Domain Registrars Should Reset All EPP Codes

Andrew Allemann reported about changes that are coming to domain name transfers, and it is a bit concerning to me. You can read about the new, hopefully temporary transfer authorization process on Domain Name Wire, but this is the part that concerns me:

In many cases, domain name registrars will not be able to get the registrant email address from Whois that is necessary to send a Form of Authorization when someone transfers a domain name to them. As a result, gaining registrars will be allowed to skip the Form of Authorization requirement.” (emphasis added by me).

From what I understand, domain registrars are responsible for generating EPP authorization codes. Each registrar may have its own process for creating them and for updating them regularly or periodically. With the new transfer process coming into play, I think it is very important for domain registrars to reset all EPP authorization codes. If that would be a major inconvenience for customers who are in the middle of a domain transfer, perhaps the EPP codes could be reset for those that were requested more than 30 days ago.

It would appear that someone could possibly use an old EPP code that wasn’t regenerated by the registrar in order to initiate a domain transfer. If the current registrant does not cancel the transfer in the allotted period of time, the transfer will proceed. I am sure many people ignore emails from their registrar. Some probably go to spam and others are probably ignored because the registrant thinks it is a marketing solicitation. Perhaps more savvy registrants will understand that it is a transfer request and simply assume that not confirming the transfer will be enough to stop it. This would be a mistake. Obviously transferring a domain name without permission is illegal, but there are unsavory people who might try to take advantage of this.

I urge all registrars to refresh their EPP codes, perhaps excluding those that were requested in the last 2 weeks or maybe 30 days. This might be an inconvenience for some registrants who are in the middle of a domain transfer, but if that inconvenience can help prevent domain theft, I think it is probably worthwhile.

I also urge registrants to ensure their transfer lock is enabled as this could also prevent an unauthorized transfer.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn

1 COMMENT

  1. Unless, it’s a sale, it would be advisable to renew the domains at the current registrar for the next week/month till this process is more clearly defined or the registrars have got their act together.
    True, this might result in slightly higher renewal fees (probably one of the main criteria’s for a non sale transfer) but safety of domains more important than that I would think.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recent Posts

2024 Global Domain Report Released Today

0
The annual Global Domain Report, produced jointly by InterNetX and Sedo, has been released and is now available to download at no cost. The...

Grok Knows .com

5
Grok is a generative AI chatbot developed by Elon Musk's company, xAI. Grok has been promoted within the X / Twitter ecosystem, and X...

Dynadot Now Offering Cryptocurrency Payments

1
Dynadot just announced that it now offers customers the ability to make payments using cryptocurrency. The offering is made via Bitpay, which supports more...

Sedo to Host .AI Auction

0
.AI domain names have become a popular topic of late. Some of the most popular domain industry auctions these days are the monthly expiry...

Scaffolding Company Gets Industry Matching .com for Under $50k

0
Sedo’s Senior Broker Dave Evanson reported the sale of Scaffolding.com yesterday. The domain name sold for $46,666, and it was the largest domain name...