“Transfer policy

What elements of the transfer policy need to be reformed? Should registrants have an alternative to their current registrar for the issuing of authcodes and the unlocking of them? Should ICANN or another entity be able to do this?”

YES, YES, YES! There is far too high of conflict of interest if it is up to the registrar to allow an unlock. By the nature of the case, an unlock is for moving AWAY, and what registrar wants the client to do that? This absolutely needs to be performed through a third party, whether it be ICANN or at the level of the registries.

Furthermore, the info leading to that third party would preferably be a compulsory, easy to find item of information on the registrar’s site.

i donot need the future now !!!!!!!!!!!!!!!!!!

when i make renew to may domain name with my registerfly company this domain with registerfly from 2004 and i make every year renew it success but this year tell me failure failure
But now registerfly give my domain to another owner after delete it
i make Backorder to follow up my domain with registerfly
problems but Registerfly company did not make it
and i have all documents frome registerfly copmany you can making sure this is my domain

i need my domain name now?????????????

Access to the ability to Lock and Unlock domain names and to change the Auth Codes is imperative after the Registerfly mess.

One way would be to send them with the ‘welcome’ e-mail to the registrant at the time of registration and at the time of each renewal.

The safest place for them to be is to be with ME!

If they’re mislaid then a long process can be introduced – but better a short one similar to the one we’re supposed to have now. It would be very unfortunate to both mislay the details and have the registrar be unco-operative.

ICANN need to make the RAA or what-ever contract they call it so that ICANN ‘rules’ aren’t curcumvented. Where a registrar and ICANN rules are incompatible, then ICANN rules should prevail.

QUOTE :

ICANN’s President and CEO, Dr Paul Twomey ….. made the following statement ….. “there must be comprehensive review of the registrar accreditation process”
————————————

that’s right, the good starting point would be :
do NOT accredit a reseller (i.e. RF) that have been a target of regular complains by their clients for a very long time

what were ICANN thinking when giving full accreditation to RF ?!
this was at the time ICANN already knew (by its own admission) about many of these problems.

it’s not a secret today (as all know the real reasons) that the only real motivation ICANN had to protect RF for so long, was the get all the money back that RF owed to ICANN at the time.

“This is going to be a key debate at our Lisbon meeting”
————————————–

you know what, there should be just one thing to discuss at your meeting and that is to give the control of domain names back to registrants (the actual people who pay for the service, same people who pay for your business class tickets to fly to Lisbon).

your current policies were designed to give all the power to registrars and that’s the only thing that needs to be changed. we don’t care whether you fix weaknesses in your RAA. if i’m in control of my domain name (and not the registrar) then i don’t care how weak your RAA is, that’s your problem, not mine.

it’s not the registrar who needs to keep our authorization codes away from us, but instead it’s us (the registrants) who need to keep our own authorization codes for our own domain names away from registrars. but somehow ICANN in their wisdom decided it should be the other way around.

Forgive my typo errors, it should of been “registrar to resellers” policy and “registrars pay into an insurance policy”

Thanks.

i have domain names at RF (same as many other people), i’ve never used the protectfly (proxy reg.), the WHOIS shows correctly my name, my email, my residential address. i can provide emails received from RF at the time i registered those domains, proving that i’m the owner, i can provide my ID to show my name and my residential address is identical to WHOIS data for my domain names and yet this is not enough for ICANN to put me back in control of my domain names simply because RF is hiding away from me those authorization codes.

so how could somebody in their right mind design such a process ?!

and if ICANN already agreed this is a wrong process and it needs to be changed, then why can’t i just get a permission to transfer those domain names away from RF without the need for authorization codes ?

As recent events have shown, presently only the registrar holds the records of domain ownership. ICANN demanded (and had some delays in obtaining) that data from RegisterFly, at a point in time when the integrity of it was already questionable.

This is unacceptable. What would happen if an inept registrar managed to lose all of the registrant data?

I suggest ICANN should ask the TLD registries to create and maintain secure private repositories of domain registrant data, including change history for a reasonable time period. Registrars should be required to submit the actual owner data to the repository, while they may continue to offer privacy services for the public WHOIS database.

This would create the technical framework and the basis for ICANN to establish administrative procedures for bypassing the registrar in an event of registrar failure.

A similar system to the UK ccTLD registry’s of allowing different classifications of registrant. This would at least have helped thost that are caught up with the privacy system of ProtectFly.

I have a number of .uk domains and I register as a UK Individual. They (the registry not the registrar) keep my details off a public whois search.

This system has worked well for me, as it seems RFly didn’t change the data in a way that was compatible with the registry and they actually contacted me direct to have the details corrected, even going so far as sending a snail-mail letter with the changes to me made to make the registry entry compatible and a list of domains for the changes to be applied to.

Some plan-of-action needs to be created to assist in the exit of registrants for when registrars are imploding such the case of RegisterFly.

If they are truly generating that many problems and having financial difficulties all around (i.e. paying upstream registrars, ICANN fees, etc.) then they should be at risk in losing it all especially if their support mechanisms are deemed inaccessible for more than a half a week or so (barring any natural disasters but even then they should be prepared for most).

For situations such as this, a third-party, ICANN approved organization should have the technology and oversite in place to assist in the removal of domains from a registrar at the registrants request. For example, if this authority could at my request and upon my proof of ‘ownership’ of the domains transfer my domains to the registrar of my choice, then the mess that is RegisterFly could have been kept to a minimum in terms of ICANN involvement. This authority could have nicely done up web interfaces to automate this process as best as could be with registrar information in place to assist the moving of domains. Also, if this authority were in place, then the mess that follows many a transfer of domains from registrar to registrar could be kept to a minimum and kept to a fairly known set of issues (rather than the numerous that could be the result of the different way the various registrars do business).

I know there was a decentralization of domain management back in the late 90s but like any evolving organization changes need to occur even if it is a step back to centralize certain fuctions of the domain name trade.

Heck, a small group of folks could even be tapped for arbitration situations or other groups that may be involved in such (i.e. cybersquatter situations) could be looped in or such.

It should not be the registrants that have to burn their time, money, and sanity trying to get their domains names out of a registrar that is imploding or that they are unhappy with.

Guidelines and fee limits should be looked into to especially in terms of slightly expired domain names.

A and A

1) NO change should be made to the Auth Code system. The current requirement of providing Auth Code should be enforced

2) All registries should be required to be centralized, like .ORG and .INFO

3) After centralizing the whois at the registry the registry should then be required to provide WhoWAS (historical Whois) going back for at least 2 years.

4) Use of proxy Whois should be terminated. Post Office boxes are cheap espicially given some registrars still charge for proxy whois, not to mention 3rd party services (perhaps via lawyers) is allways possible as well. POB’s demonstrate that other methods of privacy are available. Also, fail to understand how proxy whois prevent them from proving ownership in case of theft of a dishonest registrar. Pure and simple proxy whois is only usefull in a perfect world, and we’re not living in a perfect world …..

What I don’t like about the current system is that the only way you can control your domain is through the independant registrars. If they lie, you don’t get to know about it. RegisterFly has demonstrated this, both with a dodgy whois tool and a misleading renewal method, where paying for multiple years would result in only the first actually being renewed, while RegisterFly held onto the money for later years.

Look at this from the ground up. We have an internet full of domain name servers, cascaded to various levels. To get a working domain name, you have to have it registered into all of them with the correct domain records.

The part of the process I’ve never understood is what a registrar (who is not a reseller) does. Do they contact all the domain name server in the world asking for the changes? Or do the domain name servers contact the registrars?

But more, who controls the domain name servers? If a squatter physically owned one of these servers, could he not simply set the records as he liked, typing in domains both new and existing on the fly?

The underlying problem is TRUST. By the nature of the internet all these bits of the system have to be trustworthy. That applies to house addresses in a similar way too – if a postman, or the post company decides all your mail is going to go somewhere else, or they couldn’t be bothered to deliver it any more how could you stop them? Simply because there is no trust or mistrust – the postal service is a government thing and they’re legally bound to do the job.

Internet companies aren’t as reliable as the postal service (shocking!). It’s better having 865 registrars than 1. If RegisterFly was the company who operated ALL the names on the internet, because they invented it or somthing, then this would have been a total catastrophe. The internet would be dead.

The short term solution is, ICANN needs a bit more power. In situations like RegisterFly (which will need clear definition), they need to be able to obtain customer info even where protected by a whois privacy service. And the auth codes must be included in that.

The auth codes are good as they stop other registrars doing illegitimate things where they have nothing to do with a given name, but here’s an idea: Instead of letting the registrar look after the auth code, let people keep them, if they want. Then people who are serious about protecting their domain can at their option take the code and store it themselves and either it must be legally enforced that the registrar can no longer hold onto the code after that time, or people should be able to change their code through some other means once they have it. If it is technically feasible to implement that in the current framework, that would be a wonderful option. If a registrar acts up, just go somewhere else, give them your own private code, and the domain is moved. Once the transfer is complete, take the code back and change it again.

I hope this is a helpful comment even if the idea is technically difficult to implement.

I strongly disagree that proxy / private registrations should be terminated. It is a very useful service that many people want.

Post office boxes may be a “cheap” solution for domain speculators and others with hundreds of domains, but for an individual owning one or two, the need for an otherwise unnecessary PO box would increase the cost of domain ownership tenfold or more — and those are usually the cases where privacy is most desired.

It is not difficult to maintain a private registrant data repository that is separate from WHOIS. That would provide for both safety and privacy.

I understand what you are saying about the cost of a POB.

That said I personally use a POB to prevent identity theft, in other words make sure nobody can go through my mail sitting in a roadside box. I see the domain privacy issue to be a “modern” issue in many areas of life today.

I think that so long as a third party has control of the whois record that party become the fox guarding the hen house.

Taking the issue to the next step, and has been pointed out by others, if ICANN denied registrars from their “transfer fullfillment” operations (forcing *ALL* non renewed domains to be deleted) then registrars conflict of interest would be greatly reduced and if fact aligned with the registrant making sure they have valid whois to ensure renewal … Transfer fullfillment just *MOTIVATES* registrar to ensure non renewal since transfer fullfillment base price (ignoring auctions) in the industry is *GREATER* than the price of renewal and thus renewals are *NOT* acutally desired for a quality domain name ….

Some registries claim that dropping domains causes there systems excessive overhead ….. And yet the many successful landrushes over the years clearly demonstrate that many ways exists to issue dropping domains with minimal overhead. In fact one need only look at the .ORG registry for a very low overhead system that works great and proves dropping domains do not cause a registry excessive overhead.

“Caveat emptor”.

When choosing a registrar, be careful to study all the rules to a letter. For example: GoDaddy is well-known and reliable registrar, but in its ToS it contains this interesting notice, citing, “Go Daddy reserves the right to terminate Your access to the Services at any time, without notice, for any reason whatsoever”, end of citing.

Methinks, ICANN should review the RAA to follow these rules:

1. Registrars may not apply anyrules contradicting ICANN RAA and related regulations. All the ’services termination’ with respect to domain names must follow the universal strictest rules, mandatory for all the registrars.

2. Privacy must be granted to whoever wishes that. Thus, services like ‘Domains by proxy’ must be legal. If the registrant identity should be disclosed, there should be strict and unambiguous rules for that. registrar may not reveal any private info “in its sole discretion”

3. Cybersquatters and linkfarms should be dealt with. The majority of domain names are in cybersquatters (read: criminals) hands. There should be ‘decent use’ or ‘proper use’ rule (I know it’s hard to figure out) thus preventing the practice to buy domains with the only purpose of selling them.

4. More .TLDs should be introduced. The popular TLDs are quickly losing valuable names. ICANN shouldn’t be too slow. Also, ICANN should not allow events like those in case of .EU landrush phase to happen again – when dozens of bodus registrars have apepared, with the only purpose of taking many namees to resell it to those actually looking for them.

Many things to cope with. I wish ICANN luck.

I agree. The Canadian model (or UK one) that doesn’t require Auth Codes should be looked at closely. I would outlaw PO box addresses for domain registration.

The UK model of registry allows for private individuals to keep their information (except name) off the Whois searches available to the public.

I think the physycal address need be available for a money . I am seeking some persons for some legal processs, and they use info to hide. If a register get the info previous id and explication and 3 USD for the person who need it, can file that data, and the reasons to request.

Argentina use too a non AUTH CODE method, but mexico function very well too in a password by mail basis, with link to confirm the transaction.

I am a strong believer in separation of powers. And I also got personally burned by RegistrarFly debacle loosing several domains because i couldn’t get auth codes to transfer they wouldn’t renew even though i paid. Despite all this i don’t think ICANN should or needs to worry about quality control of registrars. Let market sort itself out. But for market to be able to do this there has to be a free flow of goods i.e. domains. The problem with RF is that by nature of the system they were able to create a barrier and prevent people from moving to a decent registrar.

Registrar transfer mechanism should not depend on the goodwill of registrars. As Tim G. points out, there is economic incentive for registrars to interfere with out-transfers. Most do it subtly by making the process difficult and time consuming in hopes of discouraging the customer. Many of them hide auth codes, unnecessary layers of confirmation, detailed FAQs on in-transfers but no mention of out-transfers, etc. One of them, namely 1and1, requires you to opt-out of domain renewal by logging into a website separate from your hosting account (cancel.1an1.com), then confirm cancellation order via email, and lastly by requiring you to send a signed fax. While there is a rational to some of these practices on security basis – such as preventing domain hijacking – i feel a lot of registrars make the process unduly difficult simply to discouraging customer migration.

If there is a lesson to be learned from RegistrarFly meltdown, it is this: The customer should be empowered to transfer without the need to get approval from outgoing registrar. Therefore, the transfer approval process should be between the customer and unbiased entity, such as the TLD Registry. (Since Registry doesn’t care what registrar customer uses, there is no incentive for them to make things unnecessarily difficult). I propose that upon new domain registration (and transfer to another registrar) Registry issues auth code either directly to admin email to through registrar which should be contractually obliged to pass that information with the registration receipt). Armed with the authcode customer should be able to initiate in-transfer from any registrar and not need approval from the loosing registrar.

For security reasons (in case of theft of auth code) admin email should be notified of any transfer requests and should have ability to opt-out of transfer, again directly with Registry using the authcode to confirm identity, and should be able to request a new authcode be issued to admin email.

While such system move some responsibly from registrars to Registries, ultimately it is in end consumer, ICANN and Registries interest to implement such a system. As we have seen when RF fell apart, the burden of customer support has fallen on your shoulders anyway. The end-customer will embrace the idea of having more control.

Secondly, i don’t think registrar data escrow is a realistic solution. First of all it will require enormous resources from ICANN and from each registrars to keep data in synch. Secondly it will be strongly opposed by various constituency on grounds of privacy. In other words, both the public and registrars will strongly oppose any data escrow plan on both economic and ideological grounds. Besides, even if implemented you ICANN will have huge headaches in following up on end-user requests.

Design a distributed system that empowers end-user and you will solve the bane of another sinking registrar pulling their customers down in the undertow.

Empower end-user with choice and you will have a system that works better and also requires less tinkering on your part. The end-customers will favor registrars with higher quality thus improving the overall quality of the registration system.

Thirdly, ICANN should not and needs not be in the business of rating registrars. This will only server to create controversy. I’ll give you an example. Some governments are clearly better than others. Should UN be in the business of rating governments of member nations? Should US federal government rate the states? Should states rate counties and cities? Such ratings while useful are best left to third parties. What you could do is put out yearly surveys directly to the end users (registrants) and rate registrars on this basis. Actually this could work quite well. It will be useful, legitimate, and will let you off the hook from accusations of playing favorites.

what can i do my domain name with another owner now ????????????
pls tell me m/Paul Levins

>REMOVAL OF REDEMPTION FEE EXTORTION

I’ve wrestled with that one a lot.

I think a penalty should be paid for not renewing a domain if for no other reason than it serves to cause people to warn others to renew their domain “Helps foster education”.

I think the real nefarious part of redemption fee is how it gets combined with transfer fullfillment given a registrar incentive to NOT ensure a registrant renews and then mark up the redemption fee in order to force the domain to auction.

In other words transfer fullfilment should NOT be allowed, all domains should be required to be released and then reregistered. Doing this then puts pressure on registrars to LOWER the redemption costs to ensure they retain a customer. Tranfer fullfillment has turn the registrars against registrants, it needs to be stopped.