Robert L Mathews wrote:
> That's just hand-waving. You aren't going to get tens of millions of
> domain name registrants to implement any kind of more secure e-mail
> than they're already using.
They will if their ISP gives them a more secure alternative ready-to-use.
> They expect to be able to transfer their domain names using e-mail
> approval, even if they change e-mail addresses ten times a year, they
> barely know their own e-mail address, and have lost their registrar
> password. That's not going to change.
And, again, with a reasonable process and a somewhat-fatter registry, it
won't have to.
> Almost all domain name hijackings occur when someone gets access to
> the "owner's" e-mail account, one way or another. When that happens,
> it doesn't matter who asks the "owner" for confirmation.
You have to move the identity from the mail account to the mail client,
and that has to be done aggressively by the mail connectivity provider.
> Do you really believe that registrars are intentionally looking the
> other way, allowing transfers of stolen domain names?
Definitely.
> All the cost, hassle and bad publicity -- for what? A potential profit
> of literally a couple of dollars if nobody notices?
99+% of the people out there are just going to say "oops" anyway.
thesmoozlefamily.com isn't Panix.
> If registrars are actually knowingly allowing the criminal hijackings
> of domain names by third parties, there are plenty of things that can
> be done; it's not as if the registrars are anonymous.
"Knowingly" is irrelevant. Negligence is criminal as well.
This archive was generated by hypermail 2.1.3 : Mon Jan 31 2005 - 23:00:02 EST