New Zealand domain name holders are not at risk from having their registrations hijacked thanks to additional safeguards in the system utilised here, says .nz Domain Name Commissioner Debbie Monahan.
Last week, internet analysts Netcraft reported that new Internet Corporation for Assigned Names and Numbers (ICANN) rules that came into effect this month means domain name transfers will be automatically approved in five days unless explicitly denied by the current registrar.
The new rules state that “failure by the Registrar of Record to respond within five calendar days to a notification from the Registry regarding a transfer request will result in a default ‘approval’ of the transfer”. In the past, the transfer could not take place without a response from the domain name registrant.
At risk are registrants who do not keep contact details for the domain in question up to date, as the new rules could mean a transfer may take place if no response to the transfer request is forthcoming.
The New Zealand .nz domain operates in a different fashion to the top-level .com, .net and .org domains, however. Monahan says that the shared registry system here that uses a “UDAI” or Unique Domain Authorisation Identification does not allow transfers without the registrants’ approval.
The UDAI works as an authentication key that must accompany any domain name transfer. Monahan says that the only way a wrongful transfer could happen with the UDAI is if registrants disclose the authorization key when they shouldn’t. However, even so, the domain hijacker cannot change the registrant name and a reversal of the transfer is possible should the worst happen, according to Monahan.
After the original Netcraft report, some domain name registrars have come out and said the fears of illicit transfers are overblown, pointing out that the new ICANN rules still require the new registrars to seek approval from existing domain name registrants before transfers are allowed. Validating unapproved transfer requests could in fact cost the registrar its ICANN accreditation. Approval from the current registrar is however no longer needed.
Nevertheless large domain name registrants like Network Solutions and Go Daddy in the US are presently either advising clients to lock their domains, or doing it for them automatically.