The Internet Corporation for Assigned Names and Numbers (ICANN) has put into place a new rule which says that if a request to transfer an Internet domain is made, and there is no response made denying the transfer within 5 days, the transfer will be approved and made.
That means that even if there is no response at all the transfer will be made.
This is being translated by some as meaning that if you own a domain, as Aunty owns “theinternetpatrol.com”, somebody else can request that the domain be transferred to them, and if you don’t respond, they will end up as the registered owner of your domain. So, for example, if Mr. Spammer put in a transfer request for theinternetpatrol.com, and Aunty did not respond at all within 5 days, Mr. Spammer would end up owning theinternetpatrol.com.
This, of course, would be insane.
Domain registrars are jumping right on this by telling their customers to be sure to “lock” their domains, which bars third-parties from making transfer requests for the domain. For example, GoDaddy now has this notice up on their website:
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
“From November 8-10, we are sending an email to all domain customers informing you of a new domain transfer policy, enforced by ICANN (The Internet Corporation for Assigned Names and Numbers). This policy dictates that we must honor any transfer requests, even if you do not personally confirm them. To prevent unauthorized transfers, lock your domains. This service is free and takes only a minute.”
However, Aunty has gone to the ICANN site, and read the text of the new rule, and as Aunty reads it, what it really means is that if you, as the registered owner of a domain, want to change registrars, and you send the transfer request and your current registrar fails to respond, rather than your being stuck with your old registrar, you can still transfer your domain to the new registrar of your choice.
In this scenario, it would look like this:
Aunty: “Hello, Yucky Old Domain Registrar? I don’t want to use you as my registrar any more. I want to transfer theinternetpatrol.com over to Nifty New Registrar.
Yucky Old Registrar: [complete silence for 5 or more days.]
Aunty: “Ok, you can give me the silent treatment, but under the new ICANN rules, I can still transfer my domain to Nifty New Registrar.”
Aunty believes that this is a well-intended new rule to aid the people who have been finding their domains being held hostage by recalcitrant domain registrars who don’t want to lose their business, and so they stonewall a transfer request.
That said, it does also mean that it would be possible for a) a nasty person to cause your domain to be transfered from one registrar to the other, and b) for a less than ethical domain registrar to slam you in much the same way that the telephone companies were accused of slamming customers – meaning changing their long distance service from A to B without the customer’s permission.
So, should you lock your domain?
How much do you trust your registrar?
The irony here is that locking your domain means that no third-party can make a transfer request for your domain, meaning that Nifty New Registrar cannot make a transfer request for your domain for you, which could leave your right back in the situation which this rule was, Aunty believes, intended to prevent.
A BetterWhois.com explains locking this way:
This will lock your domain record at the registry level and prevent it from being transferred, modified or deleted by a third party. This feature is very helpful in protecting your name against unauthorized transfers and hijacking.
If your registrar does not offer this feature, consider transferring your domains to one who does. Since a ‘registrar lock’ can also make it more difficult for you to transfer away from a registrar, you should look for a registrar that gives you the ability to automatically unlock your domain names at any time without having to call or e-mail them.
In the final analysis, the best thing to do is to deal only with registrars who have sterling reputations for customer service.
You can read more about this at Netcraft, at BetterWhois.com, and at ICANN.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Ha, Actually no. I’m bored, however, so I googled my name and found that you replied.
Here’s the issue:
a) New company can take the domain based on your ‘word’ that the domain belongs to you. Domains will be hijacked and clicking on microsoft.com, google.com or theinternetpatrol.com will link you to porn sites.
b) Enforce absolute permission for moving of domains. In that case, short of you physically walking into the registrar’s office, they can claim that you aren’t who you say you are and refuse to transfer the domain.
c) Use a Carrier Command model where all domain registrars must respond within a set amount of time to a request. If you decide to move your domain, you request it, and wait. If you are accepted, you get to move it after 5-10 days. If not, you can appeal.
Before you complain about a 5-10 day wait, remember that if I can impersonate you, I can steal your domain for 48 hours or more and you can’t do anything about it.
I don’t work for ICANN, I used to work for people who dealt with moving Tollfree numbers around from carrier to carrier and this same problem exists there. It’s all well and good to while from your point of view, but remember…since this site is theinternetpatrol…that there are malicious people out ther who would be more than happy to screw you over.
Dave Taylor said “Nice writeup. I am constantly amazed at how poorly ICANN is managing the world of domain names, and I’ve been around in the domain world for, um, 15 years or so. ”
I’m constantly amazed at how less than helpful people are.
This is a legitimate way to deal with the issue and closely mirrors the solution that phone companies use to deal with toll and tollfree numbers. Greater minds have spent much longer than your 15 years working on this issue and this method is the best there is. Either post a better way or go back to surfing pr0n.
Thanks for your comment, I guess, ScanIAm. Of course, you can’t even leave a name and Web site reference, so looks like this is more of a drive-by shooting from the hip than anything else. Have you been involved with domain name registrars for all this time, then, or are you an apologist for ICANN?
Slamming probably isn’t going to be a large problem. The gaining registrar must still send the Initial Authorization for Registrar Transfer to the domain holder. If they reject it or don’t respond, the transfer is cancelled. Even if they forged the approval, the losing registrar will still send the Confirmation of Registrar Transfer Request to the domain holder. The domain holder can then deny the transfer. The caveat is if this all happens while the domain holder can’t get to their email or the contact information is incorrect. Then the request would time out and the domain would transfer.
In the end, the lesson is: lock your domain for TLDs that support it.
Nice writeup. I am constantly amazed at how poorly ICANN is managing the world of domain names, and I’ve been around in the domain world for, um, 15 years or so.