on 10/13/03 3:01 PM, Dave Warren at [EMAIL PROTECTED] wrote: > Another alternative is to consider billing for your time in the event > the user loses their password -- Keep in mind, this isn't a situation > that just happens, the client has to not only lose the password, but > they have to lose access to their mailbox as well.
Well, it's happened more than 20 times in the last month to domains in our care, so though it may not be an issue with your registrations, it's becoming one with a large number of ours. I don't know what the answer is, but in the first two years with OpenSRS, we had no username or password required for renewals, and we had no problems that we knew of with domains being renewed by someone who did not own the domain. If it happened, we were unaware of it. With the reverse in play, we are now dealing with one of these nearly every day. Since we now require username and password for renewal, we have had many last minute - domain down - crisis contacts and even though we help these people as quickly as we can, it often requires more than several days to verify that someone really owns a domain if you are going to do it right. In a recent case with a high profile domain, the domain was registered by an employee of the company for three years. He left two years ago. The contact email addresses were all bad - two at defunct email services, and one at yahoo mail. There was nothing in the domain record that identified the company as the owner. The address was the former employee. The phone number was disconnected. None of the email worked. What should I have done? I renewed the domain name on my nickel, and once it resolved again and they sent me the legal paperwork required to change their admin email address, I sent the username and password to the new owner email address. The customer was pleased that I was able to bail them out, but I suspect I violated all the rules on this one. Certainly in the "ISP Theft" scenario from a prior message in this thread, I could have just given the domain name to the ISP. The customer did not protect his asset - certainly not my fault - but if I had let him lose it, I would have been the bad guy many times over. If he had been able to renew the domain name without the username and password, I would have still been involved in the process of changing the admin email address, but it would have been in a more controlled and less stressful environment (and would not have been a panic call in the middle of the night). Anyway, it's an interesting topic. -t
