A good defense against this, is to use a domain registrar that allows you to lock the domain. Even easier if you can do it from the web. Then all transfer requests are automatically denied.

Double checked my domain registrar - yes they introduced the lock feature a while back. Everything is locked by default so will not be transferred - my domains are safe.

I've had a couple clients report this. It seems attempts on transfers are up.
I've done registrar lock for all the domains on the three registrars we use.

I did get one of those mails in Russian, apparently. Obviously I didn't have a clue what the thing said, but my registrar received a transfer request for that domain from a Russian company.

Since my domains have been locked ever since it became possible to lock them, the request was denied. The registrar emailed me to let me know what happened. It's great to be on first-name terms with one's registrar!

It should be everyone's first move these days: email your registrar to ask specifically that your domains be locked if you don't see anything in their account manager about locking them yourself. Seems that's your only protection any more.

Hiya,

Jus a quick question regarding locking... is it available on all domains or jus specific ones? For example, i have .co.uk, .org.uk, and .com domains; which of these can be locked and which are at risk?

Cheers

I have .com, .org, .us, .info domains, all of which have been lockable. I would contact your registrars though, I don't have any information on co.uk, etc. as I'm in the US.

eggy ricardo - the process for transferring a .uk domain is substantially different to the common process used for general top level domains, ie. .com, .net, etc.

For a .uk domain, the current host has to hand over the IPS tag for that domain to a new provider, both of whom have to be Nominet tag holders. It's not possible to encounter the scenario where, should you not respond within X days, the domain will automatically be transferred - the existing host has to hand over the domain to the new provider. The new provider cannot simply take the domain because you haven't stated otherwise.

The only exception to this is where the Registrant contacts Nominet directly and uses their online system to transfer the domain. A fee is imposed for this however and all transfers in this manner are checked, by Nominet, to ensure they are legitimate and correct. I've yet to hear of a successful attempt to fraudulantly transfer a domain via this method.

R.

Followup: Leosghost (WebmasterWorld member) translated the email properly for me - here are some things that I missed.

If you do not respond to this mail in 5 days and if at least one other "contact" does reply and accept the transfer , the transfer will go ahead. If no "contacts" reply the transfer will fail

Which is reassuring, the host requesting the transfer is one of the largest in France - so good to see that they follow "sensible" rules in this area - despite sending a domain tranfer request for a domain hosted by a German hosting company, with British contact addresses - in French.

The other interesting piece of info was that the request was prepaid!

So someone somewhere has lost 6 euros... for a good domain name, or even site, this kind of attempt is cheap.

That person can try get a refund from that registrar or do a chargeback.

But still, this is one area I haven't considered when I first posted the thread about the
new domain transfer policy. And it may not necessarily affect .co.uk domains or others
if they have different "providers" for them.

How about using those free translator sites? They may not be perfect but they should
at least give a partial idea of what they're about.

How about using those free translator sites? They may not be perfect but they should
at least give a partial idea of what they're about.

In gethans case they would have actually misled him into agreeing ..even for a French ( "native" or "mother tounge" ) speaking person the wording used was sufficiently "flou" ( vague ) as to be easily open to missinterpretation and most likely in the most dissadvantageous way to the "current domain holder"...

There must be many French citizens already waking up to discover that they inadvertantly "clicked "away their domain names...

I have contacted their ( gethan didn't name them so I won't ..) customer support dept since to suggest to them a more clear set of "instructions" ..."on va voir".

Relying on "babel fish "or it's ilk to do this kind of work is really like hoping the gun found on the floor is loaded with blanks and then trying "Russian roulette" for the first time ( hey!..whatever gets you your "adrenalin rush" ..for me it's skydiving ;)..

How important is your domain name to you?

I would suggest and hope that whilst all the members at WebmasterWorld and the readers are not likely to be angels that those of us who do have a particular language skill can help out ( on a small thing like one of these notices ..hey ..it took me the time to drink a small coffee ) fellow members for free ...and translate ( in resumé ) suspect notices like gethan received...between us we ought to have all the languges that are likely to be encountered ...I am by no means the only French speaker here , there are Russian speakers , Chinese , Hindi , Arabic , Spanish , Portugese etc etc ( If I didn't mention your languege it's to save Bretts bandwidth and to keep my post short..but I hope that you all get the idea and concur ;)...This community should stick together on this one ...if we members can help out on PHP , CSS , etc why not on this one ...to me it makes perfect logical sense ...

<End of Utopian vision>...

anyone else get a French one of these things ..you are welcome to sticky me ..they might not all be the same .

I thought the new ICANN transfer procedure wasn't meant to start till 12th November?

[icann.org...]

The French hosting and registration company probably used "babel fish or similar" to translate the page from the ICAAN site ;)...I have seen some "glorious" translations on some very major sites ..and had many conversations with "official French government approved translators" where I realised that they were 180° from having understood what they had either read , heard or spoken .

( that said , I notice some speeling mistakes in my previous post that I now cannot edit .."Pride goeth before a fall" :(

Actually, assuming most if not all registrars (the gaining one) email the registrant or
administrative contact and don't receive a reply, the transfer won't take place at all.

The first problem occurs if the gaining registrar requires authorization via fax only and
don't email the registrant or admin contact for approval.

The next problem then happens if the losing registrar notifies via email the registrant
or admin contact and neither pay attention to it at all.

Actually, assuming most if not all registrars (the gaining one) email the registrant or
administrative contact and don't receive a reply, the transfer won't take place at all

Nope ..the problem here was that if gethan didn't reply ..and any other contact did ..it would go through ...Before only the admin contact could authorize this ..Most peoples tech contacts are their host company ...by default cos most people think to be the tech contact you need to know how to install apache etc ...

The unbeleivable aspect of all this is that "receiving registrars" can send out emails in languages that are foreign to their recipient ..and your "non" reply is considered to be "assent" ...

How about if "not replying" to spam meant you had signed that " mortgage contract " "or subscription to "tean pron" by default!

Or worse " auto trans " will fool you into thinking you know wether to "reply" or "where to click" ..and when you realise that you were wrong i'ts "waaaaaay to late".

Everything that Leosghost said and:

- If your domain is locked you are safe - do not unlock it under any circumstances - except for your own transfer request.

- This could not just transfer an interesting domain you've registered but your whole website.

- If you have a registrar that doesn't lock your domains - move them asap - to one that does.

I know that hosts not releasing domains can be a problem - and I guess these steps were taken to address this - but the possiblity of a complete hijack of a complete website due to an accidental click is unbelievable.

(if anyone gets a Hungarian hijack attempt - sticky me for translatioin - waiting for the deludge ;))