Some registrars not using EPP/Authorization codes?

[Theo]

I received a transfer request from a UK-based registrar, for a domain that I own. The domain - a .biz - is locked, however how did the request go through without the EPP/Authorization code? Are certain registrars operating in the gray area? I notified them and my current registrar that the request was bogus.

 

[katherine]

Some registrars will first send the E-mail to you the owner to secure your approval then attempt to go forward. Of course it will fail. A more clever script should first check that the domain is unlocked. I also assume that the other party was confused and entered a dummy EPP code which would prove to be wrong anyway.

 

[MediaHound]

Yep Kate nailed it. Sounds like an archaic script.

 

[Theo]

The registrar emailed me back saying that they received a transfer request with a valid authorization id. Of course this is all bullshit. What concerns me is that one of the 3 options to transfer out is via faxing of a form. This is reminiscent of the old NetSol days when the predictable form could easily be modified.

The domain is locked though (client transfer prohibited).

I raise an alert as hijackers are adapting to the new security measures in place.

 

[Theo]

This matter has not closed. The same registrar involved another registrar attempting a cross-registrar transfer. I received failed notifications. I am taking now this matter to the next level.

 

[JRBHosting]

For all they will do (not much), ICANN is probably your next step. Then you would be forced to call a lawyer if its that big a deal.

Jason

 

[Theo]

Not really. I called eNom and they locked down the domain. End of story. Now I have to find out who those assholes are.

 

[JRBHosting]

Ah, you made it sound worse than it was

Good luck!

Jason

 

[Theo]

It's definitely annoying. What we have here is an ICANN accredited Registrar, being used as a Trojan horse to facilitate a domain hijacking. I will reveal the parties involved once I hear back from the 2nd registrar.