Domains & DNS 10 min read

7 Domain Transfer Mistakes That Will Lock You Out for 60 Days

Transferring your domain? One wrong move triggers ICANN's 60-day lock. Learn how to avoid the mistakes that cost businesses thousands.

January 17, 2025
7 Domain Transfer Mistakes That Will Lock You Out for 60 Days

The 60-Day Domain Transfer Nightmare

One wrong move triggers ICANN's transfer lock. Here's what happens:

1
Initiate transfer

Domain is locked. Transfer cannot proceed.

2
Unlock domain, try again

WHOIS privacy must be disabled before transfer.

3
Disable privacy, try again

Domain updated 30 days ago. ICANN 60-day lock active. Wait 30 more days.

33
Finally able to transfer

Transfer initiated successfully. 5-7 days to complete.

⚠️ 33 days stuck with a registrar you're trying to leave—all because of avoidable mistakes. This guide shows you how to transfer in 5-7 days instead.

Understanding Domain Transfers

Standard Transfer Process (When Everything Goes Right)

Day 1You → Gaining Registrar
Request Transfer

Initiate transfer at new registrar with EPP code

Day 1-2Gaining Registrar → Registry
Authorization Request

New registrar sends request to registry

Day 2-3Registry → You
Approve via Email (FOA)

You receive confirmation email and approve transfer

Day 3-5Losing Registrar Process
Losing Registrar Processing

Current registrar has 5 days to approve/deny

Day 5-7Transfer Complete ✓
Transfer Complete

Domain appears at new registrar, +1 year added

Success Timeline

5-7 days total when you follow proper procedure

Failure Timeline

60+ days when you trigger ICANN locks or make mistakes

Mistake #1: Forgetting to Unlock Your Domain

Why Domains Are Locked by Default

Domain hijacking is big business. Attackers steal valuable domains and sell them or hold them for ransom. Registrar locks prevent unauthorized transfers even if someone obtains your EPP code.

How to Unlock Your Domain

1
Log into your current registrar's control panel

Use your existing account credentials

2
Find "Domain Management" or "My Domains"

Usually in main navigation or dashboard

3
Select your domain

Click on the domain you want to transfer

4
Look for "Domain Lock" or "Registrar Lock" toggle

Might be under Security or Transfer settings

5
Disable the lock

Toggle off or click "Unlock for Transfer"

⏱️ Important: Some registrars require 24-48 hours after unlocking before transfer can begin. Plan accordingly.

Red Flags That Your Domain Is Still Locked

Transfer Form
"Transfer immediately fails with "locked" error"

→ Domain lock is still enabled

New Registrar
""Transfer cannot be initiated - domain locked""

→ WHOIS shows domain as locked

WHOIS Lookup
"clientTransferProhibited status"

→ Registry has domain marked as transfer-locked

Mistake #2: Missing or Incorrect EPP Code

What Is an EPP Code?

Think of it as your domain's password for transfers. It's a unique string (8-32 characters) that proves you own the domain and authorize the transfer.

Example EPP Code:
Abc123XyZ!@#$%

Common EPP Code Mistakes

Copy-paste errors

Example: Extra space at end: "Abc123XyZ!@#$% "

Fix: Paste in text editor first, verify no extra spaces

Expired codes

Example: Code generated 60+ days ago

Fix: Request fresh EPP code if transfer delayed

Using old codes

Example: Generated new code but used old one

Fix: Always use most recently generated code

Case sensitivity

Example: "ABC123" vs "abc123" (different!)

Fix: Match case exactly as provided

💡 Pro Tip: Copy EPP code to a secure note app. Verify character count. Test paste in a text editor before using in transfer form.

Mistake #3: Triggering the 60-Day ICANN Lock

The Mandatory 60-Day ICANN Lock

You CANNOT override this. No exceptions. No workarounds. No "but I really need to transfer now."

Just Registered Domain
Trigger:

Within 60 days of domain registration

Example:

Registered Jan 1st, try to transfer Jan 15th

Result:

🔒 Locked until March 1st (60 days)

Updated Contact Info
Trigger:

Within 60 days of ownership/contact change

Example:

Changed email Jan 1st, try to transfer Jan 20th

Result:

🔒 Locked until March 1st (60 days)

How to Avoid the 60-Day Lock

Start domain transfers 65+ days after registration

Freeze contact updates - don't change registrant email, name, or organization before transfer

Check WHOIS date to verify when domain was registered or last updated

Ask registrar - some show "Transfer Lock Until: [DATE]" in dashboard

Good News: Privacy Protection Updates

Enabling/disabling WHOIS privacy does NOT trigger the 60-day lock. That's a privacy service change, not a contact change. However, you must still disable privacy before transfer (see common mistakes).

GIF from GIPHY

When you realize you triggered the 60-day lock...via GIPHY

Mistake #4: Expired or Soon-to-Expire Domains

Domain Lifecycle & Transfer Restrictions

Active

More than 15 days before expiry

Transfer OK

Normal status, all operations allowed

→ Transfer anytime
Pre-Expiry Warning

7-15 days before expiry

Transfer Blocked

Some registrars block transfers (not all)

→ Renew first, then transfer
Grace Period

0-30 days after expiry

Transfer Blocked

Can renew normally, but transfers blocked

→ Renew now, wait 48h, then transfer
Redemption Period

30-60 days after expiry

Transfer Blocked

$100-200 recovery fee, transfers still blocked

→ Pay recovery fee, renew, then transfer
Pending Deletion

60-75 days after expiry

Transfer Blocked

Domain will be released to public pool

→ Too late - domain will be deleted
Why Transfers Add a Year

Every successful domain transfer automatically adds 1 year to your registration. This is ICANN policy. Example: Domain expires March 2026. You transfer Jan 2025. New expiration: March 2027.

Mistake #5: Leaving Domain Privacy Protection Enabled

With WHOIS Privacy (Enabled)
Name:Privacy Protected
Email:proxy12345@privacy.com
Phone:+1-000-0000

❌ Transfer emails go to proxy address, which may not forward properly or may delay 24-48 hours

Normal WHOIS (Privacy Disabled)
Name:John Doe
Email:john@realemail.com
Phone:+1-555-1234

✅ Transfer confirmation emails (FOA) arrive directly to your inbox

How to Disable Privacy for Transfer

1

Log into current registrar

2

Domain management → Your domain

3

Find "WHOIS Privacy" or "Domain Privacy"

4

Disable/turn off (might be "Make WHOIS Public")

5

Wait 24 hours for WHOIS database to update globally

6

Verify WHOIS shows your real email at lookup.icann.org

The Privacy Paradox

You must make your email public to transfer, but this exposes you to spam for 5-7 days. Use a temporary email filter or expect increased spam during transfer period. After transfer completes at new registrar, immediately re-enable WHOIS privacy.

Mistake #6: Ignoring DNS During Transfer

What Happens to DNS During Transfer?

Using registrar nameservers
high risk
Nameservers:ns1.oldregistrar.com
During transfer:Site stays online (DNS at old registrar)
After transfer:Works temporarily, then breaks when old registrar purges DNS (30-90 days)
Using third-party DNS (Cloudflare)
low risk
Nameservers:ns1.cloudflare.com
During transfer:Site stays online (DNS independent)
After transfer:Continues working perfectly - DNS unchanged
Method 1: Third-Party DNS (Recommended)
Zero downtime

Switch to Cloudflare BEFORE transfer

  1. 1.Sign up for Cloudflare (free)
  2. 2.Copy DNS records from current registrar to Cloudflare
  3. 3.Change nameservers to Cloudflare
  4. 4.Wait 24-48h for propagation
  5. 5.Verify site works with new nameservers
  6. 6.Then start domain transfer
Method 2: Document & Recreate
Brief downtime possible

Manually transfer DNS records

  1. 1.Export DNS zone file from current registrar
  2. 2.Start transfer
  3. 3.Immediately recreate DNS at new registrar
  4. 4.Update nameservers to new registrar
  5. 5.Wait 24-48h for propagation
DNS Propagation Timeline
0-2 hours: Nameserver changes start propagating
2-8 hours: Most DNS servers updated
24-48 hours: 99%+ propagation complete
72 hours: Maximum, covers even slowest ISPs

💡 Pro tip: Lower your TTL to 300 seconds (5 minutes) 48 hours BEFORE transfer to speed up propagation.

Mistake #7: Not Testing Before Switching DNS

The Hosts File Testing Method

Test that your site works on the new server BEFORE switching DNS globally. Hosts file overrides DNS on YOUR computer only.

1
Get your new server's IP address

New hosting provides this (e.g., 192.168.1.100)

2
Edit hosts file on your computer

Windows: C:\Windows\System32\drivers\etc\hosts | Mac/Linux: /etc/hosts

3
Add this line

192.168.1.100 yourdomain.com

4
Flush DNS cache

Windows: ipconfig /flushdns | Mac: sudo dscacheutil -flushcache

5
Visit your site

Your computer loads from new server, everyone else sees old server

6
If everything works, update real DNS

Change nameservers at registrar

7
Remove hosts file entry when done

Delete the line you added in step 3

What to Test Before Going Live

Website Functionality
  • Homepage loads correctly
  • Internal pages work (not 404)
  • Contact forms submit successfully
  • E-commerce checkout processes
  • Login/authentication works
Assets & Resources
  • SSL certificate valid (green padlock)
  • Images and assets load
  • CSS/JavaScript working
  • Third-party integrations (analytics, chat, payment)
Email Testing
  • Send test email from your domain
  • Receive test email to your domain
  • Check SPAM folder (shouldn't be there)
  • Verify email signature/formatting
  • Test email client (Outlook, Gmail)
Don't Skip Testing!

Switching DNS without testing means your site could be offline for 24-48 hours (full DNS propagation time) while you troubleshoot. Test first, fix issues, THEN switch DNS.

The Safe Transfer Checklist

Transfer Progress0 / 23 tasks completed

2 weeks before transfer

Preparation phase

1 week before transfer

Verification phase

Transfer day

Initiation phase

During transfer (5-7 days)

Processing phase

After transfer completes

Completion phase

domainsdnstransfericannmigration