Suppose I want to create a domain escrow service. How can I escrow a domain transfer, eliminating all possibility of fraud? Suppose I know A and B. A wants to sell DDD.com and B wants to buy it. The naive solution is * I take B's money * I ask A to change contact info and nameservers to B's indicated preferences * A changes contact info * when A confirms, I ask B to transfer the domain to their own registrar * B transfers domain to his own registrar * I pay A But I see the following opportunity for fraud: * A changes contact info and confirms * I tell B * before B gets a chance to act, A reverts the changes in his cPanel, and then transfers domain to X (which is an associate/alter-ego of A). * now B claims he never had control of the domain; A claims that he is innocent, and that X is in fact an associate of B. The escrow can't tell who commited fraud. What's the solution? -- Dan
Dan - a few points here. First, all registrars have a detailed history of who, when, and how altered owner/contact information (down to the IP address from which this was performed). So it is rather easy to verify who is telling the truth. More importantly, if you plan on starting an escrow business (if that's your real question), you will need big $$ to buy insurance and signal to both parties that you're a legitimate, independent organization. If I were A or B, my bigger concern would be whether the Escrow belongs to (or influenced by) one of the parties, or would run with my money.
Thanks EduOrg. I was actually thinking about creating a domain marketplace -- in which case an in-house escrow service is a necessary offering (even if traders would not necessarily trust it / use it in the beginning). I agree that trust is hard to win. Why do you think insurance would be needed, though? To protect from lawsuits? If fraud is easy to detect (as you stated), there shouldn't be much scope for making false claims, right?