If you are an RSP then this should concern you. We have been told over and over again that Domain Direct is treated as an independent RSP with the exact same access to the Tucows registrar as any other RSP. However those statements have been proved incorrect today.
I hope none of us want to see Tucows become an untrustworthy business partner by telling us one thing and then doing something else behind our backs like that "value of trust" company does all the time. I'm hoping they will be honest will us all--in public--and correct any problems that they may find. This isn't a matter of Domain Direct hijacking one or more domains. It's about a possible security hole in the Tucows Registrar *or* a preferred status that isn't suppose to exist. On Sun, 2 Jun 2002, Jim McAtee wrote: > Seems to me that if Domain Direct is going to hijack domains, they'd do more > than hijack a single domain from a single RSP. You think maybe you could wait > until you've contacted OpenSRS about this before you go getting yourself into > a tizzy and posting all of these accusations to this list? > > Jim > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, June 02, 2002 7:21 PM > Subject: Domain Direct has hijacked a customer's domain > > > > I am very disappointed to learn that someone at Tucows hasn't been as > > truthful as we all thought they were and our darkest fears about Tucows > > Domain Direct are starting to come true. We have been told over and over > > that Domain Direct is completely separate from the Tucows registrar > > business and has the exact same access to the registry and registrar as > > any other RSP. Well, it has now been proven to me that this is not the > > case. Domain Direct does have the ability to directly access the registry > > outside of the RSP scope of access. Domain Direct has hijacked a domain > > from our RSP account (they have changed the name servers directly at the > > registry). The OpenSRS RWI does not reflect these changes. Logging in to > > manage.cgi the domain and the changes do not show there as well. Domain > > Direct has gone "behind the back" of Tucows Registrar and made the changes > > to this domain name with out any authorization. > > > > Some details about this domain (from the OpenSRS RWI): > > > > 28 May 2000 - Domain originally registered (I do not know where) > > 24 Apr 2002 - Domain successfully transferred to our RSP account from Domain > Direct > > 02 Jun 2002 - The registrant reports that their domain now resolves to a > > Domain Direct page that says in part "has been suspended by Domain Direct > > Administration. If you are the owner of this domain, please contact > > [EMAIL PROTECTED] to have your domain reinstated." with a big Domain > > Direct logo and a Tucows copyright. > > > > The name server change appears to have taken place after the registry > > published their whois at Sun, 2 Jun 2002 16:48:44 EDT today since it still > > shows the correct information. Tucows WHOIS for the domain still shows > > the correct information. As mentioned previously, manage.cgi still shows > > the correct information. > > > > The authoritive name servers at Verisign registry however now list as > > follows for this domain name: > > > > nameserver = ns1.domaindirect.com > > nameserver = ns2.domaindirect.com > > nameserver = ns3.domaindirect.com > > > > Tucows needs to immediately fix this problem and provide an acceptable > > explanation as to why this happened and why Domain Direct is given > > preferential treatment and power above all other RSPs while we are all > > told otherwise. I really DO NOT want to see Tucows turn into another > > Verisign. > > > > A private e-mail will be sent to Tucows with the appropriate domain name > > as the registrant would like to remain somewhat private. > >
