I am selling a domain, and I see the transfer request in my dashboard, but there is no information about the requestor.
I have no way to authenticate the originator of the request.
The escrow will only release the funds if the new registrant matches the address they have on file.
Is there ever? That’s pretty much the purpose of the auth code. I don’t recall ever seeing info about the requestor when I’ve been alerted. It just says approve now, or wait five days and it will automatically be released.
Thanks for the reply.
It’s been more than 10 years since my last domain transfer between two parties. So the auth code is the only way to authenticate?
This is sad…
So if the buyer shares the code with a third party, how can you prove they didn’t. I mean, there is an email thread but nothing solid.
When you initiate a transfer, you need to enter registrant’s details, why can’t those be shared with the current registrar?
Anyway, this isn’t anything that Cloudflare can do, I just wanted to vent a little.
I like to keep mine secret, just as they are when you do a WHOIS lookup. I don’t want that person to know where I live, nor do they have any need to. I do see a natural desire to authenticate the buyer, but at your end, and in your mind, you know you have: You gave only that one person the Auth Key.
I’m more shocked that this is a requirement of the escrow service, as that’s not part of the natural process.
I see how this can be a privacy problem, however, the escrow showed me the buyer’s address. And they asked me to make sure I don’t transfer to anyone else.
What if the buyer gets the domain and then decide they don’t want to pay. They can simply say: “I didn’t get it. You gave the auth code to someone else who impersonated me.” There is no proof that I did not. And to be honest, there might be a slight chance for our transaction to be highjacked.
What I am saying is that the process to transfer between two entities is a bit outdated.
From a registrar perspective, a domain transfer to a registrar will not share any requester data nor edit the WHOIS contact details. This is usually done before or after transfer. I’d recommend to double check with the escrow first.
Also, ICANN and registries (maybe even registrars) can usually assist with hijacked transfers, but it’s a looooong process.
I wonder if the buyer knows that was going to happen. Again, the seller has no business knowing where I live. It seems to me that the escrow service needs to improve their process.
Well, maybe they do? many reasons to know who you sold something to, as a business. Your Jurisdiction may require it, you may need that info for tax records, or perhaps you would like to do due dilligence and not sell to members of a certain organisation.
This is against the internet’s open nature. Or perhaps I’m just too old fashioned.
Anyway, for authentication, you can do it the casual way by asking for an ID, since that you know the client’s address, I suppose you can communicate with them some how.
You’ve had to supply the same info to verisign et al ; and like I say, you have the right to ask for it, and you have the rright to decline and not buy.
I do agree, slightly, with your sentiment and there are ways to register domains anonymously, but I’m not sure I agree that privacy =/= open
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.