On 24/11/2021 05:34, Alan Greenberg via CPWG wrote:
In our discussions related to the Transfer Policy PDP, the issue of domain hyjacking and other nefarious actions has come up often, with some people claiming it is a major issue and others that it is not. I just cam across an interesting tidbit.
If you register a domain with GoDaddy, one of the things that pops up (encouraging you to purchase a service from them) is the attached image.
I have no idea where the statistic of 170,000 attempted domain thefts per year comes from.
It may be based on Godaddy's experience, Alan, It is the largest gTLD registrar on the web and owns a number of other registrars, brand protection registrars and ccTLD registrars. Like most of the larger registrar operators, it is a bit of an iceberg with a recognisable large brand on many other brands acquired through takeovers of other registrars and businesses over the years. Some of the mentions of stolen domain names that appear on the various domainer fora mention that their registrant's logins were compromised as part of the theft. This is often down to phishing e-mails sent to the registrant purporting to be from the registrar. High profile brand domain names are often on brand protection registrars and it is typically ordinary registrants and SMEs that are targeted. These are the people that the the 60 day transfer lock manages to protect. The ordinary registrant may not even know that ICANN exists or the process for reversing a domain theft. Some of the arguments on getting rid of the 60 day lock and the opt-in proposals on the Zoom meetings can only have come from being unaware of the issue domain name thefts. The registrants of domain names that are unused as e-mail domain names or developed websites may even be unaware that their domain name has been stolen until it is too late. Most of the time, the targets are high value domain names (short, keyword, short numerical and brand) that can be converted to cash by a quick resale on domain name auction/sales sites. By the time that the domain name has been resold, it can have moved through a number of registrars. The gTLD market may be more affected by domain name theft due to global market for most domain names and the ease with which the stolen domain name can be converted to cash. The ccTLD markets are much smaller in scale and some have a more complex transfer process with a pro-active single registry being the final authority. With ccTLDs, cybersquatting and trademark infringement may be larger problems. The worst case scenario is when a gTLD registrar gets compromised. As the Epik data breach demonstrated, this happens and there is often a scramble to secure affected domain names before they are transferred out. That 60 day lock is a failsafe. Regards...jmcc -- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com ********************************************************** -- This email has been checked for viruses by AVG. https://www.avg.com