http://www.icann.org/correspondence/cochetti-to-lynn-16jul01.htm
July 16, 2001
Mr. Stuart Lynn
President and Chief Executive Officer
Internet Corporation for Assigned Names and Numbers
4676 Admiralty Way, Suite 330
Marina del Rey, CA
Dear Stuart;
Over the past several months, the registrar community has been experiencing
a significant growth in unauthorized transfers of domain name registrations
from one registrar to another. It is improper for a registrar to transfer a
registration without the express authorization of the customer involved. The
growth in such improper transfers jeopardizes the trust that the domain name
industry needs to be successful, and we need to work together to bring such
improper transfers to an end. In addition to being required by the letter
and spirit of ICANN registrar contracts, obtaining from a domain owner
express authorization to transfer before completing that transfer is a
simple safeguard that no reputable company could hold as unreasonable.
Doug Wolford, the head of our registrar business, reports that the VeriSign
Registrar has experienced a major problem in unauthorized transfers out from
the VeriSign Registrar, and that they have received a growing number of
customer complaints about improper transfers. While problems such as this
have existed in various areas of domain name registration since the advent
of competition in 1999, they have recently accelerated in frequency and
become aggravated in severity. Since the VeriSign Registrar is a leading
registrar, we believe its customers have been subjected to an especially
large volume of improper transfers, although we believe the problem has now
become widespread among the customers of nearly all ICANN-accredited
registrars.
As a consequence, we believe that it is now time for the ICANN community to
address this problem and define the procedures under which registrants can
transfer their registrations from one registrar to another, and be assured
that their rights are protected. These new procedures should make the
interests of customers paramount, and ensure that the customer's choice of a
registrar is respected and protected. They should also require the use of
technology tools that permit the most efficient approaches to verifying
customers' intentions. VeriSign is prepared to work with you to develop such
new procedures, since they are so important to the future of our industry,
but it is plainly ICANN's role as a standards-setting body to lead the
effort.
We have not concluded, however, that new, ICANN-based, transfer procedures
are necessary either swiftly or without careful investigation. In an effort
to understand general issues related to customer satisfaction and retention,
last year the VeriSign Registrar commissioned a market research firm to
conduct a series of wide-ranging surveys of the attitudes of former VeriSign
Registrar customers ( i.e. Registrants who had been reported to us by other
registrars to have wanted to transfer to other registrars.) As you may know,
until recently, the VeriSign Registrar freely transferred each registration
to other registrars based purely on the un-verified claim by the gaining
registrar that the customer wanted such a transfer.
These initial surveys, conducted in the Fall and Winter of 2000-2001,
produced strong statistical evidence that as many as one of three of the
customers who were reported to have authorized a transfer from the VeriSign
Registrar to another registrar were actually customers who had not made any
such authorization. While some de minimis level of customer confusion is to
be expected, we were astonished at the extent of the difference between what
many registrars asserted customers had expressly authorized, and what the
customers actually disclosed to us themselves.
To better understand this problem, over the past few months, we retained a
professional market research firm to conduct more detailed, independent
surveys of representative samples of customers who had recently been
transferred out of the VeriSign Registrar (based on claims by non-VeriSign
registrars that the customers involved wanted to leave and had expressly
authorized a transfer from the VeriSign Registrar.) The research firm
contacted a statistically representative sample of over 800 former VeriSign
Registrar customers during May and June of this year. They found that over
24% did not ever request to be transferred out of the VeriSign Registrar and
nearly one third indicated they did not even know that they had been
transferred out from the VeriSign Registrar ( based on combined responses of
those who did not request transfers, as well as those who were unaware that
their accounts had indeed been transferred.) This failure to obtain express
authorization may have resulted from what is known in the telecommunications
industry as "slamming"-transferring customers to their registrar without any
notification whatsoever.
Improper transfers at this scale have a significant adverse impact in the
marketplace, since most customers register with the VeriSign Registrar
because of its uniquely strong commitment to customer service and the notion
of trust on the Internet. The data suggest that an enormous number of
VeriSign Registrar customers found themselves without the customer
service-let alone the trust and security-for which they had signed up,
without knowing how or why.
Based on this data, and emulating well established practices already
employed by several competing registrars, the VeriSign Registrar began
invoking its right under Exhibit B appended to section 2.9 of the
Registry-Registrar Agreement to receive confirming evidence of the
registrant's intent and authorization to transfer from the gaining
registrar. Specifically, the VeriSign Registrar instituted an automated
confirmation system that sends e-mail requests to the Administrative Contact
to confirm the requested transfer, based on data contained in the WhoIS
database. This practice was and is being done to protect our customers from
unauthorized transfers. As a result of it, and similar practices of other re
gistrars who seek to protect their customers, a controversy has arisen among
registrars over how much care should be taken in verifying a customer's
decision to transfer from one registrar to another.
More recently, to further understand and document the problem, the VeriSign
Registrar contacted the five largest gaining registrars as disclosed by the
above-noted surveys, requesting individual verification (as provided under
the Registry-Registrar Agreement) of a sample population of 140 transfers
from the past twelve months. In response to this specific verification
request, two registrars responded well after a month of our request; two
provided a one-page list of IP addresses which they claimed was evidence of
each registrant's prior intent and express authorization to transfer; one
provided copies of several e-mails described as having come from more than
20 different customers-all using exactly the same wording and type font; and
another provided identical e-mails, all dated after the VeriSign Registrar's
request, and claimed that they showed prior customer intent to transfer.
Since each of the 140 registrants in question had already been individually
contacted at least twice and had verified by phone that they had not
requested a transfer, it is not surprising that some registrars would ignore
the request for verification or that others would provide peculiar
responses. But it is further evidence of the seriousness of the problem of
improper transfers.
Unfortunately, until ICANN has developed standard procedures that more fully
protect customers from improper transfers, the VeriSign Registrar and all
other registrars, have no choice but to protect their customers' rights
within the existing legal framework. Accordingly, until ICANN has developed
new mandatory customer safeguards from improper transfers, the VeriSign
Registrar will operate under a new set of interim transfer practices that
are fully compliant with its legal obligations, but which give our customers
the protection that they need. This new transfer practice is "interim",
because it will end as soon as an adequate set of ICANN-developed, customer
safeguards are put in place.
Under the new interim practices, the VeriSign Registrar will enter into new
Registrar-to-Registrar Transfer Agreements with other ICANN-accredited
registrars who mutually maintain an autoACK posture on transfers. Any
gaining registrar participating in these mutual agreements who do not wish
to have their proposed transfers autoACK'd by the losing registrar must
agree that it will provide, within five days of a request from a losing
registrar, a notarized statement from the registrant involved corroborating
the registrant's desire to transfer (failure to do so voids the transfer.)
If the registrant is in a location where there are no notary public services
available, as is the case in some locations outside of the United States,
then the gaining and the losing registrars can agree on an alternative,
equivalent form of verification for the transferring registrant. Registrars
who do not wish to participate in this interim, mutual arrangement to
protect customers, will continue fall under the VeriSign Registrar's current
practices.
In addition to being eager to work with you and others on new customer
safeguards in this area, we are also committed to continue investing in new
techniques that could someday minimize or avoid altogether the problem of
improper transfers. Among the new approaches that we are exploring are
automated identity systems, involving the use of multiple passwords on
initial customer registration.
Doug and I recognize that a genuinely effective, long term solution to the
problem of improper transfers is essential to the health and growth of the
domain name system and to the Internet itself. We are committed to work with
you, our colleagues in the registration industry, and your colleagues in
ICANN to bring about such effective solutions.
Sincerely,
Roger Cochetti
Senior Vice President, Policy
VeriSign, Inc.
CC: Louis Touton
-----
Jim Fleming
Why gamble with a .BIZ Lottery? Start a real .BIZ Today !
http://www.DOT-BIZ.com
http://www.BIZ.Registry
0:212 - BIZ World
----- Original Message -----
From: "Scott Allan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 19, 2001 2:21 PM
Subject: Read
> this:
>
> http://www.newsbytes.com/news/01/168146.html
>
> sA
> Scott Allan
> Director OpenSRS
> [EMAIL PROTECTED]
>
