What is ICANN domain status: ‘clientTransferProhibited’?

Your question is offtopic here but any conforming whois server (or if using RDAP) shows things that way:

Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: serverDeleteProhibited http://www.icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited http://www.icann.org/epp#serverTransferProhibited

Note the hyperlinks given.

And for your specific one, the text displayed after the jump is:

This status indicates that it is not possible to transfer the domain name registration, which will help prevent unauthorized transfers resulting from hijacking and/or fraud. If you do want to transfer your domain, you must first contact your registrar and request that they remove this status code.

To nitpick, note that this is not “ICANN” status. The name comes from EPP, which is a protocol used by all gTLD registries and most of ccTLDs (but not all).

and is it the recommended approach for a serious website

This is vague in your question, but if you are serious about your domain name you should have a look at the following services that may be available for your domain (depending on who the registrar and the registry are):

  • “registrar lock” (or any other equivalent marketing name): this means your domain could not (more precisely: more difficult) be hijacked because it has an extra layer of protection that typically requires phoning the registrar or separate passwords, etc. When activated you may see clientUpdateProhibited and clientDeleteProhibited statuses typically. And clientTransferProhibited also (but this is often set by many registrars anyway, even outside this service, just to protect domains against hijacked transfers)
  • “registry lock”: this is kind of the same logic but one step further. Even if the EPP connection from registrar to registry is hijacked, your domain could not be modified without some extra loops of authentication out of band, between the registry and registrar. In cases like that you may see serverUpdateProhibited or serverDeleteProhibited.

Side note: all statuses starting with client are set by the registrar (and it has full power on adding/removing them) and all with server at start, as well as any other, can only be set/removed by the registry and hence outside of registrar control. Registries do use them also during disputes for examples and things like that.

Note that the two services described above are not free, not standardized across registries or registrars (so what they cover exactly and what statuses they set or not will vary), and seldom used. But they are a real added protection.

Leave a Comment