Online account interface makes spoofing more difficult.
It has been a while since I’ve sold a domain on Sedo, so I noticed a new security enhancement today when transferring a domain to a buyer.
The security problem was that Sedo’s escrow process used to be handled exclusively by e-mail. After Sedo received funds, the seller received an email with instructions for transferring the domain. This e-mail could be spoofed (indeed, I recall reading about at least one such high profile case) resulting in the seller transferring the domain before money was received and into a criminal’s account.
The new process still includes e-mail, but it requires you to log into your Sedo account to verify the money has been received and for instructions on transferring the domain. This is much more secure and is similar to how Escrow.com and Afternic work.
Of course, this is only more secure if people know about the process. Someone familiar with the old process may still be tricked by a spoofed email. So here it goes: If you sell a domain on Sedo, be sure to log in to your account to verify the money has been received and to find instructions for transferring your domain. Do not transfer based on information supposedly sent by a Sedo representative only.