You think WHOIS privacy deters domain theft attempts ? Think again.

The current counter-argument that domains with WHOIS shield on are protected from theft, is outright weak.

While the privacy of a registrant’s info is much more respected outside of the US and the original com/net/org triad of TLDs, there is a false perception that by masking that information a domain is safer.

ICANN mandates that all Registrars ensure the WHOIS info of domains is accurate, and there are certain repercussions if it isn’t.

WHOIS shield or privacy still operates as before: emails sent to a masked or obfuscated address still get delivered. And that’s all that a domain thief needs to initiate an attempt at transferring a domain unlawfully.

Yesterday and today, I spent a good amount of time thwarting an attempt by a person to transfer one of my domains away from my possession. They initiated a transfer to 1&1, a domain Registrar that has localized offices around the world.

It is unknown at this time, why a transfer was initiated and an email was dispatched, without an authorization code, as mandated by ICANN. It appears to be a glitch with the particular registrar, 1&1, or their localized portal, which permitted such an attempt. My domain’s current registrar, Name.com, confirmed that there has been no info leakage or access of my account. I also have two way authentication enabled, a great feature.

The only positive thing in this case is that 1&1 included in the authorization email, the full name and address of the individual who initiated the transfer.

The cherry on the pie: The same person contacted me earlier this year via Domain Name Sales, to acquire the domain on the basis that “there is nothing there.”

I ignore such inquiries, and they got no response from me at the time, but they will soon find out what are the consequences of attempting to hijack a domain name.