Kai, What you describe is an old process that we use for redemptions. Since mid-2004, we built a more automated solution that allows us to re-insert the domain name into the correct reseller account without modifying any of the data - including the user name and password.
This process is initiated by a reseller going to the Domain Redemption section of the RWI and this triggers an email to our admin team. All that our admin team needs to do is find the deleted domain and click a button "redeem" and the correct transactions are processed (redemption + 1 year renewal) as well as the insertion back into the account. Is the domain that you are using as a test case recently redeemed or one that was redeemed a while back and is just now being noticed because the registrant needed to log in? If the domain was only recently redeemed, please provide the name off-list and I will investigate further. Thanks, Greg Frank Associate Product Manager, TLDs Tucows Inc. 416 535 0123 x1282 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kai Schaetzl Sent: Tuesday, May 31, 2005 6:24 PM To: [email protected] Subject: [domains-gen] Alert: login passwords for redeemed domains not safe! I sent this mail on May 16 to Ross. I didn't hear back anything more than "I'll get on it immediately". I send this mail now to the list so anyone can take precautions for himself. I just found out that Tucows sets the username/password combination for domains which get paid during redemption grace period ("Redemption Request Form") to very obvious words. That means if you once renewed a domain this way and sent the login password to the admin address or to yourself - whoever gets this mail will know how to login to the management interface for all redeemed domains (not only this one). I mean: for *all* domains registered via Tucows ever redeemed that way and where these data weren't changed again! Cause of the problem: It seems that when a domain gets renewed during that period it "falls out" of the login profile and gets a new username/password. Tucows support sets the data to very obvious words without telling the reseller or the owner. This problem may exist with other registrars as well! Kai -- Kai Sch�tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org _______________________________________________ domains-gen mailing list [email protected] http://discuss.tucows.com/mailman/listinfo/domains-gen _______________________________________________ domains-gen mailing list [email protected] http://discuss.tucows.com/mailman/listinfo/domains-gen
