Registrar Domain Name Transfer

Registrar Domain Name Transfer

This use to be a very simple process but in recent years steps have been added to prevent numerous abuses.  Unfortunately, we now have a process where registrar’s intentionally hold up legitimate transfers which is the point of this short note.

Recently I received an email from one of my current registrar’s alerting me that all domains would be going up in price from $10.99 to $14.99 in the next 30 days.  This particular registrar has been increasing their price since $5.99 when I began with them.  I don’t use their name servers and simply park the domain with them and delegate to my name servers.  They were inexpensive and convenient so it became my preferred method since they effectively passed on their cost as I was a user of their dedicated hosting servers. They stated the reason they were doing this was to stay competitive and gave a few examples including GoDaddy at $42/year.  I went to GoDaddy and found that a 5 year term was $8.29/year for transferring.  Thank you for telling me that option.

As a result, I transferred all my domains to this other registrar but here lies the point of this article.  To start a transfer I needed 3 pieces of information:

  1. Transaction ID
  2. Security Code
  3. Authorization Code

The first two are sent to the contact on record by GoDaddy and the Authorization Code is available from your current registrar.  That was the easy part.  I am then told I have to wait up to 7 days for my current registrar to release it.  A review from ICANN Policy states the following:

3. Obligations of the Registrar of Record

A Registrar of Record can choose independently to confirm the intent of the Registered Name Holder when a notice of a pending transfer is received from the Registry. The Registrar of Record must do so in a manner consistent with the standards set forth in this agreement pertaining to Gaining Registrars. In order to ensure that the form of the request employed by the Registrar of Record is substantially administrative and informative in nature and clearly provided to the Transfer Contact for the purpose of verifying the intent of the Transfer Contact, the Registrar of Record must use the FOA.

The FOA shall be communicated in English, and any dispute arising out of a transfer request, shall be conducted in the English language. Registrars may choose to communicate with the Transfer Contact in additional languages. However, the Registrar choosing to exercise such option is responsible for the accuracy and completeness of the translation into such additional non-English version of the FOA. Further, such non-English communications must follow the processes and procedures set forth in this policy. This includes but is not limited to the requirement that no Registrar shall add any additional information to the FOA used to obtain the consent of the Transfer Contact in the case of a transfer request.

This requirement does not preclude the Registrar of Record from marketing to its existing customers through separate communications.

The FOA should be sent by the Registrar of Record to the Transfer Contact as soon as operationally possible, but must be sent not later than twenty-four (24) hours after receiving the transfer request from the Registry Operator.

Failure by the Registrar of Record to respond within five (5) calendar days to a notification from the Registry regarding a transfer request will result in a default “approval” of the transfer.

In the event that a Transfer Contact listed in the Whois has not confirmed their request to transfer with the Registrar of Record and the Registrar of Record has not explicitly denied the transfer request, the default action will be that the Registrar of Record must allow the transfer to proceed.

Upon denying a transfer request for any of the following reasons, the Registrar of Record must provide the Registered Name Holder and the potential Gaining Registrar with the reason for denial. The Registrar of Record may deny a transfer request only in the following specific instances:

  1. Evidence of fraud
  2. UDRP action
  3. Court order by a court of competent jurisdiction
  4. Reasonable dispute over the identity of the Registered Name Holder or Administrative Contact
  5. No payment for previous registration period (including credit card charge-backs) if the domain name is past its expiration date or for previous or current registration periods if the domain name has not yet expired. In all such cases, however, the domain name must be put into “Registrar Hold” status by the Registrar of Record prior to the denial of transfer.
  6. Express written objection to the transfer from the Transfer Contact. (e.g. – email, fax, paper document or other processes by which the Transfer Contact has expressly and voluntarily objected through opt-in means)
  7. A domain name was already in “lock status” provided that the Registrar provides a readily accessible and reasonable means for the Registered Name Holder to remove the lock status.
  8. A domain name is in the first 60 days of an initial registration period.
  9. A domain name is within 60 days (or a lesser period to be determined) after being transferred (apart from being transferred back to the original Registrar in cases where both Registrars so agree and/or where a decision in the dispute resolution process so directs).

Instances when the requested change of Registrar may not be denied include, but are not limited to:

  • Nonpayment for a pending or future registration period
  • No response from the Registered Name Holder or Administrative Contact.
  • Domain name in Registrar Lock Status, unless the Registered Name Holder is provided with the reasonable opportunity and ability to unlock the domain name prior to the Transfer Request.
  • Domain name registration period time constraints, other than during the first 60 days of initial registration or during the first 60 days after a registrar transfer.
  • General payment defaults between Registrar and business partners / affiliates in cases where the Registered Name Holder for the domain in question has paid for the registration.

The Registrar of Record has other mechanisms available to collect payment from the Registered Name Holder that are independent from the Transfer process. Hence, in the event of a dispute over payment, the Registrar of Record must not employ transfer processes as a mechanism to secure payment for services from a Registered Name Holder. Exceptions to this requirement are as follows:

(i) In the case of non-payment for previous registration period(s) if the transfer is requested after the expiration date, or

(ii) In the case of non-payment of the current registration period, if transfer is requested before the expiration date.

Lessons Learned:

Given that my domains are all paid up and in good standing due to the fact of automatic credit card renewal, it is clear my current registrar does nothing and allows the transfer to happen automatically.  That is a disappointing result from a company I have been with since 2003.  What started out as a simple registrar transfer will now become a server transfer as I remove $200/month in dedicated and VPS from this provider. I wonder if the individual that thought increasing the cost $4 per domain per year thought about the side effects of losing leverage with their customers and ultimately their higher paid services given bad customer service.

I keep 3 different service providers for production services given the risk of using these inexpensive hosting solutions and a 4th that I test for a full year to see if its meets our operational guidelines. This was my compromise when I began my transition from cages and collocation in 2001-2006 but wanted to keep the same level if not better availability. I will promote this 4th service provider into the production group and move on.

I did relay this information to the upper management who left an email address about the up coming changes in his customer email blast but that also was a fake and was a simple redirect to support who returned it to me and request I try the billing group.  It would have been better to send the email to /dev/null and not alert me from my perspective as it invalidated the original email.