Colleagues - Another topic discussed during last week's call, and during our ad-hoc "subteam" on Friday, was the matter of private registrations and Inter-Registrar Transfers. While this subject is certainly less interesting to many when compared against developing rules for abuse, disclosure, etc., I am confident that rules & standards set for Transfers will be much more important on a day-to-day basis for Registrants. And while there are tons of implementation details to work out, here are some high-level ideals that can help us move forward in our work. Currently, most P/P Services will automatically reject a transfer request. This is the simplest approach, as it ensures that domains managed by P/P services "stay home" with their affiliated Registrar. Also, this method has the added benefit of providing an additional layer of security against domain name theft/hijacking. As some have noted, this also ties a domain name to a specific Registrar. If the only way for a Registrant to take their domain business elsewhere means that they must give up their privacy service (& publish their personal information in WHOIS). For some Registrants, this would be an unacceptable option. Also, Registrars are concerned that the required Form of Authorization (FOA) for a domain transfer would be invalid if it this was presented to a P/P Service rather than the Registrant (or Admin Contact). I think we can structure our work to allow & encourage (but not necessarily require) Registrars and P/P Services to work together to facilitate "private transfers." But some common principles would need to be noted in our Final Report. For example: 1. Registrars are still free to reject incoming transfers from any entity, including Accredited P/P Services. This is the status quo, and an important concept in our industry. Otherwise, bad actors (spammers, etc.) would be able to sneak back in to prohibited registrars using P/P Services. 2. Registrars can cooperate (operationally & commercially) to allow incoming transfers from P/P Services affiliated with other Registrars, or P/P Services that are independent. This would include some audit-able means to ensure that the transfer was properly authorized by the P/P Service on behalf of its customer. 3. As a pre-condition for a "private transfer," Registrars are allowed to require Registrants to either switch to their own P/P Service (if available), or to cancel the P/P Service associated with their previous Registrar. Some fixed window (30 days?) should be available for Registrants to make this choice. I have no illusions that there are tons of gaps/missing details here, but these are just a few ideas to get us on the path towards addressing this issue. I'm hoping that other Registrars on the group will chime in, especially those who spot technical/operational challenges with this approach. And, for comparison of scale, please keep in mind that while we may encounter a handful of abusive/infringing domains each week, the same time period could see tens of thousands of inter-registrar transfers. So it is important that we on the PPSAI not leave this issue as a loose thread. Thank you, J. ____________ James Bladel GoDaddy