Theo Most ccTLDs are thick registries. So the registry has the data The biggest gTLD is .com so the registry doesn’t (and hopefully never will). Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: CPWG <cpwg-bounces@icann.org> on behalf of Theo Geurts via CPWG <cpwg@icann.org> Date: Thursday, 18 November 2021 at 12:21 To: Bill Jouris via CPWG <cpwg@icann.org> Subject: Re: [CPWG] Transfer Policy Review Team: Question about the 60-days lock [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. John, Can you explain the relationship between domain locks for 60 days and attacks using stolen payment details? A lot of the EU ccTLD registries and other ccTLDs do not have such a 60-day lock and I never saw any issues in relation to stolen payment details. And to be clear, we process a lot of incoming and outgoing ccTLD transfers. In addition, to drastically reduce domain theft, you have to have a big issue of domain theft first. The current amount of unauthorized transfers complaints is very low as provided by compliance. I suspect domain theft (which is a different bucket) is even lower, though we do not have real statistics. With the exception of IRTP-D, from what I recall dispute providers had a total of 2 cases since 2016. I do not mind the 60 day lock in the sense that it bothers me. However, as a registrar, I would not mind the option to be able to remove the lock in certain scenarios. Thanks, Theo On Wed, Nov 17, 2021, at 9:25 PM, John McCormac via CPWG wrote: On 09/11/2021 17:44, Steinar Grøtterød via CPWG wrote:
Dear all,
At the TPR WG Meeting on Nov 9, 2021, the 60-days locks were discussed. The present policy – and the majority of Registry Operators, have a 60-days transfer lock after the initial registration of a domain name AND a 60-days lock after a successful inter-registrar transfer.
Based on the discussion in the TPR WG, I would like to hear the CPWG opinion by asking the following:
Following up on today's meeting:
1. Are we in favor of keeping the 60-days lock after the initial registration of a domain name?
Yes. This is still important to deal with issues of reversed creditcard charges and non-payment. While payments systems have improved, this 60 day lock is still a defence against an orchestrated attack using stolen payment details.
2. Are we in favor of keeping the 60-days lock after a successful transfer of a domain name?
Yes. This is one way of drastically reducing the chances of success for domain name theft. Domain name thieves generally use multiple registrars to make it difficult for the registrant to recover their stolen domain name.
3. Could the above be optional?
No. And ICANN Compliance should proactively enforce it.
4. Should the Registrant has the option to opt-out?
No. Do the people who came up with the proposal of making it opt-out for registrants actually understand the issue of domain name theft/hijacking and how the thieves transfer a stolen domain name from registrar to registrar to make it difficult for registrants to recover their domain name? On a related issue that came up in the call, Domain Tasting is very different from registrars simply offering time limited promotions. Domain Tasting involved registrars simply being set up for the purposes of tasting and deleting millions of domain names in the five day Add Grace Period. This exploitation of the AGP spread to retail registrars. Over approximately five years, over 1 billion (1,000,000,000) .COM domain names were tasted. The ICANN registry reports were flawed and incomplete at the time and remained so until 2014. Those of us who were tracking the issue at a domain name level measured it in worn out harddrives. It was only when legal action was taken against a few key registrars and Google announced that it would not monetise registrations within their five day AGP period that Domain Tasting took a near fatal hit. ICANN was stuck in a procastination loop while Domain Tasting was happening but it was convinced to eventually do the right thing by adding a "restocking" fee for new registations deleted within the AGP. When that was implemented, large-scale Domain Tasting stopped. Domain Tasting has nothing to do with the 60 day locks. Regards...jmcc -- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com<mailto:jmcc@hosterstats.com> MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com ********************************************************** -- This email has been checked for viruses by AVG. https://www.avg.com _______________________________________________ CPWG mailing list CPWG@icann.org<mailto:CPWG@icann.org> https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.