ICANN Mandates That All Transfer Requests Go Through?

[DomainOgre]

Just found this message on my GoDaddy reseller. Not sure if this applies to all registrars or what, but its a little scary if it does.

"From November 8-10, we are sending an email to all domain customers informing you of a new domain transfer policy, enforced by ICANN (The Internet Corporation for Assigned Names and Numbers). This policy dictates that we must honor any transfer requests, even if you do not personally confirm them. To prevent unauthorized transfers, lock your domains. This service is free and takes only a minute."

 

[zdscn]

lock all of your domains for secourity reason.

 

[armstrong]

Can anyone confirm for certain that this is true - and that it applies to .com only:
we all need to lock our domains? or else if your not careful anyone can run away with them!

You definitely must do this for .com and .net domains.

Its less critical for org/info/biz/us since these domains have the EPP code system as an additional security measure, and locking may or may not be available for these extensions. But if they happen to be available (hopefully for free) at your registrar, then go ahead and use the locks anyway. Why not?

 

[DomainOgre]

GoDaddy and NameCheap appear to be the two easiest to lock all of your domains easily so far.

 

[Mark]

Was reading up on this just a few moments ago - Thinking this will help people decide to add their correct Contact/Whois Info (Especially their emails) ... You can't deny a Transfer if they send the notice to a Bogus or Old Email ~ Could be a good thing from that POV - Thanks for the links RJ and Arm ~

 

[True_Snake]

Yeah, I got an e-mail too yesterday. It's weird, but it's not too big of a deal, IMO. Locking your domain doesn't take more than 2 minutes.

True_Snake

 

[armstrong]

Yeah, I got an e-mail too yesterday. It's weird, but it's not too big of a deal, IMO. Locking your domain doesn't take more than 2 minutes.

True_Snake

Its not a big deal for domainers. But most folks are not like us, and don't bother checking their whois emails everyday, patiently wading through the inevitable whois spam.

I did a little experiment of the top ten keyword or very short domains that I would like to own, and guess what - 3 of them were unlocked. Each would probably be worth tens of millions each. Scammers who take advantage of this new policy can grab several hundred such valuable names, and while the owners will probably eventually regain ownership, the recovery process will take time. Such will mean lost business, while the scammers gain modest fortunes from quick monetization of the massive typeins.

 

[DomainOgre]

Its not a big deal for domainers. But most folks are not like us, and don't bother checking their whois emails everyday, patiently wading through the inevitable whois spam.

I did a little experiment of the top ten keyword or very short domains that I would like to own, and guess what - 3 of them were unlocked. Each would probably be worth tens of millions each. Scammers who take advantage of this new policy can grab several hundred such valuable names, and while the owners will probably eventually regain ownership, the recovery process will take time. Such will mean lost business, while the scammers gain modest fortunes from quick monetization of the massive typeins.

That is definitely the scary part of this new policy.

 

[DomainOgre]

It appears that this policy is not being followed at all registrars. Two registrars so far are giving me a chance to reject transfers. One has told me that I have till Nov. 20th to reject a transfer, but I have no way to speed it up lol.

 

[Nexus]

Yeah, I've gotten my first fraudulent request. Bogus.

~ Nexus

 

[AdoptableDomains]

It appears that this policy is not being followed at all registrars. Two registrars so far are giving me a chance to reject transfers. One has told me that I have till Nov. 20th to reject a transfer, but I have no way to speed it up lol.

Actually that IS following the policy. You will be sent an email allowing you to reject the transfer. The tricky part is that if you don't reject the tranfer, or don't get the email allowing you to reject (spam filters), it will proceed without POSITIVE confirmation that you approve. In other words, if you ignore that email or it's misdirected, the transfer will take place.

If you go on a two week vacation and someone makes an attempt at transferring your unlocked name, you will get a chance to reject it. However if you are gone and don't reject in time, they have the domain and you have a useless, too late reject notice when you get back. If your email is misspelled, your spam filter over eager, or your mail server goes down, you could miss the reject opportunity and lose your name.

LOCK, LOCK, LOCK!!!

 

[DomainOgre]

Ah ok, thanks for that. I took the "we must honor the transfer, even if you do not confirm it" as meaning they would just process all unlocked transfer requests instantly.

 

[AdoptableDomains]

I saw the first draft of the policy a very long time ago. It was supposed to assure that the losing registrar would not delay transfers to the point you had no choice but renew. Somewhere, someone got WAY off track with this method.

It's pretty scary that someone could collect all the whois spam lists, sort out the bounced emails indicating who might not get the reject messages, then attempt transfers on millions of names. For that matter, they could probably sort out all the ones using hotmail and yahoo that contain keywords that the free mail providers scripts would surely filter out, and still get hold of domains because the registrants never got the reject message. For that matter, there are even lots of people who don't read their mail frequently, and would see the mail too late. All these methods would take very little skill to work under the new conditions. Someone with even more knowledge or skills could launch DOS attacks on the mail servers of recipients so that the reject message aren't received.

This policy is one of the stupidest and least thought out ever released. I would be some major company is down in the next couple months due to this stupidity. I'm pretty sure they would get the domain back, but the revenue loss could be major. Worse thing is, it's the com/net domains at the most risk without the auth code requirement. I actually hated auth codes until a couple weeks ago, but am now warming up to them.

 

[jaydons]

Bad Idea

just received this email from registerfly.....


Icann the governing body that regulates all registrars will be implementing a new policy concerning domain transfers that will be effective November 12th. From this point onward, if there is no acknowledgement from the registrant/administrative contact within 5 days of a transfer request being made, the transfer will automatically occur. While this new policy will make it easier to transfer names between registrars, this can also make your domain name susceptible to fraudulent domain transfers if precautions are not taken.

We are strongly recommending all RegisterFly.com customers protect their domain names by using our free domain locking service. By using our domain name locking service, you would need to physically unlock the name before a transfer would be allowed ensuring the highest levels of security. You can enable the locking service(FlyLock) within the domain manager in a matter of seconds or our 24 x 7 Live support can also assist you in locking your names. If you have a large number of names you wish to lock we have a Bulk Domain Manager tool located within the domain name manager that can easily do thousands of names at once within minutes.


my opinion..............BAD IDEA.

 

[jehnidiah]

I agree.

There are a few topics already up, just fyi, about this new rule. One: http://www.namepros.com/showthread.php?t=55184

 

[Premium]

I don't think its a bad thing, just lock all of your domain names and unlock those you must transfer when you transfer.

Godaddy allows a button to "lock all of your domains at once" :D

 

[jaydons]

thanks

 

[armstrong]

With registrars implementing domain locking by default, it seems that we're back to where we started. So if you were to win a domain at Pool, and it goes to a registrar whose entire website is written in Klingon, then you'd still be unable to do anything with the domain, and unable to transfer. The only ones benefitting from this ICANN procedure would be the thieves stealing unlocked domains.

Why couldn't ICANN just implement a shared domain transfer system? You know, a sub-domain within ICANN where we can login and authorize inter-registrar transfers. With their increased budget, they could translate the site to all languages required by domain registrants, even Klingon.

 

[Premium]

With registrars implementing domain locking by default, it seems that we're back to where we started. So if you were to win a domain at Pool, and it goes to a registrar whose entire website is written in Klingon, then you'd still be unable to do anything with the domain, and unable to transfer. The only ones benefitting from this ICANN procedure would be the thieves stealing unlocked domains.

Why couldn't ICANN just implement a shared domain transfer system? You know, a sub-domain within ICANN where we can login and authorize inter-registrar transfers. With their increased budget, they could translate the site to all languages required by domain registrants, even Klingon.

Really good point there, I seriously don't know why this had to be done and on such short notice.

 

[DomainOgre]

It actually has slowed down some of my transfers. I thought one benefit of this new rule was to make them faster?

 

[Caveman]

Sorry to bring up an old thread. I did a little experiment with a name I wanted to transfer from another registrar to my enom account. I got an email from enom requesting the transfer. I did not take any action on it. About 4 or 5 days later, I got an email from enom again saying the transfer had been cancelled due to not getting an approval from the owner. I had unlocked the name for transfer before the first request was put in. I just redid the request and this time approved it and the transfer went through. I don't think the new transfer rules are much to get worked up about as everyone thought. If anyone else cares to repeat this little experiment with a name you want to transfer anyway, I'd be interested to hear the outcome.