Welcome to WebmasterWorld Guest from 22.214.171.124
Whenever I get any domain name news that can potentially affect ALL domain name owners, I'll be sure to post it.
Some of you may or may not know by now, but the Internet Corporation for Assigned Names and Numbers (ICANN), the governing body charged with overseeing the Domain Name System, has formulated new domain name transfer policies that will take effect on November 12, 2004:
So what does this mean?
First, the good news: it makes domain name transfers simple and painless because you actually don't even HAVE to confirm it anymore!
All you have to do is go to the new registrar/reseller of your choice, follow their instructions on how to create an account with them (be it online for via fax), pay up, then the new registrar/reseller will notify your current one of the impending transfer.
Ideally, the new one will send an authorization email to the email address of the administrative contact based on the domain name's WHOIS record. Whoever has access to that email must either confirm or deny the request.
But here's the change: whether you receive it or not, the default result is that the registrar or reseller MUST release the domain name from their systems & transfer it to the new one.
Standard exceptions still apply, though:
1. Domain must still be paid. Better you do this at least 30 days before expiration. 2. Domain must not be "locked". 3. Domain must not be in any sort of dispute.
Assuming at least those 3 exceptions don't apply to your domain name, your transfer will push thru without a hitch. Barring any technical hiccups, of course. :)
Now, the bad news: just as it will become easier to move your domain name to your new registrar, it becomes easier for one total unknown stranger to do this without your consent.
So what must you do to prevent this from happening?
1. Contact your registrar or reseller and ask if they have a sort of locking feature that prevents domain transfers from taking place. Most if not all registrars provide this.
If they do, you must log inside your account and activate it yourself. A friend of mine, though, notified me she recently got an email from her domain registrar that they will turn on their locks for all domains on a certain date, so be sure to read any email from your current registrar or reseller regarding this.
2. If your domain name doesn't have this lock, check your domain name's WHOIS contact information (or internal info) & ensure the email address w/in is correct & only you has access to it. This is to ensure you receive the email and follow its instructions on how to deny the transfer.
3. Since ISPs sometimes block legitimate emails from reaching their recipients, be sure to "whitelist" them. If necessary, please contact your registrar or reseller and ask what is their specific email address that'll be sent to you requesting confirmation or denial of the transfer.
I'll keep you all posted as the date when the transfer policies takes effect looms near. Meanwhile, please be sure to inform as many people as you can about this to prepare for it.
Take care of your domain name/s!
[edited by: Brett_Tabke at 8:45 pm (utc) on Sep. 13, 2004]
[edit reason] fixed formating [/edit]
I've read through it all again and the only way I can it working like you described is this:
If the original email to the Administrative Contact is sent by the Acquiring Registrar rather than the Registrar of Record. If the Registrar of Record is the one sending the email request to the Administrative Contact then clicking on "deny" has no effect if the Registrar of Record is lethargic and does not act within 5 days - the Administrative Contact loses his domain.
If it is the case that the Acquiring Registrar requests the transfer from the Registrar of Record only after the Administrative Contact has clicked "accept" (in the email he got from the Acquiring Registrar) then I have no problem with the Acquiring Registrar getting the domain after 5 days of the Registrar of Record receiving the request from the Acquiring Registrar.
But the wording is ambiguous in that it says: "Your current registrar may also choose to confirm your intent to transfer". This does not make clear that the Registrar of Record may ask for confirmation in addition to what you have provided to the Acquiring Registrar.
So if you get an email from the Registrar of Record without first having received an email from the Acquiring Registrar then that's cause for alarm. This is based on the assumption that it has to be the Acquiring Registrar - and the Acquiring Registrar only - who first contacts the Administrative Contact with a "request to transfer" email.
You contact the registrar...but Nominet domains are not affected because they use IPSTAGs so you have to ask your current IPSTAG provider to change the TAG before a transfer can happen in the first place.
>>Also where is the best place to go to check the who is details to see if they are locked.
try <http://www.allwhois.com/> but also if you want to know the registrar go to <http://www.internic.net/whois.html> and then from there you can jump to the registrar whois which may give you more info than the allwhois site above.
=====In reply to Macro=====
>>If the Registrar of Record is the one sending the email request to the Administrative Contact then clicking on "deny" has no effect if the Registrar of Record is lethargic and does not act within 5 days - the Administrative Contact loses his domain.
But if you don't accept the transfer, it doesn't go back to them for "processing", so what's the problem?
>>But the wording is ambiguous in that it says: "Your current registrar may also choose to confirm your intent to transfer". This does not make clear that the Registrar of Record may ask for confirmation in addition to what you have provided to the Acquiring Registrar.
Yes, true, this isn't clear enough. I believe this only applies if you no longer can access the admin email account, or it's now invalid. You can then manually send proof to the registrar who can then send approval (god know's how) to the new registrar.
>>So if you get an email from the Registrar of Record without first having received an email from the Acquiring Registrar then that's cause for alarm. This is based on the assumption that it has to be the Acquiring Registrar - and the Acquiring Registrar only - who first contacts the Administrative Contact with a "request to transfer" email.
I can't see when you would receive a mail from your existing registrar, it's always going to come from the new registrar.
It's not plain sailing this!
1) A dodgy aquiring registrar in collusion with Malory who wants your domain name
2) Your registrar (of record) being some sloppy company who's automated email system is broke more often than it's working and doesn't offer a REGISTRAR-LOCK feature.
Ok, for sure the aquiring registrar (1) must contact the "Administrative Contact" of the domain before initiating the transfer; but that means squat if he's bent.
So, assuming that said bent aquiring registrar has "imagined" your acceptance to transfer the domain; he then initiates the transfer.
Now this is where the problems starts.
Your ever-so-slightly-useless registrar of record; who's automated email system is broke more often that it's working loses the request to transfer to the ether. 5 days pass, there is no response and Malory has got your domain name.
Er, have you seen their rules on dispute resolution? They say just "if you've got a problem contact the registrar"! And if you don't like them go to another registrar.
Just don't call us, we can't be bothered
If Joe goes to his registrar (registrarA) and says I want to request the transfer of thisdomain.com to my account here.
Does registrarA send an email to the admin contact of the domain - and if they dont get a reply the transfer request is cancelled?
Or does registrarA contact registrarB who has the domain and says there is a request transfer for this domain and then registrarB sends an email to the admin contact and if they don't reply in 5 days then registrarB goes ahead and transfers the domain to registrarA automatically?
Or is it a combination of the 2 somehow?
Please explain the bottom line in layman terms.
It sounded like from everything I've read that the bottom line is that there MUST be some kind of confirmation from the admin contact otherwise nothing happens.
This is what I believe, but I can't say for sure. The ICANN docs read to me that the admin contact is emailed and if nothing is heard, nothing happens. The line "Your current registrar may also choose to confirm your intent to transfer using Confirmation of Registrar Transfer Request." I think is mis-worded because I don't think they can confirm the same document the admin contact is emailed. I'm fairly certain the Registrar doesn't receive that "Confirmation of Registrar Transfer Request" until the admin contact has clicked the link in the mail to them.
It seems many are confused over the new transfer policies. I will do my best to help clarify the issues surrounding it.
Feel free to read it slowly or re-read it if necessary.
There are 3 parties involved in a domain name transfer: the registrant (the registered owner of the domain name), the registrar (the domain name provider who will manage the domain name), and the registry (the authoritative database record holder for a domain name extension).
The burden of transferring a domain name to another registrar first falls on the gaining registrar. The rules require the "Transfer Contact" on record to confirm the request, be it the Registrant or administrative contact depending on the registrar.
The request must be started with them first and fully complied with by the registrant or administrative contact on the domain name's record from the losing registrar in the manner the gaining one sees fit.
So virtually anyone can start the request with the gaining registrar. But the gaining one eventually needs confirmation from the domain's registrant or administrative contact, be it by fax or email.
Assuming the registrant or the administrative contact confirms the request with the gaining registrar, the gaining one will notify the Registry about this. The Registry will then notify the losing registrar about the transfer request.
The current rules require the losing registrar to notify the registrant or administrative contact on record to confirm or deny the request, preferably via email. 3 things can happen:
1. The registrant or administrative contact receives the authorization email and approves the transfer.
2. The registrant or administrative contact receives the authorization email and denies the transfer.
3. The registrant or administrative contact does not receive the authorization email at all.
If no. 2 or 3 occurs, the domain name will not be transferred away from the losing registrar.
When the new transfer rules take effect on November 12, no. 3 will virtually be disregarded. If the losing registrar notifies the registrant or administrative contact on record about this and they don't get even a reply, the transfer will push thru.
Standard deny transfer conditions still apply:
1. Domain name has been registered less than 60 calendar days.
2. Domain name has expired. (currently you can, but the new transfer policies will change that)
3. Domain name is locked for whatever reason, be it manual or by the registrar due to a dispute.
The new policies apply to all generic Top-Level Domains (gTLDs) like com, net, org, info, and biz at the very least. Country code extensions will depend on their respective registries.
All gTLDs can be locked and is currently offered only at the registrar level.
Hope this helps. Feel free to correct or disagree. ;o)
Using the admin contract address, you respond to the authorization mail sent to that address from the NEW registrar.
The OLD (current) registrar says, "Screw you! We're making you pay another $35 to us instead of letting you transfer to that $7 registrar", and ignores the authorization request.
Under the old system, your domain was not transferred.
Under the new system, the NEW registrar says, "Hey the admin contact requested the transfer, the old registrar is ignoring our authorization requests, the admin contact acknowledged our auth notice ... let's do the transfer."
The only weak link here (as has always been) is the admin contact email account. Heaven knows I've been handed hundreds of domains to manage where nobody knows how to collect the admin contact email, and I've had to practically sign my name in blood to change it to a collectable address.
That won't change.
Keep track of your admin contact info, collect the email, make sure it's as hack-proof an email address as you can, and check your domains' contact info at least once per month. It's automatable!
Bottom line: now you do not need to rely on the honesty of a registrar to be able to transfer your domains. You will spend the exact same amount of time on your end of the transfer as you did before. You have the same security as you ever did, And you are more free to take advantage of registration price fluctuations than you ever did.
The way it works for me, for example, is like this:
1) I have a domain registered with, say, SomeRegistrar.
2) I wish to transfer it to MyRegistrar.
3) AS LONG AS THE DOMAIN IS NOT LOCKED, either because the date is within 30 days of the domain expiration or within 60 days of a re/new registration, I can proceed.
4) I go to my account interface at MyRegistrar, and hit the "Add New Domain" button.
5) I indicate the domain name, and "register" the domain with MyRegistrar for however long I wish. (The cost of the new registration is pro-rated to accomodate the amount left on my SomeRegistrar registration. I accept $15/year because I know MyRegistrar will adjust that amount to absorb the $30 still left at SomeRegistrar. Or something like that. They adjust it, is my point.)
6) MyRegistrar sends me an authorization email at the admin contact address.
7) MyRegistrar sends an authorization email to SomeRegistrar.
8) I reply to the email as instructed to allow the transfer.
9) SomeRegistrar does/doesn't reply to the email at all.
Who cares? I requested and authorized the transfer, so MyRegistrar adds the domain to their nameservers, and passes along the paperwork to ICANN and the DNS community.
Aahhh. I take comfort in knowing that if I don't reply to a transfer request my SELF, then it does not go through.
FINALLY I can take that vacation ... :)
<edited for anonymity>
When we receive a request to transfer your domain name to a new registrar, we will still attempt to contact you to confirm that you authorized the request. However, if you do not respond, or are not able to respond within 5 days, your domain name WILL be transferred.
This registrar is not locking domains by default.
It all seems a big mess to me, it's quite amazing that so many "big" companies are stating info relating to the 5 day policy with no real "proof" as it were. It seems to have spiralled from one person's (possibly mis) posting.
But obviously we still have no confirmation either way.
well, tomorrow is the first "day 5" so we'll see if anyone's been caught out or not I guess.
(Bullet Point 3) - "Enabling registrants to transfer their domain names without having to "double-confirm" the transfer once the transfer has been reliably authenticated per the new policy."
That's fairly conclusive that the 5 day issue relates to the registrar, not the admin contact. Also, if anyone's interested "bbc.com" (british broadcasting corporation) is unlocked...it shows (I hope) that they have looked at this and decided the same. I would imagine there are loads of "big corporations" out there with unlocked domains who will be perfectly ok.
The policy is actually stated on the following URL :
The points made are that some registrars may use their own choice of
confirming the admin contact agrees to the transfer which may not always
result in the actual admin contact receiving notification. Normally the
current registrar would then contact the admin contact for a second
confirmation, in the new procedure this will not happen so it is
possible that a domain can be transferred without authorisation for the
...so it is possible that a domain can be transferred without authorisation from the admin contact
...automatically moved if the admin contact doesn't respond within 5 days
Consider the above quotes in conjunction with the spam plague,
- How many spam filters have you seen where legitimate email is marked as spam?
- How may Admin contacts are not going to recieve their transfer request because of bad spam filters (or other reasons)?
How many domains are going to be lost?
Or that they haven't looked at it (BBC Search [bbc.co.uk]) and - like most major organisations - can't look at it till they've formed a committee to examine the issue and make a recommendation to the board (and that's if they are even remotely aware of this news). And these things take years.(
a domain can be transferred without authorisation from the admin contact
This is correct. A transfer request confirmation is sent to the Owner Contact email ... not the Admin. Ever it was thus.
The "5 day" rule does indeed apply only to the registrar FROM whom (not TO whom) the domain is being transferred. Your new registrar can let you have as much time as they like to confirm the transfer request, but once you have done so, the old registrar has 5 days to confirm the transfer request ... a confirmation which is now completely unneccessary ... if the old registrar does nothing to confirm the transfer request, the transfer goes through on your authorization alone.
For instance, I just transferred a few domains from Network Solutions to Melbourne IT. I made my request with Melbourne by registering the domains with them, they sent me (Owner Contact) a confirmation email that gave me 15 days to respond (if I did not respond or responded in the negative, no transfer). I responded in the positive, and shortly after received an email from NetSol. In that email, it noted that to allow the transfer to proceed, do nothing. To quash the transfer, click on the embedded link WITHIN 5 DAYS of the email date. I did nothing. 5 days later, my domains are with the new registrar.
Domain locking is not a security measure, it's a registrar business-retention measure. It adds no significant protection to your domain name, as the transfer authorization process uses your Owner Contact email account for any request. You need to authorize domain un-locking just like a transfer request, unless your registrar lets you unlock or lock using the "secure" online interface to your account ... to which you must be logged in ... securely.
<edit>PS: Just this minute, I received a phone call from Register.com regarding a couple of the domains I was transferring FROM them to Melbourne. They asked why I was transferring, and made a reduced fee offer (which I politely refused). He said, "Well okay then, I'll go ahead and authorize the transfers." to which I replied, "But under the new ICANN rules you really don't need to authorize the transfer, right? It will go ahead with my authorization alone, correct?" He said, "You mean the 5-day rule? You're right, the transfer would go ahead on your sayso alone, but we can help move it along more quickly if we acknowledge the transfer request. Our final bit of customer service for you." Of course, I said, "Thank you."</edit>
For the moment - LOCK all your domains (FWIW), have someone monitor your email if you are going to be away, take extra precautions because - as with anything new - they'll be some who try to exploit it. If your domain is important to you don't rely on other people (like registrars) always doing things correctly. They don't.