Pop quiz: if you get married and change the last name affiliated with your domain registration, will that trigger the new ICANN Transfer Policy? If you have no idea, you are in the majority. If you do not understand how changing your last name constitutes a domain transfer, remember that nothing bureaucratic involves logic. It is about to get messy, so strap in for some important takeaways and a little technical lingo to make you feel smarter.
Historical “Inter-Registrar Transfer Policy” (IRTP) Becomes Domain “Transfer Policy”
The Internet Corporation for Assigned Names and Numbers (ICANN) has formalized its new procedures for domain registration changes. Named the new Domain Transfer Policy, rules will become effective on December 1, 2016. These procedures deal primarily with verification of the party or parties to the changes, their legal competence to authorize the changes, and security confirmation of each step in the process.
Under the present Inter-Registrar Transfer Policy, registrars handled domain changes less formally. Each provider required documentation they deemed necessary to insure the system’s integrity. There has been significant investment in technical support to accomplish transfers.
This standardization promises to facilitate increased automation in domain transfers. ICANN has also set time limits for some steps and mandated record locking after transfers.
Components of the New Domain Transfer Policy
The operations which are the subject of these rules fall into 3 general categories:
- Inter-registrar transfers
These transfers occur when a domain’s registration moves from one registrar to another. In the case of a “holder-authorized transfer,” the gaining registrar’s submission of an “Initial Authorization for Registrar Transfer” and the current Registrar of Record’s “Confirmation of Registrar Transfer Request” to ICANN initiates the process. The registrars are responsible for obtaining ICANN-approved identification for their respective parties. In the case of an “ICANN-Approved transfer,” in which one registrar transfers all of their registrations to another, registrant authorizations are not required to accomplish the transfers.
- Inter-registrant transfers
These refer to domain transfers from one registrant to another. A request from a new registrant, whose registrar obtains authorization from the prior registrant initiates this process. Both parties to the transfer receive security notifications, and when the transfer is complete, the registrar locks the record for 60 days.
- Registrant information changes
These are modifications to the registrant information, such as address, personnel, or email changes, or corrections, that do not reflect a change in ownership. ICANN grants registrars more latitude in securing these transactions, as they have already adequately verified the registrant’s identity.
Beware of Lost Domain Transfer Emails
Whenever any change to the registrant fields takes place, it triggers emails to confirm and approve the revisions. The verification and notification emails will be sent for the following modifications:
- registrant’s first or last name
- organization name
- email address
- street address, city, state, zip, country
Think of the trivial emails that are funneled to your junk folder or lost in space. Now imagine that happening to a message containing a critical link to keep your domain active.
Real World Illustrations
Website design firms commonly register domains for clients. The domain registration may be linked to the design firm until payment is made. When the web firm changes the domain to reflect the client’s information, that transaction qualifies for the new rules.
It is not unusual for a typo or mistake to be made during registration of a domain, such as inputting the wrong zip code or area code. In order to correct the record, the same tedious new practices are required.
On Balance: Some Say Transfer Policy Protects Domains From Mischief, Hackers
Service providers manage domains for clients. They are frequently stored in the provider’s domain account, but contain the client’s details as the registrant. Defenders of the new ICANN Transfer Policy point to shady providers. If the client falls behind on payments, the provider may change the domain registration details, so that it has an asset to secure remittance. This is an arguably reasonable practice, but controversial from the client’s point of view.
Under the new Transfer Policy, such changes will not stick without the client approving the verification emails.
The question is, are there enough instances like that to justify upending the whole domain transfer system?
For those who would like a more detailed understanding of these processes, ICANN has published the new rules in their entirety on its website. For any further questions, please contact FYNE at your convenience.