Guest Post: Life Of A Domain Recovery Agent by Kevin Fink – Part 2

The following is a guest post by Kevin Fink, the Senior Recovery agent atDomainTheft.org. Kevin has been working hard since we launched working with domain owners every single day and successfully recovering names for businesses small and large! 

 

Yesterday I spoke about the types of theft reports we get where there really is nothing we can do, where it’s really the owner’s misstep (as in the case of an expiring domain), and just plain, bad luck (having your email account hacked).

But sadly, there is another – far more troubling – trend that has appeared: domains being hijacked by shady business partners, web developers or designers gone rogue, or worst of all…sneaky registrars and hosting companies.

The statute of limitations on opening a case with us is supposed to be 30 days, but we’re getting dozens of inquiries from thefts that have occurred as long as a few years ago – and the prevalent theme with each of these is: a former designer, developer, friend, business partner…deciding to hold the domain hostage. 

Say someone starts a business and asks one of these said people to maintain the accounts; well, if there is a falling-out, guess what is used as leverage? The domain; and because these people were usually entrusted with the account credentials, this becomes a total gray area.

In these cases, as far as the actual owner is concerned, the domain is “stolen” and the alleged-thief is taking control of a name unlawfully – but it devolves into this legal-gray-area because…they had been given account access at some point.

It boils down to a simple case of someone being mistrustful. It’s a shame these instances are abundant, and even worse that we can do so little about them.

As a recovery agent, my only course of action is reaching out to these now-current “owners,” in hopes we can start a dialogue. But legal action outside our jurisdiction may be the only thing left for the original owner to use as recourse.

Now let’s talk about shady registrars and hosting companies. I have spoken to clients who were simply not given renewal notices by the registrar (which absorbed the name once expired), or alleged occurrences of a name being lifted from the account – simple as that. Of course, there are hosting companies and registrars, many unaccredited, and some legit, who go defunct – and where do all their names go when that happens?

(crickets)

This is an emerging problem, and in each case I have dealt with, the registrar feigns ignorance or confusion, while the owner ponders legal action.

As domains become more commonplace in our world and instances of theft increase, the honest truth is that we’re not going to be able to curb these trends of abuse by ourselves – we will need transparency from accredited registrars, hosting companies, and other regulatory bodies that are supposed to cater to the people.

And hopefully, the emergence of partnerships between multiple law enforcement agencies will shed some light on how best to go about dealing with these matters in the future. The best part about being a recovery agent is seeing a domain go back into the hands of its owner. We have had some great cases where a simple email from us has scared the thief into returning the name or even the discussion of our involvement by the owner is enough to get the name back. This is one of the best feelings in the world and as you would expect, the owners are incredibly happy and relieved to have their names back.

While we are limited in how far we can go with each case, we do everything we can within our own legal right to provide our time and expertise to people for free, every single day. One of the exciting features we hope to offer in the future is a verification for registrars and other companies that offer domain names – it is through these partnerships that we hope to foster education and understanding that will only serve to strengthen the relationship between domain owners and these larger conglomerates.

Until then, as such in life, be careful who you entrust sensitive information to and if a domain of yours is every stolen, know that I’ll be here to help!

{ 2 comments… add one }

  • ccTLD April 19, 2012, 1:35 pm

    what are the chances when the original owner files an UDRP?
    TEAC effective June 1 should make live a little easier incase of a domain theft.

    Reply
  • Joe May 3, 2012, 6:31 pm

    I recently noticed that if you have a domain at namecheap, and sell it, but leave a permission on the name to edit the details with a 3rd party account, that 3rd account could still access that domain after it was pushed to a buyer’s account…

    Reason I found it, is this friend that lives in another country years ago wanted me to register his last name .com, and I did and over the years I renewed it, and did not ask for anything, but this year he wanted to have the name in an account that he could renew it. I then went in and gave my main account “permission” to edit the domain and pushed it to his account, to test to see if I could still edit it from my main account, and sure enough, I could. Note, I had to use 3 accounts for this to work, HOLDINGACC where the name had been sitting, an where I went to edit the permissions, and push the name, BUYERSACC where I pushed it to, and MAINACCOUNT where I maintain my own names.

    I know this ma be a gray area, and some may abuse this ability, by “pushing” an account after getting paid for that name, and then reclaiming said name, but my purpose was to maintain some control due to lack of payments for the renewals over the years… But that said, maybe it would be good for people to know to check for such “permissions” after they receive a domain that was pushed into their account, to stop any ties to old accounts. I hope that makes sense.

    Reply

Leave a Comment