CIRA - Important Security Advisory

CIRA Warns Dot-ca Domain Name Holders of Misleading Verification Notices
Protect your domain name. Do not share your CIRA User Account Number or
Password with anyone!

Ottawa, December 13, 2004 - The Canadian Internet Registration Authority
(CIRA) is advising dot-ca domain registrants (holders of dot-ca domain
names) NOT TO RESPOND OR REPLY TO ANY EMAILS requesting verification of CIRA
User Account Numbers and Passwords.

CIRA has learned that an unknown party is attempting to obtain CIRA User
Account Numbers and Passwords from dot-ca registrants by sending MISLEADING
EMAIL NOTICES that appear to originate from CIRA. These misleading emails
request that CIRA User Account Numbers and Passwords be provided to validate
registrant information and prevent domain name suspension (inactivation).
The emails originate from COMPLIANCE@CIRA.CC. CIRA's compliance email
address is COMPLIANCE@CIRA.CA

If you have replied to an email requesting your CIRA User Account Number and
Password, and have included your CIRA User Account Number and Password in
your reply, PLEASE CONTACT YOUR REGISTRAR IMMEDIATELY to request a new CIRA
User Account Number and Password. If you do not know the name of your
registrar, you may obtain it by entering your dot-ca domain name in the
WHOIS field at http://whois.cira.ca/public

For additional information: http://www.cira.ca/news-releases/139.html