your unofficial source for daily ICANN news and commentary
The following message popped up on the NANOG list last week, once more illustrating a problem that ICANN has still failed to address -- namely, what is the process by which domain name hijackings should be investigated and resolved:
Hey all, probably not the best place to ask this but thought that I would give it a shot. At my company I manage 30 or so domain names through various registrars, they existed before I came on board. Today I received an email from a person claiming ownership of one of our valuable ones, valuable to us anyway since we have an ASP product sitting behind it. Whois database says that is clearly belongs to him and the ICANN registrar is not one that is being used here, last updated 6 months ago. If this would have been changed 6 months ago I would have been the one to change it, and I didn't change anything. The domain is still pointing to our DNS servers, we haven't had any outages to this point, looks like the admin and tech contacts were the only thing changed, and now 6 months later they want the domain. I've got calls into the current registrar to see what is going on, they were contacted at the same time I was and need some time to see what's going on. Anyone have any advice? Should I call ICANN?
Clearly, a policy needs to be developed to handle such matters. The ICANN report on the earlier Panix.com hijacking noted a failure to establish an "Emergency Recovery Process". It indicated that urgent action for operational emergencies is still a.) – Not documented; b).– Key people who know each other talk on private channels; c).– No clear authority to fix things; all ad hoc. d). – No documented escalation path. If such a process now exists thanks to ICANN's Security and Stability Committee, the folks at NANOG seem to know nothing about it.