October 31st, 2005


domain hijacking

I recently transferred some domain names from register.com to namecheap.com. The way you do this is to go to the new registrar (namecheap.com), enter all the domain info, pay for one additional year, and they do all the work of transferring the domain name from the old registrar (register.com). Register.com sent me some emails during the transfer process to notify me that a requested transfer was taking place, and to go to an indicated URL if the transfer request was not correct. Not! What on earth are they thinking? I did nothing (as indicated) and the transfer request was successful. Anybody could have hijacked my domain names out from under me, if I had not seen the domain transfer emails. Now, namecheap.com supports locking the registration record so that this can't happen again.

For .org domains, transferring a domain requires a code called EPP or something that you get from your old registrar. So I had to log in to my register.com account to get that code. But .com and .net require no such thing. Remember who runs .com and .net? Verisign! They continue to be evil by default.