[sf-lug] domain transfer experiment (timing ...) - NOT sf-lug.{org, com}, from Network Solutions / Web.com to quite competent registrar

Michael Paoli Michael.Paoli at cal.berkeley.edu
Wed Jul 8 05:06:20 PDT 2015

So I was curious, relatively recently did the "experiment" - see how
long it takes to transfer a domain away from Network Solutions / Web.com
... noting time(s) - at least approximately, and tracking - how much
human time, how much calendar time?  And note also, this wasn't watching
'round the clock to jump any time an action that could proceed.
I was also kind'a curious, because I had a domain I was interested in
transferring anyway (was hoping to do it earlier, but other stuff came
up), and also, curious how (not?) difficult the process would be, and
how long it would take in practice (not that it's always exactly this
long or predictably so, but as representative sample data point), and
also since I'd seen some folks struggle for month(s)! or more
intending/attempting to transfer a domain from Network Solutions, and
not complete that (though in this case I had a different transferring to
registrar - but so long as that's good competent target registrar, that
part of the process shouldn't vary all that much in time

For the impatient, net results were (at least approximately):
clock/calendar time elapsed: 6d 13:09:38 (see also caveat at very end)
human time consumed: 1:57:49 (that's not including setting up account on
transfer-to registrar, did include time to bother to document this
stuff along the way, and also some sucky waits on transfer-from
registrar - on sucky slow web page load and for time on phone with
human(s) that could've entirely been avoided if their online and email
stuff worked well enough by itself)

Experiment ... let's see how long it takes to transfer a domain
away from Network Solutions / web.com
Starting *now*:
Manage Account
[login ...]
Continue to Account Manager
[close annoying pop-up]
My Domain Names
[it shows: "Transfer Lock:      On"]
[before making any changes, check/confirm what it shows in whois(1):
in notable part:
Domain Status: clientTransferProhibited  
Turn Off or Request Authorization Code
[wait for web site to load up tons of cr*p
minutes later it's still doing
"Transferring data from vmp.boldchat.com..."
Fire up another browser (lynx !) ...
eventually first browser has returned - ignore the reasonably priced
renewal offers they now throw at you (would generally play that game
every year to get the more reasonable renewal price without the bloody
phone sales pitch - it also always says "today only", where I think
their definition of "today only" is any and every day you ever walk to
that point in the process, oh, and "of course" that click through offer
includes fine print where you opt-in to receive their marketing emails
("spam") that you really didn't want anyway, and the only way they let
you opt-out of those emails after the fact, is to call them, and then of
course they take days to process that opt-out)
Continue Transfer
click transfer acknowledgement button, then
Continue Transfer
[ignore optional questions]
Request Authorization Code
Leave Domain Transfer Lock off
Request Authorization Code
Your request for an Auth Code has been received and your information  
will be validated to ensure the security of your account. If your  
request is approved, you will receive your Auth Code by email in 3 days.

Now to email and transfer to registry ... nothing in email yet,
login to transfer to registry
[enter domain name]
[checked whois(1) no longer shows the transfer lock]
[may need an authorization code]
add this later
Keep the current DNS
[click required accept boxes]
[select payment method ... and it's 20% less than as low as Network
Solutions would go
payment made, confirmed, relevant reference numbers noted
[check status and emails again - looks like it (thus far) partly failed
- apparently auth code wanted from transferring from registrar ... but
not yet received, did also follow instructions in email from
transferring to registrar, and completed that portion successfully ...
so, ... now wait (up to 72 hours) for auth code and any other bits that
need to be acted upon]

Checking, and ... almost exactly 72 hours later, we have authorization
code from Network Solutions ...:
Date: Sat, 27 Jun 2015 23:32:50 -0400 (EDT)
that we'd requested just before:
So ... now we feed auth code into transfer-to registrar process ...
logged in, put in code, updated ...
well, looks like that failed ...
checking further, looks like in Network Solutions email, they
tacked on some non-alphanumeric characters (in both the text, and html
portions of the email, even after carefully examination of and
appropriate decoding of text) ... but seems those characters are
probably not supposed to be part of the auth code, and the auth code
should be purely alphanumeric, so ... change that on receiving registrar
process end to be just the alphanumeric portion and drop the other
characters ... either way, still shows failed ...
(I suspect this might be Network Solutions / Web.com mucking about with
codes intended to muck up on some registrar's web sites - e.g. sites
that might not properly encode, or might strip it out as defensive move,
suspecting the characters to be part of SQL injection attack or the
let's recheck whois data, and then probably pester Network Solutions.
That all appears fine, ... time to pester Network Solutions.
1-800-779-4903 ... navigate their menu options
2015-06-27T21:07:07-0700 - still on hold "specialist will be with you
shortly" (for certainly definitions of "shortly") ...
Network Solutions says that it's with those non-alphanumeric characters,
I told 'em I tried both with, and also without - both were rejected,
they say they're going to give me a new auth code, but have to validate
me, and will call me back in about a minute or two
They called me back, tell me it'll be up to two business days for them
to generate a new authorization code and investigate why the transfer
... so start wait again

sometime on 2015-06-28, out of curiosity, I tried the transfer again,
again putting in the original auth code on the receiving registrar's
site, and running it through yet again.  Interestingly, this time, after
a bit, it didn't fail (whereas before it would almost instantly fail on
every attempt, regardless of auth key used - I suspect Network Solutions
/ Web.com has some "hidden" bit they don't show in the whois data, that
they manually flip to allow the transfer to proceed - as I rather doubt
it failing earlier, then working after the phone call, was mere
coincidence.  For some odd reason, I imagine ;-) their call flow chart
having portions like:
o click here to flip bit after 2 business days, don't tell customer
o click here to flip bit after 2 business days, tell customer
o click here to flip bit now, tell customer 2 business days (what I
   apparently got)
o click here to flip bit now, tell customer (last resort, only if we're
   totally screwed if we don't do this now for customer)
anyway, after that it now showed: ...
The registry is checking the transfer
Authorization code
         Accepted (whereas that step always showed failed before, and for
remaining steps, it now showed when/latest it would be expected to
STEP 4  The transfer has been accepted by the former provider (NETWORK  
(Note: This step is optional; the transfer will proceed automatically  
after timeout unless denied by the current registrar.)    Pending
STEP 5  Transfer finalization (Registry's anticipated transfer  
completion date: Friday 3 July 2015, 08:00
Note that you can contact your former registrar to ask that they speed  
this up.)
... after that, wait some more, and keep an eye out for relevant email
... (interestingly, later, Network Solutions did send that email with
"another" authorization code, ... except they just sent me the exact
same authorization code again and told me they couldn't change it
'cause the authorization code was already set, and to have the
transfer-to registry manually enter it if it wasn't working from their
on-line process ... but it had already long since been accepted through
their on-line process and by Network Solutions before I'd received that
later email).

checking again, got relevant email from Network Solutions:
Date: Sun, 28 Jun 2015 16:55:48 -0400 (EDT)
received notification on June 28th, 2015 8:47:39 A.M. EDT that you  
have requested to transfer to another domain name registrar. You can  
accept or reject this transfer request by visiting our secure website  
If the transfer request is not rejected by July 2nd, 2015 8:47:39 A.M.  
EDT, this transfer will proceed.
I visit the URL ...
[Confirm] [Submit]
Transfer Status
... that sounds good, let's see if anything else confirms that yet ...
nothing additional showing movement/change yet (whois still the same),
so now we wait some more

I notice I've received email from transfer to registrar:
Date: Wed, 01 Jul 2015 13:51:17 -0000
It indicates the transfer has successfully completed,
I check whois(1), and yes, confirmed, done, transferred

(optional) follow-up: as desired/relevant, (re)apply transfer lock,
set up any needed service(s), any updates on domain contacts, etc. (note
that some of these bits might require a wait period first, or such might
be advisable).

Miscellaneous thoughts/commentary:
It's recommended to never transfer a domain less than 30 days before
expiration.  Even the transfer-to registrar had a strong
recommendation/advisory to not transfer domain if it has less than - I
think they indicated 2 weeks - before its expiration.  Despite that
excellent advice, I did it with less than 2 weeks remaining - but that
was after performing careful risk analysis which went about like this
for this particular domain I was dealing with:
Guestimated probabilities and relative (non-)acceptability/cost/risk:
~2.5% things totally fail and can't be recovered in time and I lose the
       domain; no great loss, I can live with that, inconvenient, but I'm
       about the only person on the planet that would notice or care.
       Not a biggie, judged PITA/inconvenient, but acceptable risk
~37.5% Network Solutions doesn't do their stuff "fast enough", and to
        not have the domain expire, I renew with Network Solutions for
        $10.00 USD - judged acceptable, but not preferred outcome,
        however this would also be the "safe bet" - to just simply renew
        it before expiration and do the domain transfer at a later time.
~67% timing could be rather close, but knowing how and approximately
      where Network Solutions / Web.com does (and doesn't) suck, and with
      a good transferring to registrar (applicable in this case), and
      paying reasonable attention to push the relevant pieces through in
      a rather timely manner, and person sufficiently
      competent/experienced at domain transfers, reliable, etc., judged
      rather probable to be able to get it through on time, and with some
      (but not a lot of) time to spare.
Anyway, given that particular domain and risk analysis, was judged
acceptable to proceed with the transfer, and with a probable "worst
case" of just ending up spending the $10.00 USD with Network Solutions
/ Web.com and ending up deferring the transfer, and the even less
probable truly "worst case" was acceptable, but certainly not preferred
(for other domains, that would've been a highly different analysis and
not an acceptable risk at all).
Another consideration, as and to extent reasonably feasible, I didn't
want to be spending another dime with Network Solutions / Web.com, so
overall, I opted to proceed with the transfer attempt, with fallback of
renewal before expiration, and worst case of ... well, would deal with
that if that occurred, but not a biggie.

Anyway, risk analysis :-)  Good to do the relevant risk analysis for any
given scenario, so one doesn't overrate, or underrate (or fail to rate)
various risk trade-offs, acceptable risk, factors such as how much
resource one is spending to protect what (is it not worth spending that
much to protect that much?  Or is it very valuable and not sufficiently
protected?), etc.

Also rather quite like gambling.  ;-)  I mostly don't ... well, most all
typical/conventional forms, anyway.  My policy on gambling for myself
is: I only do it if:
I can quite afford/tolerate the worst case downside risks, and
the odds are in my favor.  Otherwise I just don't.

Anyway, the domain transfer process was started about 9.8 days short of
expiration.  NOT recommended to cut it that close!  But, I did still
manage to have that transfer completed more than 3 days short of
expiration (and good transfer-to registrar, and after transfer was
successfully underway, transfer-to registrar estimated transfer would,
at that point, be completed not later than more than a full day in
advance of expiration).  Had there been a moderate bit less time before
expiration, the probabilities probably would've looked substantially to
radically different on the risk analysis, and I probably would've just
opted to renew first and transfer later.

And of course caveat: Of course *no* guarantees that *your* transfer
will happen that quickly, so plan accordingly.

More information about the sf-lug mailing list