No help from ICANN
This is a post from 04/18/07 by Bjorn Kassoe Andersen, founder, owner and leader of Direction, a management and communications consulting company based in Denmark, which had its domain,direction.com, stolen back in 2006.
ICANN has no rules for enforcing the return of stolen domain names. Such rules simply do not exist. If your domain name is stolen, it seems that your only chance of getting it back is arbitration under ICANN’s rules for domain name disputes or a court case.
This is a systemic problem. It is the result of a fast growing Internet and a complex domain name system which is only loosely knitted together. There are few rules and most transactions take place in an international arena in which national legislation and practices are hard to apply.
Here is a list of the organisations whose behavior and policies in our specific case constituted a faulty system which made it easy to steal our domain name and hard for us to get it back:
www.000domains.com – the (former) registrar of our domain name direction.com. Like most registrars of international domain names, they permit change of registration details and transfers by email and do not provide an option for domain name owners to require paperwork before any changes take place. 000domains’ procedure for cancelling an offending change of registry details and transfer did not work. They allowed transfer of our domain to another registrar, even though we informed them that we had not requested any changes and provided all the information and documentation they requested. Once the transfer had taken place, 000domains refused to initiate a return of our domain, stating that ICANN rules do not allow them so to do.
www.struerhosting.dk – our (former) Danish ISP, at that time known as struer.net. A pop3 email account hosted on their servers was hacked and the perpetrator set up a forward of all ingoing mail. This was all it took to initiate a domain name transfer in our name. Struer.net’s management said in a letter that their systems are safe. But Struer.net’s tech support informed us shortly after the theft that they did not have any log details that could be used to track the perpetrator. An ISP with no log files does not provide a satisfactory level of security.
www.123cheapdomains.com aka tucows.com. This was the new registrar used by the perpetrator. Tucows at first refused to return direction.com, as their position was that everything about the transfer appeared to be legal. Tucows did, however, return the domain to us once they were instructed to do so following arbitration from WIPO.
www.smartname.com – Services like this one monetize domain names with a natural flow of traffic through direct typing of the URL. When someone guesses that a domain like direction.com might provide a service with, say, driving directions, they go to the URL and find no driving directions but lots of ads for route planners and GPS systems. Smartname is explicit in their terms and conditions that they do not provide services to fraudsters. In our case they did provide service to a fraudster, and they have not responded to our correspondence.
www.icann.org – this is the organisation responsible for the domain name policies that leave you lost if someone steals your domain name – unless, that is, you also have your domain registered as a trademark and can pursue the offender through ICANN’s policies for domain name disputes. This is only possible if you have a registered trade mark similar to the stolen domain and are willing to pay a fee of USD 1500 to an arbitrator such as WIPO. You will also have to hire the necessary legal assistance – or spend time getting to learn how the system works and do the work yourself.
