Panic for Tougher Domain Hijacking Penalties?

One of my earlier posts highlighted events in January this year when the domain name of New York based ISP,, was hijacked and ICANN accredited registrar, Dotster, came under fire as did other parties.

I’ve just been reading Panix president Alexis Rosen’s reported comments on the ICANN committee’s recommendations about domain name hijacking in which he wants to see domain registrars punished in any future similar cases.

But in my book ICANN also bears responsibility because they lay down the rules the registrars must follow.

Two issues I’d like to air…

1. What ICANN appears to forget (and Alexis Rosen seems to overlook) is that ICANN themselves changed the domain transfer rules in November 2004 making life easier for hijackers!

Before November 2004 a change of domain name registration had to be approved by both the “gaining” AND “losing” registrars. But under the current rules the transfer can occur without the approval of the registrar “losing” the account.

ICANN’s motive for the rule change was to simplify the domain transfer procedure. But as I said at the time: “This new rule is going to give [con artists] new opportunities to hijack domain names, hijack Web sites“.

2. It is irresponsible for ICANN to provide accreditation to domain name registrars when credentials are in doubt. For example, it is incredible that ICANN agreed to let Brandon Gray Internet Services Inc. (dba “”) Canada become an accredited domain registrar. They should have known in advance that the same people acted under the name of “Domain Registry of America” (DROA), “Domain Registry of Canada” (DROC) and other similar sounding names, responsible for widespread domain slamming complaints and legal action.

To wrap up this post, here are some links to other sites concerning DROA and you may find worth a visit:

Complaint by, Website Designs: Why does ICANN allow Brandon Gray Internet Services, Inc. dba. to take Domains without permission from the registered admin holders?

Frank Khoury’s complaint to ICANN about Domain Registry of America.

Fake “Renewal” Notices Sent by Domain Registry of Canada to Customers of Registrar EasyDNS.

Fraudulent Domain Renewals – What Some Companies Will Do To Get Your Business.

NameJuice Phishing Scam : from Thomas Brunt’s “Outfront” Webmaster Learning Community.

DROA Fraud Warning by
“Many Names, Same Scam: Please note that Domain Registry of America also operates under the following names and most likely many more…
* Domain Registry of Canada
* Domain Registry of Europe
* Domain Registry of Australia
* Brandon Gray Internet Services Inc. dba