July 16, 2001
Mr. Stuart Lynn
Over the past several months, the registrar community has been experiencing a significant growth in unauthorized transfers of domain name registrations from one registrar to another. It is improper for a registrar to transfer a registration without the express authorization of the customer involved. The growth in such improper transfers jeopardizes the trust that the domain name industry needs to be successful, and we need to work together to bring such improper transfers to an end. In addition to being required by the letter and spirit of ICANN registrar contracts, obtaining from a domain owner express authorization to transfer before completing that transfer is a simple safeguard that no reputable company could hold as unreasonable.
Doug Wolford, the head of our registrar business, reports that the VeriSign Registrar has experienced a major problem in unauthorized transfers out from the VeriSign Registrar, and that they have received a growing number of customer complaints about improper transfers. While problems such as this have existed in various areas of domain name registration since the advent of competition in 1999, they have recently accelerated in frequency and become aggravated in severity. Since the VeriSign Registrar is a leading registrar, we believe its customers have been subjected to an especially large volume of improper transfers, although we believe the problem has now become widespread among the customers of nearly all ICANN-accredited registrars.
As a consequence, we believe that it is now time for the ICANN community to address this problem and define the procedures under which registrants can transfer their registrations from one registrar to another, and be assured that their rights are protected. These new procedures should make the interests of customers paramount, and ensure that the customer's choice of a registrar is respected and protected. They should also require the use of technology tools that permit the most efficient approaches to verifying customers' intentions. VeriSign is prepared to work with you to develop such new procedures, since they are so important to the future of our industry, but it is plainly ICANN's role as a standards-setting body to lead the effort.
We have not concluded, however, that new, ICANN-based, transfer procedures are necessary either swiftly or without careful investigation. In an effort to understand general issues related to customer satisfaction and retention, last year the VeriSign Registrar commissioned a market research firm to conduct a series of wide-ranging surveys of the attitudes of former VeriSign Registrar customers ( i.e. Registrants who had been reported to us by other registrars to have wanted to transfer to other registrars.) As you may know, until recently, the VeriSign Registrar freely transferred each registration to other registrars based purely on the un-verified claim by the gaining registrar that the customer wanted such a transfer.
These initial surveys, conducted in the Fall and Winter of 2000-2001, produced strong statistical evidence that as many as one of three of the customers who were reported to have authorized a transfer from the VeriSign Registrar to another registrar were actually customers who had not made any such authorization. While some de minimis level of customer confusion is to be expected, we were astonished at the extent of the difference between what many registrars asserted customers had expressly authorized, and what the customers actually disclosed to us themselves.
To better understand this problem, over the past few months, we retained a professional market research firm to conduct more detailed, independent surveys of representative samples of customers who had recently been transferred out of the VeriSign Registrar (based on claims by non-VeriSign registrars that the customers involved wanted to leave and had expressly authorized a transfer from the VeriSign Registrar.) The research firm contacted a statistically representative sample of over 800 former VeriSign Registrar customers during May and June of this year. They found that over 24% did not ever request to be transferred out of the VeriSign Registrar and nearly one third indicated they did not even know that they had been transferred out from the VeriSign Registrar ( based on combined responses of those who did not request transfers, as well as those who were unaware that their accounts had indeed been transferred.) This failure to obtain express authorization may have resulted from what is known in the telecommunications industry as "slamming"-transferring customers to their registrar without any notification whatsoever.
Improper transfers at this scale have a significant adverse impact in the marketplace, since most customers register with the VeriSign Registrar because of its uniquely strong commitment to customer service and the notion of trust on the Internet. The data suggest that an enormous number of VeriSign Registrar customers found themselves without the customer service-let alone the trust and security-for which they had signed up, without knowing how or why.
Based on this data, and emulating well established practices already employed by several competing registrars, the VeriSign Registrar began invoking its right under Exhibit B appended to section 2.9 of the Registry-Registrar Agreement to receive confirming evidence of the registrant's intent and authorization to transfer from the gaining registrar. Specifically, the VeriSign Registrar instituted an automated confirmation system that sends e-mail requests to the Administrative Contact to confirm the requested transfer, based on data contained in the WhoIS database. This practice was and is being done to protect our customers from unauthorized transfers. As a result of it, and similar practices of other registrars who seek to protect their customers, a controversy has arisen among registrars over how much care should be taken in verifying a customer's decision to transfer from one registrar to another.
More recently, to further understand and document the problem, the VeriSign Registrar contacted the five largest gaining registrars as disclosed by the above-noted surveys, requesting individual verification (as provided under the Registry-Registrar Agreement) of a sample population of 140 transfers from the past twelve months. In response to this specific verification request, two registrars responded well after a month of our request; two provided a one-page list of IP addresses which they claimed was evidence of each registrant's prior intent and express authorization to transfer; one provided copies of several e-mails described as having come from more than 20 different customers-all using exactly the same wording and type font; and another provided identical e-mails, all dated after the VeriSign Registrar's request, and claimed that they showed prior customer intent to transfer. Since each of the 140 registrants in question had already been individually contacted at least twice and had verified by phone that they had not requested a transfer, it is not surprising that some registrars would ignore the request for verification or that others would provide peculiar responses. But it is further evidence of the seriousness of the problem of improper transfers.
Unfortunately, until ICANN
has developed standard procedures that more fully protect customers
from improper transfers, the VeriSign Registrar and all other registrars,
have no choice but to protect their customers' rights within the existing
legal framework. Accordingly, until ICANN has developed new mandatory
customer safeguards from improper transfers, the VeriSign Registrar
will operate under a new set of interim transfer practices that are
fully compliant with its legal obligations, but which give our customers
the protection that they need. This new transfer practice is "interim",
because it will end as soon as an adequate set of ICANN-developed, customer
Under the new interim practices, the VeriSign Registrar will enter into new Registrar-to-Registrar Transfer Agreements with other ICANN-accredited registrars who mutually maintain an autoACK posture on transfers. Any gaining registrar participating in these mutual agreements who do not wish to have their proposed transfers autoACK'd by the losing registrar must agree that it will provide, within five days of a request from a losing registrar, a notarized statement from the registrant involved corroborating the registrant's desire to transfer (failure to do so voids the transfer.) If the registrant is in a location where there are no notary public services available, as is the case in some locations outside of the United States, then the gaining and the losing registrars can agree on an alternative, equivalent form of verification for the transferring registrant. Registrars who do not wish to participate in this interim, mutual arrangement to protect customers, will continue fall under the VeriSign Registrar's current practices.
In addition to being eager to work with you and others on new customer safeguards in this area, we are also committed to continue investing in new techniques that could someday minimize or avoid altogether the problem of improper transfers. Among the new approaches that we are exploring are automated identity systems, involving the use of multiple passwords on initial customer registration.
Doug and I recognize that a genuinely effective, long term solution to the problem of improper transfers is essential to the health and growth of the domain name system and to the Internet itself. We are committed to work with you, our colleagues in the registration industry, and your colleagues in ICANN to bring about such effective solutions.
CC: Louis Touton
Comments concerning the layout, construction and functionality of this site
should be sent to firstname.lastname@example.org.
(c) 2001 The Internet Corporation for Assigned Names and Numbers. All rights reserved.