Domain Spats & Disputes

WhoIs, the universal registry of domain name registrant information, does not represent evidence of domain ownership or legal rights, according to a federal court decision from 2007.

According to reports in Domain Name News and the Internet Library, the court declared that a change in a domain’s registrant information does not constitute legal change in ownership, because the WhoIs records are a privately maintained system and not a statute-based system of title.

The case involved the domain express.com, which was owned by Express Media Group, LLC. Apparently, the domain’s registration information was changed without the knowledge of Express Media Group, and subsequently, the defendant, Greg Ricks, bought the domain from the “new owner.”

The court ordered the domain returned to Express Media and held that Ricks was guilty of conversion, which in California is “the wrongful exercise of dominion over the property of another.”

It’s unclear in the various reports how the domain’s registration was changed, or whether the defendant in the case was involved in that change. The court’s decision states that the registration information was changed by “unknown persons, presumably cyber criminals,” and noted that the defendant contacted the “new owner” about purchasing the domain “very soon after the contact info on the registration was changed. ”

The domain was registered through Network Solutions. The registration agreement authorized Network Solutions to process account transactions initiated through the use of the user’s password, and cautioned that use of the service was at the registrant’s own risk

In two weeks, a Kentucky judge will hear arguments on the ordered seizure of 141 gambling-related domains that Kentucky doesn’t like because online gambling competes with the state’s hugely profitable horse-racing industry.

In the report at domainnamenews.com, a Kentucky district court has dismissed all objections put forth by the owners of the domains to be seized.

Judge Thomas Wingate (a moron of the highest order) ordered the seizure of the domains purportedly to protect innocent Kentucky children from the evils of gambling, but the action was a transparent move to protect the state’s revenue from horse racing.

It has been pointed out elsewhere that the move is the equivalent of Saudi Arabia seizing jackdaniels.com because drinking is illegal in Saudi Arabia.

His Dishonor Judge Wingate ordered the seizure in September, requirig the owners to block access to Kentucky residents or lose their domains. According to DomainNameNews, a hearing will be held Nov. 17, 2008.

The well-known registrar GoDaddy promptly rolled over for Judge Wingate and turned over the domains. Network Solutions sent a legal team to fight the action. (More here.)

A U.S. federal district court judge in June froze U.S. assets and ordered a stop to fraudulent domain “renewal notices” that were sent to domain registrants by a Canadian company called Data Business Solutions, which also does business as Internet Listing Service, ILS, ILSCORP.NET, Domain Listing Service, DLS, and DLSCORP.NET.

The practice consists of sending official-looking “invoices” warning registrants that their domain will expire if they don’t renew it in time. This is, of course, true, but the notice further implies that the company behind the “invoice” is the actual registrar. In reality, it is not, and when unsuspecting victims pay for the “renewal,” their domain is transferred to Data Business Solutions from the registrar where they registered it. Alternatively, the “invoice” billed for an annual “domain listing service” or “search engine listing,” leading consumers to believe that the invoice was for a service they had signed up for and that was necessary for their site to be found in search engines.

According to the report in Network World, the the FTC charged that “the ‘invoices’ represented that the defendants had a preexisting business relationship with the consumer. The ‘invoices’ also represented that consumers owed money for the continued registration of their Web site names and that the defendants would provide continued registration services for consumers.”

The FTC’s report can be found here. Further information is also available at flyteblog.com and the webmail blog.

TechCrunch reported in April that Network Solutions was highjacking subdomains to serve advertising-link filled pages when a user requests a subdomain that isn’t used by domains hosted with NetSol.

This means, for example, that if I hosted domainspats.com with Network Solutions, and if I did not set up a subdomain for domains.domainspats.com, or spats.domainspats.com, or anything.domainspats.com, if anyone typed that address into their browser, instead of getting my standard error page, they would get a page filled with ads for which NetSol gets paid.

This would include domains that aren’t set up to resolve the www version of the domain (e.g., www.domainspats.com), and even with www set up properly, it would apply to any and all typos, such as 222.domainspats.com or eee.domainspats.com, or ww.domainspats.com or wwww.domainspats.com.

According to TechCrunch, this practice is affecting hundreds of thousands of sites hosted with Network Solutions.

Shame on Network Solutions. It’s not the first time they’ve been caught engaging in questionable behavior, and it almost certainly won’t be the last.

According to the temporary blog set up by MakeUseOf.com, the MakeUseOf.com domain was highjacked right out of the owner’s GoDaddy account.

According to the report, the attacker somehow got the GoDaddy account details by hacking into the account holder’s Gmail account. Apparently, social engineering was also used to convince GoDaddy to go ahead and transfer the domain immediately.

Official-looking e-mails are really attempts to steal your domains

Both eNom and Network Solutions, two very large registrars that handle millions of domain registrations, are the target of a major phishing attack. It is believed that the perptrator(s) purpose is to acquire the login details for victims’ domain registrar accounts and thereby steal or otherwise compromise their domain registrations.

The phishing warning on Network Solutions home page

Phishing warning on eNom

If you receive any e-mail about your domain registration (or any other online account you may have) you should never click any link in the e-mail. Go the website where you have your account by entering the address in the address bar of your browser.

And it never hurts to drop into your domain registrar account to double-check that your contact information (particularly your e-mail address) is current, and to lock your domain, if your registrar offers such an option.

The domain registrar Directi announced that it has suspended more than 175,000 domain names. Of those, over 50,000 were “involved in various types of abuse, such as spamming, phishing/spoofing, malware perpetration, suspected pedopornography, financial frauds and falsified ‘Whois’ information.”

Directi is targeting “bad actors” who engage in various forms of spam, phishing, and other harmful activities. For example, their analysis looked for bulk registrations of multiple domains with slight variations in the domain — e.g., 018xyz.com, 018xyb.com, 018xyzc.com, etc. — and for domains that use blacklisted nameservers.

Directi disabled their privacy protection service for more than 500,000 domain names.

The move has touched off a discussion at the WebmasterWorld forum over whether a registrar should act as “the domain police” or whether a registrar’s job is merely to register domains for paying customers.

The High Road (aka THR, formerly found at thehighroad.org, now thehighroad.us) is one of the largest and most well-respected guns and shooting messages board on the Internet. It was launched by photog Oleg Volk when The Firing Line (TFL) was shut down. From the beginning, the site and domain were considered to belong to Oleg. The domain was originally registered by Rich Lucibella, who owned and operated TFL. Technical support and hosting were provided by Derek Zeanah.

At some point, Rich wanted to transfer the domain from his own registrar account into Oleg’s. Oleg asked Derek to handle the transfer. Unbeknownst to Oleg, Derek handled the transfer by transferring the domain to himself. The site continued to operate “as is” with no one but Derek aware of the status of the domain’s registration.

Later on, down the a piece, Oleg was exploring the idea of a commercial sponsorship for the site. There was disagreement among Oleg, Derek, and the forum’s moderators about whether or not this was a good idea.

This post is not about whether THR should have any sort of commercial sponsorship. That decision is rightfully the owner’s decision to make.

Derek decided at that point that he was co-owner of the site. He objected vigorously to the sponsorship. He shut down the site briefly. He locked Oleg out of the forum’s Admin area, along with other forum moderators who sided with Oleg in the dispute. He refused to turn over the site’s files and database, and refused to transfer the domain into Oleg’s name.

Rich Lucibella, at the time he transferred the domain, intended to transfer the domain to Oleg, and believed that Derek was properly acting as Oleg’s agent. Rich in fact has stated publicly,

At no time was I aware that Derek was acting as anything but Oleg’s personal agent. Had I been aware that Derek was acting for his own benefit I would never have transferred the domain name to him. It is my position that Mr. Zeanah had fraudulently misrepresented himself to me. If he persists in publicly hiding behind my statements, taken out of context, I will have little choice but to join this legal fray, recover the domain name thru the courts and pursue Mr. Zeanah for my legal fees.

Attempts to settle the matter in private have failed. Oleg has re-opened The High Road at thehighroad.us, and has filed a suit in federal court to resolve the matter.

Read more about TheHighRoad Highjacking here.