ICANN new transfer policies take effect Nov. 12

[labrocca]

Old thread but I just read this now while searching for Moniker info on a transfer I had denied for no apparent reason.

Sorry Monte but you have another person here who is doubtful about your companies tactics. You can scream security security security all you want. It's fairly obvious the intention is sales sales sales.

I am having one hell of a time finding where at Moniker it says your transfer policy. You hide it within your user agreement. I see lots of little FAQs and help at the site but when it comes to something that could possibly affect your revenue a bit..well you hide it in section 23 of your terms. Bullcrap.

I emailed you about better pricing but after this thread I am very doubtful I will bother. I will have to email Moniker I guess and let them know I am transferring away and hope it goes through. Luckily I am using namecheap which quickly credits me for failed transfers. I am actually enjoying namecheaps ease of use and interface. Plus I can add credits to the account quickly via paypal...makes it rather simple to do things. I can very quickly register there.

Sorry Monte but I think you have it wrong here and I think instead of changing minds here you should consider fighting with those at Moniker about changing some policies. Locking is enough of a measure for 99% of most domains. If your company is happy getting 1% of it's possible market than that is your loss not mine.

 

[David G]

Let us pray that the new transfer policy will help this terrible situation. Some firms may try to get around it using a loophole and one has already announced that plan if you read between the lines of posts.

 

[Monte]

Labrocca - it nothing but security that we are concerned with....not the $.15 of margin gained on your domain. We treat domains as assets and we do not risk the assets of our customers for one extra step of an email notification in advance of a transfer.

Now that you are in fact considering keeping your domains at Moniker since we have emailed each other, I hope we again put this issue to rest.

 

[GeorgeK]

I'd vouch for Monte on the security angle. For those with high value domain names, security should be one of the top priorities, and I support the ability to block outgoing transfers like that.

Tucows is another great registrar. If I was in the US, I'd also consider AllDomains, given their blue-chip clientele.

Wha's needed is greater rights and representation for Registrants in the ICANN process, although that's like wishing for a miracle....

 

[Dave Zan]

Wha's needed is greater rights and representation for Registrants in the ICANN process, although that's like wishing for a miracle....

Miracles do happen, GeorgeK. k:

On the side, it's good this is "reopened", as the transfer policies are only a few
weeks away. Let's inform as many as we know to prepare for it.

 

[David G]

....Tucows is another great registrar....

Yes, agree Tucows is a good firm. However, as a Tucows Authorized Reseller the lowest WHOLESALE cost they will give is $10/yr. That is much higher than RETAIL costs elsewhere!

So have already moved most of my names outta there and will move the remaining names soon. If you have lots of domains paying that extra 20 to 30% per year adds up to serious money, especially if the lower priced firm has even better extra free features.

When Tucows started out a few yrs ago they were the lowest price high quality registrar, now they are among the highest price quality firms.

 

[Domagon]

Hopefully folks here are consolidating their domains to registrars they can trust and locking their domains.

What I wonder about going forward is how secure registrar-lock really is in regards to preventing transfers ...

Are there any proposals/interpretations of policy allowing/forcing the registry, in particular speaking of Verisign's .COM/.NET, to override the registrar-lock and allow transfers to happen anyways?

Sounds crazy, but if most folks (or more aptly many registrars on the behalf of registrants) are "locking" their domains, it seems at some point there may be a push by some parties to have ICANN implement a policy that disregards/overrides registrar-lock in various transfer situations.

Ron

 

[DaddyHalbucks]

If ACK is the default, please transfer [sex.com] into my account immediately.

 

[Domagon]

ACK will still *not* be the default after Nov-12th. The defult is nothing - so many folks think their registrar account password protects them from bogus transfers ... nope, only registrar lock does that for .com and .net domains; auth codes offer much protection in some TLDs.

Transfers *automatically happen* after 5 days from the time of request for *unlocked* domains if not *explicitedly* ACKed/NAKed before-hand. This is the transfer policy now *and* will remain unchanged.

The Nov-12th policy change focuses on how most registrars have been auto-NAKing transfer-outs unless they had some assurance the transfer-out was legit; each registrar has its own procedure, if any at all. As of Nov-12th auto-NAKing will be strongly discouraged.

So in a nutshell, after Nov-12th most all registrars will simply allow outbound transfers requests to happen automatically with no verification required whatsoever.

Ron

p.s. sex.com is already registrar-locked so ack/nak wouldn't matter - the transfer would fail.

 

[Dave Zan]

So in a nutshell, after Nov-12th most all registrars will simply allow outbound transfers requests to happen automatically with no verification required whatsoever.

And it won't be surprising if complaints about this suddenly multiply faster and
more than rabbits. :-(

 

[Domagon]

True ... and thus the primary effect of the policy change will be that "registrar-lock" will become a customer accessible feature at most registrars - the missing link is that many registrars don't auto-lock domains.

I suspect once the abuse reports start rolling in, many registrars, that don't so already, will rush to lock all domains on behalf of their customers - this should work fine *assuming* their respective customers have the ability to easily toggle the lock on/off as needed.

Registrar-lock has evolved from being intended for use by registrars to lock domains that were unpaid, in dispute, etc to instead being primarily used for transfer security - something it wasn't intended for ... but then, .com and .net in particular, don't support auth codes.

Registrar-lock for use as a transfer security mechanism is a kludge (admittedly a decent one, but still ...). Is there any push by ICANN and/or related parties for implementing auth codes for .com and .net TLDs?

Ron

 

[Nexus]

FRIDAY, FRIDAY, FRIDAY. Lest anyone forgets.

Domain Transfers (and Hijackings) to Become Easier
http://news.netcraft.com/archives/2004/11/09/domain_transfers_and_hijackings_to_become_easier.html

Domain names could become easier to hijack as a change in domain transfer rules takes effect Friday. Under new rules set by the Internet Corporation for Assigned Names and Numbers (ICANN), domain transfer requests will be automatically approved in five days unless they are explicitly denied by the account owner. This is a change from current procedure, in which a domain's ownership and nameservers remain unchanged if there is no response to a transfer request.

This could mean trouble for domain owners who don't closely manage their records. Domains with incorrect e-mail addresses and outdated administrative contact information are at particular risk, as the domain's WHOIS database information will be used to inform domain owners of transfer requests. A non-response becomes the equivalent of answering "yes" to a transfer request, according to the ICANN policy change.

So... check the status on domain names (LOCK them!) in all your portfolios by Thursday night. I'm sure the chaos will be focused, but it will be more than a bit hard to deal with if you lose your name and don't realize it for a month or two.

Don't let THIS be YOU:
http://ad-rag.com/114911.php

~ Nexus

 

[labrocca]

I just see nothing but serious problems coming out of this. Just consider the spam and fishing techniques that could be devised. Imagine getting an email like this:

"Dear XXX we have just recieved transfer notice to move your domain to XXX registrar. This will automatically happen in 5 days unless you login and respond at our site http://fakesitewhichwilljuststealyourlogininfo.com"

UGG...

 

[dotNetKing]

I mentioned this in another thread and there was no comment, as far as I recall.

At the moment, for a transfer to succeed, the new registrar requests authorisation first, and once this has been given, the current (ie old) registrar requests authorisation.

Having thought about it a little, as I understand it, the gaining registrar still needs authorisation from the domain's admin before the transfer can proceed.

It is just the *second* authorisation that will no longer be required.

In fact the enom reseller I'm with has already been following for many months, if not years, this "new" proceedure of notifying that a transfer will take place, without requesting any second authorisation.

I don't *think* we have anything to worry about. But maybe I'm missing something.

Could someone knowledgable comment on this?

 

[Dave Zan]

I mentioned this in another thread and there was no comment, as far as I recall.

At the moment, for a transfer to succeed, the new registrar requests authorisation first, and once this has been given, the current (ie old) registrar requests authorisation.

Having thought about it a little, as I understand it, the gaining registrar still needs authorisation from the domain's admin before the transfer can proceed.

It is just the *second* authorisation that will no longer be required.

In fact the enom reseller I'm with has already been following for many months, if not years, this "new" proceedure of notifying that a transfer will take place, without requesting any second authorisation.

I don't *think* we have anything to worry about. But maybe I'm missing something.

Could someone knowledgable comment on this?

You basically got it right. But as long as your domain name is locked with your
registrar, you won't have much to worry about.

That doesn't mean, though, there won't be a determined effort by someone to
attempt to access your account and turn it off. Bottomline: be vigilant.

Just a few hours left before the new transfer rules take effect, all. Whatever
happens, I love you guys. :-D

 

[seeker]

if someone is savy enough to access your email address, whats to stop them from simply accessing your account and turn lock off???

P.S.

followingthe gernal paranoia, I went ahead to double check that my domains at enom are loked. (they are, but doing it again doesnt hurt).

What's with this message and its implications?

"Note: Domain names following the EPP registry protocol do not support Registrar-Lock (Most TLDs which are not .COM or .NET or .CC). "

 

[Theo]

Maybe registrars like Moniker will now be more appreciated - they confirm each transfer, sometimes by phone.

 

[seeker]

yep....
get ready moniker, here 'we' come

 

[Mr Webname]

So this is what it looks like:-

Attention: xxxxxxxxx xxxxxxx
Re: Transfer of xxxxxxxx.ORG

GoDaddy.com received notification on 11/11/2004 that you have requested a transfer to another domain name registrar. If you want to proceed with this transfer, you do not need to respond to this message. If you wish to cancel the transfer, you must do so before 15-Nov-04.

 

[Nexus]

So this is what it looks like:-

MWN, where was that quote from? Was that fraudulent?
Are transfer code requirements being disregarded?

~ Nexus