Domain Registrars Should Reset All EPP Codes

Andrew Allemann reported about changes that are coming to domain name transfers, and it is a bit concerning to me. You can read about the new, hopefully temporary transfer authorization process on Domain Name Wire, but this is the part that concerns me:

In many cases, domain name registrars will not be able to get the registrant email address from Whois that is necessary to send a Form of Authorization when someone transfers a domain name to them. As a result, gaining registrars will be allowed to skip the Form of Authorization requirement.” (emphasis added by me).

From what I understand, domain registrars are responsible for generating EPP authorization codes. Each registrar may have its own process for creating them and for updating them regularly or periodically. With the new transfer process coming into play, I think it is very important for domain registrars to reset all EPP authorization codes. If that would be a major inconvenience for customers who are in the middle of a domain transfer, perhaps the EPP codes could be reset for those that were requested more than 30 days ago.

It would appear that someone could possibly use an old EPP code that wasn’t regenerated by the registrar in order to initiate a domain transfer. If the current registrant does not cancel the transfer in the allotted period of time, the transfer will proceed. I am sure many people ignore emails from their registrar. Some probably go to spam and others are probably ignored because the registrant thinks it is a marketing solicitation. Perhaps more savvy registrants will understand that it is a transfer request and simply assume that not confirming the transfer will be enough to stop it. This would be a mistake. Obviously transferring a domain name without permission is illegal, but there are unsavory people who might try to take advantage of this.

I urge all registrars to refresh their EPP codes, perhaps excluding those that were requested in the last 2 weeks or maybe 30 days. This might be an inconvenience for some registrants who are in the middle of a domain transfer, but if that inconvenience can help prevent domain theft, I think it is probably worthwhile.

I also urge registrants to ensure their transfer lock is enabled as this could also prevent an unauthorized transfer.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn

1 COMMENT

  1. Unless, it’s a sale, it would be advisable to renew the domains at the current registrar for the next week/month till this process is more clearly defined or the registrars have got their act together.
    True, this might result in slightly higher renewal fees (probably one of the main criteria’s for a non sale transfer) but safety of domains more important than that I would think.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recent Posts

Escrow.com: 2025 Master of Domains

0
Escrow.com announced the winners of its 2025 Master of Domains awards. The awards are typically given out during NamesCon, but the conference isn't being...

Odyssey.com is Braden Pollock’s Largest Domain Name Sale

0
Andrew Miller from Hilco Digital Assets announced that his company oversaw the sale of Odyssey.com on behalf of Braden Pollock. According to the LinkedIn...

$50k .AI Sale is Now Just Noteworthy

3
Tim Hargis alerted me to a LinkedIn post by Kushal Byatnal announcing that his company, Extend, had acquired the Extend.ai domain name for $50,000....

How I Choose LTO Length

2
I've been a big fan of lease to own deals for quite some time. Before Dan.com existed, I had several LTO deals, but they...

Kickstart Acquires Kickstart.com

1
Rob Schutz, who made an Ask Me Anything appearance with the ICA yesterday, announced the Kickstart.com domain name was acquired by a company called...