Domain Registrars Should Reset All EPP Codes

Andrew Allemann reported about changes that are coming to domain name transfers, and it is a bit concerning to me. You can read about the new, hopefully temporary transfer authorization process on Domain Name Wire, but this is the part that concerns me:

In many cases, domain name registrars will not be able to get the registrant email address from Whois that is necessary to send a Form of Authorization when someone transfers a domain name to them. As a result, gaining registrars will be allowed to skip the Form of Authorization requirement.” (emphasis added by me).

From what I understand, domain registrars are responsible for generating EPP authorization codes. Each registrar may have its own process for creating them and for updating them regularly or periodically. With the new transfer process coming into play, I think it is very important for domain registrars to reset all EPP authorization codes. If that would be a major inconvenience for customers who are in the middle of a domain transfer, perhaps the EPP codes could be reset for those that were requested more than 30 days ago.

It would appear that someone could possibly use an old EPP code that wasn’t regenerated by the registrar in order to initiate a domain transfer. If the current registrant does not cancel the transfer in the allotted period of time, the transfer will proceed. I am sure many people ignore emails from their registrar. Some probably go to spam and others are probably ignored because the registrant thinks it is a marketing solicitation. Perhaps more savvy registrants will understand that it is a transfer request and simply assume that not confirming the transfer will be enough to stop it. This would be a mistake. Obviously transferring a domain name without permission is illegal, but there are unsavory people who might try to take advantage of this.

I urge all registrars to refresh their EPP codes, perhaps excluding those that were requested in the last 2 weeks or maybe 30 days. This might be an inconvenience for some registrants who are in the middle of a domain transfer, but if that inconvenience can help prevent domain theft, I think it is probably worthwhile.

I also urge registrants to ensure their transfer lock is enabled as this could also prevent an unauthorized transfer.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn

1 COMMENT

  1. Unless, it’s a sale, it would be advisable to renew the domains at the current registrar for the next week/month till this process is more clearly defined or the registrars have got their act together.
    True, this might result in slightly higher renewal fees (probably one of the main criteria’s for a non sale transfer) but safety of domains more important than that I would think.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recent Posts

Most Important Elements to a BIN Landing Page for Domain Sales

3
I've been asked to look at numerous domain name sales landing pages lately. I will generally be happy to take a look if I...

Silver Lining: Dan.com LTO Payoff

11
As you know, GoDaddy is shutting down Dan.com in October. Yesterday, Afternic and Dan launched a "Migration center" to help domain name sellers move...

Stride Funding Rebrands as Clasp with Clasp.com

0
Tim Hargis alerted me about a recent corporate rebrand. A company called Stride Funding, which had previously been funded to the tune of $20...

Hotel Engine Rebrands as Engine with Engine.com

1
In June, with the help of DomainTools, I noticed that the Engine.com domain name was pending transfer and the nameservers had recently changed to...

Div Turakhia is an Investor in Champions League Football Club

1
If you've been involved in the domain name investment space for more than a minute, you know - or at least know of -...