GoDaddy May Have to Stop ‘60 Day’ Transfer Policy

[Sameh]

From DomainNameWire

ICANN advisory would clarify the circumstances when a registrar can deny a domain name transfer request.


Many people who have tried to transfer a domain name from GoDaddy to another registrar have faced a hurdle. If they’ve changed their whois information within the past 60 days, GoDaddy will deny the transfer for “security reasons”. Only one other major registrar, Network Solutions, has been known to do this.

But the practice may come to an end thanks to an ICANN advisory. I actually mentioned this problem to Vint Cerf, Chair of ICANN’s Board of Directors, at a Domain Roundtable conference two years ago. He was surprised to hear about GoDaddy’s policy.

The new ICANN advisory, which is in its public comment period for the next 30 days, states:

1. Registrars are prohibited from denying a domain name transfer request based on non-payment of fees for pending or future registration periods during the Auto-Renew Grace Period
2. A registrant change to Whois information is not a valid basis for denying a transfer request.

The latter specifically targets user and other registrar’s frustration with GoDaddy. In practice, you can push a transfer out of GoDaddy if you take the time to complain to the Office of the President. But GoDaddy’s customer service reps frequently site “ICANN policy” for denying the transfers, which simply isn’t true.

Rather than write this in my own words, below is a post from a small registrar, Tiger Technologies LLC, about this practice (from ICANN’s public comment forum):

I applaud this action from ICANN. Over the last year, many legitimate registrants have been unable to transfer their domain names to us because GoDaddy (and more recently Network Solutions) denied transfers on this arbitrary basis.

GoDaddy claims that their policy is necessary for security reasons, but that claim is specious. As a smaller registrar that focuses on customer service, we pursued every one of these cases on behalf of our customers, and not one of the transfers was fraudulent.

In fact, GoDaddy eventually agreed to release most of these domain names to us after we complained. But we shouldn’t have to argue with GoDaddy to get a legitimate transfer completed: it’s cost us many uncompensated hours of our time, and we’ve seen transfers delayed for days or weeks even in cases where we’ve been able to help the registrant. In some cases, legitimate registrants gave up on the transfer and renewed with
GoDaddy against their will because we couldn’t resolve it before the domain name expired. This kind of nonsense is *exactly* what the transfer policy was designed to stop…

…In short, the additional transfer restrictions imposed by some registrars are not justified. The harm these restrictions do to legitimate registrants far outweighs the rare security benefits.
–
Robert Mathews, Tiger Technologies

Article Link

 

[Cronus]

Yay! GoDaddy has many dirty tricks for preventing legitimate transfers, and I hope they lose this one. Maybe GoDaddy should try keeping customers by offering good service rather than making up reasons to deny transfers (in blatant violation of ICANN rules). It sucks when you update your whois information (which you are required to keep up to date), then someone makes a great offer for your domain and you are unable to transfer it to them. But if you don't keep your whois up to date, GoDaddy can sell off your domain like they did with FamilyAlbum.Com some months ago.

 

[AussieDomainer]

About time. Many times I have been unable to transfer to a buyer or consolidate my names into another registrar due to this stupid GoDaddy rule. I applaud the change and I think it will make things much smoother in the future.

 

[mirrorcube]

Isn't this what ICANN was suppose to be doing all along? Regulating the industry for abusive practices shouldn't be done just once and awhile. They woke up to this blatant abuse, hope they drink some coffee and catch a few other dirty tricks.

 

[Mobi Cheap]

Way to go ICANN, keep up the good work and all will be forgiven!

 

[Spade]

Now, I hate to be Devils Advocate, but one of the reasons that Godaddy and Netsol have this policy is to ensure against fraudulent transfers. If someone is capable of logging into your account, updating the whois to reflect a new email address and then transfering out... Godaddy would have no ability to correct the issue if it is infact fraudulent....

Although its frustrating, there is a legitimate reason why such a policy exists.

Justin

 

[Sameh]

Now, I hate to be Devils Advocate, but one of the reasons that Godaddy and Netsol have this policy is to ensure against fraudulent transfers. If someone is capable of logging into your account, updating the whois to reflect a new email address and then transfering out... Godaddy would have no ability to correct the issue if it is infact fraudulent....

Although its frustrating, there is a legitimate reason why such a policy exists.

Justin

I agree with you .. but 60 days is a lot.

15 - 30 days sounds good and fair.

 

[Cronus]

If someone is capable of logging into your account, updating the whois to reflect a new email address and then transfering out... Godaddy would have no ability to correct the issue if it is infact fraudulent....

A hacker doesn't need to change your whois information in order to transfer your domain name out, so this doesn't do any good as a security measure. In any case, there is already a 5-day waiting period built into transfers. GoDaddy should notify the registrant (including any email addresses used within the last 60 days is fine with me) when a transfer is initiated. Then you have 5 days to contact GD and get the transfer stopped. That gives 2 levels of protection already.

If someone gives out or otherwise loses their GD password, then they ignore the five-day notice for a normal transfer, I have little sympathy for them. The rest of us shouldn't have to suffer for their incompetence/insecurity. And 60-days probably wouldn't make a big difference for such a person anyway.

There are many ways GoDaddy could be more secure, but they usually don't bother. I don't see GoDaddy adding any roadblocks for transfers *IN*. So I don't believe for a second that this motivates their 60-day hold policy. They just like to say "its for security" as an excuse for their anti-competitive actions which are a blatant violation of ICANN rules.

Another dirty trick GD uses to prevent transfers out is to make it a huge pain. They offer bulk options for almost all changes, but getting auth codes requires a bunch of clicks (with slowly reloading pages) for each domain. Then you are stuck with hundreds of emails and you need to grab the domain name and auth code for each one. Last time I did a mass transfer out of GD, it took me all day. Then GD made up excuses for denying the transfer for hundreds of them, and send an email for each domain each day for months until they finally all went through. So if I sound hostile toward GD, that is one (of many) of the reasons.

 

[AussieDomainer]

A hacker doesn't need to change your whois information in order to transfer your domain name out, so this doesn't do any good as a security measure. In any case, there is already a 5-day waiting period built into transfers. GoDaddy should notify the registrant (including any email addresses used within the last 60 days is fine with me) when a transfer is initiated. Then you have 5 days to contact GD and get the transfer stopped. That gives 2 levels of protection already.

If someone gives out or otherwise loses their GD password, then they ignore the five-day notice for a normal transfer, I have little sympathy for them. The rest of us shouldn't have to suffer for their incompetence/insecurity. And 60-days probably wouldn't make a big difference for such a person anyway.

There are many ways GoDaddy could be more secure, but they usually don't bother. I don't see GoDaddy adding any roadblocks for transfers *IN*. So I don't believe for a second that this motivates their 60-day hold policy. They just like to say "its for security" as an excuse for their anti-competitive actions which are a blatant violation of ICANN rules.

Another dirty trick GD uses to prevent transfers out is to make it a huge pain. They offer bulk options for almost all changes, but getting auth codes requires a bunch of clicks (with slowly reloading pages) for each domain. Then you are stuck with hundreds of emails and you need to grab the domain name and auth code for each one. Last time I did a mass transfer out of GD, it took me all day. Then GD made up excuses for denying the transfer for hundreds of them, and send an email for each domain each day for months until they finally all went through. So if I sound hostile toward GD, that is one (of many) of the reasons.

Bingo! They have no security concerns for internal pushes. The GD policy is all about the

 

[Kate]

Now, I hate to be Devils Advocate, but one of the reasons that Godaddy and Netsol have this policy is to ensure against fraudulent transfers. If someone is capable of logging into your account, updating the whois to reflect a new email address and then transfering out... Godaddy would have no ability to correct the issue if it is infact fraudulent....

Although its frustrating, there is a legitimate reason why such a policy exists.

Justin

In any case, there is already a 5-day waiting period built into transfers. GoDaddy should notify the registrant (including any email addresses used within the last 60 days is fine with me) when a transfer is initiated. Then you have 5 days to contact GD and get the transfer stopped. That gives 2 levels of protection already.

If someone gives out or otherwise loses their GD password, then they ignore the five-day notice for a normal transfer, I have little sympathy for them. The rest of us shouldn't have to suffer for their incompetence/insecurity. And 60-days probably wouldn't make a big difference for such a person anyway.

Well, actually you don't have to wait 5 days. You can see your pending transfers out in your control panel at GD, and expedite them (that's what I do). I can transfer out of GD same day so clearly, theft prevention is a poor justification

 

[fonzie_007]

Yay! GoDaddy has many dirty tricks for preventing legitimate transfers, and I hope they lose this one. Maybe GoDaddy should try keeping customers by offering good service rather than making up reasons to deny transfers (in blatant violation of ICANN rules). It sucks when you update your whois information (which you are required to keep up to date), then someone makes a great offer for your domain and you are unable to transfer it to them. But if you don't keep your whois up to date, GoDaddy can sell off your domain like they did with FamilyAlbum.Com some months ago.

Couldn't have said it better myself.

 

[Name Trader]

I can't provide the link, but I remember a quote from Vint Cerf himself on ICANN's blog about GoDaddy's 60 day policy. It went something like this "We are not going to interfere with the internal policies of any registrar". So I think even if GoDaddy don't comply, they are powerless to do anything.

 

[Dave_Z]

So I think even if GoDaddy don't comply, they are powerless to do anything.

ICANN is very much capable of enforcing their policies if they feel like it. But I
can somewhat understand their position of not necessarily wanting to dictate
to a registrar how to run their business, any more than any one of us wants
to be told how we should "use" the domain names we register.

What I'm personally curious to know is how many end-users complained about
this versus how many cases this actually prevented a hijacking from occurring
at all, much more whether the latter is a so-called "significant number".

 

[AzN]

"A registrant change to Whois information is not a valid basis for denying a transfer request." Someone tell that to Bob. hah

 

[goodkarmaco]

No 60 day rule

Godaddy is a giant in the industry and changing their policy would not affect the massive growth as a registrarr they have. My hope is they listen to the customer, the domain owner.

The big news for domainers is the new selling platform that is in the works, with many industry leaders on board. Buyers can buy domains thru particapating regsitrarrs in real time. I think Godaddy is one of them.

Why not apply that almost effortless way to move names from one owner to another to the 60 day rule. Domainers do not like or want the blocking of names by a long period. So Godaddy should get rid of the rule.

Everyone wins when names can be quickly and easily moved from registrarrs.

 

[cache]

60 days for minor change is really too long.

 

[Name Trader]

ICANN is very much capable of enforcing their policies if they feel like it. But I
can somewhat understand their position of not necessarily wanting to dictate
to a registrar how to run their business, any more than any one of us wants
to be told how we should "use" the domain names we register.

What I'm personally curious to know is how many end-users complained about
this versus how many cases this actually prevented a hijacking from occurring
at all, much more whether the latter is a so-called "significant number".

C'mon Dave. Do you think ICANN are going to take on the biggest registrar in the world? Twice as big as the next biggest registrar. They are NEVER going to even threaten to pull their accreditation.

I think this change has been proposed exactly because of the number of complaints they've received from other registrars. As was stated by the registrar, Tiger Technologies. I don't believe it has been motivated AT ALL by end user complaints. I can imagine that there is a lot of time and resources wasted at other registrars dealing with domains transfers which have been blocked for 60 days just because somebody has maintained their Registrant Info up to date, for fear that GoDaddy might pull their domain if it's not current.

 

[shockie]

What I'm personally curious to know is how many end-users complained about
this versus how many cases this actually prevented a hijacking from occurring
at all, much more whether the latter is a so-called "significant number".

similar. it would be a wasteful practice to throw the 60 day rule out, end up having a significant number of fraudulent transfers, and then hear people complain because gd is the biggest registrar there is, and that they should really do something about it... which brings us back to the 60 day rule.

this rule doesn't really affect selling and reselling domains since you can always freely push. and for people who really want to transfer out of gd that badly, they can always do so and eventually will after 2 months.

 

[fonzie_007]

People appear to be confusing the 60 day anti-transfer rule that ICANN has put in place after a domain is registered with GoDaddy's supplemental 60 day anti-transfer rule whenever a domain name changes his/her contact information. This thread is arguing GD should not prevent transfers for 60 days just because someone changed his/her contact information.

 

[onewordonly]

I agree, we should be able to change contact details without been forced into Godaddy Big Brother policy.