@ Charles Christopher,
>What trusted source are you referring to?
DomainTools. It has fairly an unblemished record. I would choose Domaintools data over VeriSign.
On research, I see you HAVE promoted thick whois for years. Distributed whois data IS a solution voiced by some tech experts. I didn't invent it.
VeriSign is not to be trusted, is why distributed whois for dot com is imperitive. If the internet is a trillion dollars economy, dot com is its de facto currency. We both know that.
VeriSign has botched security in its past. Worse, it swept its security lapse under the carpet, instead of inform its clients.
Verisign's spawn, Symantec, has mis-issued 30,000 certificates. Not only has this unfathonable security breach cast doubt on the root, but it is breaking the internet. See:
Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs
Neustar I trust. The dot info/dot org Registry I trust (Afilias?).
VeriSign and ICANN have turned a blind eye to domain trafficking from US Registrars, straight to the Chinese market. China came late to the dot com market.
Every nation's dream is access to the US market, is why it's easy to promote investment in global dot com extension.
Link | Posted on Mar 27, 2017 11:30 PM PDT by Louise Timmons
>You can always create a construct where some system "worked."
>It is not apparent why an instant transfer without ensured notification
>to and explicit approval of the domain owner is tenable under any
>circumstances given the adverse consequences.
Pondering this policy itself is creating a problem, which in turn a registrant is given a method to opt out of that policy because of "problems" the policy creates.
There is ignorance (ignoring something) and there is nescience (having no reason to know something). A carpenter has no reason to know how to wire a house, and an electrician no reason to know how to frame a house.
Todays policies are creating more and more "signaling" (detailed domain status communications and involvement of them in changes that occur) to retail customers so they can have confidence in the status of their domain, and that the domain will not disappear on them. Without such confidence, understanding, and simplicity, retail customers would be less likely to take risk such as working on a website for 5 years. The value extends beyond the domain name itself.
For a professional registrant, the "signaling" creates busy work that they would like to avoid. The professionals position is, if they have the money, transfer it and give me the money. I don't care about much else and I don't need to hear all the details except when the money deposit is made.
Running those two on the same system will cause problems and an additional policy is unlikely to ever solve it without causing more problems for the retail customer, or the professional customer.
The retail customer, again with more and more "signaling" being provided, can't comprehend the idea that checking this box means your domain could disappear at any moment without any communications or notice. And further know what hoops might be required to make this type of state go away so the domain may be considered secure, all the "signaling" returned.
To me this is a natural gray area of life and business, you mix those to into one place and there will be lots of problems. When the problem happens the situation should be fairly clear, retail registrant had one (or a few) domain they were nescience that things would now happen without any involvement of them or any notice to them. If they have 100 domains in their account, all on the sales platform, then they were ignorant, they are pros, cut them no slack.
Can I reasonably assume in good conscious a retail customer knows what they are getting into when they enter a fast transfer sales system? And this happens in an policy environment that is trying to give registrants more and more information to protect them? No.
We take for granted that the registrar has "belief" the retail customer knowingly entered a service agreement, and we reject the registrants belief they terminated that agreement.
Name and shame still seems like the solution, but the problem needs clear articulation. The ability to opt out of the assumed to happen signaling (policy) seems like the problem to me, and that option is created by the pros desire to avoid all the signaling on the shared platform (but know what that means).
Link | Posted on Mar 27, 2017 7:03 PM PDT by Charles Christopher
You can always create a construct where some system "worked." In the financial industry during the "big short" era, the system worked for the benefit of the large financial institutions who were feathering their own beds to the detriment of their customers.
Registrars exist for the purpose of providing DNS related services and owe an obligation to the vast preponderance of customers who are purchasing those services. They are being sold the protection of their domain names and associated resolver support services. Indeed, the successful operation of the entire DNS infrastructure is dependent on that trust and the resiliency provided. The system is supposed to "work" for them - not the gaming operations being run on the side by the registrars and those customers.
It is not apparent why an instant transfer without ensured notification to and explicit approval of the domain owner is tenable under any circumstances given the adverse consequences. Furthermore, in the instant case, the seller explicitly cancelled service and GoDaddy auctions plainly knew or should have known that there was no basis for them selling the domain. Under any construct, it was unconscionable for them to do so. It was not their domain to sell.
It is also apparent that this not an isolated incident of this deceptive "system," and class action litigation is a real possibility. This is in addition to embarrassing publicity, as well as administrative actions via the FTC and ICANN.
And then lastly, there is the premise for this article - it adversely affects the self governance of the entire industry and the stature of the other registrars and organizations who appear to be willingly complicit to known inappropriate if not unlawful behavior occurring in the industry. Think of a media special entitled "The Internet Big Short." It is fairly apparent there is a sufficient ensemble of irate and motivated people here to take whatever steps are necessary to bring about corrective action. I am still waiting for Nima Kelly to respond to my communications - if nothing else as a matter of professional courtesy.
Link | Posted on Mar 27, 2017 6:06 PM PDT by Anthony Rutkowski
Keep in mind that the system worked how it's supposed to work, and how it works to the benefits of hundreds of people that buy and sell domain names every day:
A domain owner lists a domain with a buy now price on the system. Someone buys the domain name and it's instantly transferred to their account.
The issue here is that the seller listed the domain name for sale before they developed the site, and obviously did not intend to sell it many years later. The seller says they somehow canceled the domain from being for sale, perhaps by not renewing the GoDaddy Auctions membership. But not renewing the membership does not remove domains from being for sale. (I'll disregard the GoDaddy phone rep's comments about a mistake, because they try to appease customers and work within a silo at the company.)
So, regardless of whether the listing was every canceled or not, I think this can be a learning opportunity for GoDaddy. It can be rather confusing. GoDaddy should send out an email once a year reminding customers of their fixed price listings. This wouldn't be too difficult to automate, and would have avoided this unfortunate situation.
Link | Posted on Mar 27, 2017 5:04 PM PDT by Andrew Allemann
>why do you defend VeriSign?
Am I? News to me. I am defending the old saying:
"Man with one watch always knows what time it is.
Man with two watches never knows what time it is."
I am defending the authority of a central repository as that is the only way to achieve authority. Like it or not.
If there is only one source, then there can only ever be one answer.
>What is your agenda?
One Truth, versus many truths.
>over other trusted sources?
What trusted source are you referring to? I have already commented about what I have seen over the years. Whois scrapers are not authoritative, mostly they get it right, but not always.
That the industry has evolved without a central repository does not make the existing ones authoritative, its makes them all that there is and all that we have.
Let me take your position. Are you willing to fight to have the current thick registries be turned into thin registries so as to move the data out to the registrars? You are taking that position, that they are a trusted source, so what is good for .com is good for all TLDs. Or are we going to take the position that both thin and thick registries are the same? That they are both authoritative? If so how to we reconcile the differences that come up in the thin registry model?
If you can pull only from Verisign, that is the only answer there is.
For me that is an authoritative result. You and I have no choice but to agree on the value at any given moment, because we shall always receive the same result. Its when we ask to different sources, and each get different answers, that we can't know what truth is.
And to be specific, in theory the registrar is "authoritative" for the contact records, but not the dates, DNS values, or status semaphores, which are centralized at the registry. Its those centralized values that registrar whois gets out of sync on. But a whois record is treated and a "whole". Next you have someone going to say ENOM to pull whois records, but ENOM has been hammering my whois server so I have cut them off from access at the moment, so you do not get any whois result.
Link | Posted on Mar 27, 2017 4:57 PM PDT by Charles Christopher
@ Charles Christopher, when facts state VeriSign has done bad, why do you defend VeriSign?
What is your agenda?
Why are you promoting VeriSign, over other trusted sources?
Link | Posted on Mar 27, 2017 3:52 PM PDT by Louise Timmons
Apart from the facts here that the registrar appears to have erred, there some fundamental juridical and public policy issues here. The concepts of transparency and notice are universally accepted. The rejection of unconscionable agreements is also firmly established in our legal systems. The registrar's behavior here is almost certain to be held unconscionable is any judicial litigation.
Registrars owe an obligation first to their domain registration customers and the integrity of the domain name system. The creation of registrar business units that auction domain names to third parties is inherently subject to abuse and conflict of interest. There is a duty of care to the registrant - especially when the relationship has existed for five years. To the extent an auction operation is allowed, there needs to be special care to ensure transparency and notice to the parties, including approval of transactions.
Link | Posted on Mar 27, 2017 3:02 PM PDT by Anthony Rutkowski
Agreed. I see the crack in the floor.
>The domain owner believes they canceled that listing many years ago.
The conflict of interest remains, and its especially problematic for non-domainers who have no understanding of the secondary market. Thus I thought your articles appropriate, I apologize if I am mistaken.
Link | Posted on Mar 27, 2017 2:56 PM PDT by Charles Christopher
Charles, to be clear, this isn't a case of GoDaddy warehousing domains.
In this case, the domain owner apparently listed the domain with a buy now price on either GoDaddy premium listings or Afternic. Someone bought the domain at the buy now price, so the domain was instantly transferred.
The domain owner believes they canceled that listing many years ago.
Link | Posted on Mar 27, 2017 2:33 PM PDT by Andrew Allemann
Well from whois, and the registry, HorseDVM.com is currently sponsored by GoDaddy. This reminds me of:
"GoDaddy goes to great lengths to hide its expired domain warehousing operations."
And to be clear, I have no relationship with Andrew. But credit where credit is due, he covered this well 10 years ago, and I recall it happening and watching the details unfold. Which it why I knew where to dig up the skeletons ...
Link | Posted on Mar 27, 2017 2:22 PM PDT by Charles Christopher
Louise, how many times have you looked at a registrars whois data, and then looked at the underlying Verisign data and seen with your own eyeballs the registrar was presenting bad data?
I am talking about bad creation and expiration dates, domain status, and DNS server values.
I have lost count of the number of times I have had this experience ....
Link | Posted on Mar 27, 2017 2:11 PM PDT by Charles Christopher
Many thanks for all the many people who are providing support and assistance. The domain is horseDVM.com - a site dedicated to the exchange of horse health information among equestrians and which maintained the HorseDVM(TM) brand for nearly five years. The site (and brand) included especially innovative and evolving infographics for inexperienced horse owners though her coding and embedded databases.
1. The transfer occurred this past Friday, 24 March at about 04.00 Eastern time
2. The domain name had not expired. It was on autopay and checked regularly It was renewed on 3 March and a receipt was provided by the registrar.
3. She asked the auction unit in 2012 to terminate her account, and never heard further from them since that time, until Friday morning when they told her that the domain was sold.
4. She received no offer, but the registrar automatically transferred a portion of the bid proceeds (about $105) to a PayPal account for which has no access.
During the several followup emails and telephone calls that she immediately initiated, some of the registrar staff admitted verbally that the auction unit "seemed to have screwed up," but that they viewed their obligations to the business unit and that the matter was final. Other staff were simply arrogant and unhelpful.
The registrar also would not assist in identifying or any communication with the acquiring entity - which appears to be some kind of IPR agent for Chinese clients whose phone number is not functional, and there is no answer to emails.
The website content continues to be hosted and available at www.horseDVM.com, even though Kelly's ownership of the domain has been taken as reflected in the Whois record. Although this helps the equestrian community that relies on the site, it further exacerbates the hijacking and IPR theft.
This is an opportunity for the registrar community to demonstrate they can really govern their own affairs, as well as for the registrar itself to rectify the matter before the incident details become more public and gets appealed to industry and governmental oversight authorities.
Link | Posted on Mar 27, 2017 1:50 PM PDT by Anthony Rutkowski
@ Charles Christopher,
VeriSign Hacked: What We Don't Know Might Hurt Us
VeriSign Hacked Multiple Times in 2010
VeriSign did not properly report these breaches, so is not to be trusted.
Whois data is safer distributed among the many Registrars that act as intermediaries.
Link | Posted on Mar 27, 2017 1:26 PM PDT by Louise
It might be enlightening if you can determine the answer to some questions:
1. what was the date that this occurred?
2. was the domain expired?
3. was the domain still listed for sale at the auction house since her original enticement?
4. was the registrant offered any funds from the auction?
There are two pertinent ICANN policies that all Registrars need to follow:
1. Post-expiration policy. (see https://www.icann.org/resources/pages/errp-2013-02-28-en)
If the domain was expired, then Registrar MUST disrupt the DNS before taking further action on the domain. This policy has been in place since 2013
2. Change of Registrant policy.( see https://www.icann.org/resources/pages/ownership-2013-05-03-en)
This is a brand-new policy effective December 1, 2016. This policy is designed to prevent domain name hijackings.
This policy should apply to auction houses as well, although there is an exemption called "designated agent" that the auction house may be using if the domain name was listed for sale at the auction house and never removed. But this is pure speculation and would only be applicable post-December, 2016.
I would be happy to help out offline if you prefer.
Link | Posted on Mar 27, 2017 12:49 PM PDT by Thomas Barrett
I need to recant some of my comments. I am wrong about the handling of INTRA-registrar transfers, in the sense that registrars can game their TOS around the policy. Andrew has good details here, and as usual John Berryhill gives great "color commentary" in the comments section.
Link | Posted on Mar 27, 2017 12:46 PM PDT by Charles Christopher