November 10, 2004
New rules for domain transfers will come into effect on Friday, making it easier for people to hijack domains, according to the security and network services company Netcraft.
The new rules, set by the Internet Corporation for Assigned Names and Numbers (ICANN), will mean that requests for transferring a domain will be automatically approved in five days unless they are denied by the owner of the domain.
Currently, the ownership of a domain and the nameservers allotted stay as such if a request for a transfer evokes no response.
Domain owner who do not manage their records carefully face problems under the new regime. If the contact addresses given in the records are incorrect then a request for transfer would go to a wrong address and after five days of no response, the transfer would become effective.
No reply becomes the equivalent of saying “yes” to a transfer request, according to the new ICANN policy.
“Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default ‘approval’ of the transfer,” the new rules state.
“In the event that a Transfer Contact listed in the Whois has not confirmed their request to transfer with the Registrar of Record and the Registrar of Record has not explicitly denied the transfer request, the default action will be that the Registrar of Record must allow the transfer to proceed.”
Netcraft said some prominent domains which had lapsed without being renewed included the lapse included The Washingon Post, the Gawker weblog and perhaps the most embarassing gaffe yet, the UK domain for Ogilvy Mather.
ICANN appears to be anticipating a spike in disputes as it has appointed staff to manage its domain dispute resolution policy.