Domain Registrar (Client) & Registry (Server) Status Codes

Certain registrars permit registrants to control one or more registrar (client) status codes. The following status codes, also known as registrar locks, are of particular importance to registrants:

clientTransferProhibited. When set, the registry will not allow a registrar to accept a transfer of the domain name away from the sponsoring registrar. Certain registrars automatically keep the clientTransferProhibited status set on domain names and registrants use a third party authorization process between the “transfer-from” registrar, the “transfer-to” registrars and the registry to protect against unauthorized transfers.

clientUpdateProhibited. When set, the registry will not make changes to the registration details of the domain name. Certain registrars automatically unlock and re-lock this status when a registrant has successfully logged into a domain account. Other registrars allow registrants to unlock and re-lock this status through a domain management interface.

clientDeleteProhibited. When set, the registry will reject requests to delete a domain name from the registry.

We encourage registrants to make certain that clientTransferProhibited is set to prevent unauthorized or unintended transfer of a domain away from the rightful registrant to a different party (e.g., a hijacker). And also encourages registrants to make certain that clientUpdateProhibited is set to prevent changes to registration contact or DNS configuration information without first unlocking this status.

Many registrars issue notifications when certain client status codes are modified. These notifications are extremely important because they may forewarn registrants of unauthorized registration account access.

We encourage registrants to incorporate routine checks of registrar locks in WHOIS monitoring activities.

Registry (Server) Status Codes

Certain registrars and registries work cooperatively to offer registrants the ability to add server status codes (registry locks) as an additional layer of protection beyond client status codes. Registars submit requests for registry locks (serverDeleteProhibited, serverUpdateProhibited, serverTransferProhibited) for domain name(s) at the request of a registrant. The registry verifies that the registrar submitting the request is the registrar-onrecord for the domain names prior to setting the lock. Once the locks are enabled, the registry uses a highly secure verification and authentication process to assure that changes requests have been authorized by the registrant, through the registrant’s (chosen) registrar-on-record).

We encourage you to consider setting registry locks as a complement to registrar locks for a second level of security against unauthorized transfer, deletion or change of registration information associated with your domain names.

We also encourage registrants to incorporate routine checks of registry locks in WHOIS monitoring activities.

Leave a Reply

Your email address will not be published. Required fields are marked *