Registrar has become a haven for stolen domain names.
Over the weekend I received an email from the (former) owner of ShadesDaddy.com, an online sunglasses seller. He said his domain name had been stolen.
I didn’t have to read on to make a prediction: the domain name was transferred to domain name registrar eName.
Indeed, it was.
How did I make this prediction? Well, a couple months ago someone in Austin was connected to me after their domain name was stolen. It was stolen from their eNom account and transferred to eName, which is the exact same case with ShadesDaddy.
If you do a site search on DomainGang.com for ename.com, you’ll quickly discover stories about a couple dozen domain names allegedly stolen and transferred to eName. Most of them were transferred from GoDaddy, but lately eNom has also become the losing registrar.
In the case of the Austin man who lost his domain from eNom, the domain was unlocked and completely transferred within a day.
Here’s a simple suggestion: registrars should add an internal security check for transfers to eName. At a minimum, they should enforce the five day transfer waiting period to inspect any transfers of potentially valuable domain names.
True, domain thieves could just change their registrar of record. But for now, domain registrars might prevent some unfortunate customer problems by paying a little extra attention to domain transfers heading to eName.
RaTHeaD says
i’m sure Fadi Chehadé will get right on this. probably with a memo to you telling you to be careful not to criticize icann.
Dylan says
ICANN is just as liable as ENOM – with a history of criminal domain activity, ICANN has done NOTHING to ENAME. Action will taken.
Acro says
ICANN should pull the accreditation from Ename until they fix some issues. Have you found their English pages yet? I’m still looking. Ename is by far the hardest domain registrar to deal with when domains are stolen and moved there.
The majority of domain theft cases involved Ename and GoDaddy in 2014. The phishing method on accounts lacking two-factor authentication became a recipe for the Chinese thieves. Despite some domains being returned through legal means or otherwise, there is no evidence that a single person from the perpetrators has been sent to justice.
John Berryhill says
Unfortunately the transfer rules were developed when the “problem” was seen as registrars holding names hostage for unreasonable fees, and not allowing them to be transferred. So, what happened was that the resulting policy made it very difficult for the losing registrar to stop a transfer except for a handful of very specific reasons.
Andrew Allemann says
Sure, but if the registrar uses the 5 day waiting period on a transfer to eName and thinks it’s suspicious, they can reach out to the customer to verify.