[ale] sponsoring registrar

Michael H. Warfield mhw at WittsEnd.com
Mon Oct 20 16:53:14 EDT 2014


Oh lord, this one has my name written all over on it.

On Mon, 2014-10-20 at 13:05 -0500, Todor Fassl wrote:
> I am a member of a non-profit. Years ago, one of our members set up a 
> web site and put everything in his name. Well, he died and now the web 
> site is down.

Ouch.  Sorta been through this more times than I care to recall.  Never
fun.

> Well, it's "suspended" which I take to mean we haven't 
> paid for the web site since the guy died.

Yeah, "suspended" is a very specific buzz term and it means it's expired
and you are in a grace period where the domain is inactive but during
which the original owner can recover it (by paying extra money).
Several organizations have gotten into this spot.  It's a "throw money
at it" type of problem.  You'll have to pay a recovery fee to the
sponsoring registrar and prove you have right to the domain name to the
organization if it was just in his name.  I'm not totally sure in this
case though...  Something doesn't look right below...

> I'd like to get our domain named moved to another site while we get the 
> billing worked out.

Probably not going to happen.  While it's suspended, it's pretty much
locked.  You don't have much in the way of options here and most are bad
or worse in this sort of situation.  If it's just the hosting or DNS
accounts that have been suspended, it may be possible but still won't be
easy.

> But the domain name is in the dead guy's name too.

I assume that means all of "Administrative", "Billing", and "Technical"
points of contact.  You're in a crack.  This is going to require work.

> I 
> think I can contact the sponsoring registrar to get the domain name 
> back, right?

Yes, you can.  But you may to have to provide firm documentation like
letters of incorporation, 501(c)3 documentation, anything else firmly
establishing the organization's ownership of the domain, along with an
explanation of what has happened.  Correspondence will probably have to
be on "corporate letterhead" (been there).  Some of this will have to be
in E-Mail, more on the phone, and some by US-Snail if this is really the
case.  Course of last resort would be to contact ICANN for domain
disputes but that gets really expensive and time consuming.  This is all
assuming it'd the domain registration and not something else like
hosting...

You will have to understand here that the registrars have been scammed
(and are being scammed) by people claiming things like this and
hijacking domains.  It's a serious problem on the net and the reputable
registrars are fanatically paranoid about it and you're going to have to
prove you are who you say you are and you have the established legal
right to do what you want to do.  If they don't and they get scammed,
they get sued.

> Below is a dump of the output from whois with the dead 
> guy's name and address changed for privacy purposes. I should contact 
> enom.com to regain control over our domain, right?

> Domain Name:example-domain.ORG
> Domain ID: D81913102-LROR
> Creation Date: 2002-02-23T17:22:49Z
> Updated Date: 2014-01-25T09:55:06Z
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Updated in January?  What happened in January?  Wait...

> Registry Expiry Date: 2015-02-23T17:22:49Z

This says this expires in 02/23/2015.  Is this information accurate or
just more faked out bullshit?  This does not indicate a suspended
domain.  This IS consistent with a domain that was renewed for 1 year
back in January of this year and expiring in February of next year, so
it may not be "suspended" per se afa the domain name itself is
concerned.  If your site dns or hosting is down, that may be nameservers
or hosting accounts with the provider.  If the domain is active, we have
a whole different game with months to play!

> Sponsoring Registrar:eNom, Inc. (R39-LROR)
> Sponsoring Registrar IANA ID: 48
> WHOIS Server:
> Referral URL:
> Domain Status: clientTransferProhibited
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

You are not moving this unless you can gain access to that account...

> Registrant ID:0E9E3D0F53574546
> Registrant Name:John Doe
> Registrant Organization:Acme Business Consultants, Inc
> Registrant Street: 1234 Elm St.
> Registrant City:McFarland
> Registrant State/Province:WI
> Registrant Postal Code:53558
> Registrant Country:US
> Registrant Phone:+1.555-555-5555
> Registrant Phone Ext:
> Registrant Fax: +1.0000000000
> Registrant Fax Ext:
> Registrant Email:john.doe at bogus.com
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

THIS you need access to!

You will probably also need access to his hosting account.

> Admin ID:0E9E3D0F53574546
> Admin Name:John Doe
> Admin Organization:Acme Business Consultants, Inc
> Admin Street: 1234 Elm St.
> Admin City:McFarland
> Admin State/Province:WI
> Admin Postal Code:53558
> Admin Country:US
> Admin Phone:+1.555-555-5555
> Admin Phone Ext:
> Admin Fax: +1.0000000000
> Admin Fax Ext:
> Admin Email:john.doe at bogus.com
> Tech ID:0E9E3D0F53574546
> Tech Name:John Doe
> Tech Organization:Acme Business Consultants, Inc
> Tech Street: 1234 Elm St.
> Tech City:McFarland
> Tech State/Province:WI
> Tech Postal Code:53558
> Tech Country:US
> Tech Phone:+1.555-555-5555
> Tech Phone Ext:
> Tech Fax: +1.0000000000
> Tech Fax Ext:
> Tech Email:john.doe at bogus.com
> Name Server:NS91.WEBSITEWELCOME.COM
> Name Server:NS92.WEBSITEWELCOME.COM
> Name Server:
> Name Server:
> Name Server:
> Name Server:
> Name Server:
> Name Server:
> Name Server:
> Name Server:
> Name Server:
> Name Server:
> Name Server:
> DNSSEC:Unsigned

I have done this a number of times.  You need to know exactly what the
expiration date of this domain was.  Are they saying it is suspended and
offering to reactivate it for a fee (normal)?  When does the grace
period end?  From what you've posted above, it looks like the domain
registration itself is NOT suspended from the registrar's perspective
but the site hosting MAY be down for other reasons.

Do you have any access to his E-Mail?  I've had two cases (one living
and one dead) where I had to "hijack back" the domains by faking their
addresses and then harvesting the return E-Mails.

The living case was with someone whose name and E-Mail ended up on an
account even though she had no clue what she was doing (she was a
contract web-wennie who filled in the form a decade ago to register the
domain for a local non-profit without knowing what she was doing before
I became involved).  I told her to just forward any E-Mail from the
registrar over to me and I handled the whole thing.  That one took a
week of back and forth and she was not exactly cooperative (she had been
a contractor).

The other case, the family cooperated with us fully and we help them
clean up and preserve some of his work (an amateur radio site).  In that
case, they gave me direct access to his E-Mail accounts and web hosting
site and I was able to manage the web site and domain transfers.  That
case was the easiest to deal with but was rather unusual.

If you can do that and throw some extra money at to recover the domain
(if it's really suspended), do that!  That's the easy route!

I also managed the transfer of the samba.org domain over to Gandi and
administration under the Free Software Foundation, which was a hoot
because all of the PoC E-Mail addresses (some old addresses for Tridge)
where no longer valid and had to be reset and, then, moving the domain
within 60 days of resetting the PoC addresses caused an automatic slam
of a security hold triggered in case the domain was being hijacked (even
though Tridge and I and several others with Samba where actively
managing it).  Even the "fun ones" are NOT FUN.

Then I had another case and another (sigh)...

One time, I had a domain expire and discovered that the registered
points of contact where pointing at a dead server (don't even ask).  At
least the domain hadn't expired (this time) and I just had to renew it.
To do that, I had to update the DNS (which we fortunately controlled)
for the domain to point to new servers and then create new PoC accounts
on the new server that I had access to and then fake the registrar out
with password reset requests and take command of the accounts there.
Then I could move the domain and update the PoCs to succcessfully take
control of the domain.  But this is NOT "recovery" of a suspended
domain.  That took a few weeks...

If you have the balls...

We had one where the account was "suspended" due to admin STUPIDITY (and
had been registered to an IT admin who was "no longer with the company"
and didn't want to be involved).  They had failed to pay the bill
on-time (hey, even M$ has done this).  It was a lessor domain, that was
not business critical, that we wanted to keep but the powers that be
didn't want to pay the recovery fee (bean counters).  So, we played the
gamble.  I registered a .net name that matched the .com name so we could
at least have internal working DNS and waited out the suspension.  After
the suspension period, nobody was interested in the .com so we
re-registered it under our proper PoC's with good servers.  That's NOT
the way to go if you want your site back up fast.  In this case, if we
had lost it, our bosses would have shrugged "oh well"...

There's no boilerplate I can give you for a situation like this other
than to take "ugly" and start to drill.

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://mail.ale.org/pipermail/ale/attachments/20141020/a49d56c7/attachment.sig>


More information about the Ale mailing list