[At-Large] Sonoma Valley Hospital loses 3-letter domain name to hijackers
karl at cavebear.com
Fri Aug 23 18:04:47 UTC 2019
On 8/23/19 10:22 AM, Bill Silverstein wrote:
> How would that have changed things? This is not where the registration
> expired, but it is where someone fell for the providing credentials to
> the account or Network Solutions, again, fell for a scam.
My observation about the arbitrary and capricious ICANN policy of a ten
year maximum is independent of this particular event.
It has been my sense that a larger portion of deceptive transfers occur
at renewal dates - often by people simply not noticing and names
lapsing. This is particularly a problem in ccTLDs where there may not
be any usable grace policies.
(It does not help that the renewal notice system is polluted because
there are some abusive folks out there who send panic-creating mails,
emails, and texts to registrants in order to induce them to jump to a
new, and much higher priced, registrar.)
You ask "what if the owner dies"? To which I would extend and clarify
that not all domain owners are biological, many are corporate, such as
the Sonoma Valley Hospital that is the subject of this thread. I know
from my own operations of various business entities that domain renewals
are a constant and annoying - and error prone - drizzle.
The churn of forced renewals profits no one except, perhaps registrars
and registries (especially in ICANN's new era of no-reason-needed
registry price increases, even for legacy TLDs.) Oh yes, there is
another group that profits - companies that offer domain name "portfolio
management" services, usually for a hefty price.
Moreover, in this era of life on the net a domain name may be an
important part of a decedent's estate.
And, in addition, the notion of lapse by death may, in fact, end up
destroying digital legacies by making them inaccessible.
Last time I calculated, there are more possible domain names than there
are electrons in the universe. There's no particular need to hurry the
reclamation of names. (Especially, as I have commented elsewhere,
domain names are slowly fading from user view:
I am often amused that people claim that domain names are "dead'. What
is "alive"? A paid registration? A viable NS record? Some RR's served
up by those NS listed servers? A server at some address listed by an A
or AAAA or CNAME? etc. etc.
One of the hallmarks of the concept of ownership is the power to say
"no". Anyone who has ever marketed a product and had to deal with
search engine companies knows that once one uses a domain name for a web
site that it is dangerous to ever relinquish that domain name because
competitors will instantly jump onto it. My own companies have large
numbers of old domain names that we hold, but for which there are no web
servers, simply because those names have built up "link juice" that
would benefit our competitors were we to relinquish those names. We are
willing to pay $ for a few years to hold those names and let users (and
web crawlers) get 404 errors rather than have a competitor grab searches
for our products.
As for whois "accuracy" - over the last 25 years I have not yet heard
any cogent, much less persuasive, reason why private information should
be made public 24x7x365 on the basis of mere curiosity without the need
for the querier to state his/her own contact information, state a reason
for access (and supporting proof). I believe I can speak for many
domain name holders that our telephones and emails are filled with junk
derived from whois, even whois entries that vanished years ago.
If you think someone is committing an abuse, then it should be easy to
create a body of evidence to support that belief. And when you dig into
that whois database you ought to be able to state, into a permanent
record, who you are and why you believe you are justified. (And I'd go
further that you should pay some $$ in order to create friction against
More information about the At-Large