ICANN new transfer policies take effect Nov. 12

[Dave_Z]

Hi everyone!

Whenever I get any domain name news that can potentially
affect ALL domain name owners, I'll be sure to post it.

Some of you may or may not know by now, but the Internet
Corporation for Assigned Names and Numbers (ICANN), the
governing body charged with overseeing the Domain Name
System, has formulated new domain name transfer policies
that will take effect on November 12, 2004:

http://icann.org/transfers/index.html

So what does this mean?

First, the good news: it makes domain name transfers
simple and painless because you actually don't even HAVE
to confirm it anymore!

All you have to do is go to the new registrar/reseller of
your choice, follow their instructions on how to create
an account with them (be it online for via fax), pay up,
then the new registrar/reseller will notify your current
one of the impending transfer.

Ideally, the new one will send an authorization email to
the email address of the administrative contact based on
the domain name's WHOIS record. Whoever has access to
that email must either confirm or deny the request.

But here's the change: whether you receive it or not,
the default result is that the registrar or reseller MUST
release the domain name from their systems & transfer it
to the new one.

Standard exceptions still apply, though:

1. Domain must still be paid. Better you do this at least
30 days before expiration.
2. Domain must not be "locked".
3. Domain must not be in any sort of dispute.

Assuming at least those 3 exceptions don't apply to your
domain name, your transfer will push thru without a hitch.
Barring any technical hiccups, of course.

Now, the bad news: just as it will become easier to move
your domain name to your new registrar, it becomes easier
for one total unknown stranger to do this without your
consent.

So what must you do to prevent this from happening?

1. Contact your registrar or reseller and ask if they have
a sort of locking feature that prevents domain transfers
from taking place. Most if not all registrars provide this.

If they do, you must log inside your account and activate
it yourself. A friend of mine, though, notified me she
recently got an email from her domain registrar that they
will turn on their locks for all domains on a certain date,
so be sure to read any email from your current registrar
or reseller regarding this.

2. If your domain name doesn't have this lock, check your
domain name's WHOIS contact information (or internal info)
& ensure the email address w/in is correct & only you has
access to it. This is to ensure you receive the email and
follow its instructions on how to deny the transfer.

3. Since ISPs sometimes block legitimate emails from
reaching their recipients, be sure to "whitelist" them. If
necessary, please contact your registrar or reseller and
ask what is their specific email address that'll be sent
to you requesting confirmation or denial of the transfer.

I'll keep you all posted as the date when the transfer
policies takes effect looms near. Meanwhile, please be
sure to inform as many people as you can about this to
prepare for it.

Take care of your domain name/s!

 

[Peter]

But here's the change: whether you receive it or not,
the default result is that the registrar or reseller MUST
release the domain name from their systems & transfer it
to the new one.

surely they cant do this, what happens if you go away for a while or cant get online and someone initiates a transfer, also even if you dont go away as pointed out not all emails get through.

If this is true then it is a very BAD move

 

[Dave_Z]

surely they cant do this, what happens if you go away for a while or cant get online and someone initiates a transfer, also even if you dont go away as pointed out not all emails get through.

If this is true then it is a very BAD move

Tell me about it. It's a good thing, though, that many if not all
registrars now provide a locking feature of sorts to prevent this
from happening.

A friend of mine got an email from NetSol informing her about
this and also told her they'll turn on her domain's "Domain
Protect" feature soon.

This is probably because ICANN got numerous complaints
of failed transfers due to many registrars not letting them
push thru. In essence, ICANN's only doing what many
people are demanding.

For the average consumer, this may appear immediately
as good news. But for those who think long and hard
about something, they'll soon realize the fate that awaits
them.

In any case, the least we can do is inform and educate the
people around us as much as we can.

 

[nub]

whats wrong with the current way :S

 

[Dave_Z]

whats wrong with the current way :S

The current method requires the registrar to send the registrant
or admin contact on record an authorization email asking for
confirmation or denial.

Unfortunately, many people complain that their domain name
transfers don't take place for one reason or another, despite
having followed instructions to the letter and ensuring all transfer
conditions are met.

The new transfer policies ensures virtually a painless way for
domain transfers to finally push thru...with or without approval
from the domain's registrant or admin contact.

Like I said, that means it takes only one total stranger, just
one, to make a transfer request with another registrar and the
registrant or admin contact doesn't do anything to push it thru.

Don't get me wrong, I find this a welcome development. But
like many things in life, every advantage has a disadvantage
as well.

In this case, it's also a double-edged sword. :lala:

 

[AdoptableDomains]

This is a late solution for an old and mostly dying problem. A couple years ago, many registrars made it difficult as possible to transfer a name away from them. Some even delayed until you were too late to transfer and had to renew with them to keep it. Most (not all) have finally realized that bullying customers long term is not a good policy. The good part is that there are now time limits in which registrars must respond to requests for transfers and auth codes.

My fear now is that a transfer will proceed which for some reason got lost in my spam filters. I would rather have a more positive approval of transfers. Some registrars also charge extra for domain locking to prevent this, which could lead to increased costs if others follow. right now its a safety factor, with the new rules it could be the first line of defense.

I would like to see all domains go to auth codes and require that auth codes be available from online domain control panels.

 

[Dave_Z]

I would like to see all domains go to auth codes and require that auth codes be available from online domain control panels.

I agree, although it won't be surprising if VeriSign will fight tooth
and nail to prevent this.

Would any of you know, by the way, if switching to an auth-code
system (like .ORG when VeriSign turned over the Registry to PIR)
would also turn that Registry from thin to thick?

 

[Anthony]

So now all a domain hijacker will have to do is pay for a transfer of an unlocked domain and it will be automatically transferred there without notification? Yeah, sounds like a *great* improvement...

 

[Dave_Z]

So now all a domain hijacker will have to do is pay for a transfer of an unlocked domain and it will be automatically transferred there without notification? Yeah, sounds like a *great* improvement...

Unfortunately this is probably due to numerous customer complaints
about their transfers not pushing thru despite following transfer
instructions to the letter and registrars still denying them.

ICANN's simply doing an old business & media adage: give what the
public wants. :bah:

Look on the bright side: if the domain name owner's smart and does
reject the transfer, the hijacker loses money. :lol:

 

[Peter]

Look on the bright side: if the domain name owner's smart and does
reject the transfer, the hijacker loses money. :lol:

I should imagine it would be refunded or be used for the next transfer

 

[stjjchs]

well there are always pros and cons to everything

 

[MissFlora]

Don't look good to me at all. What lock unlock? This is an added burden to resellers. Who will be able to "lock" their few hundred domains one-by-one? And what if one happen to be unlocked? So that stranger can literally transfer domains without any intervention between both registars? This is no good. Why do we need to secure our domains with our registars in the first place when they cannot even secure our domains? Auth codes still works best, and somehow, most major registars do have their ways of making transfers between registar more efficient. (Example, enom and godaddy).

 

[mole]

I think what will happen is that most registrars will advise their customers to lock their domains or even auto-lock it themselves to prevent the headaches of explaining thefts to clients.

As a hygiene rule, you should always lock your domains, imho.

 

[MissFlora]

Since this policy will come in effect Nov and there is nothing we can do to change it, I think everyone should start getting used to locking their domains. I'm going to start locking mine now. Aww..another tedious job. Lol.

 

[Dave_Z]

Better safe than sorry. :p

I'll really feel sorry for those who don't know about this, though...

 

[AdoptableDomains]

So now all a domain hijacker will have to do is pay for a transfer of an unlocked domain and it will be automatically transferred there without notification? Yeah, sounds like a *great* improvement...

Not without notification, you should get an email (if it doesn't end up in your spam folder, filtered out, or is looked over). It's just that you only have to ignore or not receive the email for it to proceed, as opposed to now where you generally have to click a link to approve or it automatically declines.

 

[Anthony]

Not without notification, you should get an email (if it doesn't end up in your spam folder, filtered out, or is looked over). It's just that you only have to ignore or not receive the email for it to proceed, as opposed to now where you generally have to click a link to approve or it automatically declines.

Right, I understand that. But, this improvement seems to be the wrong solution. The registrars should be forced to allow transfers, but why do the customers have to suffer possible risk of theft to do so?