Was panix.com in registrar-lock?
Does anyone know if the panix.com domain did, in fact, have an RRP status of registrar-lock in the .com registry sometime before it was hijacked? According to a couple of articles Panix officials insist that the panix.com domain had been registrar locked while George DeCarlo, vice president of marketing at Dotster (Panix's registrar), is reported saying that Panix did not sign onto Dotster's domain-locking service. If we ignore the serious issue of potential notification failures and look at just the registrar-lock issue, there are several possible scenarios: 1) Panix never requested that the panix.com domain be locked. 2) Panix requested the lock, but their registrar did not pass this request to the .com registry. 3) Panix's registrar requested the lock, but the .com registry failed to set the lock status. 4) The registrar-lock status was set at the registry, but it was fraudulently cleared prior to the domain transfer. 5) The registrar-lock status was set at the registry, but the domain was transferred despite the lock. Did I miss a scenario? I'd like to know which scenario occurred in the panix.com hijack, hence my interest in whether the .com registry was reporting the status of panix.com as registrar-lock prior to the hijack. -Richard
<Richard Parker> George DeCarlo, vice president of marketing at Dotster (Panix's registrar), is reported saying that Panix did not sign onto Dotster's domain-locking service. </Richard Parker> On a side, customer service-ish note, when the changes took effect, BulkRegister _told_ me registrar-lock was being enabled on all my domains. I then had the choice of keeping it that way, or actively shutting the service off on my domains. I liked that they took the initiative to do that. Now if I could just get my old employer/current ISP to approve the transfer to my new employer, then I would be set . . . Joe Johnson
On Tue, 18 Jan 2005, Richard Parker wrote:
Does anyone know if the panix.com domain did, in fact, have an RRP status of registrar-lock in the .com registry sometime before it was hijacked?
Based on last month data it did not have in registrar-lock. I believe registrar lock for all panix domain (including panix.net, access.net) was added on January 15th. Based on what I heard in public so far, I'm seeing the following scenario which paints the picture in which everyone did something that as a whole led to the panix.com hijacking: 1. ICANN On November applied new rules allowing for domains to be transfered without positive authorization. This might have relaxed necessary transfer requirements at MIT as well as how Dotster reacts to upcoming transfer requests 2. MelburneIT Something happened in its process, I can imagine several scenarios: 1. it relied on its Reseller to get authorization and its quite likely reseller failed to do so in correct way (Note: Not being MIT reseller, I don't know for sure, but its possible they provide interface for reseller to tell registrar they have fax authorization but then don't check on the fax prior to completing the transfer) 2. its possible mechanism for authorizing the transfer in automated way could be predicated (i.e. one could synthesize web post or email that would approve transfer based on knowing domain name, email address of domain administrator and unique id of the domain within MIT), possibly they faked email coming from panix.com that seems to have approved the transfer 3. Panix Its likely that they failed to request registrar lock from Dotster 4. Dotster It seems likely that they failed to provide notification of the upcoming transfer to its customer because they considered that its only OPTIONAL based on ICANN's policies (Note: I maybe wrong here as dotster actually said they did not even know the domain is being transfered). Its also possible that Panix.com requested registrar lock and Dotster did not set it up. -- William Leibzon Elan Networks william@elan.net
on 1/18/05 6:44 PM, william(at)elan.net at william@elan.net wrote:
Based on last month data it did not have in registrar-lock. I believe registrar lock for all panix domain (including panix.net, access.net) was added on January 15th.
I assume the domain panix.com is excluded from the list of domains locked by Panix on January 15th, since by then the panix.com domain had been hijacked and as such was no longer under their administrative control. Correct? I checked the status of panix.com approximately an hour after the hijack and and at that time the domain was not locked, presumably because the hijacker himself had not requested a lock. If Panix did indeed lock a number of their other domains on January 15th following the hijack of panix.com, that is circumstantial evidence that when the hijack occurred the panix.com domain did not have a status of registrar-lock in the .com registry.
Based on what I heard in public so far, I'm seeing the following scenario which paints the picture in which everyone did something that as a whole led to the panix.com hijacking:
Thanks for the informative summary William. -Richard
participants (3)
-
Joseph Johnson -
Richard Parker -
william(at)elan.net