<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body dir="auto">
<div><span></span></div>
<div>
<div><span></span></div>
<div><span>Colleagues -</span><br>
<span></span><br>
<span>Another topic discussed during last week's call, and during our ad-hoc "subteam" on Friday, was the matter of private registrations and Inter-Registrar Transfers. While this subject is certainly less interesting to many when compared against developing
rules for abuse, disclosure, etc., I am confident that rules & standards set for Transfers will be much more important on a day-to-day basis for Registrants. And while there are tons of implementation details to work out, here are some high-level ideals that
can help us move forward in our work.</span><br>
<span></span><br>
<span>Currently, most P/P Services will automatically reject a transfer request. This is the simplest approach, as it ensures that domains managed by P/P services "stay home" with their affiliated Registrar. Also, this method has the added benefit of providing
an additional layer of security against domain name theft/hijacking.</span><br>
<span></span><br>
<span>As some have noted, this also ties a domain name to a specific Registrar. If the only way for a Registrant to take their domain business elsewhere means that they must give up their privacy service (& publish their personal information in WHOIS). For
some Registrants, this would be an unacceptable option. </span></div>
<div><span><br>
</span></div>
<div><span>Also, Registrars are concerned that the required Form of Authorization (FOA) for a domain transfer would be invalid if it this was presented to a P/P Service rather than the Registrant (or Admin Contact). </span></div>
<div><br>
</div>
<div>I think we can structure our work to allow & encourage (but not necessarily require) Registrars and P/P Services to work together to facilitate "private transfers." But some common principles would need to be noted in our Final Report. For example:</div>
<div><br>
</div>
<div>1. Registrars are still free to reject <u><i>incoming</i></u> transfers from any entity, including Accredited P/P Services. This is the status quo, and an important concept in our industry. Otherwise, bad actors (spammers, etc.) would be able to sneak
back in to prohibited registrars using P/P Services.</div>
<div><br>
</div>
<div>2. Registrars can cooperate (operationally & commercially) to allow incoming transfers from P/P Services affiliated with other Registrars, or P/P Services that are independent. This would include some audit-able means to ensure that the transfer was
properly authorized by the P/P Service on behalf of its customer.</div>
<div><br>
</div>
<div>3. As a pre-condition for a "private transfer," Registrars are allowed to require Registrants to either switch to their own P/P Service (if available), or to cancel the P/P Service associated with their previous Registrar. Some fixed window (30 days?)
should be available for Registrants to make this choice.</div>
<div><br>
</div>
<div>I have no illusions that there are tons of gaps/missing details here, but these are just a few ideas to get us on the path towards addressing this issue. I'm hoping that other Registrars on the group will chime in, especially those who spot technical/operational
challenges with this approach. </div>
<div><br>
</div>
<div>And, for comparison of scale, please keep in mind that while we may encounter a handful of abusive/infringing domains each week, the same time period could see tens of thousands of inter-registrar transfers. So it is important that we on the PPSAI not
leave this issue as a loose thread.</div>
<div><br>
</div>
<div><br>
<span>Thank you,</span><br>
<span></span><br>
<span>J.</span><br>
<span>____________</span><br>
<span>James Bladel</span><br>
<span>GoDaddy</span></div>
</div>
</body>
</html>