[At-Large] Sonoma Valley Hospital loses 3-letter domain name to hijackers

Karl Auerbach karl at cavebear.com
Fri Aug 23 18:04:47 UTC 2019

On 8/23/19 10:22 AM, Bill Silverstein wrote:
>    How would that have changed things? This is not where the registration
> expired, but it is where someone fell for the providing credentials to
> the account or Network Solutions, again, fell for a scam.

My observation about the arbitrary and capricious ICANN policy of a ten 
year maximum is independent of this particular event.

It has been my sense that a larger portion of deceptive transfers occur 
at renewal dates - often by people simply not noticing and names 
lapsing.  This is particularly a problem in ccTLDs where there may not 
be any usable grace policies.

(It does not help that the renewal notice system is polluted because 
there are some abusive folks out there who send panic-creating mails, 
emails, and texts to registrants in order to induce them to jump to a 
new, and much higher priced, registrar.)

You ask "what if the owner dies"?   To which I would extend and clarify 
that not all domain owners are biological, many are corporate, such as 
the Sonoma Valley Hospital that is the subject of this thread.  I know 
from my own operations of various business entities that domain renewals 
are a constant and annoying - and error prone - drizzle.

The churn of forced renewals profits no one except, perhaps registrars 
and registries (especially in ICANN's new era of no-reason-needed 
registry price increases, even for legacy TLDs.) Oh yes, there is 
another group that profits - companies that offer domain name "portfolio 
management" services, usually for a hefty price.

Moreover, in this era of life on the net a domain name may be an 
important part of a decedent's estate.

And, in addition, the notion of lapse by death may, in fact, end up 
destroying digital legacies by making them inaccessible.

Last time I calculated, there are more possible domain names than there 
are electrons in the universe.  There's no particular need to hurry the 
reclamation of names.  (Especially, as I have commented elsewhere, 
domain names are slowly fading from user view: 
https://www.cavebear.com/cavebear-blog/fading-domain-names/ )

I am often amused that people claim that domain names are "dead'.  What 
is "alive"?  A paid registration?  A viable NS record?  Some RR's served 
up by those NS listed servers?  A server at some address listed by an A 
or AAAA or CNAME?  etc. etc.

One of the hallmarks of the concept of ownership is the power to say 
"no".  Anyone who has ever marketed a product and had to deal with 
search engine companies knows that once one uses a domain name for a web 
site that it is dangerous to ever relinquish that domain name because 
competitors will instantly jump onto it.  My own companies have large 
numbers of old domain names that we hold, but for which there are no web 
servers, simply because those names have built up "link juice" that 
would benefit our competitors were we to relinquish those names.  We are 
willing to pay $ for a few years to hold those names and let users (and 
web crawlers) get 404 errors rather than have a competitor grab searches 
for our products.

As for whois "accuracy" - over the last 25 years I have not yet heard 
any cogent, much less persuasive, reason why private information should 
be made public 24x7x365 on the basis of mere curiosity without the need 
for the querier to state his/her own contact information, state a reason 
for access (and supporting proof).  I believe I can speak for many 
domain name holders that our telephones and emails are filled with junk 
derived from whois, even whois entries that vanished years ago.

If you think someone is committing an abuse, then it should be easy to 
create a body of evidence to support that belief.  And when you dig into 
that whois database you ought to be able to state, into a permanent 
record, who you are and why you believe you are justified.  (And I'd go 
further that you should pay some $$ in order to create friction against 
abusive inquiries.)


More information about the At-Large mailing list