Why the new policy is in place and what it means for you.
Last Friday I wrote about how Go Daddy had put into place a way to remove the dreaded 60 day transfer lock activated when you make a change to the registrant name on a domain name at the registrar.
Over the weekend I looked at comments on that post and re-read ICANN’s new inter-registrar transfer policy. Here’s what the policy has to say about this sort of transfer lock (3.6):
Express objection to the transfer by the authorized Transfer Contact. Objection could take the form of specific request (either by paper or electronic means) by the authorized Transfer Contact to deny a particular transfer request, or a general objection to all transfer requests received by the Registrar, either temporarily or indefinitely. In all cases, the objection must be provided with the express and informed consent of the authorized Transfer Contact on an opt-in basis and upon request by the authorized Transfer Contact, the Registrar must remove the lock or provide a reasonably accessible method for the authorized Transfer Contact to remove the lock within five (5) calendar days
.
This paragraph seems to be inserted in large part due to Go Daddy’s controversial lock. When you change the registrant/organization name, Go Daddy makes you opt-in to an “express objection to the transfer”. The new rules require registrars to provide a way to remove this lock within 5 days. That’s what Go Daddy’s new policy, which allows you to send an email to request to unblock the transfer, does. This paragraph essentially validates Go Daddy’s process but also requires a way to remove the block.
For its part, Go Daddy Director of Policy Planning James Bladel said this of the reasons for the change:
Feedback from our customers and others in the industry, along with new ICANN policy, prompted us to take a fresh look at the practice. We came up with a number of options, but in the end, the “Review & Remove” option was the best approach to guard against hijacking while providing flexibility to our customers.
But there’s a catch to the transfer removal. Officially, if Go Daddy removes the transfer block, it will revert the registrant/organization name on the domain back to the previous one. This might help get the domain name back in the event of a theft. But it also creates a problem if you’re trying to transfer the domain after a legitimate sale.
Here’s an example based on Elliot Silver’s comment on my previous article:
Andrew sells Elliot ElliotsLuckyDay.com for $1,000. I push the domain to his account within Go Daddy. Then, Elliot flips the domain to Frank Schilling for $50,000 a couple weeks later. Frank wants the domain transferred to his own registrar. Elliot can request that Go Daddy remove the transfer block in order to transfer it, but then my name would show up as the owner of the domain again.
Practically speaking the domain could still be transferred as the administrative contact and email address is still Elliot’s. But it could create headaches showing me as the owner when Elliot is transferring the domain.
I brought up a similar scenario to Go Daddy. Here’s what Bladel had to say:
There are many scenarios that are going to require a closer look. For this reason, requests sent to the Review60 (at) GoDaddy.com email address will be reviewed by a team that has the ability to remove the lock if there are no indications of domain name hijacking.
In other words, it seems that the company will work with you in these cases. Practically speaking, I think Go Daddy has been approving such transfers for a while depending on the circumstances. But now there’s a formal channel for doing it.
If anyone has trouble removing the transfer block in this same scenario in the future, let me know.
I will continue to transfer out domain names that I buy in the aftermarket when they are registered at Go Daddy. To save a few days on the initial transfer, I am not going to take a chance that I will have to beg someone at Godaddy to release a name I bought and own.
Godaddy should look at other registrars that permit transfers out after a Whois change (such as Moniker) and see that it hasn’t led to an uptick in theft.
Allow VIP clients to do this, with minimal review, I mean their are certain accounts where this behavior would be red flagged, but an active VIP domainer account, transferring out 1 single recent domain, on a email/phone call follow-up allow it. It is good for everyone.
@ Ron – I have the added protection service on my account. So if I try to transfer a domain I get a phone call first. I would think with this there wouldn’t be a need for the lock.
The best way to avoid this problem is to not use GoDaddy, which I moved away from years ago to name.com.
mp/m
“I have the added protection service on my account. So if I try to transfer a domain I get a phone call first.”
Well assuming someone has access to your account to get an auth code and do other things what’s to prevent them from changing the phone number on the account? Unless your godaddy rep knows your voice personally. And what if they are on vacation?
@ Larry – nothing’s foolproof. But this is pretty darn good.
I think there’s also a pin # I provided to them that I have to give when they call.
Back in the day by the way Network Solutions, when they were the sole registrar, (pre ICANN) used to require notarized paperwork to change domain registrant ownership.
The notarization thing started after the sex.com issue when that was transferred via a forged faxed memo.
Further to my verbose comment on this issue yesterday, thank you DNW – in particular, “When you change the registrant/organization name, Go Daddy makes you opt-in to an
@Nic
You are right, if you feel the 60-day lock should be lifted, you would send an email to [email protected].
We are reminding our staff of the new policy and making sure our customers are getting treated with the high level of support they are accustomed to.
Thank you for bringing this to our attention.
The Go Daddy Office of the CEO
Wow this is damn confusing, what he said…
Does anyone even care to listen to ICANN, apparently not since they are powerless…
@Andrew
I just looked and I cannot find the T&C or policy wording that you refer to when you say:
“Go Daddy makes you opt-in to an
@ Nic –
Is that term in the most recent transfer policy?
http://www.icann.org/en/resources/registrars/transfers/policy-01jun12.htm
Here’s the way I look at it…
I’ve never been a fan of the 60 day lock. Prior to the latest ICANN transfer policy, it was my opinion that the 60 day lock violated ICANN’s various “clarifications” to registrars about why they could deny a transfer. But there are plenty of loopholes in the policies.
The new Go Daddy lock rule is undoubtedly better than its old one. Before there was no specific process for requesting the lock be removed. Now there is. Also, ICANN’s new policy seems to validate Go Daddy’s policy of locking these domains in the first place.
That said, most registrars I’m aware of do not put this automatic lock on for registrant name changes. If your business is flipping domains (such as Elliot), this could be very cumbersome due to both the delay to remove the lock and that the registrant name reverts to the previous one. (In my business this hasn’t been an issue.)
If you flip domains you have a couple options:
1. Go Daddy has the biggest market share. If your buyers tend to be at Go Daddy, or they are other domainers that understand Go Daddy’s policy, then it’s no big deal.
2. If you tend to sell to people who want domains transferred, and you flip domains within 60 days of buying them, then you should decide if GD is the right registrar for you. The good news is there are plenty of other options out there.
@Ron
Simple version:
GD are required to have people opt-in, to their lock (ICANN rule).
But instead, GD require that people apply to opt-out. Or as Elliot Silver says, beg.
@Andrew @GD CEO
I agree it is an improvement. Of course. Thank you to GD for putting in the work. At least it is now achievable.
But the practicality of the matter is beside the point. I want to enjoy the rights afforded to me by ICANN policy and if GD has a security problem with its business then it should not seek to mitigate its exposure at the expense of my rights. That has always been my issue. Principle.
I should say that in the case of an auction (which is where the name I am dealing with now came from), this is a commercial matter where GD is effectively selling me a name that it took from a former name holder, and GD can therefore dictate whatever terms it likes, eg if I don
Just found this site as I am in this situation now. I helped a friend buy a domain using escrow.com. When I purchased the transfer, I added private registration with domains by proxy. I obtained the domain, then I saw that domains by proxy had all the previous information in it and I had to turn off private registration in order to transfer to my friends account within godaddy. So I changed the info to me and turned off private registration. I don’t recall opting-in when I purchased the transfer. I submitted for a review and they gave me a blanket response and said no…
Thank you for your email. The domain name “xxxxx.com” recently transferred between registrars and as such is locked for 60 days in accordance with ICANN policy. This lock cannot be removed prior to the 60-day timeframe.
Would you have any suggestions? I can give proof that it was a legitmate sale from escrow. com.
Did the domain transfer between registrars or did the whois just change at GoDaddy?
Yes, it changed from the owners registrar to my reseller company at godaddy. Now we wanted to transfer to the owners actual godaddy account. I changed the whois records while in my backend domain tool (really godaddy’s servers) before the transfer was initiated.
If the domain transferred registrars, you’re probably stuck. If it was just a whois change then GoDaddy might approve.
Just fell into this black hole myself. Caveat Emptor. GD needs to make Opt Out/Opt In process very explicit. I had no idea this was in place when I secured my domain name with them. I will not do business with them in the future unless they address this issue.