Latest news of the domain name industry

Recent Posts

Verisign demands 24/7 domain hijacking support

Kevin Murphy, August 6, 2012, Domain Registrars

Verisign is causing a bit of a commotion among its registrar channel by demanding 24/7 support for customers whose .com domains have been hijacked.

The changes, we understand, are among a few being introduced into Verisign’s new registry-registrar agreement for .com, which coincides with the renewal of its registry agreement with ICANN.

New text in the RRA states that: “Registrar shall, consistent with ICANN policy, provide to Registered Name Holders emergency contact or 24/7 support information for critical situations such as domain name hijacking.”

From the perspective of registrants, this sounds like a pretty welcome move: who wouldn’t want 24/7 support?

While providing around the clock support might not be a problem for the Go Daddies of the world, some smaller registrars are annoyed.

For a registrar with a small headcount, perhaps servicing a single time zone, 24/7 support would probably mean needing to hire more staff.

Their annoyance has been magnified by the fact that Verisign seems to be asking for these new support commitments without a firm basis in ICANN policy, we hear.

The recently updated transfers policy calls for a 24/7 Transfer Emergency Action Contact — in many cases just a staff member who doesn’t mind being hassled about work at 2am — but that’s meant to be reserved for use by registrars, registries and ICANN.

Go Daddy’s 60-day transfer lock can now be removed

One of Go Daddy’s most unpopular practices – the infamous 60-day domain name transfer lock – has essentially come to an end.

From today, customers will be able to unlock their domains before the period is up, by contacting a special support team, according to director of policy planning James Bladel.

For many years Go Daddy has blocked domains from being transferred to other registrars if changes have been made to the registrant contact information within the last 60 days.

The company alerts users to the lock before they make changes to their Whois data, but that hasn’t stopped the policy bugging the hell out of domainers and regular registrants.

It’s designed to prevent domain hijackings – something Go Daddy says it does very well – but when false positives occur it often looks like a nefarious customer retention strategy.

“It’s a very effective tool for preventing harm, but it does catch out a lot of folks who want to legitimately change registrant data,” Bladel said.

Under the new policy, if Go Daddy blocks a transfer because of the 60-day lock, registrants will be given an email address to contact in order to appeal the block.

According to Bladel, after a human review the locks will be lifted and the Whois data will revert to its original state, unless the Go Daddy support team suspects a hijacking is in progress.

“The bad guys are not going to call and ask us to take a second look at this,” he said. “The bad guys want it to happen under the radar.”

The changes come thanks largely to a new revision of ICANN’s Inter-Registrar Transfer Policy, which came into effect today and specifies that transferring registrants need to be given a way to remove the locks on their domains within five days.

But Bladel said the way the policy is written gave Go Daddy a lot of leeway in how to interpret it – it could have kept the locks in place as before – but it decided to revise its policy to improve the customer experience.

Go Daddy’s 60-day domain lockdown loophole

Kevin Murphy, September 8, 2011, Domain Registrars

Perhaps the most common complaint of the many leveled at Go Daddy over the years is that it refuses to allow customers to transfer domains to another registrar for 60 days after an ownership change.

The latest person to fire this criticism at the company is tech blogger Scott Raymond, who published a lengthy tirade against Go Daddy and its policy on ZDNet today.

Raymond points out that Go Daddy seems to be in violation of ICANN’s Inter-Registrar Transfer Policy, which explicitly prohibits the rejection of a transfer request due to a recent Whois change.

He’s not alone. Even Andrew Allemann of Domain Name Wire, hardly Go Daddy’s fiercest critic, said as recently as May that he thinks the company is in violation of the IRTP.

With good reason – this April 2008 ICANN advisory seemed to be specifically written with a ban on Go Daddy’s 60-day policy in mind.

But is the company non-compliant? ICANN doesn’t seem to think so.

I’ve tracked down this November 2009 email from David Giza, then ICANN’s head of compliance, in which he describes what seems to amount to a loophole Go Daddy and other registrars exploit.

Giza explains that the 2008 advisory “only addresses mandatory updates to Whois contact information, not a transfer or assignment to a new registrant”.

Registrants are obliged to keep their Whois data up-to-date; that’s what he means by “mandatory”.

Giza’s email adds:

the transfer policy does not prohibit registrars from requiring registrants to agree to the blocking of transfer requests as a condition for registrar facilitation of optional services such as the transfer of a registration to a new registrant.

We understand GoDaddy.com’s 60-day lock is a voluntary opt-in process where registrants are made aware of and agree to the restriction that the domain name is not to be transferred for 60-days following the completion of transfer. As such, this practice is not prohibited by the transfer policy.

In other words, there are “Whois Changes” and there are “Registrant Changes”, and registrars are only allowed to trigger a lock-down in the latter case, according to Giza.

And according to DNW’s reporting on the subject, that’s exactly what Go Daddy continues to do — locking the domain if certain fields in the registrant record are changed.

So the 60-day lock appears to be kosher, at least in the opinion of ICANN’s erstwhile compliance chief. Whether that could change under the department’s new management is unknown.

As it happens, the subject was raised by a recent working group that was looking into revising the IRTP, but it was so contentious that consensus could not be found.

The problem has been bounced down the road. The most recent mention came in this ICANN issue report (pdf, page 14-15).

Anyway, if I lost you several paragraphs ago, the net result of all this seems to be that Go Daddy probably isn’t breaking the rules, but that nobody can agree whether that’s a good thing or not.

The fact that one has to do this much digging into ICANN esoterica just to figure out whether Go Daddy is screwing its customers over isn’t very reassuring, is it?