ICANN's 2016 Transfer Policy locks a domain from transferring for 60 days after a "change of registrant" — meaning a change to name, email, or organization on the WHOIS record. Some registrars (GoDaddy, Network Solutions) "accidentally" trigger this lock when you update anything trivial. Here's the actual policy, when it fires, and how to transfer through or around it.
Key Takeaways
- 60-day transfer lock is real ICANN policy — Transfer Policy § 1.1 (2016).
- Triggered by ANY change to WHOIS registrant name, email, or organization.
- You can opt out of the lock in advance — but must do so before the change.
- Common GoDaddy pattern: "update your info" prompts silently trigger the lock.
- LaunchPad Host sends explicit "this will trigger a 60-day lock" warnings before every registrant change.
What the ICANN policy actually says
ICANN's Transfer Policy (effective December 2016) introduced a "Change of Registrant" provision. The relevant rules:
- When the registrant name, email, or organization changes, the registrar must send confirmation to both old and new registrants (email).
- After the change is confirmed, the domain is locked from outbound transfer for 60 days.
- The registrant can opt out of the lock before the change by checking a box on the change form.
- The lock does not prevent most other operations (DNS changes, renewal, etc.) — only registrar-to-registrar transfers.
The policy exists for a good reason: preventing hijack attacks where an attacker changes registrant info and immediately transfers the domain out. It is legitimate security policy.
The complaint is not the policy itself — it is how registrars present (or hide) the trigger.
How the lock gets triggered — often accidentally
Documented trigger patterns:
- GoDaddy: updating your account email address updates the WHOIS registrant email, which triggers the lock. No explicit warning.
- Network Solutions: a "required" periodic "verify your contact info" prompt, when completed with any change, triggers the lock. Customers who "click to confirm" are silently locked.
- Squarespace (post-Google Domains migration): the migration itself involved a registrar transfer; changes to the registrant email during migration triggered a 60-day lock on some accounts. HN thread on migration complaints.
- Any registrar: changing the email address on a domain — routine maintenance — triggers the lock unless you have pre-opted-out.
The pattern customers describe: they update contact info, then try to transfer the domain a week later, and are told "you are in a 60-day transfer lock, wait until [date]." The transfer they actually wanted is delayed by 50+ days.
Tired of slow, overcrowded shared hosting?
LaunchPad Host runs on NVMe SSDs + LiteSpeed with free migration, free SSL, daily backups, and crypto payments. 30-day money-back guarantee.
See Hosting PlansThe opt-out you can request
Per ICANN policy, registrars must offer an opt-out checkbox on the change form. "I opt out of the 60-day transfer lock for this change" or similar language.
Finding the opt-out:
- GoDaddy: after clicking Change Contacts, there is a checkbox low on the form labeled "Skip 60-day lock." Easy to miss.
- Namecheap: explicit and labeled in the contact update flow.
- Google Domains (RIP): showed a warning with an explicit opt-out button.
- Cloudflare: opt-out by default on most changes.
- LaunchPad Host: explicit prompt: "This change will trigger a 60-day transfer lock unless you opt out now."
If you missed it or the registrar hid it, see the next section.
What to do if you're already locked
You cannot directly remove a 60-day lock. Options:
- Wait. The lock is time-limited. Mark the date. 60 days from the triggering change, the lock expires automatically.
- Request reversal via the registrar. Some registrars, if the lock was triggered "accidentally" (you did not intend the registrant change), will reverse the change and unlock early. Success rate: ~30%, mostly at customer-friendlier registrars.
- File an ICANN complaint. If the registrar did not give you the opt-out option, file at icann.org/compliance. ICANN will investigate within 21 days. If the registrar was non-compliant, they may be forced to reverse.
- Ride out the 60 days, then transfer. Plan the destination registrar, prepare auth codes and DNS, execute at day 61. Use the waiting time productively.
Prevention: registrar choice and routine
Four habits to avoid the lock:
- Never change registrant info at a registrar you plan to leave within 60 days. If you intend to transfer out, do nothing with contact info first. Transfer first, then update at the new registrar.
- Read every "required" WHOIS verification prompt carefully. Most are fine; some silently trigger the lock. Opt out explicitly.
- Use a stable registrant email you do not need to change. Rotating contact emails rotates the lock. Use a dedicated domain-holder alias (e.g.,
domains@yourbusiness.com) that outlives any individual staffer. - Pick a registrar that warns you. The distinction between registrars that default to opt-out and those that default to opt-in is the single biggest quality-of-life difference in registrar choice.
Frequently Asked Questions
The policy is ICANN's. The implementation — specifically, whether customers are warned and can opt out — is the registrar's choice. ICANN requires the opt-out to exist; it does not require it to be prominently displayed.
All gTLDs (.com, .net, .org, .info, etc.) and most new gTLDs. Country-code TLDs have their own rules — .uk, .de, .fr, etc. are governed by their own registries.
Yes. Pure registrar-to-registrar transfers without registrant change are not subject to the 60-day lock. Auth code, verification email, done within 5–7 days.
That is a potential ICANN policy violation. File a complaint at icann.org/compliance with evidence (screenshots of before/after WHOIS). The registrar may be required to reverse.
Renewal alone does not trigger the lock. Only registrant-info changes do.
5–7 days for most gTLDs. The process: request auth code, initiate transfer at new registrar, verify via email, pay (transfer usually includes 1 year renewal), wait for release from old registrar.
We show a warning: "This will trigger a 60-day ICANN transfer lock unless you opt out now." Opt-out checkbox is clearly labeled. We re-remind you on the confirmation screen.
Ready for hosting that just works?
NVMe + LiteSpeed hosting with free migration, crypto payments accepted, and a 30-day money-back guarantee.
See Hosting PlansRelated tools, articles & authoritative sources
Hand-picked internal pages and external references from sources Google itself considers authoritative on this topic.
Related free tools
- WHOIS Lookup Registrar, creation date, expiry, nameservers, DNSSEC status — for any domain.
- DNS Lookup & Records Checker All DNS records (A, AAAA, MX, NS, TXT, CAA, SPF, DMARC) for any domain.
- DNS History Checker Historical DNS, SSL certificates, subdomains & Wayback snapshots for any domain.
- DNS Propagation Checker Check DNS propagation across 12 global resolvers in real time.
Offshore & privacy hosting
- Anonymous-Friendly Hosting Email-only signup, crypto checkout, free WHOIS privacy
- Offshore Hosting EU jurisdiction, privacy-first, from $3.99/mo
- DMCA-Ignored Hosting Due-process complaint handling, explained