What is a Transfer Lock?
A transfer lock (also called registrar lock or client transfer prohibited) is a security status applied to a domain that prevents it from being transferred to another registrar without explicit authorization. This is a fundamental security measure that protects domain owners from unauthorized transfers, domain hijacking, and social engineering attacks. Transfer locks should be enabled on all domains except when actively initiating a legitimate transfer.
How Transfer Locks Work
EPP Status Codes
Transfer locks set specific status codes in the registry:
clientTransferProhibited - Set by registrar
serverTransferProhibited - Set by registry
Lock States
| Status | Can Transfer? | Who Controls |
|---|---|---|
| Unlocked | Yes | Owner |
| Client locked | No | Registrar |
| Server locked | No | Registry |
| Both locked | No | Both required |
Transfer Lock Protection
What It Prevents
1. Unauthorized transfers: Hijacking attempts blocked
2. Social engineering: Fake support requests fail
3. Accidental transfers: Protects against mistakes
4. Competitor theft: Business protection
What It Doesn't Prevent
- DNS changes (separate from transfer)
- Nameserver modifications
- Contact information updates
- Domain expiration
Managing Transfer Locks
Enabling Lock
Most registrars enable by default. To verify:
1. Log into registrar control panel
2. Navigate to domain settings
3. Check "Transfer Lock" or "Domain Lock" status
4. Enable if disabled
Disabling for Transfer
When legitimately transferring:
1. Log into current registrar
2. Unlock domain (disable transfer lock)
3. Obtain auth/EPP code
4. Initiate transfer at new registrar
5. Approve transfer confirmation
6. Re-enable lock at new registrar
ICANN Transfer Policy
Required Waiting Periods
| Situation | Transfer Allowed? |
|---|---|
| First 60 days after registration | No |
| First 60 days after transfer | No |
| Domain expired | Varies by registrar |
| Transfer lock enabled | No (until unlocked) |
Transfer Process
Day 0: Unlock domain, get auth code
Day 1: Initiate transfer at new registrar
Day 1-5: Approval emails sent
Day 5-7: Transfer completes (if approved)
Or auto-completes if no response
Transfer Lock vs Registry Lock
| Feature | Transfer Lock | Registry Lock |
|---|---|---|
| Cost | Free | Premium ($50-500/yr) |
| Control | Online/self-service | Manual verification |
| Protection level | Basic | Maximum |
| Unlock method | Control panel | Phone verification |
| Best for | All domains | High-value domains |
Best Practices
1. Always enable: Keep locked unless transferring
2. Verify regularly: Check lock status periodically
3. Secure account: Use 2FA on registrar account
4. Monitor notifications: Watch for unlock alerts
5. Document changes: Log when unlocking for transfers
6. Re-lock immediately: After transfer completes
Checking Lock Status
WHOIS Lookup
whois example.com | grep -i status
# Look for:
# Domain Status: clientTransferProhibited
Transfer locks are the first line of defense against domain theft—a simple but essential security measure that every domain owner should enable.