What is a domain's auth code and why do I need it?

By , April 22, 2010

Domains in the .com, ,net, .org, .biz and .info TLDs (aka .CNOBI) use a registry protocol called “EPP” to communicate between the registrars and registry.

Under this protocol, a domain “auth code” is a small random code assigned to each domain name and is required in order for a domain name to be transferred from one registrar to another.

All registrars are supposed to furnish registrants with the auth code for their domains, either by supplying it when requested, or better yet, providing a mechanism in their user interface to either view it or have it sent to the domain’s administrative contact.

Which means in order to successfully transfer a domain name from one registrar to another, you need at least 3 things in place:

  • the administrative contact email address for the domain should be working and an address you can receive mail at (see http://www.easywhois.com to view your domain’s whois record and current email contacts)
  • the “registrar lock” or “transfer lock” needs to be turned off at the time the transfer is initiated. Otherwise, when your new registrar tries to start the transfer, it will fail immediately. Again, your current registrar should either unlock this for you on request or provide a mechanism in the UI to do it. NOTE: it is in your best interests to leave this domain transfer lock on most of the time. You should only turn it off when you have to in order to facilitate a transfer
  • the EPP code or auth code. You will need this to “confirm” that the transfer request is a legitimate one and not a domain hijacking attempt.

Leave a Reply