Hello William,
1. MIT receives transfer request from reseller 2. MIT sends email confirmation to whois contact (which contact - tech, admin?)
Melbourne IT would collect the WHOIS information for the particular domain name. We would store the critical details. For .com names, we would send the email confirmation to the: Admin Contact email address The email confirmation uses this format: http://www.icann.org/transfers/foa-auth-12jul04.htm The standard form ensures that the registrant is giving explicit authorisation for the transfer and not something else (e.g a renewal). The email confirmation has a unique link (with unique code) to a Melbourne IT website. The web page again includes the authorisation information. (in the case of a name for an EPP registry, you would also be asked for the AUTH-INFO password) We would log the authorisation along with the IP address used to access the website.
3. MIT sends email (or is it request through Verisign RRP?) to Verisign
MIT would send an RRP command to the Verisign registry. 4. The Verisign registry checks to see if the name is on Registrar LOCK. If the name is on LOCK, the RRP command will fail. 5. If the name is not on Registrar LOCK< the registry sends an email notification to both the losing and gaining registrar. I have already sent a copy of the notification used in the panix.com case. 6. MIT then waits for confirmation from the registry that the transfer is complete. This usually takes 5 days, although a losing reigstrar can explicitly confirm a transfer.
I also would like to confirm who is responsible for denying transfer request if LOCK is present.
The registry does this. Regards, Bruce Tonkin