New registrar won’t have to get positive authorization from Form of Authorization.
A temporary change to the inter-registrar domain name process kicks in later this week due to Whois changes associated with the EU’s General Data Protection Regulation (GDPR).
In many cases, domain name registrars will not be able to get the registrant email address from Whois that is necessary to send a Form of Authorization when someone transfers a domain name to them. As a result, gaining registrars will be allowed to skip the Form of Authorization requirement. This means the new process will work like this:
1. Domain registrant gets an authorization code from the old registrar.
2. Registrant orders transfer at the new registrar and provides the authorization code to the new registrar.
3. New registrar sends the transfer request to the old registrar.
4. Old registrar sends notice to the registrant. If the registrant doesn’t cancel the transfer within five days, the transfer is completed.
The registrant will have to provide Whois data to the new registrar since it can’t be pulled from the existing Whois record.
Eventually, ICANN will have a system in which registrars can get access to Whois data. At that point, the transfer policy will possibly revert to the old policy (or a new transfer mechanism will be put in place).
The policy applies to domain name that are regulated by ICANN, so ccTLDs will not be affected.
The new policy might increase domain thefts. Some registrars are stepping up monitoring and taking other precautions to prevent this.