mikey@Sun

Nominet, and how they stole my domain and then gave it away - part I

Monday Feb 16, 2009

Back in 2006, which is just yesterday in terms of domain name ownership, I registered a domain name. Late in 2008 my ex-business partner left his full time employment and together with somebody else I never met, they went into business together. Good for them. At that point I was asked by my ex-business partner to give away my domain name. It was a good name and it was of use to them. I wasn't about to just give away a perfectly good domain name, and why would I? I asked that he sort out some outstanding paperwork around the business we had, and then I'll think about it. Maybe. Suddenly he wasn't in a hurry to sort our anything so I started ignoring his mails asking about the domain transfer.

Today I learned that Nominet (organization in charge of the .uk top level domain) transferred the domain name to my ex-business partner account, without my approval. Without an email or so much as a phone call or even a signature bearing FAX to me. Essentially Nominet just gave away my domain that I registered in 2006. Nominet stole my domain. Then they sold it or gave it away.

That is theft in my book.

It is also very bad business for people in the internet domain name registration practice to just really mess up on basic security.

So I am seriously wondering what or how did it happen, without my authorization. I was never contacted by them, so... I am speculating here, but if a third party is able to call in, and say he is me, and request a domain to be transfered, which more over succeeds without the TLD administrator verifying identity of the requester, then something is seriously wrong with Nominet.

I just mailed Nominet awaiting some explanation about why they allowed someone to steal my domain name. Was identity thief involved in this?

[8] Comments
Like this post? del.icio.us | furl | slashdot | technorati | digg
Posted at 08:47PM Feb 16, 2009 by Michal Nowak in Personal
Tags:
Comments:

Maybe your ex business partner was somehow able to access the email accounts listed in the "whois" info. For most transfers, a confirmation is required after receipt of a transfer request to one of those contact addresses. Another possibility is that he was able to apparently notarize a transfer form with some kind of false identity or a dodgy notary. Good luck.

Posted by Kevin Hutchinson on February 16, 2009 at 09:53 PM GMT #

Hi Kevin,

thanks for your comment, but this is not the case, since I registered this domain long before we started doing business together, and he never had any level of access (such as passwords, email accounts, paperwork) associated with this domain.

Thanks again!

Posted by mikey on February 16, 2009 at 10:00 PM GMT #

http://www.icann.org/en/transfers/dispute-policy-12jul04.htm

You've never heard of domain locking?

alan

Posted by Alan Pae on February 16, 2009 at 11:37 PM GMT #

Dear Alan,

appreciate your post, but this is with regards to a .co.uk domain. As mentioned on the original post, these happen to be administered by Nominet, not ICANN. Also Nominet does not offer such functionality as locking, but thanks for your inputs anyway.

Posted by mikey on February 16, 2009 at 11:52 PM GMT #

Hi Mikey,

I'm really concerned to read your comments. I can categorically assure you that we're not in the business of 'stealing' domain names. If you could email me with the name of the registration, I will look into what happended on this one.

Regards,
Lesley
CEO Nominet

Posted by Lesley Cowley on February 17, 2009 at 11:47 AM GMT #

UPDATE:

After the mail I fired to Lesley Cowley, CEO of Nominet (who commented here) earlier today, the case resolved itself almost immediately.

I have to say, I was very surprised (in a good way) by the service Nominet provided me with.

Thank you Nominet, you are great guys! :)

Posted by Michal Nowak on February 17, 2009 at 02:24 PM GMT #

This has just happened to me now! I had a breach of my email accounts one weekend, logged a call with 123-reg to explain the situation and then a few days later I get an email telling me my domain freshinc.co.uk has been given to an ex member of my site!

What a joke! The domains were purchased by me, not any company and I have the invoices and details to prove it. Nominet are an absolute waste of time I am still waiting for a response from their disputes department but how could they just hand over this to someone else.

My entire email and customers private information has been handed out by some clerk named Kate Hilsdon

As you can imagine I am infuriated and concerned as I scramble to resolve my banking and other security issues that this has brought up

Never again will I purchase .co.uk whilever nominet is in control of that domain name. Digital britain indeed.

Posted by Michael Bolland on September 30, 2009 at 03:28 AM BST #

UPDATE:

Nominet have now thankfully restored the domain to my ownership after a long discussion. It appears that the attacker has utilised his temporary access to my domain to purge my google domain email and sites which I am aiming to get restored.

What an absolute nightmare! Hopefully this can be sorted as quickly as possible!

Kind Regards

Michael Bolland

Posted by Michael Bolland on September 30, 2009 at 05:55 PM BST #

Post a Comment:
  • HTML Syntax: NOT allowed