Revisiting Domain Name Transfer Policies
I came across an old post at the Brian Alvey Weblog regarding the wrongful transfer by Dotster in January of the domain name of longtime ISP Panix, and this post at DomainsMagazine.com:
The panix.com domain was registered with Dotster. According to postings to the NANOG mailing list, Panix contacted Verisign which serves as the definitive registry for .com and .net domain names.
However, Verisign replied that there was little it could do to rectify the situation. "If necessary, Dotster (or Melbourne) is more than welcome to contact us to obtain the specific details as to when the notices were sent and other historical information about the transfer itself," a customer service representative replied to Panix.
One can only expect this sort of thing following the recent ICANN ruling that makes domain transfers all too easy without requiring absolute verification of intent by the current owners. That is, if a transfer is initiated and you don't respond within (as I recall) five days, the registrar must allow the transfer. What if the owner doesn't check email for a week?
Of course, one can only guess that ICANN settled on its ruling because the transfer of domain names from one registrar to another had sometimes been difficult — perhaps notoriously so, in some cases. Fair enough, but the solution to a problem shouldn't cause another problem. At the very least, ICANN should amend its rules to require verification of the domain name owner's intentions with respect to any transfer.
At the time of the ICANN ruling, some of our clients had domains registered with MelbourneIT. My experience when transferring a domain name away from MelbourneIT was that it already followed that type of scenario: you'd get an email stating that a transfer request had been made and that, if you approved the transfer, no action was required and the domain would be transferred to the new registrar within (as I recall) seven days or so. Wow. In my opinion, both MelbourneIT's procedure and ICANN's new ruling are an accident waiting to happen, and so I assisted my clients to transfer all domains registered at MelbourneIT to another registrar. At the very least, MelbourneIT too should amend its procedures to require verification of the domain name owner's intentions with respect to any transfer rather than simply assuming that no response means the owner approves. So should all registrars, if they don't already.
Concurrently, I (rather strenuously)(and more than once) queried GoDaddy as to their policy with regard to the ICANN ruling. As far as I could ascertain, GoDaddy had settled on treating "locked" domain registrations as a signal that the domain name owner did not intend the domain to be transferred. And, heck, all you have to do is to temporarily unlock a domain registered at GoDaddy and GoDaddy's email notification will fairly fly into your inbox.
In my view, domain locking is similar to the precautions taken by U.S. telephone companies to solve the problem of people pestering you by phone to switch phone providers and, regardless of your stated refusal, switching you to another provider. Called "slamming", some (or all?) U.S. telephone providers take the precaution of verifying by recorded telephone conversation that you do not want your telephone service changed without your express approval.
However, it appears that locking domains may not be the end of the problem:
It appears that panix.com had domain locks enabled and somehow the domain was moved without panix' permission from dotster, panix' domain registrar, to another registrar called MelbourneIT.
2 Comments to "Revisiting Domain Name Transfer Policies"
Have your say ...
First-time comments will be held for moderation (but comments are appreciated). Otherwise, just be courteous. If your name is a bunch of keywords, your comment will be deleted. Don't post links unless highly pertinent. Posters must be 16 or older.