Huh. Customer (who has had .nz domain name registered for 14+ years) had the domain cancelled by @nzdnc. They sent an email to advise her on Monday, but she has no idea who DNC is so (appropriately) assumed it was a scam and ignored it. So weird.

Anyone know why they'd cancel a long-standing domain name, linked to a legit website for a legit company? Registrant details are valid and correct. They didn't contact the admin/tech contact.

The domain is now locked by NZRS so I can't un-cancel it. She's getting on the phone to them now.

So, DNC send out emails to random domain registrants asking for them to respond with proof of identity (e.g. bank statement). If no reply, they cancel the domain name.

This is messed up.

First, if it goes to spam, they lose their domain. ....

...
Second, if they're a security-savvy Internet user and they get an email from a company they have never heard of, they _should_ delete it, and absolutely shouldn't ever send a *bank statement*.

This is absolutely conditioning people to get phished, and is an AWFUL policy.

Here's the email. The registrant does not recall getting this - either got caught in spam, or she (quite rightly) binned it as probable phishing. They did not attempt to phone her or anything else.

Have sent an email to @nzdnc and @jordantcarter outlining my concerns with the methodology and urging them to immediately suspend this practice until they've implemented a more appropriate policy.