ICANN|ARCHIVES

Internet Corporation for Assigned Names and Numbers

Please note:

You are viewing archival ICANN material. Links and information may be outdated or incorrect. Visit ICANN's main website for current information.

Discussion Paper on Transfer of Sponsorship of Registrations Between Registrars

By Elana Broitman, register.com
28 August 2001

REGISTRAR TRANSFERS:
ALLOWING CONSUMER CHOICE BY ENSURING CONSUMER PROTECTION

The Importance of Consumer Protection

The registrar community is the interface between registries and consumers (or registrants). Many registrants do not have a good understanding of the various players in the domain name registration industry, and there have been accusations of misleading solicitations and slamming. It is incumbent on the registrar community to provide minimum levels of consumer protection for registrants.

While many registrars take consumer protection very seriously, there have also been examples of registrars and resellers that do not. Ultimately, consumer protection builds the reputation of the domain name industry, supports ICANN's charge to protect the stability and security of the domain name system, and furthers the registrar community's interest in self-regulation and protection of domain name consumers.

Consumer Choice

At the same time, the registrar market operates best on the principles of fair and open competition and a level playing field. Consumers should be able to work with their registrar of choice. Therefore, while registrars must ensure that transfers are in fact authorized by the Domain Name holders or their authorized representatives, thereby protecting consumers, they must do so in a manner that avoids establishing unreasonable barriers and is designed to promote the goal of implementing the consumers' wishes.

The goal of accurately reflecting consumers' wishes will be best achieved by registrars adhering to minimum standards of transfer authorization, so that such transfer requests can be appropriately authorized.

Diverse Registrar Practices

In working to achieve this goal, it is important to recognize that registrars have a variety of different business models and are located in and service registrants from a variety of markets, with different languages, legal frameworks and cultures. Some registrars rely on direct relationships with registrants, while others predominantly work through ISPs, hosting companies, telecommunications providers or other resellers. Any standards of transfer authorization and verification to be implement across the industry can and should flexibly accommodate these various models in order to promote consumer choice. However, regardless of these differences, all registrars must be responsible for imposing certain minimum standards to ensure proper authorization and consumer choice. The industry's reputation depends on all registrants being treated to an equally high standard of protection.

ICANN Letter to Registry on Registrar Transfer Process

On August 27, 2001, the ICANN Vice President and General Counsel sent a letter in response a letter from the VeriSign Global Registry Services. ICANN published this letter together with a statement regarding Registration Transfer Rules. These documents provide further clarification regarding the treatment of registrar transfers in Exhibit B of Registry-Registrar Agreement ("RRA"). The letter states that

"under the [ "Policy on Transfer of Sponsorship of Registrations Between Registrars" that appears as Part A of Exhibit B of the Registry-Registrar Agreement],the gaining registrar is responsible for obtaining "express authorization from an individual who has the apparent authority to legally bind the Registered Name holder", to "retain a record of reliable evidence of the authorization", and to provide the losing registrar "a copy of the authorization if and when requested." The policy provides that the losing registrar should approve or deny the transfer as appropriate in the circumstances. The policy states four instances in which a transfer may be denied, but indicates that those are only illustrations of a losing registrar's more general ability to deny transfers in appropriate circumstances.

From the language of the policy, it seems apparent that:

1. The responsibility for ensuring that a Registered Name Holder authorizes the transfer lies with the gaining registrar, not the losing registrar.

2. This allocation of responsibility should not prevent the losing registrar, as an additional measure, from seeking to inform Registered Name Holders of impending transfers and affording them an opportunity to express their objection.

3. The allocation of responsibility does indicate, however, that the losing registrar may not deny a transfer request that the gaining registrar has verified merely because the losing registrar has not verified it. Thus, a losing registrar should not deny a transfer request simply because it has notified the Registered Name Holder of the request and has not received a response.

4. The losing registrar may, however, deny the transfer request where it has an adequate reason for believing that the Registered Name Holder has not authorized the transfer. In some instances, the failure of the Registered Name Holder to respond to a notification may form one element of the reason. Because the policy allocates the verification responsibility to the gaining registrar, however, the lack of such a response is not by itself an adequate reason to deny the transfer. Additional elements of an adequate reason may include information relating to the Registered Name Holder (such as prior communications) or the authorization practices followed by the gaining registrar."

The accompanying statement posted by ICANN further states that

>"that letter explains the legal interpretation of the current policy, but also notes that there is a significant opportunity for codes of practice or agreements between or among registrars to promote a more certain, better understood, transfer mechanism."

In the spirit of following up on these statement and letter, we are recommending the following principles for registrar transfers.

Principles of a Registrar Transfer Authorization System

True consumer choice will only be achieved in the context of registrar transfers if registrars uphold minimum standards of transfer authorization and verification, which provide for consumer protection. The current point of debate within the registrar constituency regarding transfer policy centers on what constitutes proper authorization practices on the part of a gaining registrar such that the losing registrar should not deny a transfer request even in the absence of express authorization from its customer.

Attached hereto as Exhibit A is a list of factors to be used in determining whether a registrar maintains proper authorization practices for transfers. Additional factors may be added from time to time based upon discussions within the registrar constituency, but the key is that a gaining registrar must retain and be able to produce a written or electronic copy of reliable evidence of authorization from an individual who has the apparent authority to legally bind the Registered Name Holder that demonstrates such individual's understanding that a registrar transfer is taking place. A losing registrar may verify with a registrant that it is the registrant's intent to transfer its domain name to such gaining registrar.

When a gaining registrar maintains such proper authorization practices, a losing registrar should not deny a transfer request unless it receives an express objection from an individual who has the apparent authority to legally bind the Registered Name Holder. Conversely, when a gaining registrar does not maintain proper authorization practices, a losing registrar should deny a transfer request unless it receives the express authorization from an individual who has the apparent authority to legally bind the Registered Name holder.

Exhibit A

Factors to be used in determining whether a registrar maintains proper authorization practices for transfers

Documentation and Review

Registrars must retain an electronic or written copy of the reliable evidence of transfer authorization and produce such at the request of a losing registrar within five business days of such request.
If the gaining registrar fails to produce such evidence within such time frame, the gaining Registrar must transfer the affected domain name to the losing registrar promptly upon request of the losing registrar.

Form of Reliable Evidence of Authorization

While the Registrar Accreditation Agreement and Exhibit B of the RRA are based on the gaining registrar at minimum obtaining and storing reliable evidence of transfer authorization and such evidence should be written or electronic, the authorization and verification may take a variety of forms in order to accommodate the divergent jurisdictions, cultures, and business models of registrars.

Any of the following provides the minimum standard of what would suffice as reliable evidence of authorization:

Authorization signed by an individual who has the apparent authority to legally bind the Registered Name holder. Such authorization would make explicit reference to the domain name(s) being transferred, provided that a signed master authorization letter separate from an electronic communication with the domain names in question would be acceptable, so long as such signed master authorization letter is also notarized or authenticated by the appropriate equivalent authority This is designed to address the needs of large corporate customers or others with periodic bulk transfer needs.
A copy of the email sent to the administrative contact or registrant by the gaining registrar in reply to or confirming the initial domain name transfer request from such registrant. The language of the reply email should make clear to the registrant that its domain name is being transferred to such registrar. This email must be stored and saved with header information (date and time sent, sender, "to" addressee, etc.). In case of an email authorization, the registrar must also have a copy of an email to such administrative contact or registrant confirming the transfer. Again, the email must make clear to the registrant that its name is being transferred and must be stored and saved with header information (date and time sent, sender, "to" addressee, etc.) The losing registrant must also maintain log files reflecting all transactions with respect to the above transfers, including email addresses, dates, and times, as well as a copy of the whois information for such domain name prior to the transfer for the domain name registration. These emails will provide a minimum standard for ensuring that authorization was received, while still allowing for automated processes.
If an entity is seeking to transfer one or more domain name(s) for which the entity is not the registrant or administrative contact, such as an ISP or other reseller seeking to transfer multiple domain names on behalf of its customers, the gaining registrar must provide the following as reliable evidence of authorization from individual who has the apparent authority to legally bind the Registered Name holder:
- a copy of a transfer authorization agreement or letter signed by the gaining registrar and the reseller initiating the transfer. Such transfer authorization must represent that the entity initiating the indirect transfer has contacted all affected registrants (its customers), and has obtained their express authorization to transfer the subject domain names; and
- either an authorization agreement signed by such reseller and the registrant, or a copy of the emails and log sent and received by the reseller or the registrar, as described in the direct authorization above. The applicable method will depend on the practices of the reseller, but must at minimum contain written or electronic documentation demonstrating that the registrant has been appropriately apprised that a registrar transfer has been initiated on its behalf.