I just became aware of an SOP at Network solutions. On a contact change to a domain, they automatically transfer lock the domain for 60 days.
I am aware of ICANN-approved behaviors like 60 days lock on new or transfered registrations.
This is a new curve ball and seems a little out-of-the-spirit of ICANN regulations (last I saw them).
Is anyone aware of this as a kosher activity and is anyone aware of any other registrars doing it? Keep in mind, these are legitimate contact changes and not suspicious in anyway.
AFAIK the domain contact has nothing to do with the ICANN registration.
The contact details are an attribute that is between yourself and the
registrar.
Reminds me of an old phrase, "friends don't let friends register with
network solutions"?
Best just complain at "them" until they change the lock, it's not a
lock at ICANN its a registrar lock, from what I can tell from the
description.
This saved my keyster when someone hacked one of my domains earlier
this year (my fault; sloppy password). Because Netsol still held the
domain, I was able to get things resolved and get the domain back
under my control in about 36 hours. I can only imagine the nightmare
if the hacker had been able to transfer it out to another registry.
It'd be nice if Netsol could to better than 36 hours to restore a
hacked domain but I'd like it a whole lot less if the hacker could
transfer the domain out while waiting for me to notice and them to
investigate.
I personally do not think it's kosher, but I do know that GoDaddy has
been doing this for quite some time. It's one of the many reasons I no
longer do business with them.
You might want to ask them, but I'd bet lunch this is an
anti-domain-theft policy.
If one is engaged in taking other registrants' domains, a trick to it
is to update the contact data and then transfer the registration to
another registrar. In so-called "thin" registries (i.e. where the
contact data isn't also supposed to be stored in the registry), this
leaves the "history" of the domain at a registrar with whom the (ex
hypothesi illegitimate) registrant does not have a relationship, and
that makes getting the domain name back to its original registrant
that much harder.
I can see that this can have some unfortunate effects, particularly
in large organisations where different people might be resonsible for
data correctness and domain name registration management, but I think
it probably is an effort to protect people from one kind of attack
that's been seen.