In my "How to get a $15000 site for free" thread, I mentioned how an error can happen at escrow and you could lose your site.

Transferring domains is supposed to be the easiest part but seems to be still the area most prone to problems, glitches, security risks and losing your domain.

Latest incident: Seller S agrees to sell a site and domain to Buyer B. They enter escrow. B remits funds and S pushes the domain to B's account at the registrar. B also takes all site files, transfers to his server, changes nameservers and is happy enough to release funds to S. As a precaution he changes all passwords including passwords at the registrar. All safe, right?

Two weeks later B decides to move the domain to godaddy. He starts the transfer at godaddy and godaddy send off the transaction code to the registered email address for this domain. You need the transaction code in order to complete the move. In this case the mail goes to the privacy service which, as all privacy services do, forwards email to the real email address of the domain owner.

Can you see where this is going?

The privacy service has only one email address on record and it's S's email. So they forward this all important email to S. And if S doesn't cooperate and forward that email to B, B is stuffed. Further, S could open his own account at another registrar, and transfer the domain back to himself! A quick name server change to point to his old server and it's like the site was never sold in the first place!

Ouch!

Moral: If there's privacy involved it doesn't matter what else you do but you have to get the privacy company to change the contact address... the safer option is moving to a different privacy service even if that involves changing registrars.