Latest news of the domain name industry

Recent Posts

Verisign demands 24/7 domain hijacking support

Kevin Murphy, August 6, 2012, 13:51:44 (UTC), Domain Registrars

Verisign is causing a bit of a commotion among its registrar channel by demanding 24/7 support for customers whose .com domains have been hijacked.
The changes, we understand, are among a few being introduced into Verisign’s new registry-registrar agreement for .com, which coincides with the renewal of its registry agreement with ICANN.
New text in the RRA states that: “Registrar shall, consistent with ICANN policy, provide to Registered Name Holders emergency contact or 24/7 support information for critical situations such as domain name hijacking.”
From the perspective of registrants, this sounds like a pretty welcome move: who wouldn’t want 24/7 support?
While providing around the clock support might not be a problem for the Go Daddies of the world, some smaller registrars are annoyed.
For a registrar with a small headcount, perhaps servicing a single time zone, 24/7 support would probably mean needing to hire more staff.
Their annoyance has been magnified by the fact that Verisign seems to be asking for these new support commitments without a firm basis in ICANN policy, we hear.
The recently updated transfers policy calls for a 24/7 Transfer Emergency Action Contact — in many cases just a staff member who doesn’t mind being hassled about work at 2am — but that’s meant to be reserved for use by registrars, registries and ICANN.

Tagged: , , , , , , ,

Comments (4)

  1. Louise says:

    Interesting policy – thanx for update!
    Dutch domain provider TransIP signs almost all of its clients’ .com, .net, .nl, .eu and .be domain names, so they are protected “against the many exploits of the DNS-protocol.”
    – TransIP to Sign Over 400.000 Domain Names
    Why can’t ICANN make DNSSEC mandatory?
    Would you do something for me, @ Kevin? Would you poll ICANN and Verisign, and find out who has a masters in Computer Systems or greater? Even Bachelors’. Not many, from the looks! Thank you.

  2. Acro says:

    Two-way authentication would eliminate 99.999% of all such domain thefts.

  3. Louise says:

    @ Acro, DNSSEC, and 2-way authentication, both on new regsitrations and transfers – yes. When I sign up for a Google email address, the forms asks if you want a phone call or text message, then you have to input the code to finish the process. Simple, fast. Is that what you are talking about?

  4. Avtal says:

    @Acro and @Louise: Two-factor authentication is a good idea, but not a panacea. For instance, if an attacker can convince your phone carrier to forward your calls and messages to his phone (“Hi, I’m Louise, I lost my phone, can you forward my calls to this other phone?”), then they have a key into your Google email. It’s dangerous out there…

Add Your Comment