When you register a domain, you enter a complex system governed by technical standards, contractual agreements, and policy frameworks. The Internet Corporation for Assigned Names and Numbers (ICANN) sets many of these rules, but most domain owners never read the policies that affect their rights and responsibilities.
Understanding your rights as a domain registrant isn't just academic, it affects practical situations like transferring domains between registrars, recovering accidentally deleted domains, maintaining accurate contact information, and protecting your domains from unauthorized transfers. Let's explore the key ICANN policies that every domain owner should understand, translated from policy-speak into practical guidance.
Your Fundamental Rights as a Registrant
ICANN's Registrant Rights and Responsibilities documentation establishes that as a domain owner, you have specific protections and entitlements. These aren't just guidelines, they're requirements that accredited registrars must follow.
Control your domain settings: You can configure DNS, set up email, modify nameservers, and manage technical aspects of your domain through your registrar's interface.
Transfer your domain: You can move your domain to a different registrar, subject to certain conditions and timelines. No registrar can hold your domain hostage, though they can require you to resolve outstanding issues first.
Accurate WHOIS information: You're entitled to accurate contact information in WHOIS records, your registrar can't falsify data or use placeholder information without proper authorization.
Privacy protection options: For many TLDs, you can use privacy or proxy services to shield personal information from public WHOIS databases.
Reasonable fees: Registrars must display pricing clearly. While they can set their own rates, they can't impose surprise fees or change renewal prices without notice for already-registered domains during the current term.
Due process for disputes: If someone challenges your domain ownership through UDRP or similar mechanisms, you have the right to respond and present your case.
Grace periods: Several grace periods protect you from permanent loss due to temporary payment issues or accidental deletions.
These rights exist regardless of which registrar you use. ICANN accreditation requires compliance with these standards.
Your Responsibilities: The Other Side
Rights come with responsibilities. ICANN policies establish clear obligations for domain registrants:
Provide accurate contact information: You must supply truthful, accurate, and current contact details (email, phone, mailing address) and update them within 7 days when they change.
Respond to verification requests: When your registrar sends ownership or contact verification emails, you must respond promptly. Ignoring these can result in domain suspension.
Comply with registration agreement: The registration agreement you accept when registering a domain has legal weight. Read it, at least once.
Use domains lawfully: You can't register domains for illegal purposes, infringe trademarks, or engage in abusive practices like phishing or malware distribution.
Maintain accurate WHOIS data: Even if using privacy protection, you must ensure the underlying registrant information remains accurate.
Pay renewal fees promptly: While grace periods provide some leeway, maintaining active registration is your responsibility.
Failing these responsibilities can result in domain suspension or loss. Most issues arise from outdated contact information or ignored verification emails.
The Registrar Accreditation Agreement (RAA)
The RAA is the contract between ICANN and accredited registrars. While you're not a direct party to this agreement, it establishes registrar obligations that directly affect you.
Key RAA provisions affecting domain owners:
Data escrow requirements: Registrars must regularly back up domain registration data and deposit it with third-party escrow services. If a registrar fails, your registration data isn't lost, it's preserved for transfer to another registrar.
Abuse contact and reporting: Registrars must maintain abuse contacts and investigate reports of domain abuse. This protects the ecosystem but also means your domains can be scrutinized if someone reports potential abuse.
Registrant verification: Registrars must implement processes to verify registrant contact information. This is why you receive verification emails and why failing to verify can suspend your domain.
Transfer policies: The RAA incorporates transfer policies (IRTP), ensuring consistent transfer procedures across registrars.
Financial stability requirements: ICANN requires registrars to maintain financial stability and insurance, reducing risk that registrar failure leaves you stranded.
Understanding that these requirements exist helps explain registrar behaviors that might otherwise seem arbitrary. When your registrar requests verification or has specific transfer procedures, they're often following RAA requirements.
Inter-Registrar Transfer Policy (IRTP)
The IRTP governs how domains move between registrars. This policy protects you from both fraudulent transfers and registrar lock-in.
Transfer eligibility requirements:
- It's been at the current registrar for at least 60 days (after initial registration or previous transfer)
- It's not within 60 days of a registrant contact change (see 60-Day Change of Registrant Lock below)
- It's not within 60 days of expiration
- It's not locked or subject to dispute resolution
- Contact information is current and accessible
- Unlock the domain: Disable registrar lock (also called transfer lock) through your current registrar's interface. This protection prevents unauthorized transfers but you can toggle it when initiating legitimate transfers.
- Obtain authorization code: Request the EPP code (also called auth code or authorization code) from your current registrar. They must provide it within 5 days if you're eligible to transfer.
- Initiate transfer at new registrar: Provide the authorization code to your new registrar and initiate the transfer process.
- Confirm transfer: The current registrar sends a transfer notification to the administrative contact. You may need to approve the transfer, or it may auto-approve after 5 days if not rejected.
- Transfer completes: The domain moves to the new registrar, typically adding one year to the registration (though this varies by TLD).
Registrars can only deny transfers for specific, legitimate reasons:
- Domain involved in dispute resolution (UDRP, court orders)
- Domain registration was fraudulent
- Registrar lock is enabled (you can disable it)
- Domain doesn't meet 60-day requirements
- Contact information is unverified
Registrars cannot deny transfers because:
- You have outstanding bills (they can lock the domain for non-payment, but that's a separate issue)
- They want to keep your business
- You're transferring to a competitor
If a registrar denies your transfer for invalid reasons, you can file a complaint with ICANN.
The 60-Day Change of Registrant Lock
An important ICANN policy that catches many domain owners by surprise is the 60-day transfer lock that automatically applies after certain registrant information changes.
What triggers the 60-day lock:
When you change the registrant contact information, specifically the registrant name, organization, or email address, ICANN policy requires registrars to lock the domain against transfers for 60 days. This lock exists to prevent domain hijacking through unauthorized contact changes followed by immediate transfers.
What changes trigger the lock:
- Changing the registrant name (from one person to another)
- Changing the registrant organization name
- Changing the registrant email address
What changes don't trigger the lock:
- Administrative contact changes
- Technical contact changes
- Address or phone number updates (as long as the registrant name/email stays the same)
The policy includes an important opt-out mechanism. When you make a registrant contact change, the registrar must notify you about the upcoming 60-day lock and give you the option to opt out if you initiated the change yourself and want to transfer soon.
If you opt out, you acknowledge the risks and accept that the domain can be transferred immediately. This is useful when you're changing registrant information as part of selling or transferring the domain to someone else.
Plan contact updates carefully: If you're planning to transfer a domain, update any needed registrant contact information either before starting the transfer process or wait until after the transfer completes. Don't make registrant changes right before you want to transfer.
Be aware during domain sales: When selling a domain, the buyer typically wants the registrant information updated to their details. This triggers the 60-day lock unless you opt out. Many domain sales involve changing the registrant info and transferring to the buyer's registrar simultaneously, which requires using the opt-out.
Verify before updating: Some registrars are more strict than others about what constitutes a "registrant change." Even minor formatting changes to the registrant name might trigger the lock at some registrars. Check with your registrar before making changes if you need transfer flexibility.
Security benefit: While sometimes inconvenient, this lock provides important security. If someone gains unauthorized access to your registrar account and changes the registrant information, the 60-day lock gives you time to notice and reverse the changes before they can transfer your domain away.
This policy was implemented in 2016 after several high-profile domain hijackings that exploited the combination of unauthorized contact changes and immediate transfers. Understanding this lock helps you plan domain management activities and avoid unexpected transfer delays.
EPP/Authorization Codes Explained
EPP codes (Extensible Provisioning Protocol codes) serve as passwords for domain transfers. Also called auth codes or authorization codes, these strings prove you control a domain when initiating a transfer.
Each domain has an associated authorization code stored by the registrar. When you request a transfer, you need this code. The new registrar provides the code to the registry, which verifies it matches the code on file before authorizing the transfer.
Requesting your EPP code:
Your registrar must provide your authorization code within 5 days of request. Many registrars provide instant access through their control panels. Some still require support tickets, but lengthy delays violate ICANN policy.
Treat authorization codes like passwords. Anyone with your EPP code can potentially transfer your domain (subject to other protections like registrar lock and transfer confirmation emails). Don't share codes publicly or store them insecurely.
Some registrars rotate EPP codes periodically or generate new codes for each transfer request. This enhances security by limiting code validity periods.
Registrar Lock vs Registry Lock
Two types of transfer locks protect domains, offering different security levels.
This standard protection prevents unauthorized transfers by requiring you to explicitly unlock the domain before transfers can initiate. It's free, easy to toggle, and should be enabled for most domains most of the time.
Registrar lock doesn't prevent all changes, you can still modify DNS records, nameservers, and most domain settings. It specifically blocks transfers and, at some registrars, prevents certain registrant information changes.
Enable registrar lock for all domains except when actively transferring them. Unlock temporarily during transfers, then re-lock at the new registrar.
This is a higher-security option offered at the registry level (the organization managing the TLD). Registry lock prevents nearly all changes to domain configuration:
- Cannot change nameservers
- Cannot modify registrant information
Registry lock requires manual intervention by registry staff to unlock. This makes it highly secure but less convenient for domains needing frequent updates.
Registry lock typically costs extra (often $5-20/month) and is worth considering for high-value domains where maximum security outweighs operational convenience.
To modify a registry-locked domain, you must contact your registrar, who contacts the registry to unlock it. This multi-step process takes time (often 24-48 hours) but prevents hijacking attempts.
WHOIS Accuracy and Verification
WHOIS databases contain registrant contact information. ICANN requires this information to be accurate and current.
What information is required:
- Registrant name (individual or organization)
- Administrative contact (often same as registrant)
- Technical contact (often same as registrant)
Inaccurate WHOIS data violates registration agreements and can result in:
- Transfer complications (confirmation emails go to listed address)
- Lost domains if renewal notices go to wrong email
- Vulnerability to UDRP challenges (inaccurate WHOIS can be evidence of bad faith)
Privacy protection vs accuracy:
Privacy/proxy services shield personal information from public view but don't eliminate the accuracy requirement. The registrar or privacy service must have accurate underlying information even if public WHOIS shows proxy details.
Verification requirements:
ICANN requires registrars to verify registrant email addresses within 15 days of registration or WHOIS changes. This is why you receive "verify your email address" messages. Failing to verify can result in domain suspension after 15 days.
Respond to verification emails promptly. They're not spam or optional, they're regulatory requirements with real consequences for non-compliance.
RDAP: The Modern WHOIS Alternative
Registration Data Access Protocol (RDAP) is gradually replacing WHOIS as the standard protocol for accessing domain registration information.
How RDAP differs from WHOIS:
- Structured data format (JSON) instead of plain text
- Internationalization support for non-ASCII characters
- Authentication and access control capabilities
- More detailed policy information
- Standardized across registries and registrars
What this means for domain owners:
Not much changes day-to-day. RDAP is primarily a technical improvement affecting how registration data is accessed programmatically. The information displayed remains similar, and accuracy requirements stay the same.
The main benefit is better privacy controls. RDAP supports granular access policies, allowing registries and registrars to implement more sophisticated privacy protections while still meeting legitimate access needs.
Dispute Resolution: UDRP and URS
Sometimes others challenge your domain ownership, claiming it infringes their rights. ICANN provides dispute resolution mechanisms that are faster and cheaper than court proceedings.
UDRP (Uniform Domain Name Dispute Resolution Policy):
This process handles trademark infringement disputes. A complainant must prove:
- Your domain is identical or confusingly similar to their trademark
- You have no legitimate rights or interests in the domain
- You registered and used the domain in bad faith
If they prove all three elements, a panel can order the domain transferred to them or cancelled.
If facing a UDRP complaint, you have 20 days to respond. Common defenses:
- You registered the domain before their trademark existed
- You're using the domain for legitimate purposes
- The domain corresponds to your name or business
- You didn't know about their trademark (and have legitimate use)
UDRP costs typically $1,500-5,000 for single-panelist proceedings, paid by the complainant. If you lose, you don't pay the proceedings cost, but you lose the domain.
URS (Uniform Rapid Suspension):
A faster, cheaper alternative to UDRP for clear-cut cases. URS can suspend domains (not transfer them) when infringement is obvious.
URS costs less (typically $300-500) and resolves faster (usually within 3 weeks). However, it only applies to new gTLDs and has higher proof standards than UDRP.
- Maintain accurate WHOIS information (inaccuracy suggests bad faith)
- Use domains for legitimate purposes
- Document your legitimate interests in domain names
- Avoid registering domains that obviously infringe famous trademarks
- Consider trademark clearance before registering commercial domains
Data Escrow: Your Registration Backup
ICANN requires registrars to deposit registration data with independent escrow services weekly. This protects registrants if registrars fail.
- Domain names under management
- Registrant and contact information
- Registration dates and expiration dates
If your registrar ceases operations, goes bankrupt, or loses ICANN accreditation, your domain registrations aren't lost. ICANN can retrieve escrowed data and facilitate bulk transfer to a stable registrar.
This happened when several registrars failed over the years. Escrow data enabled orderly transitions, preventing domain loss for millions of registrations.
You don't interact with escrow directly, but knowing it exists provides assurance that registrar failure won't mean permanent domain loss.
Understanding TLD-Specific Policies
While ICANN sets baseline policies, individual TLD registries can add requirements:
ccTLDs (country-code TLDs): Domains like .uk, .de, and .jp often have additional rules:
- Local presence requirements
- Additional verification steps
- Different dispute resolution procedures
- Varied privacy protection availability
New gTLDs: Domains in newer extensions (.shop, .tech, etc.) may have:
- Specific use restrictions
- Enhanced security requirements
- Different pricing structures
- Registry-specific policies
When registering domains in different TLDs, review TLD-specific policies in addition to ICANN baseline requirements. Your registrar should provide access to relevant policies.
Transfer Best Practices
Applying ICANN transfer policies effectively:
Before initiating transfers:
- Verify contact information is current (especially email)
- Ensure domain isn't within 60 days of expiration
- Check that domain is at least 60 days past last transfer
- Confirm you have access to administrative contact email
- Obtain authorization code
- Respond promptly to confirmation emails
- Don't re-lock domain at old registrar during transfer
- Monitor transfer status through both registrars
- Keep authorization code secure
- Verify DNS settings migrated correctly
- Update contact information if needed
- Configure new registrar's services (privacy, auto-renew, etc.)
Transfers typically complete within 5-7 days if everything goes smoothly. Issues usually stem from locked domains, incorrect contact information, or ignored confirmation emails.
Protecting Your Domains
Practical steps to protect domains using ICANN-provided mechanisms:
Enable registrar lock: Keep this enabled except during transfers. It's free and effective against most unauthorized transfer attempts.
Maintain accurate contact information: Outdated email means you won't receive critical notifications about verification, transfers, or security issues.
Use strong registrar account passwords: Your registrar account controls domain settings. Use unique, strong passwords and enable two-factor authentication where available.
Monitor domains regularly: Periodic checks ensure nameservers haven't changed, locks remain enabled, and expiration dates are correct.
Consider registry lock for high-value domains: The extra security is worth the cost for domains critical to your business or personal brand.
Keep documentation: Save confirmation emails, authorization codes, and registration details. This information helps resolve issues if they arise.
Set up auto-renewal carefully: Auto-renewal prevents accidental expiration but ensure payment information stays current and you still want all auto-renewing domains.
What to Do When Things Go Wrong
Despite protections, issues occasionally occur:
If your domain transfers without authorization:
- Contact your registrar immediately
- Provide evidence of unauthorized transfer
- File ICANN complaint if registrar doesn't resolve quickly
- Document timeline and communications
IRTP provides mechanisms to reverse unauthorized transfers, but acting quickly improves recovery chances.
If your domain is suspended:
- Check email for verification requests or violation notices
- Contact registrar to understand suspension reason
- Resolve underlying issue (verify email, update information, etc.)
Most suspensions result from unverified contact information and resolve quickly once verification completes.
If a transfer stalls or fails:
- Check transfer status at both registrars
- Verify authorization code accuracy
- Ensure domain isn't locked
- Confirm contact email accessibility
- Contact registrars' transfer support
Transfers rarely truly "fail", they usually stall due to administrative issues that can be resolved.
If you delete a domain accidentally:
- Act immediately, you may still be in Add Grace Period (5 days)
- If past AGP, domain enters Redemption Grace Period (30 days)
- Contact registrar to initiate restoration (expect $100-200 fee)
- Don't wait, after 30 days, restoration becomes impossible
Filing ICANN Complaints
When registrars violate policies, ICANN provides complaint mechanisms:
- Registrar denies valid transfer
- Registrar refuses to provide authorization code
- Registrar imposes unauthorized fees
- Registrar doesn't respond to legitimate requests
- Registrar fails escrow requirements
- Attempt resolution with registrar first (document this)
- Visit ICANN's complaint page
- Provide detailed information about policy violation
- Include supporting documentation
- Follow up on complaint status
ICANN investigates complaints and can take action against registrars, including requiring corrective measures or, in severe cases, revoking accreditation.
Most complaints resolve at the registrar level once ICANN involvement is mentioned, but don't hesitate to file if registrars violate clear policies.
Staying Informed
ICANN policies evolve. Staying informed helps you understand your rights:
- ICANN's Registrant Rights & Responsibilities page
- Your registrar's policy documentation
- ICANN announcements about policy changes
- Domain industry news sources
Key policy changes to watch:
- Changes to transfer policies
- New verification requirements
- Privacy protection regulations
- Dispute resolution updates
Most changes don't affect day-to-day domain management, but awareness prevents surprises.
Practical Takeaways
Key points every domain owner should remember:
- You have transfer rights: No registrar can permanently hold your domain. Learn and use transfer procedures when needed.
- Accurate contact information is mandatory: Keep your email and contact details current. This prevents most common domain problems.
- Grace periods protect you: Understand the safety nets available, especially the 30-day Redemption Grace Period for deleted domains.
- Locks are your friend: Enable registrar lock and consider registry lock for valuable domains.
- Respond to verification emails: These aren't optional, ignoring them can suspend your domains.
- Documentation matters: Save authorization codes, confirmation emails, and important registration details.
- ICANN protects registrants: Understanding your rights empowers you to demand compliant treatment from registrars.
Conclusion
ICANN policies exist to protect domain registrants while maintaining the stability of the domain name system. These aren't arcane regulations meant to confuse, they're practical protections for your domain registration investments. The most common domain problems, failed transfers, suspended registrations, lost domains, usually result from not understanding or not following ICANN policies. Taking time to understand your rights and responsibilities prevents most issues and provides clear paths to resolution when problems do occur.
You don't need to become a domain policy expert, but knowing the basics, transfer rights, grace periods, accuracy requirements, and protection mechanisms, empowers you to manage domains confidently and protect them effectively. These policies work when registrants understand and exercise their rights.
.png&w=2048&q=75)
.png&w=3840&q=75)