As I predicted...

[devolution]

Quite a while ago I discussed the process how some domains could be 'hijacked' through re-registering expired admin contact domains.

Suffice to say, a URDP has just found such a party guilty of doing just that.

http://www.demys.net/news/2003/04/29_2e.htm

[dtobias]

The panel had to rather stretch the concept of the UDRP to reach this decision... the policy was intended for dealing with cybersquatting on a trademark rather than this sort of hijacking, and it seems somewhat questionable whether the complainant had acquired any sort of enforceable trademark rights over the string "2E". Merely using something as an Internet address doesn't cause trademark rights to be acquired; it must actually be branded as a source of goods and services that is recognized by the public, something not really clearly demonstrated in this case.

At any rate, the Demys article ends by saying "Given the scope of potential attacks and damage, it is now imperative for businesses to consider the merits of outsourcing domain management so as to ensure continuity and minimise risk.", which seems a bit self-serving given that Demys is a consulting firm devoted to such management. Actually, all that's needed to prevent such hijackings is a bit of common sense and a minimal degree of attention; just make sure you keep your WHOIS contact info up to date, and that you keep track of the expiration dates of domain names to make sure you don't lose any you don't want to drop. And if you *do* decide to let one drop intentionally, check all your WHOIS records to make sure you don't use the dropped domain as an email address.

It also helps to avoid registering excessive numbers of domain names in the first place; if you use logical subdomains wherever they make sense instead of getting a separate domain for every silly gimmick and temporary event, you'll have a much smaller management problem keeping track of them.

[GiantDomains]

Originally posted by devolution
Quite a while ago I discussed the process how some domains could be 'hijacked' through re-registering expired admin contact domains.

Pretty easy prediction .. unfortunately, it happens all the time

[Nexus]

Originally posted by dtobias
Actually, all that's needed to prevent such hijackings is a bit of common sense and a minimal degree of attention;

You pawn it off as "common sense" and a "minimal degree of attention", but you should know, everything you said after that sentence does NOT constitute a "minimal degree of attention". The degree of attention should be directly proportional to how important and how large your domain collection is. I have to say that I too have a vested interest in making it sound more complicated than it is, but honestly, you have to admit that most people are clueless as to how easily and quickly their domains expire and "go away". Most people think its a simple matter, but we all get lost in the shuffle of life from day to day. All it takes is a busy period of 3 months where one "doesn't have time to deal with it" and your domain is gone.

I called up a domain owner whose name I really wanted. He'd let the admin contact expire, and the name was about to become due. I regged his admin contact (to block any funny business), and tracked him down and let him know the security problem (while asking him if he wanted to sell). He declined selling, and left his e-mail contact as it was! This was months ago, and even now... there it stands. It expires in less than two weeks. Busy corporate level tech-head, but he may well lose his name next month. If he doesn't want to do the paperwork/phone calls now, he'll certainly not want to do it later when it hits redemption. I messed around and lost my SnapBack on it, so I don't mind saying that the name is SECRETAGENT.COM. I might call again and bug him after it expires, but oh, well.

~ Nexus