Hi. A few days ago I initiated some domain registration transfers away from DH and have noticed 2 anomalies. TLD is .com in all cases.
(1) My first attempt was rejected by the gaining registrar with a message like "could not extract email address from whois info". In order to get past this stage, I had to remove private registration at the DH end. Well, I know that in the distant past one almost always had to do this, but, so far as I recall, more recently things were better and one did not have to do this. Maybe I am mis-remembering, but I think that about 2 years ago one could transfer away from DH without removing private registration. Am I mis-remembering? Or has DH procedure changed for the worse in the last 2 years?
(2) It has been several days, and I have not received a domain-jacking protection email like I did last time. 2 years ago the email said,
I've checked spam folders, and also my support history in the panel, and no such message has arrived. Again, this could be the result of a change in DH procedures. The losing registrar is not actually obliged to send any such message (in which case the transfer should be auto-approved after 5 days). But if DH is no longer sending such messages, it seems like another change for the worse, since the old procedure had the effect of speeding up completion of the transfer, as well as providing valuable protection against domain-jacking.
The transfers which I did a couple of years ago were all completed within 24 hours, and in some cases within 1 hour; as I wrote at the time,
Also, the domain-jacking protection mentioned in the email is valuable since, without it, protection depends on just 2 things:
(a) the authorization code supplied by the registry via the losing registrar; the problem with this is that it is not (I think) time-limited (in the case of TLD .com) so that once it has been made known to a 3rd party (for example in the course of a failed transfer attempt) it could be re-used many years later in a domain-jacking attempt. If I'm wrong about it not being time-limited, please advise.
(b) an email sent to the email address listed in the whois info ... this is a published email address and thus may be relatively easily compromised. The email which DH sends (or used to send) provides significant extra protection since it is sent to the account holder's login email address which is likely to be (and should be) well protected.