> If i understand you correctly, an unethical registrar can initiate a > transfer without actually getting the authorization of the domain owner. > That's nuts.
The *gaining registrar* is solely responsible for authenticating the request. They are required to keep records of all transactions including the ability to prove they took measures to make sure a transfer is legitimate and that the registrant (or registrant's agent) agreed to the transfer. It's been this way since the day ICANN took over and was the procedure agreed upon by all registrars at the time. You see all the new registrars didn't want the losing registrar to have a say in the transfer process because they thought the incumbent registrar (Netsol) would use that power to block all transfers away from them. As we have all learned Netsol made sure there were loop holes in the system so they would still have the ability to block transfers for no reason...
