I would also strongly urge to not use a single situation with a clear case of social engineering and a high-profile name to justify a policy that causes confusion, frustration and money to thousands on a regular basis.
It was posed as a "suggestion to consider". Mr. Lecoultre's note on maintaining good communications are well-taken, as any system will result in errors, and being able to rectify them will always be important. There are also registrants who prefer being able to transfer domains more easily than others, and features such as ease of transfer and security are competitive trade-offs that differentiate registrar services. ICANN policy should merely set a baseline. The EPP system has cut down considerably on registrar transfers as a primary mode of hi-jacking, and as Mr. Lau points out, most hi-jackings appear to be precipitated by an identity theft external to the domain registration system (expired or hacked admin contact email address, control of nameservers for the admin contact, and so forth). Accordingly, a registrar transfer of a hi-jacked name will now normally be preceded by a whois change at the losing registrar. It would seem that, at the time of a sale, the marketplace participants would have an incentive to confirm the buyer and seller are real entities, and that the whois data is correct, particularly in circumstances where there appears to have been a sequence of rapid or recent changes leading up to the sale. Registrars cannot confirm whois data on all domains at all times. Pawn shops generally require positive identification of someone who drops off goods to be sold. Obviously, someone walking through the door with a diamond ring is in "control" of the ring, and there may not be a good way to determine if he/she "owns" the ring. However, that person's identity can be confirmed entirely apart from the mere fact of having possession of the ring upon entering the shop. Confirming seller authority "in band" - i.e. by confirming that the purported seller can be contacted through the admin contact email address - is not entirely reliable, as there is no separate "title" system for domain names apart from the whois data itself. For example, one "out of band" method for maintaining contact with a registrant is described in this document: United States Patent Application 20060031330 Kind Code A1 Ruiz; Tim February 9, 2006 Notification system and method for domain name registrars Abstract A system and method of the present invention allow communication via electronic messages between a Customer and a domain name Registrar, avoiding traditional electronic mail (email) communication. Email messages may not be delivered to the Customer for various reasons including the situations where the Customer employs anti-SPAM protective technologies. The system and method of the present invention establish a Communication Link between a Customer's Computer and Registrar's Server, which avoids anti-SPAM protective technologies and email messaging altogether. The implementation of this invention would result in a higher rate of delivered messages to the Customer. Inventors: Ruiz; Tim; (Cedar Rapids, IA)