eNom, the world’s second biggest registrar, is adding security codes for transfers of .net and .com domains.
If you have ever transferred a .biz, .info, or .org domain you are familiar with security codes (alternatively called domain secrets, authorization codes…). This adds an added layer of protection when domains are transferred from your account.
Typical transfer authorization only requires someone to have access to the email address of the registrant. Once a transfer is initiated, an e-mail is sent to the e-mail address of record. This gives you the chance to deny a fraudulant transfer within 5 days.
Many people have registered domains using free e-mail addresses, such as Yahoo and Hotmail, and sometimes these email accounts are closed. A domain thief can register that e-mail address and easily steal a domain by requesting a transfer. This is likely what happened in the case of LBF.com and LBF.net (see Hot Domains (Hot as in Stolen)).
You can protect your domains by adding “domain locking”, which requires you to access your account to transfer a domain. But security codes add an additional layer of protection. When you transfer a domain, the new registrar requires a security code that you only have access to if you have access to the existing account at the losing registrar.
Although typical on some domains extensions, few registrars require this for .net and .com domains. This is changing.
Overall I’m a fan of security codes, but prefer them to be the same for all domains held within a single account at a registrar. If there’s a separate code for each domain you can spend hours cutting and pasting these codes. Some registrars, including GoDaddy, don’t provide easy access to these codes — they only send them to you via e-mail.
eNom will require security codes on .com and .net domains starting October 28.
Frank Michlick (DomainEditorial.com) says
This all is part of the ICANN mandated migration of the COM & NET registry to the EPP protocol and will affect all registrars. The registry requires all registrars to have switched to the new protocol by the end of the month:
http://www.domaineditorial.com/archives/2006/09/08/com-and-net-go-epp/