Elliot, It's true that high profile hijackings do not occur very often. However, we shouldn't also assume that because that's true other hijackings are not occuring. You and I both know that they do. I can gather information on how many transfers we don't allow to start due to being within the 60-day new registration period. But that doesn't necessarily mean they are all attempts to hijack domain names. We don't currently prevent transfers from starting within 60-days of a previous transfer, but are looking at whether or not that could be done technically. What I can tell you is that we deal with hijacking or attempted hijacking issues every day. Though those names may not be high profile, the registrants are just as concerned. The problem with hijacking is that it can have a devasting and long lasting affect. Current resolution processes, even with cooperative registrars, often take days to complete and correct the situation. And there are cases where the hijacker just plain gets away with it. When multiple transfers occur as a part of the hijacking it further complicates resolution, and may even make resolution impossible. The TF on that PDP summarized in their implementation notes: "There are situations where domain names have been hijacked by initiating a large number of transfers through several registrars to make it difficult to trace the original registrant. There is also the issue of how to implement a transfer undo command when a transfer may keep occurring many times in quick succession. It would increase stability of the system to also put a 60 day block on a transfer to a registrar other than the original registrar after a transfer has completed." It's unfortunate, in my opinion, that the current policy's list of reasons for denying transfers are all lumped under the *may* qualifier. I think both 60-day reasons (after new registration and transfers) should be mandatory. Of course pursuing any change should be at the consensus of the RC as a whole. Just presenting some food for thought based on our experiences. Tim -------- Original Message -------- Subject: Re: [registrars] Grave Robbing and SEDO Fencing From: elliot noss <enoss@tucows.com> Date: Tue, August 07, 2007 7:18 am To: Tim Ruiz <tim@godaddy.com> Cc: Registrars Constituency <registrars@gnso.icann.org> tim, I would also strongly urge to not use a single situation with a clear case of social engineering and a high-profile name to justify a policy that causes confusion, frustration and money to thousands on a regular basis. the fact that this is in front of us and, I expect, will be rectified appropriately shows that those restrictive policies are not needed. what would be instructive in this matter would be for go daddy to let us all know how many transfers a month are refused on this basis. bad facts make bad law. Regards