Robert L Mathews wrote:
That's just hand-waving. You aren't going to get tens of millions of domain name registrants to implement any kind of more secure e-mail than they're already using.
They will if their ISP gives them a more secure alternative ready-to-use.
They expect to be able to transfer their domain names using e-mail approval, even if they change e-mail addresses ten times a year, they barely know their own e-mail address, and have lost their registrar password. That's not going to change.
And, again, with a reasonable process and a somewhat-fatter registry, it won't have to.
Almost all domain name hijackings occur when someone gets access to the "owner's" e-mail account, one way or another. When that happens, it doesn't matter who asks the "owner" for confirmation.
You have to move the identity from the mail account to the mail client, and that has to be done aggressively by the mail connectivity provider.
Do you really believe that registrars are intentionally looking the other way, allowing transfers of stolen domain names?
Definitely.
All the cost, hassle and bad publicity -- for what? A potential profit of literally a couple of dollars if nobody notices?
99+% of the people out there are just going to say "oops" anyway. thesmoozlefamily.com isn't Panix.
If registrars are actually knowingly allowing the criminal hijackings of domain names by third parties, there are plenty of things that can be done; it's not as if the registrars are anonymous.
"Knowingly" is irrelevant. Negligence is criminal as well.
