Following its review of the Panix.com domain name hijacking (see ICANN blames Melbourne IT for Panix.com debacle), ICANN will review its recently implemented domain transfer procedures. In a letter about the hijacking, ICANN Chief Registrar Liaison Tim Cole says this incident could have occurred under the old policy as well and that the new policy had no bearing on it. However, he says the role of resellers in the transfer process should be reviewed.
I disagree that this could have happened under the “old policy”. The old policy would have explicitly required someone from Panix to approve the transfer. The hijacker would have submitted the request, which would have sent a notification to Dotster, and Dotster in turn would have sent an email to Panix. Panix would have had to login to approve the transfer. It could happen, but it’s much less likely.
The “new policy” has its place. Under the former rules, rouge registrars would ignore transfer requests so they could keep the domain in their system. One of the main lessons from the Panix.com Panic, is that domain name owners should lock their domains until they plan to make changes to them.