moniker Be concerned about transfers involving Moniker/Namecheap

This is a discussion about the domain name register/company Moniker.
Status
Not open for further replies.

angel69

Level 7
Joined
Dec 20, 2007
Messages
989
Reaction score
118
Feedback: 36 / 0 / 0
(There's no Namecheap subforum so I'm posting this in Moniker but it involves two registrars)

Weeks ago I bought a name that was with Moniker. Its renewal would be expensive so I decided to take it to Namecheap. The seller contacted the auction service later he had not received the email from Namecheap where he had to click/authorize a transfer out. But by then Namecheap was showing the transfer was in progress as if the seller had approved it. He insisted he had not and from what the rep involved said he's a veteran domainer and would not have clicked on something/deleted the email or forget he had. Still, he had meant to release the domain for me so all parties went ahead. He had "told" Moniker he authorized a transfer out by requesting the Auth Code/unlocking the name. But the gaining registrar (Namecheap) proceeded w/o the seller formally authorizing to give me his domain, that is troubling. Moniker was not at fault here as far as I can tell

Now the shoe's on the other foot. I sold a name, my buyer wants to take it to Moniker, the domain is w/Namecheap. But now it is Moniker who did not send me the auth email asking me to click on a link and sign into Moniker (or forward the email to the buyer so that he would) and Moniker is showing the thing is in progress, this time as if I clicked on the link authorizing the name to be moved out of Namecheap. I have not received such email, let alone clicked on anything. Namecheap does send emails to the losing registrant allowing him to cancel but the transfer is completed within 5 days if he does nothing. I told my buyer this and he doesn't have an explanation. Here it is Namecheap who's not at fault .....WTF !..... In the 1st example I told the seller to contact Moniker and ask them why the domain was released when he didn't get an email from Namecheap and now I am the one who should call Namecheap with the same question. These companies aren't even related, Namecheap holds its own registrar accreditation but the WHOIS still lists them as an Enom reseller, the largest one

I find this most concerning because two different registrars have proceeded to accept a domain into them without asking the losing registrant if he authorizes the transfer. Both "knew" the transfer out was probably OK w/the seller since the auth codes were requested/emailed to the owners and domains were unlocked. But that is not enough. Has anybody experienced this recently ? This can't be a coincidence. Does the registry have anything to do with this ? If a thief were to get a hold of the auth code/unlock a name, and the rightful owner did not notice the routine email sent by the losing registrar saying one of his names is being transferred out, he's in big trouble. I don't recall this happening before, it'd be easier to make heads and tails of if the two registrars involved had the same roles in both instances. But they are in opposite roles here. Has the domain transfer process been altered by the registry recently and it's been relaxed ? That would be scary...
 
Last edited:

angel69

Level 7
Joined
Dec 20, 2007
Messages
989
Reaction score
118
Feedback: 36 / 0 / 0
Can someone from Moniker who's knowledgeable about their security intrinsics answer this question. And I'm not picking on Moniker, I just need to understand this correctly. This is the 2nd transfer into Moniker in a row that this happens. I simply moved two names just recently (not at the same time, one and then the other days later) from other registrars to Moniker. This is not the same situation as in my original post here, there we had Moniker as the losing registrar, now we have them as the gaining registrar. Both in these two newer examples in my 2nd post here I was the owner of the domains and Moniker was the gaining registrar --and I was also the gaining registrant-- but this is not the case most of the time, the people asking for a transfer into Moniker can be anyone, ie scammers can be the 'gaining registrants' The 1st name I transferred into Moniker I was expecting the auth email (where the domain owner must click for the transfer to even go on) to be sent to the admin contact as per the WHOIS but instead Moniker sent it to me, ie their customer, who had asked for the transfer-in, and the email address I use with Moniker is NOT the same on the WHOIS for both domains. This was not supposed to happen but I was so tired that day and clicked, I was taken to Moniker, signed in with my info and the transfer went ahead. I didn't want to initiate a ticket and I didn't want to post this since they could view it as 'another attack' but I knew that was not the way things should happen. I thought it was a one-time error by Moniker's systems

Then with the 2nd domain I was transferring into Moniker days later I had the exact same thing happen again, ie instead of having the auth email sent to the admin on the WHOIS (records were public both times, privacy was not on) Moniker sent it to the email address I use with them, ie their customer, who had asked for a transfer-in, Moniker had no way of knowing whether the owner was simply moving his domains around, and even if they did, the auth email must still be sent to the admin contact in the WHOIS and not to the Moniker customer asking for a transfer-in. If Moniker does this now this should not be happening because a thief can manage to get the auth code and unlock my domain at some other registrar and then he can go to Moniker and ask for the domain to be simply transferred to his own account with them. And as per Moniker's current policy IT IS THAT THIEF WHO WILL BE GETTING THE AUTH EMAIL TO CLICK ON, NOT THE LOSING REGISTRANT (OWNER OF THE DOMAIN) The way it is now the person who gets that email is the same person who initiated a transfer-in, ie the Moniker customer, who may very well be some scammer. The transfer did go on OK and the owner of the domain (when it's someone different) would not even have been involved in authorizing this transfer

This is MOST CONCERNING. If Moniker's intention is to have the person who asked for the transfer-in (their customer) forward that email to the actual domain owner, then that would be just absurd. Some losing registrants (honest sellers) do not even have an account with Moniker so when things used to be done correctly the losing registrant (domain owner, seller) would get the email with the link, and if he didn't have a Moniker account, he could forward it to the person asking for the transfer-in (gaining registrant) and therefore Moniker ensured the domain owner either clicked on that link or forwarded the email to the Moniker customer (buyer) I was used to THAT Moniker. Where did that Moniker go..... ? Guys, you need to explain to the members here who've trusted you what your rationale is w/this thing, it simply does not make sense !..... In my original post the situation was different if you read it, but it was also concerning. When a domainer is just moving his names around then fraud can't happen but Moniker has no way of knowing this, and even if it does, all transfers must be in conformity with their security standards. Please explain this to DNF --and don't ask me to submit my personal info/case # to you-- this isn't an aberration, or one exception every couple of years, this is the way Moniker operates right now. Two times in a row ....? That's not a systems glitch. And combined with my example in the original post I find this very disturbing. I've praised you for your security, Moniker, time and time again right here, that you know by now. Is this the beginning of security, your last trump card, finally slipping away ?......
 

Martij

Level 3
Joined
Feb 14, 2013
Messages
74
Reaction score
11
Feedback: 0 / 0 / 0
Hi, angel69

It is very difficult to provide an explanation without the details.
Would you please provide me with the domain names involved so that I can research this thoroughly? We are committed to our customers' security so I'd like to conduct an extensive investigation. My contact information is below:

Regards,
Marti

Marti Johnson - Manager Customer Support - Moniker: Snapnames
954 861 3511
martij@corp.moniker.com
martij@snapnames.com
 

jaydub

Level 10
Joined
Jul 1, 2004
Messages
5,867
Reaction score
547
Feedback: 396 / 0 / 0
I noticed this recently with Moniker as well angel69.
I was transferring a name in and it used to automatically trigger an acceptance email to me from Moniker. But on my last couple I didn't get one. ( a few weeks ago)
However what I did was log in to my account....got to pending transfers....click on the name and (I am not transferring right now so I have to do this from memoery...:uhoh:)
you will see a link to click that will send you the email to authorize the transfer. The authorization/transfer approval comes right away. Well it worked for me anyway.

Long and short of it...it seems they have it set so you have to ask them to send the transfer authorization approval.


Don't know if this answers any of your problems or not..:)
 
Last edited:

Martij

Level 3
Joined
Feb 14, 2013
Messages
74
Reaction score
11
Feedback: 0 / 0 / 0
Hello jaydub,

Thanks for the post. If I could obtain some details I'd be able to research the specific details.

If anyone here on the thread can provide me with the domain names involved I can research this thoroughly. My contact information is below:

Regards,
Marti

Marti Johnson - Manager Customer Support - Moniker: Snapnames
954 861 3511
martij@corp.moniker.com
martij@snapnames.com
 
Status
Not open for further replies.
Top Bottom