Well, at least the registrar has proof that someone with access to the AuthCode was involved ;)
There are rumours that Verisign may be employing AuthCodes - I see this as a good thing. -- Charles Daminato Life is not holding a good hand; OpenSRS Product Manager Life is playing a poor hand well. Tucows Inc. - [EMAIL PROTECTED] - Danish proverb > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of [EMAIL PROTECTED] > Sent: January 22, 2003 4:32 PM > To: [EMAIL PROTECTED] > Subject: Re: Transfer Email > > > Dave, > > Personally I think your issue may be even easier to > address and it currently exists: domain *AUTHORIZATION > CODES*. > > .Info and .Biz use it and it works just fine. I know that > NSI is a fox guarding the hen house, but with auth codes > the losing registrar has *PROOF* the owner was involved in > the transfer process. That is not currently the case. > > Of course NSI will have to be dragged kicking and > screaming before they will ever consider such a thing. > They prefer the deception of a "waiting period" ....... > > Charles > > > > On Wed, 22 Jan 2003 13:49:39 -0700 > "Dave Warren" <[EMAIL PROTECTED]> wrote: > >> > Yes spammers will in the end get email addresses. But > >>I firmly > >> > believe there is more than enough intelectual > >>horsepower among the > >> > internet community to come up with a way to make whois > >>mining > >> > intractable ..... > >> > >> Maybe: > >> - for "anonymous" users, limit the number of WHOIS > >>requests to a very > >> small number / IP / day, and change e-mail addresses to > >>****@domain > >> - for "trusted" users (well, it is hard to define > >>this... maybe this > >> one is not needed at all), limit the number of WHOIS > >>requests from > >> the same user/day, and include e-mail addresses in the > >>response > > > >Make it a registry command, each registrar can query the > >registry for the > >administrative and technical contact information. The > >registry will then > >query the registrar of record, and if the registrar fails > >to provide a > >response they are billed $100 and the original registry > >is notified to try > >again ASAP. > > > >After that, if GoDaddy doesn't want to return email > >addresses, it's their > >own call. At $100 per bogus answer, I bet they'll decide > >they'd rather lose > >the domain then pay $100 every few seconds. > > > >What will be done with the money? I'm thinking third > >world countries, local > >charities, whatever. Nobody profits, this is just > >designed to be an > >asskicking for those that don't play by the rules. > > > >Exceptions will be made for scheduled system outages, > >within a reasonable > >SLA. Exceptions will also be made for honest accidental > >outages, but again, > >within a reasonable SLA. You can't be down 23 hours and > >59 minutes per day > >every day, or for any excessive period of time. > > > >Lastly, I'd like to see a cost imposed on the registrar > >if they choose to > >DAK a transfer unless they have disabled the domain IN > >ADVANCE. By disabled > >the domain, I'm talking a full lock, NS dropped from the > >roots and > >everything. This is intended to prevent a registrar like > >NetSol from > >denying transfers left right and center on their own. In > >order for this to > >work, there would have to be some way for the end user to > >DAK without the > >registrar incurring a fee, this would get a bit more > >complex in a thin > >registry, but could be workable. > > > >-- > >I used to be indecisive, now I'm not so sure. > > > > >
