ICANN is getting ready to deliver a resounding blow to domain crime, by changing the domain transfer process, once again.
Nine years after the latest rules of domain transfers changed, the new procedure complicates things for domain investors.
No longer will a simple change, such as editing a letter in the name or address or email be considered minor.
Any change to a domain’s contact info would be considered an update that requires the domain registrar to lock it down for 60 days.
Beginning on December 1st, registrars are required to send emails to the registrant to confirm changes whenever they are made; once confirmed, these changes would cause domains to be nontransferable for the following two months.
The implications to domain investors are clear: when selling a domain name, many domain investors would edit the domain’s contact info, then wait for the new owner to transfer it out to the registrar of their choice.
Under the new ICANN domain transfer policy, such edits would lock down the domain for 60 days.
The new approach would thus require either a direct transfer out, or the creation of a new account at the buyer’s choice of a registrar, and the transfer there. The process would lock down the domain for 60 days as well.
It appears that pushing domains between accounts would also lock down the domain, if the source and destination WHOIS info differs in as much as one letter!
Regarding domain crime, the new process requires any edit to be confirmed by the source and destination emails.
However, domain thieves who have taken over control of an email account would still be able to authorize such transfers out. The only benefit is, that the destination email change would lock down the domain for 60 days. This also prolongs the domain recovery process for the legitimate owner’s sake, adding unnecessary frustration.
In addition, the new domain process requires the creation of new email notifications by the registrars. We are certain, that domain cybercriminals will take advantage of this, creating phishing emails. Serial spammers will most definitely add this type of language to their mass, unsolicited email notices as well.
Overall, it feels as if ICANN is attempting to crack down on domain crime with a sledgehammer, as opposed to a surgical instrument. The new domain transfer process will most definitely frustrate many domain investors.
If you plan to do mass edits of your domain portfolio, make sure to do so before December 1st. After that, you’ll be receiving an email to confirm edits for every domain.
Wow is this true? Terrible news and reading behind it.
Reasoning. Terrible reasoning.
Jay – See Transfer Policy (Effective as of 1 December 2016)
The inter-registrar transfer process itself seems not much changed at all.
Whats new is the inter-registrant change (an update of contact name, organization or email): If you update information within the owner or admin handle then the “prior” (current) and “new” (future) registrant (even if they have both the same email address) have to authorize the change. So if you use one handle for hundreds of domains: You can update them all with just ONE authorization!
And the 60 day block after a inter-registrar transfer can be avoided by opting out of it BEFORE the change! So opt out ASAP – so this lock never happens. Which of course makes the entire measure questionable: What is a security measure good for if the bad actors can simply opt out?
So in essence: If you OPT OUT of the 60 day inter-registrar lock at your registrars the ONLY change is that you need to approve are name email changes in handles. Doesn’t seem so bad.
In reality of course many will update some handle data BEFORE a transfer, forgetting to opt out BEFORE the change – and end up stuck for 60 days.
I am also curious how the “bad hombres” with fake or generic privacy email addresses handle this.
I wonder if ICANN will make an exception to transfer back to the losing registrar if a domain is stolen and recovered?
I fear for domains that end up at certain snapnames used registrars like mydomain which often still have the whois info of the old registrant or that of mydomain itself. will be a bit of a mess..
It’s actually a nice added layer of protection, however, I can see where this may get pretty frustrating for the investors that in the quick flip business model and don’t like holding anything very long. It also means that more bulk portfolio buyers will get stuck with renewal fee’s, unable to quick flip any out to help cover what they keep.
In the last month I changed the email address about 3x when I was changing domain names to develop because I wanted to use whois@ for the whois info. Now I know not to change it anymore.