They started this practice before the EPP system was in place and all that was required to transfer a domain was a contact approval via email (and even that got overlooked at times).
Makes sense. How diabolical.
Currently I believe that DROA states you will need the EPP code and once you return the form they will send you instructions on how to obtain it from your current registrar. Which for some is finally the wake up call that they did something stupid. Whether you can get money back or not I suppose is debatable. Can make arguments on both sides... DROA can claim you signed a document and the terms express that you need to get the EPP code and click the final approval link. If you don't do that, not really their fault. For the consumer, if the dont follow through, then really DROA has not provided any service that needs to be paid for.
Hopefully the EPP code is jarring enough. When it just looks like a bill, it's not surprising people would fall for it. But once you have to log in to the old registrar, the alarm bells should go off.
As for ICANN's involvement, droa (or brandon gray internet anyways) is an ICANN accredited registrar. That means that they signed a contract with ICANN, and ICANN now says that they breached that contract (through deceptive marketing practices). So either droa quits what they are doing, or ICANN cancels their accreditation. In the latter, they could try to resell through another registrar but it seems at this point they'll just keep getting cancelled as a reseller should they attempt that route.
I was only saying ICANN wouldn't be involved if DROA wasn't actually transferring/renewing the domains. That would be fraud. Since they are doing it, that is for ICANN to decide. It just seems unlikely that DROA would rope so many people in with the EPP requirement, but you explained that.
