8th DNS Seal wiki article.
New page
{{Glossary|
|note = '''This information is brought to you by<br> [http://dnsseal.wiki/ DNS Seal], a best practices wiki for DNS.'''
| logo = DNS Seal.png
|link = http://dnsseal.wiki/
}}
'''Domain slamming''', or '''domain name slamming''', which is similar to telephone slamming scams, refers to the practice of sending [[Fake Renewal Notice|fake renewal notices]] or bills to domain name registrants that are actually disguised service transfer notices.<ref name="positive">[http://www.positiveprojections.com/domain-slamming-scam/ Domain Slamming Scam – Fake Domain Renewals], Positive Projections</ref><ref name="monster">[http://www.domainmonster.com/editorials/domain_slamming/ Domain Slamming by Dishonest Registrars] (July 4, 2007), DomainMonster.com</ref> Responding to a fake renewal notice often results in a higher fee for the registrant's domain name and an unauthorized transfer to a different registrar or service provider.<ref name="positive"/><ref>[http://blog.eurodns.com/my-domain-name-has-been-kidnapped-help/ My domain name has been kidnapped, help!], EuroDNS</ref> Registrar [[Domain Locking]] can help defend against domain slamming attempts.
==Public Perception==
Domain slamming is perceived as a deceptive and dishonest practice. As the domain name industry claims to value ideals such as "transparency" and "good faith," slamming seems to be particularly discordant and harmful.
==Outcome==
Domain slamming can result in the unauthorized transfers of domain names and higher renewal rates or fees. It also erodes user confidence with fraudulent offers or statements.
==Historical Use==
*Domain slamming is used to trick users into unknowingly switching their registrar often at the users' expense. The fake renewal notices utilized by slamming registrars frequently claim that the registrant's domain name is expiring and needs to be renewed quickly; however, the company or registrar sending the notice IS NOT the registrar the domain name is currently using.<ref>[http://www.eweek.com/c/a/Security/Beware-Fake-Domain-Renewal-Notices/ Beware Fake Domain Renewal Notices] by Larry Seltzer (July 16, 2007), eWeek.com</ref> Registrants may not be sure which registrar their domain name is registered with.<ref name="monster"/> This confusion, combined with official looking emails, mail, or phone calls may be enough to trick the registrant into "renewing" their domain name with the slamming registrar.<ref name="monster"/>
*Domain slammers may get contact information including phone numbers, email addresses, and postal addresses by using public data such as the WHOIS data base. <ref name="monster"/> ICANN recently released a study on WHOIS misuse; although it does not specifically address slamming, it does look at the misuse of email addresses, postal addresses, and phone numbers found through the WHOIS data base.<ref>[https://www.icann.org/en/news/public-comment/whois-misuse-27nov13-en.htm Study on Whois Misuse], Internet Corporation for Assigned Names and Numbers (ICANN)</ref>
*Industry giant Verisign was taken to court and investigated by the [[FTC]] over allegations of domain slamming notices sent in the mail.<ref>[http://www.theregister.co.uk/2003/09/25/verisign_slammed_for_domain_renewal/ VeriSign slammed for domain renewal scam] by Kieren McCarthy (September 25, 2003), The Register</ref><ref name="verisign slammed">[http://www.theregister.co.uk/2002/03/26/verisign_accused_of_dns_slamming/ Verisign accused of DNS slamming] by Thomas C. Greene (March 26, 2002), The Register</ref> While it was determined that Verisign did not break the law,<ref name="verisign slammed"/> Verisign agreed not to send out notices similar to the ones previously used, and it had compensate those tricked by the notices. Verisign was also sued in class-action lawsuits for domain slamming but settled out of court.<ref name="monster"/><ref name="verisign slammed"/> Other registrars have also been accused of domain slamming, such as Brandon Gray Internet Services' Domain Registry of America (DROA), which has a reputation for consistently using slamming techniques.<ref>[http://domainincite.com/6434-domain-registry-of-america-still-slamming-still-scamming Domain Registry of America still slamming, still scamming] by Kevin Murphy (October 6, 2011), Domain Incite</ref> Brandon Gray Internet Services was given an ICANN breach of notice of its RAA for a failure to disclose information relating to the transfer of a domain name in 2013.<ref name="finally">[http://domainincite.com/15350-finally-domain-slamming-registrar-gets-icann-breach-notice Finally, domain-slamming registrar gets ICANN breach notice] by Kevin Murphy (December 17, 2013), Domain Incite</ref> In July of 2014, DROA was suspended by ICANN due to violations of the 2013 RAA.<ref name="sus">http://domainincite.com/17106-domain-slammer-finally-gets-suspended-by-icann Domain "slammer" finally gets suspended by ICANN by Kevin Murphy (July 21, 2014)</ref>. If its compliance issues and the compliance issues of its resellers are not fixed, the registrar may lose its accreditation.<ref name=sus/>
==ICANN Policy==
*Slamming practices can result in a breach of ICANN's [[Registrar Accreditation Agreement]] (RAA) if information on domain name transfers is not reported correctly.<ref name="finally"/>
*Additionally, a [[Generic Names Supporting Organization]] (GNSO) working group was tasked with an investigation of fake renewal notices in order to decide if a full issue report was necessary.<ref name="notice">[https://community.icann.org/display/gnsofakerenewaldraft/Fake+Renewal+Notices+DT+Home Fake Renewal Notices Report-Final-6 March 2012] (PDF), ICANN</ref> A survey of registrars within the report found that they were divided on the issue of fake renewal notices, "either viewing this as a serious problem or not a problem at all."<ref name="notice"/> Registrars reported registrant confusion as a main result of fake renewal notices and also cited wasted time and customer service resources.<ref name="notice"/> On a larger scale, fake notices may "reflect negatively on the domain name industry as a whole."<ref name="notice"/>
*ICANN's [[Transfer of Registrations between Registrars Policy]] between Registrars may help reduce slamming as a Standardized Form of Authorization (FOA) is required from the registrant before a transfer can take place.<ref>[http://www.icann.org/en/resources/registrars/transfers/policy Policy on Transfer of Registrations between Registrars | Takes effect 1 June 2012], Internet Corporation for Assigned Names and Numbers (ICANN)</ref>
==Legislation==
The [[Federal Trade Commission]] (FTC) is charged with investigating fraud and deceptive marketing used to take advantage of consumers.<ref name="jmg">[http://www.jmg-enterprises.com/domain-slamming.htm About Domain Slamming], JMG Enterprises</ref> Therefore, domain slamming cases have been addressed by the FTC and U.S. court system. <ref name=FTC>[http://www.ftc.gov/news-events/press-releases/2003/12/court-bars-canadian-company-misleading-consumers-marketing Court Bars Canadian Company from Misleading Consumers in Marketing of Internet Domain Name Services] (December 23, 2003), Federal Trade Commission</ref> In the cases mentioned above, both Verisign and DROA were ordered to stop sending fake renewal notices.<ref name=FTC/> Additionally, DROA was ordered to provide "monetary redress."<ref name=FTC/>
==Additional Resources and Tips==
*Some tips for avoiding domain slamming include:
#Knowing what registrar your domain name is registered with
#Contacting your registrar when you receive emails or calls warning you about any expiring domain names<ref name="positive"/>
#Keeping records of when your domain names expire <ref name="info">[http://resources.infosecinstitute.com/domain-slamming/ Domain Name Hijacking – Domain Slamming], InfoSec Institute</ref>
#Using the domain locking service provided by most registrars that prevents any transfer of the domain name unless the registrant calls and requests that the name is "unlocked"<ref name="info"/>
#Familiarize yourself with [[Fake Renewal Notice]]s.
*Find [http://www.internic.net/whois.html who your registrar is]
*Read [https://www.icann.org/en/news/public-comment/whois-misuse-27nov13-en.htm ICANN's Study on Whois Misuse]
*View an example of a [http://www.jmg-enterprises.com/images/droa-front.jpg fake renewal notice]<ref name="jmg"/>
*Read the GNSO's [https://community.icann.org/download/attachments/30344197/Fake%20Renewal%20Notices%20Report%20-%20FINAL%20-%206%20March%202012.pdf?version=1&modificationDate=1334351663000&api=v2 Fake Renewal Notices Final Report]
==Related Articles==
*[[Cross-TLD Registration Scams]]
*[[Domain Locking]]
==References==
<references/>
[[Category: Bad Practice]]