Has anyone's domain name been stolen after the "five day" rule?
I don't think there is any.

People will have varying reactions upon hearing something "new", especially one that
has the potential to affect their lives.

In this case, it's made transferring away from your current registrar easier. But ICANN
made it clear that the gaining registrar must secure authorization from the "Transfer
Contact" first, be it the Registrant or the Admin Contact on record, depending on the
gaining registrar's discretion.

As long as people are better informed of how this works and are proactive enough to
stay on top of things regarding their domain names, they lessen their risks of their
names getting taken without their consent.

What you need to do is
* submit transfer request in a form provided by Better Registar
* you will receive a email asking for approval for domain transfer, accept it.
* no matter the CurrentRegistar happy or not, 5 days later, you domian is with BetterRegistar.

The second item is not applicable to all registrars. Some still require fax authorization
(using the new form from ICANN) along with additional proof of authentication, again
based on the gaining registrar's discretion. What's worse is if they take it at face
value without actually notifying the real registrant or admin contact.

A domain transfer won't necessarily take place in 5 days. The transfer policies require
authorization from both the gaining and losing one respectively within 5 days each,
so it could take longer unless the registrant or admin contact authorize it sooner.

If your domain is not locked, can someone else steel your domian based on the "five day" rule?
The answer is no.

Unfortunately it can be if the registrant or admin contact isn't proactive enough to
stay on top of it. That's why the lock is all the more vital now.

Let's say
* someone found your domian status if unlocked.
* he requested a domian transfer of your domian name to his registar.
* you will get an email asking for deny or approval of the transfer
What you do next, deny, approval? or just delete the email?
What happens for any of the step here?
The answer is, nothing will happen, no matter you deny or approval, or just deleted the email and go to China have a vacation.

That's applicable if the request is from the gaining registrar, more so if they use
the email authentication method instead of fax.

If the request is from the current registrar, you definitely will need to make sure you
get the email and deny it explicitly.

Has anyone's domain name been stolen after the "five day" rule?
I don't think there is any.

So far so good there hasn't been one that's reported...yet. But in the other forums
I frequent, members have been posting about getting transfer requests already, even
though they didn't start it.

In practice, there are some rogue registrars out there who use weak authentication (e.g. will accept a forged fax) for gaining acceptance of the incoming transfer to them. That's the ultimate source of concern. Keep your domains locked.

I believe that the new rules are riskier.

I sense PR and spin and am always suspicious of it. Prior to the introduction of the new rules I've read up a lot about them at a lot of places. And the more I read the more suspicious I got because of the length they've gone to tell you how you will be more secure, less likely to lose your domain, more likely to get it away from a reluctant registrar, more likely to not be a victim, that you will grow two inches taller and improve your libido ;)

When a second hand car dealer is trying to put a gloss on the car body it's because he doesn't want you to see the crack. So it's worth examining the issue in more detail. The more the PR and the more the spin put to something the more you've got to dig.

>>I am very worried about my domain name, I don't want it to be stolen by someone else
Ah, but that's not the big issue, nobody worries about theft. You now have the reassurance that you can get it away from a registrar who's reluctant to release it.

The topic has been discussed extensively here:
[webmasterworld.com...]

You may draw different conclusions but try and filter out all the talk about protecting you from registrars who don't reply to requests. Your worry, like mine, is about theft. (I've never had a registrar refuse a transfer. And if others have had that problem that is not the issue that concerns you and me). If the new rules were introduced just to help transfers then you and I don't benefit and we have to examine how the new rules impact on the issues important to us, like theft/fraudulent transfers/transfers based on inaction rather than action/transfers made in mistake etc.

>>As long as people are better informed of how this works and are proactive enough to
stay on top of things regarding their domain names, they lessen their risks of their
names getting taken without their consent.

Well said davezan. There is a lot more responsibility on the domain holder now ... or he will lose his domain. Get better spam filters on your email - if you miss an email from a registrar you compound your risk. Don't go on holiday - you can't risk not reading your email for 5 days. Stay warned - you are at a lot more risk now.

Don't go on holiday

Thanks, Macro. But try telling that to everyone else when next month comes up. ;)

All in all, just stay alert, everyone. It's going to be another bumpy ride.