news ICANN to kill off 60-day domain transfer lock

william · Thursday at 4:54 PM

Good riddance.

DomainRecap · Thursday at 5:13 PM

william said:
Good riddance.

This only gets totally rid of it for domain registrant changes, and "there’s going to be mandatory 720-hour (30-day) locks on domains that have just been created or just transferred in."

If there was no lock at all in newly-created or transferred-in domains, thieves would have an absolute field day, and places like GD, Snapnames or Dynadot, who sell expired domains, would be an open door for rampant fraud and would lose millions.

The GNSO says these month-long locks will help reduce credit card fraud and help comply with trademark complaints such as UDRP.

So basically, once it get approves and implemented (18 months estimated by author) the 60-day lock will be a 30-day lock and registrars can't add another 30-days if a registrant changes his phone number.

Personally, I think 30 days is too little, as the limit on chargebacks is 45-days, so this leaves 15 days for some pretty wild abuse. I can see major players like GoDaddy offering their opinion on this change.

D Haynes · Thursday at 6:03 PM

Registrars can already opt out of the 60 day lock though can't they

. Sure I looked this up fairly recently.

DomainRecap · Thursday at 6:06 PM

D Haynes said:
Registrars can already opt out of the 60 day lock though can't they .

Maybe, but why would they? It would be like ringing the dinner bell for the hordes of scammers and fraudsters out there.

Hell even a 30-day lock is inviting the loss of millions of dollars per year due to the 45-day limit on chargebacks. I have a feeling there is going to be some push-back from big players like GD, as there is no longer any protections from credit card fraud. Does ICANN even understand how credit cards work?

internext · Thursday at 6:21 PM

I wonder if ~~GoShitty~~ GoDaddy will comply with this or try to keep things status quo? My bet is the latter.

Ignorance is ~~bliss~~ ignorance.

DomainRecap · Thursday at 6:25 PM

I really wonder how this is going to work, as it appears with their "The GNSO says these month-long locks will help reduce credit card fraud" comment, ICANN has zero clue how credit cards work.

Let's say Scammer Guy 'buys' an expired domain at GoDaddy (or Snap or Namejet. etc) for $50,000 using a stolen or compromised credit card, then 30-40 days later sells it for $20,000 on the open market, complete with transfer code. The domain is now out of the registrar's control and 45 days later, the credit card company sends them a chargeback notice.

Is the registrar supposed to just eat these losses and essentially open the barn door to the hordes of fraudsters and scam artists? I think part of the reason the 60-day lock was imposed was because it can take a minimum of 45 days to receive chargeback and fraud notices from VISA and MC. I hate to play the anti-globalist card, but this sounds like yet another global wealth redistribution plan.

I also don't like the fact that ICANN will now "remove the requirement for both gaining and losing registrants (ie buyer and seller) to be notified when a change of registrant occurs, on the basis that notifications don’t provide much protection when the losing registrant’s email has already been compromised."

Huh? So just because a tiny percentage of transfers take place using stolen credentials, that means that NO ONE is going to get a transfer email? That's insane, as I use this to determine when buyers transfer domains, as it can take months for registrars to update their info.

dncafe · Thursday at 6:26 PM

D Haynes said:
Registrars can already opt out of the 60 day lock though can't they . Sure I looked this up fairly recently.

For new registration and transfers, that is a 60 day lock at the registry (run by Verisign), and out of the control of the registrar (Godaddy, Dynadot etc.)

DomainRecap · Thursday at 6:26 PM

internext said:
I wonder if ~~GoShitty~~ GoDaddy will comply with this or try to keep things status quo? My bet is the latter.

I really don't see how companies that offer expired domains and/or sell marketplace domains can ever comply with this insane and uninformed scheme, as they would all go out of business once the fraudsters ramped up their operations.

D Haynes · Thursday at 7:42 PM

dncafe said:
For new registration and transfers, that is a 60 day lock at the registry (run by Verisign), and out of the control of the registrar (Godaddy, Dynadot etc.)

Seems there are some options to opt out.

DomainRecap · Thursday at 7:47 PM

D Haynes said:
Seems there are some options to opt out.

Sure, if you're just changing the registrant information prior to transferring.

That seems to be a part of the new rules, but for some reason they switched from 60-days to 30-days for new purchases, registrations or transfer-ins, without actually thinking it through.

Yeee.

dirk · Thursday at 7:49 PM

DomainRecap said:
Sure, if you're just changing the registrant information prior to transferring.

That seems to be a part of the new rules, but for some reason they switched from 60-days to 30-days for new purchases, registrations or transfer-ins, without actually thinking it through.

Yeee.

The lock after a transfer isn't mandatory currently.

Only real change, drop from 60 to30 days on new regs.

AEProgram · Thursday at 10:28 PM

DomainRecap said:
I really wonder how this is going to work, as it appears with their "The GNSO says these month-long locks will help reduce credit card fraud" comment, ICANN has zero clue how credit cards work.

Let's say Scammer Guy 'buys' an expired domain at GoDaddy (or Snap or Namejet. etc) for $50,000 using a stolen or compromised credit card, then 30-40 days later sells it for $20,000 on the open market, complete with transfer code. The domain is now out of the registrar's control and 45 days later, the credit card company sends them a chargeback notice.

Is the registrar supposed to just eat these losses and essentially open the barn door to the hordes of fraudsters and scam artists? I think part of the reason the 60-day lock was imposed was because it can take a minimum of 45 days to receive chargeback and fraud notices from VISA and MC. I hate to play the anti-globalist card, but this sounds like yet another global wealth redistribution plan.

I also don't like the fact that ICANN will now "remove the requirement for both gaining and losing registrants (ie buyer and seller) to be notified when a change of registrant occurs, on the basis that notifications don’t provide much protection when the losing registrant’s email has already been compromised."

Huh? So just because a tiny percentage of transfers take place using stolen credentials, that means that NO ONE is going to get a transfer email? That's insane, as I use this to determine when buyers transfer domains, as it can take months for registrars to update their info.

1. you have about 120 days to charge back and for some chargebacks 500+ days

2. for big purchases most demand a wire

3. I agree that not sending emails is very bad

Daniel Owens · Thursday at 10:34 PM

30-day lock is too long should be 15-day lock max.

dirk · Thursday at 11:19 PM

Daniel Owens said:
30-day lock is too long should be 15-day lock max.

0-day lock and free transfers should be the norm. It'd would bring down registration costs significantly and give back power to the registrants instead of registrars and registries.

Let them deal with security, it's what we're paying them for. Its's been a proven concept, in use by numerous registries. No excuse there.

Exot · 2025-03-14T00:11:37+0000

Christmas came early!

DomainRecap · 2025-03-14T03:45:38+0000

AEProgram said:
1. you have about 120 days to charge back and for some chargebacks 500+ days

120 days is the number you see quoted, but some are 30-60 days, some are 90 days and those 500+ ones are only for non-shipment/receipt of goods. It all depends on the reason code and by law you have 60 days, but VISA and MC extend that further depending on the circumstance up to 120 days.

I think I was using 45-days, not as the theoretical maximum, but because that's a time period I have seen quoted as when the majority of fraudulent use is reported, so it's a line in the sand where you can feel somewhat safe that there won't be too many surprises.

One thing is for sure, 30 days is way too short a period to take the risk on chargebacks, while 60 days is pretty good for the vast majority of incidents of credit card fraud.

But hey, I get that no one is going to cry if GoDaddy get hits with millions in losses, but registrars are basically the clients of ICANN, and I can't believe they're hanging them out to dry like this.

Abdelapp · 2025-03-14T15:43:43+0000

why would they?

tech08 · 2025-03-14T18:42:57+0000

good riddance hmmm

phaethon · 2025-03-14T23:36:33+0000

Not that we often sell names within 2 months of buying them.. The earliest was 45 days for me.
I think domainers should be more confident and not think that buyers will run away if they have to wait for a couple days or weeks..

Samer · 2025-03-14T23:43:25+0000

Thank you!! Thank you!! Thank you!!

news ICANN to kill off 60-day domain transfer lock

Top Member

Top Member

Top Member

Top Member

DNFS.comTop Member

Top Member

I Buy WebsitesTop Member

Top Member

Top Member

Top Member

Private InvestorTop Member

Top Member

Top Member

Private InvestorTop Member

brandname.nowUpgraded Member

Top Member

Established Member

Established Member

Top Member

Top Member

Similar threads

We're social

Pinned

Appreciation

Agreement

Answers

Relevance

Reaction

Status

Feeling