So I am transferring my domain from one registrar to another. I filled out the forms on the new registrar and wait for the email from the old one. When I get an email from them, it says that only I can authorize the domain transfer. But then it says, "If you did not request this transfer and wish for us to reject it on your behalf, please send a request to <their website>."
Isn't this a little backwards? Shouldn't I have to take action to approve the domain transfer, not take action to reject it? I don't check this email account regularly because of all the spam you get from spammers scraping whois info. I easily can go months without checking it. So really anyone could steal a domain from me if I don't see the email and take action.
Is this normally how it is done? I do have all of my domains locked and I unlocked this domain so I can transfer it. Is that all that is protecting me from getting a domain stolen? I remember doing a domain transfer a couple years ago, and I had to click on a url in the email to approve the transfer.
yes, ICANN changed the rules. No action required to transfer domains. The logic behind it was that the gaining registrar validates who you are before issueing a tranfer. The losing registrar tried to make it hard on you to transfer therefor the transfer policy changed. The policy is a good change.
If you want to protect your domains, just place your names on lock. Then you will need to remove the lock before trying to transfer. This is much better then jumping through hoops trying to transfer.