their request? It goes both ways, after all.

Anyway, this seems all's well that ends well, doesn't it? Just saying.

David

woop01




msg:4391220
 6:06 am on Nov 26, 2011 (gmt 0)

What point are you trying to make? My information is publicly available via whois.

I'm also not the one who attempted to transfer a domain from somebody else.

davezan




msg:4391303
 4:51 pm on Nov 26, 2011 (gmt 0)

What point are you trying to make?

Actually, they've already been made in the previous posts:

Imagine it was the other way round and you had made a mistake when initiating a domain transfer and the provider would reveal your private information and then somebody would start posting warnings all over the internet that "company X" or "person Y" is trying to steal domains. Then you would probably be here asking for advice on how to proceed against this outrageous breach of privacy from Godaddys side.

Then I suppose you won't mind the registrar submitting your information to the domain registrant or admin contact upon their request? It goes both ways, after all.

Pretend you mistakenly started a transfer for a domain name closely resembling yours. Pretend, anyway.

Typically a registrar transfer email will only say something like "a request has been made to transfer your domain to X", and not reveal who exactly did that. If that domain's registrant or admin contact similarly demands the registrar give them the name and contact details of the person who started that, would you appreciate the registrar doing so with no further questions asked?

Maybe you won't mind. However, not everyone feels that way.

Sometimes some answers lie within...if one maybe imagines putting the shoe on another foot. Or something like that.

Anyway, a reason the registrar won't provide that person's information is likely due to their legal agreement/s with the person who essentially "did business" with them, part of which surely includes a privacy policy not to give their personal information to just about anyone just like that for any reason etc. While the registrar sent you an email asking for your go-signal, they don't really have any obligations to you other than asking if you want to confirm that transfer or not.

Of course, you can always try what WebWork and jecasc suggested if you really want to pursue the issue further, depending on how important this is to you and how much time and resources you're willing to dedicate to it. Life's sometimes too short to worry about things that can (almost) easily be resolved without further incident, though.

David

woop01




msg:4391342
 7:56 pm on Nov 26, 2011 (gmt 0)

If I mistakenly started a transfer, I am the one who did it, I am responsible for it, I should be expected to explain myself to the owner of the domain. It's not somebody who randomly came in and tried to get my information. It was MY mistake and I fail to see how anonymity is something that should be expected in such a situation.

How is a person who submits a transfer for a domain they have no right to free from the responsibility of explaining why they did it?

Is the 'possibly a typo' argument really the only defense of the practice? People who submit such transfers shouldn't have their information shared with the person they submitted the transfer to just because it might be a mistake?

Of course, you can always try what WebWork and jecasc suggested if you really want to pursue the issue further,


I realize it's not worth pursuing further (authorities simply don't care or have the time for such things), it's just a discussion on the subject matter.

lucy24




msg:4391416
 7:33 am on Nov 27, 2011 (gmt 0)

This whole thing could have been nipped in the bud if the registrar had responded with an explanatory "The request was a mechanical error. The intended domain was www.example.com". If you are www.example.org or www.ex-ample.com* that should be enough information to reassure you without invading anyone's privacy. Your wife with the popular make and model of car only needs to point out her own car, not show her ID.


* Site for people who have lost weight and would like to keep it off.

davezan




msg:4391417
 7:47 am on Nov 27, 2011 (gmt 0)

Then...you pretty much have the answers. But bottom line is that if the registrar's legal agreement with the person they transacted with includes not giving that individual's personal information to anybody for any reason short of a court order, then...they won't.

It would be nice and probably settle the "issue" if they did, of course. Generally, though, no one really has to do anything for anybody else except: a) if the law requires it for something, b) if an agreement was made between two parties detailing how, what, who, when and/or why, or c) if one chooses to.

Anyway, you're fine. Holidays are just around the corner.

David

woop01




msg:4391448
 1:47 pm on Nov 27, 2011 (gmt 0)

lucy24, good point but I still donít understand why you would claim anybodyís privacy would have been invaded. They submitted the transfer.

Thereís a difference between privacy and strategic anonymity.

Webwork




msg:4391475
 4:22 pm on Nov 27, 2011 (gmt 0)

I'll tell y'all how this racket plays out in real life.

"In the day", when domainers were frequently moving domains around either in search of a better deal/reg-sale or moving from countless drop-catcher associated registrars to a preferred registrar, domainers would be on the receiving end of MANY domain transfer requests, from multiple agencies, ALL involving domainer inititated transfers.

Amidst this snow storm of domain transfer activity a sometimes "innocent" transfer request would arrive and go unnoticed as "not owner initiated" . . and the transfer would be approved.

I did this once, but promptly caught it and dragged out the big guns (my own) to let the happy recipient know I was well financed, well connected, ready to immediately pursue their arse around the world and . . . well, I got the domain back and never made the same mistake again.

Was this "taking" innocent? The explanation of the "mistake" wasn't entirely convincing but, perhaps because I was able to identify/locate the "taker" and convey an easily understood cost-benefit analysis, things sorted themselves out quickly . .

Let me preface my further analysis by saying that GoDaddy's transfer request system, which I just examined, is NOT a model of clarity. For example, nowhere during the transfer process does GoDaddy made it clear that in order to lawfully/effectively transfer a domain the transfer-requestor must eithers 1) already OWN the domain; or 2) have reached an agreement with another to tranfer.

I've been subjected to this "innocent mistake" multiple times. Curiously, the innocent usually target my better domains . . but maybe that's just the "odds of an innocent mistake" in play, again. Still, I'd like more information before leaving that actor untouched, to act again and again, perhaps. :-/

It would be nice to assume it's a person, innocently mistaken, but for someone to approach domain acquisition via the "initiate a transfer" approach - versus "newly register the domain" approach - it's reasonable to infer that such person was aware, at the time of the transfer request, that the domain was/is already registered and therefore that it "belongs to someone else". To me the most ready assumption, about the state of mind of the actor, is "knowledge of existing ownership" - otherwise they would have simply "registered" the domain. Assuming less knowledge, i.e., that the person simply clicked the wrong link - the transfer link - is a bit more of a stretch . . but it could happen . .

Of course, such a person could also be a "simpleton thief", thinking/wondering "can me getting this domain be/(is it) as easy as executing a transfer"? That's possible and "almost innocent", but it's pretty clear to me that they're still thieving.

The alternative, given the above "you gotta know it's already registered to seek acquisition by transfer rationale", is that the act involves a more sophisticated thief - one who is playing an "odds game" (IF I do this often enough . . ).

Keep in mind that the classic domain thief executes multiple transfers in attempt to stay one step ahead of lawful process whilst attempting to sell a domain.

Peace on earth . . and may all thieving bassturds repent and redeem themselves, at least for the holidays. ;)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Domain Names
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved