[CPWG] Transfer Policy Review Team: Question about the 60-days lock
Theo Geurts
atlarge at dcx.nl
Thu Nov 18 12:20:36 UTC 2021
John,
Can you explain the relationship between domain locks for 60 days and attacks using stolen payment details?
A lot of the EU ccTLD registries and other ccTLDs do not have such a 60-day lock and I never saw any issues in relation to stolen payment details. And to be clear, we process a lot of incoming and outgoing ccTLD transfers.
In addition, to drastically reduce domain theft, you have to have a big issue of domain theft first. The current amount of unauthorized transfers complaints is very low as provided by compliance. I suspect domain theft (which is a different bucket) is even lower, though we do not have real statistics. With the exception of IRTP-D, from what I recall dispute providers had a total of 2 cases since 2016.
I do not mind the 60 day lock in the sense that it bothers me. However, as a registrar, I would not mind the option to be able to remove the lock in certain scenarios.
Thanks,
Theo
On Wed, Nov 17, 2021, at 9:25 PM, John McCormac via CPWG wrote:
> On 09/11/2021 17:44, Steinar Grøtterød via CPWG wrote:
> > Dear all,
> >
> > At the TPR WG Meeting on Nov 9, 2021, the 60-days locks were discussed.
> > The present policy – and the majority of Registry Operators, have a
> > 60-days transfer lock after the initial registration of a domain name
> > AND a 60-days lock after a successful inter-registrar transfer.
> >
> > Based on the discussion in the TPR WG, I would like to hear the CPWG
> > opinion by asking the following:
>
> Following up on today's meeting:
>
> > 1. Are we in favor of keeping the 60-days lock after the initial
> > registration of a domain name?
>
> Yes.
> This is still important to deal with issues of reversed creditcard
> charges and non-payment. While payments systems have improved, this 60
> day lock is still a defence against an orchestrated attack using stolen
> payment details.
>
> > 2. Are we in favor of keeping the 60-days lock after a successful
> > transfer of a domain name?
>
> Yes.
> This is one way of drastically reducing the chances of success for
> domain name theft. Domain name thieves generally use multiple registrars
> to make it difficult for the registrant to recover their stolen domain name.
>
> > 3. Could the above be optional?
>
> No.
> And ICANN Compliance should proactively enforce it.
>
> > 4. Should the Registrant has the option to opt-out?
>
> No.
> Do the people who came up with the proposal of making it opt-out for
> registrants actually understand the issue of domain name theft/hijacking
> and how the thieves transfer a stolen domain name from registrar to
> registrar to make it difficult for registrants to recover their domain
> name?
>
>
> On a related issue that came up in the call, Domain Tasting is very
> different from registrars simply offering time limited promotions.
>
> Domain Tasting involved registrars simply being set up for the purposes
> of tasting and deleting millions of domain names in the five day Add
> Grace Period. This exploitation of the AGP spread to retail registrars.
> Over approximately five years, over 1 billion (1,000,000,000) .COM
> domain names were tasted. The ICANN registry reports were flawed and
> incomplete at the time and remained so until 2014. Those of us who were
> tracking the issue at a domain name level measured it in worn out
> harddrives.
>
> It was only when legal action was taken against a few key registrars and
> Google announced that it would not monetise registrations within their
> five day AGP period that Domain Tasting took a near fatal hit. ICANN was
> stuck in a procastination loop while Domain Tasting was happening but it
> was convinced to eventually do the right thing by adding a "restocking"
> fee for new registations deleted within the AGP. When that was
> implemented, large-scale Domain Tasting stopped. Domain Tasting has
> nothing to do with the 60 day locks.
>
> Regards...jmcc
> --
> **********************************************************
> John McCormac * e-mail: jmcc at hosterstats.com
> MC2 * web: http://www.hosterstats.com/
> 22 Viewmount * Domain Registrations Statistics
> Waterford * Domnomics - the business of domain names
> Ireland * https://amzn.to/2OPtEIO
> IE * Skype: hosterstats.com
> **********************************************************
>
> --
> This email has been checked for viruses by AVG.
> https://www.avg.com
>
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/mailman/private/cpwg/attachments/20211118/9a040be6/attachment.html>
More information about the CPWG
mailing list