Email from Bruce Tonkin to Tim Cole
Melbourne IT welcomes the efforts undertaken by ICANN to investigate the panix.com incident, which Melbourne IT considers to be an isolated, but serious, security incident amongst many thousands of transfers that have been processed in accordance with the transfers policy by Melbourne IT. Melbourne IT hopes that ICANN will take the same effort to investigate other instances where a registrar has failed to comply with the transfer policy.
Melbourne IT has several large resellers that are larger organisations than any of the existing ICANN accredited registrars, and have an international reputation for the development of IT systems and processes. Melbourne IT has agreements in place with some of these resellers regarding the transfer of registrar process. These agreements have only been applied where each reseller has been able to fully satisfy and prove to Melbourne IT that they maintain systems for verifying the actual registrant who wishes to transfer their name in accordance with the ICANN transfer policy.
Although Melbourne IT has an audit and compliance process for checking that a reseller is complying with the transfers policy, the panix.com incident has highlighted that there is still a risk that one of these resellers may not be complying with the transfers policy for all transfers. Melbourne IT has software for authenticating transfers that complies with the ICANN transfers policy, which is used by all its direct customers and the majority of its reseller customers. As a result of the panix.com incident, Melbourne IT is planning to expand the use of this software for all its resellers to further reduce the risk of an unauthorised transfer.
Melbourne IT will continue to cooperate fully with ICANN in the further investigation of the role of resellers in transfers, and in the development of further improvements to the transfers policy.
Chief Technology Officer