Improving the Inter-Registrar Transfer Policy

["Jordyn Buchanan" <jbuchanan@xxxxxxxxxxxx>]

The Inter-Registrar Transfer Policy increases the opportunity for
fraudulent or incorrect transfers and exposes registrars to significant
liability.  The policy should be modified to allow for better
verification of the transfer request.

One goal of the Inter-Registrar Transfer Policy was to improve the
uniformity of the transfer process in order to make transfers between
registrars easier and more consistent.  While Register.com acknowledges
the value of this goal in encouraging robust competition between
registrars, the policy prioritizes ease of transfer over security and
stability.  Given the importance of the Domain Name System for the
operation of the Internet, these priorities seem inappropriate.  While
it is important that registrants be able to transfer their domain name
to a new registrar with a reasonable amount of ease, it is imperative
that the security and stability of the DNS remain the paramount
consideration.

Unfortunately, the Inter-Registrar Transfer Policy places nearly all
responsibility for confirming the validity of a transfer request upon
the gaining registar, and leaves the registrar of record and the
registrant with only a minimal five day window to provide some proof of
fraud in order to deny the transfer.  In circumstances in which the
registrant is not available, this five day window is often insufficient
to provide the required level of proof.  As a result, fraudulent or
incorrect transfers may go through simply as a result of the
inaccessibility of the registrant.  This is simply not acceptable given
that the failure of a domain name may cause a complete failure of a
business or individual's web sites, e-mail, and other online services.
Such failures can have a sizeable economic impact, and may affect many
millions of Internet users. As we have recently seen in the transfer of
the panix.com domain name, fraudulent transfers not only have
significant short-term operational effects, but also reduce the
community's confidence in the DNS, the registry/registrar model, and
ICANN.

The Inter-Registrar Transfer Policy exposes losing registrars to an
unacceptable level of liability when names are fraudulently transferred.
Ultimately, the liability for a fraudulent transfer rests with the
losing registrar since it has allowed a transfer-away to be processed
while it is the current service provider for the registrant.  The
registrant will almost always look to the losing registrar in the event
an unauthorized or fraudulent transfer is completed.  Although it is not
fair to assume that gaining registrars routinely act in bad faith when
approving transfers, it is reasonable to recognize that the gaining
registrar has the least incentive of all the parties involved with a
transfer to ensure that it is correctly authorized.  This may result in
a transfer system that is easily gamed by attackers, or in domain names
that are inadvertently transferred without any authorization at all.  It
is not realistic to entrust the authentication of a transfer request
with the gaining registrar, particularly when the request comes through
reseller.

Register.com therefore strongly urges that transfers be validated by a
party other than the gaining registrar.  Possible mechanisms for
performing this validation include:

(1)     All gTLD registries rapidly adopt a mechanism to store
authentication tokens that can be used by the registrant to validate the
transfer.  The current EPP authinfo mechanism is an example of this
approach.
(2)     A third party validates the transfer request.  An approach
similar to this has been used by long distance telephone providers in
the United States to prevent fraudulent changes in consumers' long
distance services.
(3)     The registrar of record validates the transfer request, as was
possible prior to the adoption of the Inter-Registrar Transfer Policy.
If the transfer request cannot be validated, the transfer should be
automatically denied by the registry.  This approach would prevent
fraudulent or incorrect transfers from "slipping through the cracks" due
to the inaccessibility of the registrant or technical failures.  In
order to minimize disruption to legitimate transfer requests, it may be
appropriate to lengthen the 5 day window in which the registrar of
record can respond to the request and/or continue to make use of the new
standardized Form of Authorization.

These approaches provide significantly greater assurance that the
transfer has been correctly authorized and minimize the risk of
disruptions to the DNS due to fraudulent or incorrect transfers.

--
Jordyn A. Buchanan
Director of Policy
Register.com