All digital.forest customers are strongly urged to read this document, and the pages to which it links, thoroughly and carefully.

A recent change to the domain transfer rules greatly affects the security of your domain name. The Internet Corporation for Assigned Names and Numbers (ICANN) has developed a new transfer policy with the intent of making it simpler and easier to transfer domains between registrars. Unfortunately, in the opinion of many, the changes will also make it easier for people to hijack domains that do not belong to them.

Many of you may be familiar with the sometimes frustrating older process: to transfer a domain, a transfer request was submitted, and a request for approval was then sent to the domain's contact addresses. If one of the contacts submitted an approval, and none of the others declined the transfer, the transfer would then be considered approved and could proceed. If none of the contacts replied within five days, the transfer request was dropped. One result of this process was that if a domain owner moved and changed his or her email address, it could be a very difficult and confusing process to sort out the contact information and get a transfer approved.

The key change in the new transfer policy is that a failure to reply after five days is now considered tacit approval: rather than the transfer request being dropped, the domain will now be transferred. In a perfect world, this wouldn't be a problem; the registrar that is requesting the transfer is still obligated to obtain explicit consent from the domain owner before submitting the transfer request to the original registrar. Unfortunately, this world is not perfect; an unscrupulous registrar could claim it has received approval when it hasn't, or a clever domain hijacker could successfully deceive the requesting registrar. Invalid transfer requests could be made, and under the new rules, they would be approved if the domain owner failed to respond.

You may have a great deal of time, money, and identity invested in your domains. There are two important things you should do to protect them:

First, log into your domain management page at your registrar and make sure your contact information is up-to-date. If you move or change email addresses, be sure to update your domain records to reflect the change. You can't respond to transfer requests if you don't receive them!

Second, all registrars should now permit you to lock your domains. This prevents anyone (including you) from transferring your domains until you explicitly remove the lock. Each registrar will have its own method to allow you to lock your domains, so again, log into your domain management page and make sure you turn domain locking on.

Please follow these links for further reading on this subject:

The announcement:
http://www.icann.org/announcements/announcement-12nov04.htm

The policy:
http://www.icann.org/transfers/policy-12jul04.htm

Commentary:
http://news.netcraft.com/archives/2004/11/09/domain_transfers_and_hijackings_to_become_easier.html

digital.forest strongly encourages you to take these steps immediately to make sure your domain is secure. Thank you!