Comments on proposed Inter-Registrar Transfer Policy advisory

[Tiger Technologies <business@xxxxxxxxxxxxx>]

I'm the president of registrar Tiger Technologies LLC.

I applaud this action from ICANN. Over the last year, many legitimate
registrants have been unable to transfer their domain names to us
because GoDaddy (and more recently Network Solutions) denied transfers
on this arbitrary basis.

GoDaddy claims that their policy is necessary for security reasons, but
that claim is specious. As a smaller registrar that focuses on customer
service, we pursued every one of these cases on behalf of our customers,
and not one of the transfers was fraudulent.

In fact, GoDaddy eventually agreed to release most of these domain names
to us after we complained. But we shouldn't have to argue with GoDaddy
to get a legitimate transfer completed: it's cost us many uncompensated
hours of our time, and we've seen transfers delayed for days or weeks
even in cases where we've been able to help the registrant. In some
cases, legitimate registrants gave up on the transfer and renewed with
GoDaddy against their will because we couldn't resolve it before the
domain name expired. This kind of nonsense is *exactly* what the
transfer policy was designed to stop.

I'm sure GoDaddy can provide a handful of examples where their policy
prevented hijackings, but you could say the same thing about any
arbitrary, restrictive transfer restriction. While it's true that domain
name hijackers are likely to change the contact info before a transfer,
legitimate registrants are likely to do the same.

Many registrants have an outdated WHOIS contact address on file without
realizing it until it's time to transfer a domain name. Because of that,
changing the contact address just before a transfer is one of the most
common things registrants do. Blocking all such transfers because a very
small fraction of them are probably fraudulent is inappropriate.

There is an established policy in place for reversing fraudulent
transfers, and that policy generally works well. Minor changes to better
enforce the existing policy could help prevent the few cases in which it
hasn't worked (for example, registries should be responsible for
enforcing the "only one transfer every 60 days" rule to prevent cases
like the apparent raven.com hijacking) -- but those are just tweaks to
the implementation of the intent of the existing policy, not brand new
restrictions.

In short, the additional transfer restrictions imposed by some
registrars are not justified. The harm these restrictions do to
legitimate registrants far outweighs the rare security benefits.

--
Robert Mathews, Tiger Technologies