| This 99 message thread spans 4 pages: 99 (  2 3 4 ) > > || |
|ICANN new transfer policies take effect Nov. 12|
Whenever I get any domain name news that can potentially affect ALL domain name owners, I'll be sure to post it.
Some of you may or may not know by now, but the Internet Corporation for Assigned Names and Numbers (ICANN), the governing body charged with overseeing the Domain Name System, has formulated new domain name transfer policies that will take effect on November 12, 2004:
So what does this mean?
First, the good news: it makes domain name transfers simple and painless because you actually don't even HAVE to confirm it anymore!
All you have to do is go to the new registrar/reseller of your choice, follow their instructions on how to create an account with them (be it online for via fax), pay up, then the new registrar/reseller will notify your current one of the impending transfer.
Ideally, the new one will send an authorization email to the email address of the administrative contact based on the domain name's WHOIS record. Whoever has access to that email must either confirm or deny the request.
But here's the change: whether you receive it or not, the default result is that the registrar or reseller MUST release the domain name from their systems & transfer it to the new one.
Standard exceptions still apply, though:
1. Domain must still be paid. Better you do this at least 30 days before expiration. 2. Domain must not be "locked". 3. Domain must not be in any sort of dispute.
Assuming at least those 3 exceptions don't apply to your domain name, your transfer will push thru without a hitch. Barring any technical hiccups, of course. :)
Now, the bad news: just as it will become easier to move your domain name to your new registrar, it becomes easier for one total unknown stranger to do this without your consent.
So what must you do to prevent this from happening?
1. Contact your registrar or reseller and ask if they have a sort of locking feature that prevents domain transfers from taking place. Most if not all registrars provide this.
If they do, you must log inside your account and activate it yourself. A friend of mine, though, notified me she recently got an email from her domain registrar that they will turn on their locks for all domains on a certain date, so be sure to read any email from your current registrar or reseller regarding this.
2. If your domain name doesn't have this lock, check your domain name's WHOIS contact information (or internal info) & ensure the email address w/in is correct & only you has access to it. This is to ensure you receive the email and follow its instructions on how to deny the transfer.
3. Since ISPs sometimes block legitimate emails from reaching their recipients, be sure to "whitelist" them. If necessary, please contact your registrar or reseller and ask what is their specific email address that'll be sent to you requesting confirmation or denial of the transfer.
I'll keep you all posted as the date when the transfer policies takes effect looms near. Meanwhile, please be sure to inform as many people as you can about this to prepare for it.
Take care of your domain name/s!
[edited by: Brett_Tabke at 8:45 pm (utc) on Sep. 13, 2004]
[edit reason] fixed formating [/edit]
Thanks for the post Dave.
|But here's the change: whether you receive it or not, the default result is that the registrar or reseller MUST release the domain name from their systems & transfer it to the new one. |
Is it just me or is this a very poorly thought out way of doing transfer? I am sure domain hijack attempts are going to go up.
Unfortunately that's the biggest implication of
I speculate it's because ICANN has receivednumerous complaints of failed domain transfersfrom many registrars and finally decided totake action.
We'll just have to "wing it". The least we cando, now, is to tell as many people as we knowabout it so they can prepare.
[edited by: Brett_Tabke at 8:45 pm (utc) on Sep. 13, 2004]
[edit reason] first format [/edit]
So if you have a register lock, it will still require for your current registrar to get you to approve the transfer?
|But here's the change: whether you receive it or not, |
the default result is that the registrar or reseller MUST
release the domain name from their systems & transfer it
to the new one.
I'm not seeing that anywhere on the ICANN pages you linked to.
I do see this:
|If you wish to transfer your domain name from one ICANN-accredited registrar to another, you may initiate the transfer process by contacting the registrar to which you wish to transfer the name. This registrar is required to confirm your intent to transfer your domain name using Form GR. If you do not respond or return Form GR, your transfer request will not be processed. |
That last sentence seems to contradict your quote......?
Here's the link: [icann.org...]
And here are the portions you're probably seeking:
"Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default "approval" of the transfer.
In the event that a Transfer Contact listed in the Whois has not confirmed their request to transfer with the Registrar of Record and the Registrar of Record has not explicitly denied the transfer request, the default action will be that the Registrar of Record must allow the transfer to proceed."
div01, with a register lock on, the default response
will be to deny the request and email the registrant
or admin contact that a transfer request was made
but denied because of that lock.
Hope this helps!
[edited by: engine at 2:02 pm (utc) on Nov. 9, 2004]
[edit reason] fixed link [/edit]
Unfortantely, heard of a well known registrar who appears to be planning to take full advantage of a big loophole in that the losing registrar may legally deny transfers if he suspects possible fraud.
All he needs to do is say fraud was suspected (after the transfer fails) as an easy way to keep all domains, and it would seem to be perfectly allowable for him to to that. That is especially true since there is no definition on possible fraud as far as I can tell, and the term seems to be so subjective.
No one could realy prove he did not suspect "possible fraud." He could even say as an excuse that since he markets security heavily he will always suspect fraud. That would even seem to be a potential valid explanation in ICANN's view.
As a result of that obvious built-in way to stop transfers away I really do not value the new ICAANN rules very highly to stop registrar abuse as a way to keep the domains. It is near impossible to "outfox a fox" but ICANN does not realize that.
Due to gaping holes in the rules some unethical companies will take full advantage of them as a way to hold the name hostage and force owners to renew there at a high renewal cost.
This sounds like great news for bad registrars and a lot of trouble for good registrars.
Bad Registrars use misrepresentations to scare registrants (owners) into transferring to them, and then make it very hard to get away from them.
I manage (administrator) over 100 domains for differnt companies. Every couple of weeks I get a call from a customer (name owner) who has just received one of those letters. Most of the owners I talk to think they should transfer the name because of the way the letter is worded, see: [ftc.gov...] I know of many people who have unwittingly transferred their domain name. Most owners are not technical and do not understand the system, the letters from those bad registrars are worded carefully to scare them.
Obviously I will make sure all names I manage are locked, but many people/registrars will not. These new rules sound like they are going to create a lot of trouble.
Hi Davezan, what is your role in this? Do you work for ICANN?
Network Solutions sent out email saying they are locking all domains for existing customers unless they (the customer) wants the lock turned off.
|To further enhance the security of the domain names you have registered with Network Solutions and to protect you against unauthorized or fraudulent transfers, we will activate our free Domain Protect service for all of your domain names beginning October 18, 2004. |
Big news. Domain fraud was already bad. ICANN is increasing their liability profile by promoting negligent behaviour of registrars.
Be sure to lock your domains!
ummmmm...excuse me, some of you are missing the main point here. The new ICANN rules are being greeted by most all domainers as excellent news and is very welcome. ICANN is promoting improved behavior, not worse or negligent.
But some of you are talking like the new rules on transfers is a negative, far from it. As long as your names are locked and at a quality registar the chance of loss is very low.
Perhaps you guys do not realize how so many of us have great difficulty transferring domains to new registrars.
As long as they abide by the new rules it will make it tough for a registrar to deny the transfer away as they commonly do now in an attempt to keep the name and charge a typical high renewal fee.
From my personal experience, this change is a bad thing. I have lost a domain through a fraudulent registrar transfer (and got it back through legal action). I have made registrar transfers in the past with no problems.
I don't think making it easier to steal domain names from the non-technical owners can be a good thing in anyones book. Not very many users will know how to or will choose to ignore (too technical) to lock their domains. What ICANN needs to do is ensure that every registar follows the same rules and utilises the same methods for locking, transferring, passwording and/or email notifications.
Most of the problems I've encountered in trying to transfer a clients domain is the e-mail addresses are from a long dead ISP. I was very thankful to see registrar's at least allowing you to change an e-mail address as long as you know the user name and password to the account. Now as long as you know the user name and password to an account you should be able to transfer it as well. But you shouldn't be able to transfer without the user name and password.
If the user name and password info is forgotten then there should be a standard process of proving you own or represent the owners of the domain name to regain access.
Will this affect .ie or .co.uk domains?
Hey kapow! Actually I wish I am a part of ICANN, then I'll make them see what's really happening!
Kidding aside, I currently can't say how I'm involved here. When the time's right, though, I'll gladly explain all.
This much I can say: I've been working in this business for 3 years (and still counting) and keep abreast of the things going on in the domain name industry, though I'm still learning on other aspects.
For many people, this is good news to them. But for those among you who think long and hard about certain things, you'll also begin to see the implications this will have on all domain name owners.
And to answer a question about whether this will affect .co.uk domain names, I'd say yes, this will affect ALL domain name extensions.
[edited by: tedster at 7:59 pm (utc) on Sep. 13, 2004]
[edited by: engine at 10:18 am (utc) on Nov. 9, 2004]
[edit reason] formatting [/edit]
This is what happens when people don't think ideas through. Unfortunately making things easier on the client often comes at the price of security. How many times do I (and I am sure you) see even relatively simple safe guards override to provide easier access.
Both in the physical and cyber world.
|...implications this will have on all domain |
What do YOU think the implications are for domain owners?
For me, what I think won't matter once the transfer policies take effect. :(
I mention this because, whether you agree or not, majority of the domain name owners out there don't really understand how the domain name system currently works, much
more how the registrars operate.
But if you insist, my view is that domain name owners are now MORE vulnerable or in greater danger of losing their domain names.
We shall see, especially when they go live, the outcome of these new policies. But I won't be surprised if we start seeing more unnecessary problems.
[edited by: engine at 10:19 am (utc) on Nov. 9, 2004]
[edit reason] formatting [/edit]
|And to answer a question about whether this will |
affect .co.uk domain names, I'd say yes, this
will affect ALL domain name extensions.
I don't think it will. ICANN have very little control over how the ccTLDs are run. Nominet have their own dispute policies different to ICANN's UDRP, for instance.
Nominet's site still says this:
|How can I change my registration agent? |
In the first place, you should contact your current registration agent and ask them to move your domain name to the new registration agent....
Are the new rules 'set in stone' or can anything be done to stop ICANN doing this?
PROBLEM (dangerous loop hole)
1.) The current Registrar does not lock names.
2.) A bad registrar CHOOSES not to send an authorization email to the email address of the administrative contact (or makes it too complicated to follow).
3.) Failure of the current Registrar to respond within 5 days will result in 'approval' of the transfer."
I have 2 emails this morning from a registrar. On my email I don't see how to decline the request. The only option they give is to click the link. If the link when clicked offers a 'decline option' I would do it. However, I am worried that the link will be an automatic approval - so I dare not click it.
[edited by: tedster at 11:46 am (utc) on Sep. 16, 2004]
[edit reason] no email quotes, please [/edit]
The email says I must click a link to confirm my email address is working. But then it also says I should click that link to proceed with the transfer process. The email is confusing,
1.) The fact that a bad registrar sent this email means the registrant (owner) has paid them ie has approved transfer. I know that the registrant does not understand what they have done. The registrant has been MISLEAD to think they have only renewed their name.
2.) I (Administrator) am not going to click that link because (from the way their email is worded) it might be an approval link.
3.) The bad registrar can say to the current registrar "The registrant has approved AND the administrator has not confirmed an active email address, therefore transfer!
And that is what can happen now, these new rules look much worse!
kapow, I think I know just what you're talking about. A client of mine was recently drawn in by exactly this kind of deceptive communication - and it often seems intentionally misleading, not just accidentally so.
It's frustrating for me, because I definitely want my clients to be represented as the owners of their own websites, but this makes them more vulnerable. I do ask them not to take any steps around domain names, bill payments for hosting and registration, etc. , without running it by me. Of course, that can get tedious as well, and sometimes clients just have a mind of their own.
What a shame that the copy writers for such scamming don't put their obvious talent to more above-board use.
I get approx one client per week confused about the meaning of those letters from bad registrars. We have sent out warnings and explanations but you know how people don't read that stuff.
The new rules are very scary. I am seriously thinking of making my self the registrant for all domains we manage (100+). Currently we make our customer the registrant (with their addresss etc) we are here to help them not control them.
I have a dim view of those web companies that make them selves the registrant of domains. They do it either because they don't understand the system or because they want to control their customer.
But if the powers that be make the rules so good for the scam artists - they force us helpful companies to do stupid things - like be the registrant for domains.
py9jmas, donovanh, my apologies for the delay in response because I was waiting for the answer to that question from someone from "that group" I recently made contact with. Listed below are his words:
"My understanding is that this only affects gTLDs under XXXX contract. Most ccTLDs do not have the registrar structure that gTLDs do."
The XXXX is in deference to the moderators here.
So I may be wrong in saying that this affects all extensions, and of course I could be even more mistaken that he's from "that group".
kapow, I don't see anything wrong with making yourself the registrant of your clients' domain names as long as you're honest, of course, in dealing with them. If it helps them, why not?
[edited by: engine at 10:20 am (utc) on Nov. 9, 2004]
[edit reason] formatting [/edit]
Followup: my apologies to everyone about my so-called "contact" with "that group". I was mistaken after we exchanged a little info about each other.
He's able to maintain some communication with them. But even so, this does not qualify as a direct contact.
Again, I apologize to everyone for this. But as the domain name industry and everything related evolves, I'll keep you guys posted as well.
Thank you for bearing with me.
[edited by: engine at 10:21 am (utc) on Nov. 9, 2004]
[edit reason] formatting [/edit]
Thanks for all the good information. As the Nov 12 deadine approaches, I wanted to bump this thread so it stays in everyone's mind.
Domain locking is a very good thing, and I am very happy that many registrars are now doing this by default. Of course - it is in THEIR best financial interest to retain their customers, as well as helping their customers avoid fraudulent transfers.
So what's to stop people from sending out mass-transfer requests? If that happens, lots of people will be losing their domain names..
I think those that will lose domains, are the ones who don't check their e-mail regularly (forget that vacation!) or where the WHOIS admin contact doesn't match their current e-mail account, or where the registrar fails to send e-mail effectively and concisely. If you're one of those guys, and you're not aware of the changes, you're (potentially) screwed, right?
As for locking domain names... Some registrars are NOT automatically locking domain names *yet*, including GoDaddy, who have a message on their website telling everybody to do it themselves. But how many people log into their account every x days (more like every #*$! days) ... not many, not everybody are part or full-time webmasters like most of us, very few actually.
By the way, the major TLD's affected by this are:
You can thank verisign/netsol for not having EPP keys yet on .com/.net
Yet another reason I feel their .net registry management contract should not be renewed when it comes due next year.
This area was discussed here [webmasterworld.com...]
Considering how important control of your domain is the domain names section here should be first stop for everyone ....
The most disturbing thing about all this is that you can receive mail in a foreign language which if you don't understand it and therefore dont act upon it ...
Will result in the irrevocable loss of your domain name at any time someone wants to hijack it ...
Whilst the discussions were going on around the ICANN prior to this change this "language" problem was apparently never even envisaged ....
Presumably beacause all the business between registrars is done in English..but all their business with their customers is in their local language ....
Being a "geeky" MBA ( ICANN management ) doesnt make them capable of tying their own shoelaces....
Anyone could have seen this fiasco coming ..
Or maybe ICANN were just too occupied with the money to forget the service part ..
|Failure by the Registrar of Record to respond within five (5) calendar days to a notification |
It's calendar days, not business days! That means not checking your email the day before and after a three day weekend means you can lose your domain. How many will come back from their vacations to discover they no longer own their domain names?
| This 99 message thread spans 4 pages: 99 (  2 3 4 ) > > |