Hello, --- Robert L Mathews <[EMAIL PROTECTED]> wrote: > The only possible protection against this kind of attack is a domain > lock > that can't be disabled without some sort of out-of-band agreement, > such > as a notarized letter that's confirmed by the registrar. Such a lock > would need to completely override the response to any transfer > confirmation (or lack thereof) in order to be useful.
Right, I'm thinking for a high value domain such as a GM.com or a BMO.com or from my own portfolio a Jukebox.com or WorldPoker, a phone-verification system (e.g. pay a $20 verification fee for domains flagged for that in the account, in the event a transfer is made) or something "extra" would be needed, to ensure one REALLY wanted them to leave OpenSRS. That extra step would defeat most hackers and hijackers (assuming they can't easily hack a phone system, and that the historical phone numbers are kept track of within OpenSRS; a phone number change from Toronto to Moscow should raise a red flag!). As I was saying to someone else, imagine going away for a 7-day holiday, and finding all one's domains gone? In an entirely digital world, that's certainly possible...creating ties to the physical world makes it a lot harder. Sincerely, George Kirikos http://www.kirikos.com/