A step in the right direction but not the end of the walk...
As a summary (see my posts in all other categories) I believe the new transfer policy is a step in the good direction because: - it clearly states who is the responsible authority to initiate and authorize a transfer (this was not the case before) - it gives a list of possible denial reasons, with all others being excluded (this was not clear before) - it gives a way to dispute a transfer formally, puts the penalty on the dispute losing registrar, and clearly involves the registries (this was not the case before) This three points were alone much awaited, and are at the benefice of registrants. The new policy also removes the double acking that was necessary before and which is superflous, since the ``lock status'' is enough by itself for a registrant to be sure to need both to ack at the gaining registrar and do something (remove the lock status) at the loosing one. What should still be made better: - a regular verification system, something not just when a problem comes, but regularly by ICANN or a neutral third party, to make sure that registrars send emails per the policy, records things, give EPP authorization code, and so on... A statistical number of transfers should be checked. This process can be automated for the better part, and results should be publicly available As for the panix.com story, for example, it is today still not know 1) if the domains were on lock (panix.com owner say yes, but the fact that the registry let the transfer happen means no to me) 2) if dotster did send the warning emails and where 3) what did/did not melbourneit precisely do - a clear list of penalties for registrars not following this policy, with levels This may include probation time (no incoming transfers allowed anymore). - having access to emails through whois for the gaining registrar: it is simpler for thick registries, but the problem remains for thin registries ICANN could mandate to all registrars to have a private (reserved for registrars) interface just to access emails for transfer. However this is not so easy in practice, as it can also be abused. Another solution may be for each registrar to maintain specific and dynamic aliases of the form example.com@xxxxxxxxxxxxxxxxxxxxxx where the left part is any domain names handled by the registrar This alias should forward to the admin & owner, and be used only by other registrars. This can also be abused. Attempts in the past to gather registrars together to define something has AFAIK always failed, anyone believing it has much to loose and nothing to gain, when everyone complains about the current state of whois (whose policy should be also amended since for thick registries it does not make sense that a whois is still handled at the registrar, sometimes with *other* information !) - making sure it is possible for a registrant to choose its EPP authorization information, if he so wishes, at registration time, and change it anytime later (hence access it). ICANN or a third party should register domain names with each registrar and regularly check this is the case, at least for the access part. As well as enabling/disabling a lock (which could also be a service offered directly by the registry, if provided with the authorization code). -- Patrick Mevzek . . . . . . Dot and Co (Paris, France) <http://www.dotandco.net/> <http://www.dotandco.com/>