[CPWG] Transfer Policy Review Team: Question about the 60-days lock

Thu Nov 18 13:35:08 UTC 2021

Theo

Most ccTLDs are thick registries.
So the registry has the data
The biggest gTLD is .com so the registry doesn’t (and hopefully never will).

Regards

Michele

--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
https://blacknight.blog/
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845

From: CPWG <cpwg-bounces at icann.org> on behalf of Theo Geurts via CPWG <cpwg at icann.org>
Date: Thursday, 18 November 2021 at 12:21
To: Bill Jouris via CPWG <cpwg at icann.org>
Subject: Re: [CPWG] Transfer Policy Review Team: Question about the 60-days lock

[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.
John,

Can you explain the relationship between domain locks for 60 days and attacks using stolen payment details?
A lot of the EU ccTLD registries and other ccTLDs do not have such a 60-day lock and I never saw any issues in relation to stolen payment details. And to be clear, we process a lot of incoming and outgoing ccTLD transfers.

In addition, to drastically reduce domain theft, you have to have a big issue of domain theft first. The current amount of unauthorized transfers complaints is very low as provided by compliance. I suspect domain theft (which is a different bucket) is even lower, though we do not have real statistics. With the exception of IRTP-D, from what I recall dispute providers had a total of 2 cases since 2016.

I do not mind the 60 day lock in the sense that it bothers me. However, as a registrar, I would not mind the option to be able to remove the lock in certain scenarios.

Thanks,
Theo

On Wed, Nov 17, 2021, at 9:25 PM, John McCormac via CPWG wrote:
On 09/11/2021 17:44, Steinar Grøtterød via CPWG wrote:
> Dear all,
>
> At the TPR WG Meeting on Nov 9, 2021, the 60-days locks were discussed.
> The present policy – and the majority of Registry Operators, have a
> 60-days transfer lock after the initial registration of a domain name
> AND a 60-days lock after a successful inter-registrar transfer.
>
> Based on the discussion in the TPR WG, I would like to hear the CPWG
> opinion by asking the following:

Following up on today's meeting:

> 1. Are we in favor of keeping the 60-days lock after the initial
> registration of a domain name?

Yes.
This is still important to deal with issues of reversed creditcard
charges and non-payment. While payments systems have improved, this 60
day lock is still a defence against an orchestrated attack using stolen
payment details.

> 2. Are we in favor of keeping the 60-days lock after a successful
> transfer of a domain name?

Yes.
This is one way of drastically reducing the chances of success for
domain name theft. Domain name thieves generally use multiple registrars
to make it difficult for the registrant to recover their stolen domain name.

> 3. Could the above be optional?

No.
And ICANN Compliance should proactively enforce it.

> 4. Should the Registrant has the option to opt-out?

No.
Do the people who came up with the proposal of making it opt-out for
registrants actually understand the issue of domain name theft/hijacking
and how the thieves transfer a stolen domain name from registrar to
registrar to make it difficult for registrants to recover their domain
name?

On a related issue that came up in the call, Domain Tasting is very
different from registrars simply offering time limited promotions.

Domain Tasting involved registrars simply being set up for the purposes
of tasting and deleting millions of domain names in the five day Add
Grace Period. This exploitation of the AGP spread to retail registrars.
Over approximately five years, over 1 billion (1,000,000,000) .COM
domain names were tasted. The ICANN registry reports were flawed and
incomplete at the time and remained so until 2014. Those of us who were
tracking the issue at a domain name level measured it in worn out
harddrives.

It was only when legal action was taken against a few key registrars and
Google announced that it would not monetise registrations within their
five day AGP period that Domain Tasting took a near fatal hit. ICANN was
stuck in a procastination loop while Domain Tasting was happening but it
was convinced to eventually do the right thing by adding a "restocking"
fee for new registations deleted within the AGP. When that was
implemented, large-scale Domain Tasting stopped. Domain Tasting has
nothing to do with the 60 day locks.

Regards...jmcc
--
**********************************************************
John McCormac  *  e-mail: jmcc at hosterstats.com<mailto:jmcc at hosterstats.com>
MC2            *  web: http://www.hosterstats.com/
22 Viewmount   *  Domain Registrations Statistics
Waterford      *  Domnomics - the business of domain names
Ireland        *  https://amzn.to/2OPtEIO
IE             *  Skype: hosterstats.com
**********************************************************

--
This email has been checked for viruses by AVG.
https://www.avg.com

_______________________________________________
CPWG mailing list
CPWG at icann.org<mailto:CPWG at icann.org>
https://mm.icann.org/mailman/listinfo/cpwg

_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/mailman/private/cpwg/attachments/20211118/ac456b7a/attachment-0001.html>