Registrars continue to violate the ICANN transfer policy
8 comments
One of the most frustrating things we deal with is helping customers transfer domain names from other “registrars” (domain name companies) to us. To do this, we ask the old company to release the domain name, and they then have five business days to either release it or reject the transfer.
There’s an obvious potential conflict-of-interest here. An unscrupulous company could easily make more money by rejecting the transfer and forcing the domain name owner to renew it there instead.
Fortunately, this shouldn’t be a problem. ICANN, the organization that controls domain name policy, requires registrars to follow some very specific rules about transfers (here, with an update here). They list nine specific situations in which a transfer can be rejected, explicitly banning other reasons.
For the most part, this prevents arbitrary rejections. However, there are a few registrars that continue to violate the rules. We’ve complained (again and again) to ICANN about this, but they don’t seem interested, so I’ll mention a few problems here.
Register.com is one frustrating company. The ICANN policy clearly prohibits blocking a transfer of a domain name that has expired but not yet been deleted. Despite that, a customer trying to transfer a three-day-expired Register.com domain name told us last week that they flat out refused to give him the necessary code to allow him to transfer — unless he pays them to renew it first. That isn’t the first time we’ve heard this, either.
GoDaddy (and their reseller arm, Wild West Domains) have a different problem. They still block transfers for 60 days after a registrant contact update, even after the ICANN update specifically prohibited doing so. They freely admit it, too. GoDaddy’s Disputes Manager recently told us that blocking transfers for this reason is okay because “It is not necessary to update registrant information in order to transfer a domain name”. That’s irrelevant, of course; domain name owners are legally required to update registrant information whenever it becomes inaccurate, as ICANN’s update makes clear. GoDaddy can’t legitimately block transfers just because someone followed the legal requirement to update their contact information.
We see a similar problem with many transfers from Network Solutions. They often tell their customers that they’ve rejected the transfer “due to potentially suspicious activity in your account”. When customers ask for details, they’re told that the only “suspicious activity” was a recent contact update. Again, this is exactly what the policy prohibits.
GoDaddy and Network Solutions claim they’re protecting registrants by implementing these security measures, as if a recent contact update is a reliable sign of malicious activity. But many registrants update all their contact information just before they transfer their domain name to make sure the transfer approval notices reach their current address. They just don’t think about until then. It’s perfectly normal.
In addition, the “security measures” probably don’t work anyway. Surely by now any competent domain name thief knows not to update the registrant contact until after they’ve transferred the domain name to another registrar, thus bypassing the “security” completely.
While the GoDaddy and NSI efforts almost certainly have blocked some fraudulent transfers, so would a rule saying “you can’t transfer domain names during months that contain an R”. What really matters is how many legitimate transfers are also blocked. We’ve been on the receiving end of many blocked transfers, and we always try to push the other registrar to provide details about the “security problem” — I’ve spent literally days of my time doing this over the last two years. In every single case, the attempted transfer has turned out to be legitimate.
If GoDaddy and NSI wanted to prove they were protecting registrants, they could share some statistics about how many of the blocked transfers eventually get completed later anyway, vs. how many of the blocked transfers result in complaints or actions by registrants to block future transfers (such as authorization code changes) . We’re pretty sure the former vastly outweighs the latter.
Of course, they won’t share those statistics, because that would reveal how many domain name owners they’re inconveniencing. Instead, they’ll just continue to flout the ICANN transfer rules, and ICANN will continue to do nothing.
Here’s our pledge to our customers: We’ll always abide by the letter and spirit of the ICANN transfer policies. If you want to transfer your Tiger Technologies domain name elsewhere, we’ll help you, not hinder you. In fact, we’re one of the few companies that publicly explains how to do it. We value your business, but we’ll never force you to stay with us against your will.
(And by the way, we’re not ignoring security, either. Every domain name transfer gets reviewed by a real person here, and if we see anything unusual, we’ll send you an e-mail message and/or give you a call to find out what’s really going on.)
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a comment on the bottom of this page.
on Wednesday, July 22, 2009 at 3:09 pm (Pacific) Mike Rodenbaugh wrote:
ICANN’s GNSO Council has commissioned a Working Group to examine these issues, the group is kicking off in the next couple weeks. All volunteers and information are welcome to be submitted. Requests to participate in the group (or merely lurk on the list) should be sent to glen@icann.org.
on Wednesday, July 22, 2009 at 5:03 pm (Pacific) Tim Rowe wrote:
I think they continue to *flout* the ICANN transfer rules, not flaunt them.
on Wednesday, July 22, 2009 at 5:18 pm (Pacific) Robert Mathews wrote:
Tim — Heh, you’re absolutely right. I even know the difference, so I shouldn’t make that silly mistake. Fixed. Thanks!
on Wednesday, July 22, 2009 at 6:29 pm (Pacific) Jordan Bunnell wrote:
I’ve been on the receiving end of the ways of Godaddy. Register.com, I wanted to forward my domain as temporarily moved, but unless I pay $49/year they insert register.com ads on the forwarded site! I’m definitely interested in your services and absolutely appreciate your article!
on Thursday, July 23, 2009 at 1:19 am (Pacific) Lori wrote:
I can’t believe anyone is still using GoDaddy.com. They’ve got to be the worst registrar on Earth. How do companies like this stay in business when their customer service reputation is so universally horrible?
on Thursday, July 23, 2009 at 8:00 am (Pacific) Michael S. Mell wrote:
I have used GoDaddy since I went on the internet two years ago – they were the cheapest registrar going that particular week, and the registration/setup process was relatively painless. Such a shame to hear that a company which has done so well by me is nonetheless an unscrupulous, quasi-criminal enterprise. As a matter of course, I shall do whatever is necessary to identify and switch to a more ethical registrar upon the expiration of my current business arrangement with GoDaddy.
Bummer.
on Monday, July 27, 2009 at 7:19 am (Pacific) William A. McKelligott-- ICANN Contractual Compliance wrote:
Thank you for raising this issue. If you have specific incidents of alleged noncompliance regarding the Transfer Policy, please contact me so I can investigate each complaint and take appropriate compliance action. You can reach me at [address redacted by Tiger Technologies for privacy].
on Monday, July 27, 2009 at 12:51 pm (Pacific) Robert Mathews wrote:
William, I’ll be glad to do so, but just so it’s clear: I’ve sent multiple examples to other people in ICANN’s compliance department, at their request, over the last two years. ICANN staff have acknowledged receiving them and said they’d look into them, but nothing has happened.