Caution : .IN Domain Transfer Fraud

IT.com
Today We received email from Registrar Enom that they have received transfer request for one of our very prime domain name from NameCheap.com and Namecheap is going to be a new registrar on record if we click on the link provided in the email ? Email is received from official Enom id's and all links are properly going to Enom ?

Now points to note that :

1. Namecheap is not accredited .in registrar ? then how can they be the new registrar on record .......

2. Domain name which is in question is not registered with Enom then how can Enom send email that they have received transfer request ? Enom in no way related to domain name.

We immediately contacted .IN registry and also discussed this issue with some domain owners and they also said that they also received such emails , .IN registry took this issue on priority for investigation, since we are registrar on record for this particular domain name so we took this issue to the top level in registry.

It seems that this is a fraud by top registrar, we will update you once we receive update from .IN registry ?


Meanwhile TIPS : Please keep proper contact email id in your domain name whois record so you get such alerts and keep watch on your domain name.



Email text which we received: Edited portion in Italics



From: Namecheap.com <info@transfer-approval.com>
To : Registrant email id (Edited)
Subject : Domain Transfer Request for XXXX.IN (Edited)



STANDARDIZED FORM OF AUTHORIZATION

DOMAIN NAME TRANSFER - Initial Authorization for Registrar Transfer

Attention: Our Email Id
Re: Transfer of XXXX.IN (Edited)

eNom, Inc. has received a request from Namecheap.com Namecheap.com (Namecheap.com) on 26 Nov 2012 to become the new registrar of record.

You have received this message because you are listed as the Registered Name Holder or Administrative contact for this domain name in the WHOIS database.

Please read the following important information about transferring your domain name:

* You must agree to enter into a new Registration Agreement with us. You can review the full terms and conditions of the Agreement at
< Universal Registrar TransfersXXXXXXXXXXXXXXXXXXXXXX > (Edited)

* Once you have entered into the Agreement, the transfer will take place within five (5) calendar days unless the current registrar of record denies the request.

* Once a transfer takes place, you will not be able to transfer to another registrar for 60 days, apart from a transfer back to the original registrar, in cases where both registrars so agree or where a decision in the dispute resolution process so directs.

If you WISH TO PROCEED with the transfer, you must respond to this message by using the following URL (note if you do not respond by 04 Dec 2012, XXXX.IN (Edited) will not be transferred to us):
< Universal Registrar Transfersxxxxxxxxxxxxxxxxxxxxx > (Edited)
YOU MUST CLICK THIS LINK TO CONTINUE THE TRANSFER PROCESS

If you DO NOT WANT the transfer to proceed, then don't respond to this message.

If you have any questions about this process, please contact support@namecheap.com.
 
"It seems that this is a fraud by top registrar, we will update you once we receive update from .IN registry ? "

Seriously?
 
We have received detail reply from .In registry and it is concluded after checking the datawarehouse of Afilias (Tesh. Service Provider of .IN Registry) that they never received such request.

It is concluded that reseller of enom called Namecheap has placed false transfer request , it was not known that they have placed the request with genuine authcode or not as transfer did not go further , If we had click on the approval link then same will touch the registry database and at that time only registry checks authenticity of auth code provided by gaining registrar ?

Now We are regretting that we should click on approve link then we have proof of touching the registry database , only then we can catch them ?


One thing is clear that Namecheap is playing with such kind of transfer ? IN Registry already instructed enom to investigate in the issue ?


Actually this is a fault of transfer mechanism
:

As in regular transfer practice you require to go to gaining registrar with domain name and authcode then gaining registrar places the transfer request and send email to admin contact to approve the transfer, As soon as admin approves the transfer, domain name authcode provided by gaining registrar then goes to registry and if registry finds code correct and domain name is not locked then domain name will show Pending transfer status otherwise same is rejected ?

Other way to transfer is Fax Authorization transfer where transfer is in bulk and a single fax approval of admin can transfer away all domain names.

Fault is that any one can place a transfer request with any authcode but same will get rejected only after the approval , their is no way to check authcode before approval.
 

whois



Forums dedicated to Indian domain names, including buying, selling, appraising, developing, and monetizing.

About Us

Threads
29,388
Messages
76,792
Members
7,945
Latest member
nilamburfurniture
Top Bottom