Three-Letter Domain Name Stolen, Then Retrieved

I was just made aware of another case of a domain name having been stolen. This one involved a three-letter domain name,

In domaining circles, three-letter domain names are particular targets because of their rarity. All three-character domain names – letters, numbers and combinations of both – have been registered ever since.

In this instance, belonged to a computer retailer named EZQuest Inc. and managed by a person named Ebrahim Zmehrir. The news report said that Mr. Zmehrir checked his email and got messages saying the domain name was transferring from Go Daddy to a China-based registrar.

Once a domain name moves to another registrar, recovery becomes difficult if not impossible. All the more in cases of a stolen domain name moved to an overseas registrar.

If a domain name is stolen, normally the first step is to contact the registrar about it right away. Unfortunately it seems Go Daddy just couldn’t get it back or compel the registrar to return the domain name.

The result?


The ensuing three months have plunged Zmehrir into a legal battle and cost his small company an estimated $500,000 in lost sales.

“People keep calling and asking, ‘Are you in business? Your domain name is down,’” Zmehrir said. “I’m sure others didn’t even call and I lost a lot of business because of that.”


The theft didn’t deter Mr. Zmehrir from trying, eventually filing a Uniform Dispute Resolution Policy (UDRP) case. UDRP is intended for no-brainer cybersquatting cases, although there actually are few instances where it was used to recover allegedly hijacked domain names.

Mr. Zmehrir later won the dispute. But in UDRP, there’s a procedure where the decision is delayed for 10 days to give the domain’s registrant time to file a lawsuit.

The news report said the hackers filed a bogus appeal the China-based registrar didn’t recognize at first, eventually preventing the domain name from being returned. The thieves then tried to sell it, and Mr. Zmehrir filed a lawsuit to prevent that from happening.

As to how this sort of thing happened, Go Daddy’s dispute manager Laurie Anderson gave some details:


“If their email account is compromised by the hijacker it can look very much like an authorized transfer,” Anderson said. And once a domain is stolen, she said, there is often little an owner can do to recover it, especially if the domain registration is transferred and the new registrar does not cooperate.


Personally, I’m not surprised. I wrote an article on how this can occur, so feel free to check it out in your spare time.

(By the way, please contact me using the Contact link above if you commented but doesn’t show up. I’ll work on that as soon as I can.)

As of this post, it appears the domain name is now back with Go Daddy and in some lawyer trust account under Steven Rinehart, Esq. That typically happens after a court order is secured and served, most likely on VeriSign because they’re the authoritative Registry for all .com domain names.

The domain name is now displaying EZQuest’s web site. While the domain name isn’t completely back under Mr. Zmehrir’s possession, at least it’s resolving to where it should.

As for the thieves, also unfortunately I doubt anything can be done about them. If they’re in a country that doesn’t see eye to eye with the U.S., that makes pursuing them practically hard as well.

I’d say it’s only a matter of time before Mr. Zmehrir completely regains the domain name. It’s just a shame there’s little to no way to hold the thieves accountable, albeit it’s indeed tough if they’re part of an organized criminal group.

Feel free to share your thoughts below or spread the word online. I’ll just be around.

Sources: Salt Lake Tribune

Check Out These Other Posts: