Bruce,

> If you mean that updating the passwords makes it harder to by-pass the
> authorisation process of the transfer policy then you are correct.  We
> have already detected instances that you have been advised of, where a
> registrant has not authorised a transfer, but where the reseller
> initiated the transfer.

And in this case what is the problem with the reseller inicating the
transfer request for the domain holder, the registrant still get's an
email and must confirm the tranfer process by reply email. In most of
these cases the reseller would have complied with policy. Where does the
problem lie? That you are loosing your reseller base or the registrant?
Regards,

Michael-Pappas.