Hey everyone: See the chain of emails from someone desperate for their registrar to file a TDRP-the registrar is refusing. I've redacted personally identifiable information and we may wish to use this example as evidence. We see this not infrequently. I copied the string so read from the bottom up. Kristine Kristine F. Dorrain, Esq. Director of Internet and IP Services National Arbitration Forum (FORUM) P.O. Box 50191 Minneapolis, MN 55405 Phone 952.516.6456 Fax 866.342.0657 Email kdorrain@adrforum.com domains.adrforum.com This e-mail message and any attachments are confidential and may be privileged information. If you are not the intended recipient, or the person responsible for delivering it to the intended recipient, please notify the sender immediately and destroy all copies of this message and attachments
And to be clear, I know you all told me registrants can complain to ICANN, but this says ICANN told him there is nothing they can do. So we need to be very sure that our recommendations do contain commentary as to safeguards for Registrants to gain recourse against their own Registrars. I understand we've decided that what those safeguards are is outside the scope, but we need to be sure ICANN understands that there is a problem. Thanks, Kristine From: owner-gnso-irtpd@icann.org [mailto:owner-gnso-irtpd@icann.org] On Behalf Of Dorrain, Kristine Sent: Wednesday, February 05, 2014 2:23 PM To: gnso-irtpd@icann.org Subject: [gnso-irtpd] Example email string Hey everyone: See the chain of emails from someone desperate for their registrar to file a TDRP-the registrar is refusing. I've redacted personally identifiable information and we may wish to use this example as evidence. We see this not infrequently. I copied the string so read from the bottom up. Kristine Kristine F. Dorrain, Esq. Director of Internet and IP Services National Arbitration Forum (FORUM) P.O. Box 50191 Minneapolis, MN 55405 Phone 952.516.6456 Fax 866.342.0657 Email kdorrain@adrforum.com<mailto:kdorrain@adrforum.com> domains.adrforum.com This e-mail message and any attachments are confidential and may be privileged information. If you are not the intended recipient, or the person responsible for delivering it to the intended recipient, please notify the sender immediately and destroy all copies of this message and attachments
See the chain of emails from someone desperate for their registrar to file a TDRP-the registrar is refusing.
Whilst I sympathise with the Registrant who has 'lost' control of the domains, the transfers were 'valid' in that they went through the normal transfer processes, were authorised by the contacts on the domain, and they were started by correctly logging into the losing registrar. If the details are exactly as described in the PDF I'd suggest they * first file a report with the police * go see their legal representative * contact the registries concerned * formally write to ICANN (as nothing in there indicated they had actually raised this with icann) Rob
Hi Rob, I tend to agree here. A 'valid transfer' is a transfer where transfer policy was followed in performing the transfer. An 'invalid transfer' is a transfer where transfer policy was not followed, or not completely followed. A transfer against the will of the registrant may still have been a valid transfer, if process was adhered to. Do we need an additional term for such cases? Volker
See the chain of emails from someone desperate for their registrar to file a TDRP-the registrar is refusing.
Whilst I sympathise with the Registrant who has 'lost' control of the domains, the transfers were 'valid' in that they went through the normal transfer processes, were authorised by the contacts on the domain, and they were started by correctly logging into the losing registrar.
If the details are exactly as described in the PDF I'd suggest they * first file a report with the police * go see their legal representative * contact the registries concerned * formally write to ICANN (as nothing in there indicated they had actually raised this with icann)
Rob
-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
Hi Rob & Volker, I disagree with the position that a party using illegally obtained credentials to effect a transfer is a valid transfer. In the banking world, if I get Rob's banking credentials and transfer $10K to my account in North Korea, I complied with the procedures for a "valid transfer" but the transfer is reversible and has consequences. In the domain world, most courts have no power to get a domain transferred to North Korea, but ICANN does. Thus, I think that there should be some allowance to hijack victims under ICANN policy to pursue a fraudulent transfer that was done according to procedure. The burden placed upon parties that unknowingly participated in the transfer should be minimal, but shutting the door on a hijack victim because the hijackers were really good and followed procedure seems unfair. _________________________________ Kevin R Erdman cell 317.289.3934 Sent from my iPhone
On Feb 6, 2014, at 5:45, "Volker Greimann" <vgreimann@key-systems.net> wrote:
Hi Rob,
I tend to agree here. A 'valid transfer' is a transfer where transfer policy was followed in performing the transfer. An 'invalid transfer' is a transfer where transfer policy was not followed, or not completely followed.
A transfer against the will of the registrant may still have been a valid transfer, if process was adhered to.
Do we need an additional term for such cases?
Volker
See the chain of emails from someone desperate for their registrar to file a TDRP-the registrar is refusing.
Whilst I sympathise with the Registrant who has 'lost' control of the domains, the transfers were 'valid' in that they went through the normal transfer processes, were authorised by the contacts on the domain, and they were started by correctly logging into the losing registrar.
If the details are exactly as described in the PDF I'd suggest they * first file a report with the police * go see their legal representative * contact the registries concerned * formally write to ICANN (as nothing in there indicated they had actually raised this with icann)
Rob
-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann - Rechtsabteilung -
Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann - legal department -
Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems
CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
Yes, I want to be clear, I am not saying we backtrack and include this in the TDRP. But this type of issue is exactly the one Registrants are seeking a remedy for within ICANN. And we have to tell them, "sorry ICANN has no provisions for this." If a Registrar refuses to say "hey we were defrauded at the point of receiving the FOA", then a registrant has no recourse. The courts are not a good solution because of the same jurisdictional hurdles the other policies address. I believe we were going to tell ICANN "hey, we note that this is a problem. You might want to create something new to address this because we determined it doesn't fit in the TDRP." My point in sending it was to provide concrete evidence of the problem we're recommending ICANN address. Kristine -----Original Message----- From: owner-gnso-irtpd@icann.org [mailto:owner-gnso-irtpd@icann.org] On Behalf Of Kevin Erdman Sent: Thursday, February 06, 2014 9:04 AM To: Volker Greimann Cc: rob.golding@astutium.com; gnso-irtpd@icann.org Subject: Re: [gnso-irtpd] Example email string Hi Rob & Volker, I disagree with the position that a party using illegally obtained credentials to effect a transfer is a valid transfer. In the banking world, if I get Rob's banking credentials and transfer $10K to my account in North Korea, I complied with the procedures for a "valid transfer" but the transfer is reversible and has consequences. In the domain world, most courts have no power to get a domain transferred to North Korea, but ICANN does. Thus, I think that there should be some allowance to hijack victims under ICANN policy to pursue a fraudulent transfer that was done according to procedure. The burden placed upon parties that unknowingly participated in the transfer should be minimal, but shutting the door on a hijack victim because the hijackers were really good and followed procedure seems unfair. _________________________________ Kevin R Erdman cell 317.289.3934 Sent from my iPhone
On Feb 6, 2014, at 5:45, "Volker Greimann" <vgreimann@key-systems.net> wrote:
Hi Rob,
I tend to agree here. A 'valid transfer' is a transfer where transfer policy was followed in performing the transfer. An 'invalid transfer' is a transfer where transfer policy was not followed, or not completely followed.
A transfer against the will of the registrant may still have been a valid transfer, if process was adhered to.
Do we need an additional term for such cases?
Volker
See the chain of emails from someone desperate for their registrar to file a TDRP-the registrar is refusing.
Whilst I sympathise with the Registrant who has 'lost' control of the domains, the transfers were 'valid' in that they went through the normal transfer processes, were authorised by the contacts on the domain, and they were started by correctly logging into the losing registrar.
If the details are exactly as described in the PDF I'd suggest they * first file a report with the police * go see their legal representative * contact the registries concerned * formally write to ICANN (as nothing in there indicated they had actually raised this with icann)
Rob
-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann - Rechtsabteilung -
Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann - legal department -
Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems
CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
But this type of issue is exactly the one Registrants are seeking a remedy for within ICANN.
The 'claim' is that the transfer (validly completed) was 'fraudulent' because they allowed their details to be exploited/phished/socially engineered or whatever - that's going to need someone to investigate/prove/identify the details of the hack/exploit/scam. Ideally that's a job for the courts and specialists, not ICANN, not a Registrar etc (in many cases) - a *crime* has been committed - we're not 'judges' or qualified to make decisions about that. I hear the 'I've been hacked' story 100 times a week - usually after terminating a spammers services. One of the funniest was Monday someone claiming they never ordered something, and that we're been 'illegally taking money' from their bank account - obviously they must have been 'hacked' (and accused us of doing it) This is after the order came from their IP, it was paid (and 3d-secured at their bank) on their Debit card, they'd raised 3 support tickets/questions in the preceding month, we'd spoken to them by phone at least once ... 'I must have been hacked' translates into 'oh sh!t I forgot to cancel something I dont think I want anymore and rather than being reasonable and asking the company for a refund that they probably would have given without issue, I tried to fvck them over with bullcrap claims' As to the email-chain that started the thread, who is to determine they didnt sell the domains and now have buyers-remorse ? Or had their assets seized by the FBI ? or a million other possibilities ...
I disagree with the position that a party using illegally obtained credentials
I'm merely saying the *correct* credentials were used - if there is a claim that the obtaining of those is 'illegal' then go seek 'legal' counsel. Rob
I can appreciate the concern here. I'm not a registrar, so I don't understand the nuances of transfer, but I do understand an FOA is needed. What if (and I don't know in this case, I'm talking generally), the FOA was fraudulent and the registrar "didn't suspect" fraud. I use quotes because I am asking (honestly, not rhetorically) what prevents a registrar from simply "not noticing" fraud? Does a registrar do any sort of validity check or "well, the request came from an authorized email account so who am I to ask questions"? Is there anything currently being done to encourage or train Registrars to spot fraudulent transfer requests? Sorry if my questions are very basic... -----Original Message----- From: owner-gnso-irtpd@icann.org [mailto:owner-gnso-irtpd@icann.org] On Behalf Of rob.golding@astutium.com Sent: Thursday, February 06, 2014 9:23 AM To: gnso-irtpd@icann.org Subject: RE: [gnso-irtpd] Example email string
But this type of issue is exactly the one Registrants are seeking a remedy for within ICANN.
The 'claim' is that the transfer (validly completed) was 'fraudulent' because they allowed their details to be exploited/phished/socially engineered or whatever - that's going to need someone to investigate/prove/identify the details of the hack/exploit/scam. Ideally that's a job for the courts and specialists, not ICANN, not a Registrar etc (in many cases) - a *crime* has been committed - we're not 'judges' or qualified to make decisions about that. I hear the 'I've been hacked' story 100 times a week - usually after terminating a spammers services. One of the funniest was Monday someone claiming they never ordered something, and that we're been 'illegally taking money' from their bank account - obviously they must have been 'hacked' (and accused us of doing it) This is after the order came from their IP, it was paid (and 3d-secured at their bank) on their Debit card, they'd raised 3 support tickets/questions in the preceding month, we'd spoken to them by phone at least once ... 'I must have been hacked' translates into 'oh sh!t I forgot to cancel something I dont think I want anymore and rather than being reasonable and asking the company for a refund that they probably would have given without issue, I tried to fvck them over with bullcrap claims' As to the email-chain that started the thread, who is to determine they didnt sell the domains and now have buyers-remorse ? Or had their assets seized by the FBI ? or a million other possibilities ...
I disagree with the position that a party using illegally obtained credentials
I'm merely saying the *correct* credentials were used - if there is a claim that the obtaining of those is 'illegal' then go seek 'legal' counsel. Rob
Hi Kristine, the FOA can be obtained in various ways, but the most common one is an email sent to the registrant or admin email address containing a trigger that must be responded to in some fashion. So the transfer would have to be authorized by someone controlling the email account of the registrant. So in order to effectuate a fraudulent transfer the hacker would either have to have access to the email account of the registrant, or to have changed the email address in the whois prior to the transfer, an action that will be made much more difficult once ITRP-C is implemented. Best, Volker
I can appreciate the concern here. I'm not a registrar, so I don't understand the nuances of transfer, but I do understand an FOA is needed. What if (and I don't know in this case, I'm talking generally), the FOA was fraudulent and the registrar "didn't suspect" fraud. I use quotes because I am asking (honestly, not rhetorically) what prevents a registrar from simply "not noticing" fraud? Does a registrar do any sort of validity check or "well, the request came from an authorized email account so who am I to ask questions"?
Is there anything currently being done to encourage or train Registrars to spot fraudulent transfer requests?
Sorry if my questions are very basic...
-----Original Message----- From: owner-gnso-irtpd@icann.org [mailto:owner-gnso-irtpd@icann.org] On Behalf Of rob.golding@astutium.com Sent: Thursday, February 06, 2014 9:23 AM To: gnso-irtpd@icann.org Subject: RE: [gnso-irtpd] Example email string
But this type of issue is exactly the one Registrants are seeking a remedy for within ICANN. The 'claim' is that the transfer (validly completed) was 'fraudulent' because they allowed their details to be exploited/phished/socially engineered or whatever - that's going to need someone to investigate/prove/identify the details of the hack/exploit/scam.
Ideally that's a job for the courts and specialists, not ICANN, not a Registrar etc (in many cases) - a *crime* has been committed - we're not 'judges' or qualified to make decisions about that.
I hear the 'I've been hacked' story 100 times a week - usually after terminating a spammers services.
One of the funniest was Monday someone claiming they never ordered something, and that we're been 'illegally taking money' from their bank account - obviously they must have been 'hacked' (and accused us of doing it)
This is after the order came from their IP, it was paid (and 3d-secured at their bank) on their Debit card, they'd raised 3 support tickets/questions in the preceding month, we'd spoken to them by phone at least once ...
'I must have been hacked' translates into 'oh sh!t I forgot to cancel something I dont think I want anymore and rather than being reasonable and asking the company for a refund that they probably would have given without issue, I tried to fvck them over with bullcrap claims'
As to the email-chain that started the thread, who is to determine they didnt sell the domains and now have buyers-remorse ? Or had their assets seized by the FBI ? or a million other possibilities ...
I disagree with the position that a party using illegally obtained credentials I'm merely saying the *correct* credentials were used - if there is a claim that the obtaining of those is 'illegal' then go seek 'legal' counsel.
Rob
-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
sorry to come in so late on this. i think there are two possible use-cases here, one of which is covered by existing policy and one by the new inter-registrant policy from IRTP-C existing policy - applies to a dispute between registrars - so if the problem with an FOA is fraud perpetrated by a registrar, i would think TDRP would apply inter-registrant policy - applies to a dispute involving the transfer of a domain between registrants (almost always the case in a hijacking) my read of the email thread is that the root of this dispute is inter-registrant (the theft). i think that the new IRTP-C process, which will require more notification and verification of inter-registrant transfers may nip a lot of these in the bud (i sure hope they do, anyway). the conversation then gets quite muddled and i think would benefit a lot from clearer information about the purpose and limits of the TDRP. i’ve been at this a long time and it’s only recently that i’ve come to understand those things. in the case of this email thread i probably would have written back saying something like this “The you and your Registrar appear to disagree whether this situation is addressed by the TDRP — I would suggest forwarding this question to ICANN Compliance for review.” *my* read of this is that the registrar just didn’t think that TDRP applied, nothing more. i think policy *will* have something to say about this case once IRTP-C gets implemented, but it doesn’t right now. m On Feb 6, 2014, at 9:33 AM, Dorrain, Kristine <kdorrain@adrforum.com> wrote:
I can appreciate the concern here. I'm not a registrar, so I don't understand the nuances of transfer, but I do understand an FOA is needed. What if (and I don't know in this case, I'm talking generally), the FOA was fraudulent and the registrar "didn't suspect" fraud. I use quotes because I am asking (honestly, not rhetorically) what prevents a registrar from simply "not noticing" fraud? Does a registrar do any sort of validity check or "well, the request came from an authorized email account so who am I to ask questions"?
Is there anything currently being done to encourage or train Registrars to spot fraudulent transfer requests?
Sorry if my questions are very basic...
-----Original Message----- From: owner-gnso-irtpd@icann.org [mailto:owner-gnso-irtpd@icann.org] On Behalf Of rob.golding@astutium.com Sent: Thursday, February 06, 2014 9:23 AM To: gnso-irtpd@icann.org Subject: RE: [gnso-irtpd] Example email string
But this type of issue is exactly the one Registrants are seeking a remedy for within ICANN.
The 'claim' is that the transfer (validly completed) was 'fraudulent' because they allowed their details to be exploited/phished/socially engineered or whatever - that's going to need someone to investigate/prove/identify the details of the hack/exploit/scam.
Ideally that's a job for the courts and specialists, not ICANN, not a Registrar etc (in many cases) - a *crime* has been committed - we're not 'judges' or qualified to make decisions about that.
I hear the 'I've been hacked' story 100 times a week - usually after terminating a spammers services.
One of the funniest was Monday someone claiming they never ordered something, and that we're been 'illegally taking money' from their bank account - obviously they must have been 'hacked' (and accused us of doing it)
This is after the order came from their IP, it was paid (and 3d-secured at their bank) on their Debit card, they'd raised 3 support tickets/questions in the preceding month, we'd spoken to them by phone at least once ...
'I must have been hacked' translates into 'oh sh!t I forgot to cancel something I dont think I want anymore and rather than being reasonable and asking the company for a refund that they probably would have given without issue, I tried to fvck them over with bullcrap claims'
As to the email-chain that started the thread, who is to determine they didnt sell the domains and now have buyers-remorse ? Or had their assets seized by the FBI ? or a million other possibilities ...
I disagree with the position that a party using illegally obtained credentials
I'm merely saying the *correct* credentials were used - if there is a claim that the obtaining of those is 'illegal' then go seek 'legal' counsel.
Rob
PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
This was not the entire conversation. Once my case coordinator figured out the question was out of his ability to answer, he forwarded it to me and I did direct the person to compliance, including sending him the link to Transfer Disputes on ICANN's site. He said ICANN told him they can't help him. -----Original Message----- From: owner-gnso-irtpd@icann.org [mailto:owner-gnso-irtpd@icann.org] On Behalf Of Mike O'Connor Sent: Saturday, February 08, 2014 7:45 AM To: gnso-irtpd@icann.org Subject: Re: [gnso-irtpd] Example email string sorry to come in so late on this. i think there are two possible use-cases here, one of which is covered by existing policy and one by the new inter-registrant policy from IRTP-C existing policy - applies to a dispute between registrars - so if the problem with an FOA is fraud perpetrated by a registrar, i would think TDRP would apply inter-registrant policy - applies to a dispute involving the transfer of a domain between registrants (almost always the case in a hijacking) my read of the email thread is that the root of this dispute is inter-registrant (the theft). i think that the new IRTP-C process, which will require more notification and verification of inter-registrant transfers may nip a lot of these in the bud (i sure hope they do, anyway). the conversation then gets quite muddled and i think would benefit a lot from clearer information about the purpose and limits of the TDRP. i've been at this a long time and it's only recently that i've come to understand those things. in the case of this email thread i probably would have written back saying something like this "The you and your Registrar appear to disagree whether this situation is addressed by the TDRP - I would suggest forwarding this question to ICANN Compliance for review." *my* read of this is that the registrar just didn't think that TDRP applied, nothing more. i think policy *will* have something to say about this case once IRTP-C gets implemented, but it doesn't right now. m On Feb 6, 2014, at 9:33 AM, Dorrain, Kristine <kdorrain@adrforum.com> wrote:
I can appreciate the concern here. I'm not a registrar, so I don't understand the nuances of transfer, but I do understand an FOA is needed. What if (and I don't know in this case, I'm talking generally), the FOA was fraudulent and the registrar "didn't suspect" fraud. I use quotes because I am asking (honestly, not rhetorically) what prevents a registrar from simply "not noticing" fraud? Does a registrar do any sort of validity check or "well, the request came from an authorized email account so who am I to ask questions"?
Is there anything currently being done to encourage or train Registrars to spot fraudulent transfer requests?
Sorry if my questions are very basic...
-----Original Message----- From: owner-gnso-irtpd@icann.org [mailto:owner-gnso-irtpd@icann.org] On Behalf Of rob.golding@astutium.com Sent: Thursday, February 06, 2014 9:23 AM To: gnso-irtpd@icann.org Subject: RE: [gnso-irtpd] Example email string
But this type of issue is exactly the one Registrants are seeking a remedy for within ICANN.
The 'claim' is that the transfer (validly completed) was 'fraudulent' because they allowed their details to be exploited/phished/socially engineered or whatever - that's going to need someone to investigate/prove/identify the details of the hack/exploit/scam.
Ideally that's a job for the courts and specialists, not ICANN, not a Registrar etc (in many cases) - a *crime* has been committed - we're not 'judges' or qualified to make decisions about that.
I hear the 'I've been hacked' story 100 times a week - usually after terminating a spammers services.
One of the funniest was Monday someone claiming they never ordered something, and that we're been 'illegally taking money' from their bank account - obviously they must have been 'hacked' (and accused us of doing it)
This is after the order came from their IP, it was paid (and 3d-secured at their bank) on their Debit card, they'd raised 3 support tickets/questions in the preceding month, we'd spoken to them by phone at least once ...
'I must have been hacked' translates into 'oh sh!t I forgot to cancel something I dont think I want anymore and rather than being reasonable and asking the company for a refund that they probably would have given without issue, I tried to fvck them over with bullcrap claims'
As to the email-chain that started the thread, who is to determine they didnt sell the domains and now have buyers-remorse ? Or had their assets seized by the FBI ? or a million other possibilities ...
I disagree with the position that a party using illegally obtained credentials
I'm merely saying the *correct* credentials were used - if there is a claim that the obtaining of those is 'illegal' then go seek 'legal' counsel.
Rob
PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
Hi Kristine, I am clearly wearing my registrar hat here, but as the gaining registrar, we usually have no way of determining whether a transfer has been fraudulent or not. What we can see is if we upheld policy in effecting the transfer. The is what makes it valid or not. To see if it was fraudulent or not usually requires information we have no access to. I recently locked down a domain name due to a transfer complaint that appears to have many of the signs of a fraudulent transfer. We are the secondary gaining registrar on this alleged hijacking, meaning that the complainant is not the registrant that authorized the transfer. While I agree that there is a strong likelyhood of the transfer being part of a chain hijacking, we would not be able to prove it in court if the current registrant were to complain that we illegally deprived him of his domain name. Hence I feel very uncomfortable in releasing the domain name as nothing in ICANN policy would cover or indemnify us from such damages. Consequently, we have locked the domain as we would in a UDRP and advised the parties to settle this in court. Best, Volker Am 06.02.2014 16:12, schrieb Dorrain, Kristine:
Yes, I want to be clear, I am not saying we backtrack and include this in the TDRP. But this type of issue is exactly the one Registrants are seeking a remedy for within ICANN. And we have to tell them, "sorry ICANN has no provisions for this." If a Registrar refuses to say "hey we were defrauded at the point of receiving the FOA", then a registrant has no recourse. The courts are not a good solution because of the same jurisdictional hurdles the other policies address.
I believe we were going to tell ICANN "hey, we note that this is a problem. You might want to create something new to address this because we determined it doesn't fit in the TDRP." My point in sending it was to provide concrete evidence of the problem we're recommending ICANN address.
Kristine
-----Original Message----- From: owner-gnso-irtpd@icann.org [mailto:owner-gnso-irtpd@icann.org] On Behalf Of Kevin Erdman Sent: Thursday, February 06, 2014 9:04 AM To: Volker Greimann Cc: rob.golding@astutium.com; gnso-irtpd@icann.org Subject: Re: [gnso-irtpd] Example email string
Hi Rob & Volker,
I disagree with the position that a party using illegally obtained credentials to effect a transfer is a valid transfer. In the banking world, if I get Rob's banking credentials and transfer $10K to my account in North Korea, I complied with the procedures for a "valid transfer" but the transfer is reversible and has consequences. In the domain world, most courts have no power to get a domain transferred to North Korea, but ICANN does. Thus, I think that there should be some allowance to hijack victims under ICANN policy to pursue a fraudulent transfer that was done according to procedure. The burden placed upon parties that unknowingly participated in the transfer should be minimal, but shutting the door on a hijack victim because the hijackers were really good and followed procedure seems unfair. _________________________________ Kevin R Erdman
cell 317.289.3934
Sent from my iPhone
On Feb 6, 2014, at 5:45, "Volker Greimann" <vgreimann@key-systems.net> wrote:
Hi Rob,
I tend to agree here. A 'valid transfer' is a transfer where transfer policy was followed in performing the transfer. An 'invalid transfer' is a transfer where transfer policy was not followed, or not completely followed.
A transfer against the will of the registrant may still have been a valid transfer, if process was adhered to.
Do we need an additional term for such cases?
Volker
See the chain of emails from someone desperate for their registrar to file a TDRP-the registrar is refusing. Whilst I sympathise with the Registrant who has 'lost' control of the domains, the transfers were 'valid' in that they went through the normal transfer processes, were authorised by the contacts on the domain, and they were started by correctly logging into the losing registrar.
If the details are exactly as described in the PDF I'd suggest they * first file a report with the police * go see their legal representative * contact the registries concerned * formally write to ICANN (as nothing in there indicated they had actually raised this with icann)
Rob -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann - Rechtsabteilung -
Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann - legal department -
Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems
CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
Hi Kevin, I am purely talking policy on this when I define "valid". 'Valid' in the sense of the policy is a transfer that has followed the policy rules. A transfer that was used with fraudulent means is just that: 'fraudulent'... So a valid transfer may have been fraudulent, but that does not make it invalid in the eyes of the current policy. So instead of expanding the interpretation of valid, I'd suggest we develop alternative language for what you mean by invalid, such as unauthorized or fraudulent... Volker Am 06.02.2014 16:04, schrieb Kevin Erdman:
Hi Rob & Volker,
I disagree with the position that a party using illegally obtained credentials to effect a transfer is a valid transfer. In the banking world, if I get Rob's banking credentials and transfer $10K to my account in North Korea, I complied with the procedures for a "valid transfer" but the transfer is reversible and has consequences. In the domain world, most courts have no power to get a domain transferred to North Korea, but ICANN does. Thus, I think that there should be some allowance to hijack victims under ICANN policy to pursue a fraudulent transfer that was done according to procedure. The burden placed upon parties that unknowingly participated in the transfer should be minimal, but shutting the door on a hijack victim because the hijackers were really good and followed procedure seems unfair. _________________________________ Kevin R Erdman
cell 317.289.3934
Sent from my iPhone
On Feb 6, 2014, at 5:45, "Volker Greimann" <vgreimann@key-systems.net> wrote:
Hi Rob,
I tend to agree here. A 'valid transfer' is a transfer where transfer policy was followed in performing the transfer. An 'invalid transfer' is a transfer where transfer policy was not followed, or not completely followed.
A transfer against the will of the registrant may still have been a valid transfer, if process was adhered to.
Do we need an additional term for such cases?
Volker
See the chain of emails from someone desperate for their registrar to file a TDRP-the registrar is refusing. Whilst I sympathise with the Registrant who has 'lost' control of the domains, the transfers were 'valid' in that they went through the normal transfer processes, were authorised by the contacts on the domain, and they were started by correctly logging into the losing registrar.
If the details are exactly as described in the PDF I'd suggest they * first file a report with the police * go see their legal representative * contact the registries concerned * formally write to ICANN (as nothing in there indicated they had actually raised this with icann)
Rob -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann - Rechtsabteilung -
Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann - legal department -
Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems
CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
participants (5)
-
Dorrain, Kristine -
Kevin Erdman -
Mike O'Connor -
rob.golding@astutium.com -
Volker Greimann