Domains: Option to opt out of transfer lock is not obvious or clear

[mikeshelton1503]

When a customer updates their contact information ICANN requires that we place a lock on the domain for 60 days. However, we can (and do) offer an option to opt-out of the 60 day lock.

However, currently the option is quite obscure at the bottom of the edit contact form and doesn't have any explanation around it for why you might want to opt out or what will happen if you don't. This is resulting is customers later trying to transfer their domain or make other changes only to learn that they can't because they locked their domain from a previous change.

Current opt-link checkbox:

[mikeshelton1503]

My wish here is to have the checkbox checked automatically (as well explain it better). I'm not sure though if that change is ok with ICANN policy. The policy states it must be an opt-out, which it actually would still be opt-out just that we're auto-selecting it for users.

Another possible option, among others, is to add a recommended label beside it if auto checking is too much. @kelliepeterson Do think this is an ok thing todo? I understand that the lock has a security purpose so I don't want a change here lead to security vulnerabilities.

I will add a mockup here, just wanted to check the feasibility of those options first.

[deBhal]

If the auto-checking is a problem, another option that would be to add an "Are you sure?" pop-up, with the blue button of "Opt out" (and maybe a white button like "Prevent updates & transfers for 60 days afterwards").

Something in that vein would keep it an opt out, but make the default behaviour the sane choice.

My understanding is that we store this setting per-user, rather than per domain, so we can probably check the box by default after we've got the user to opt-in the first time.

[klimeryk]

Good idea with the pop-up/modal, @deBhal, I was thinking of something like that too.

But, as far as I understand this, we can't check it by default for the user. It's an opt-out, as defined by ICANN:

The Registrar must impose a 60-day inter-registrar transfer lock4 following a Change of Registrant, provided, however, that the Registrar may allow the Registered Name Holder to opt out of the 60-day inter-registrar transfer lock prior to any Change of Registrant request.

This is also not something we store anywhere - it's an action the user has to explicitly take. This is because changing one of the four main fields of the WHOIS record (first name, last name, org name, email) triggers what ICANN calls inter-registrant transfer - transferring the domain between registrants. So, technically, from a legal point of view, we're transferring a domain between two users and we can't infer anything (no "you've opted out of the transfer lock previously, you must want to do that again too"). I'd also err on the side of caution in case this does lead to someone loosing their domain because we've opted out of this transfer lock for them.

My vote goes to making the option more prominent, explaining its importance better, but we can't force the user to select it or select it for them.

[github-actions[bot]]

This issue is stale because it has been 180 days with no activity. You can keep the issue open by adding a comment. If you do, please provide additional context and explain why you’d like it to remain open. You can also close the issue yourself — if you do, please add a brief explanation and apply one of relevant issue close labels.

[kelliepeterson]

We updated this to be more prominent.