[At-Large] [ALAC] Fwd: A million domains taken down by email checks

Alan Greenberg alan.greenberg at mcgill.ca
Fri Jul 4 03:14:39 UTC 2014

The registrars are asking for data from law enforcement, and rightfully so.

However, before I would charge off and recommend 
that the ALAC takes a position, I would like to see some data from registrars.

800,000 is a large number. But it is also just 
0.5% of all gTLD registrations. In the past when 
the ALAC has raised issues related to similar 
problems (such as loss of registrations after 
accidental expiration), one of the replies from 
registrars has been that the number is only a 
tiny fraction of the registrations that are not 
lost. In my mind, the issue was not the 
percentage but the absolute number of people 
suffering problems, and it still is in this case.

When we were looking at expiration issues, and 
how to alert a registrant that a name had 
expired, the PDP WG came to the conclusion that 
the best way to wake up a registrant who is 
either ignoring e-mails, or has e-mails directed 
to an invalid or dead e-mail box, it to take down 
the domain. Not working does catch people's 
attention! Yes, it is a harsh way to do this, but 
very effective. The first reports that we are 
getting from Contractual Compliance is that with 
these new measures in place, complaints are way 
down, as much as 50% for some expiration-related complaints.

So I would want to understand something about 
where this 800,000 number comes from, and how it 
is broken down. Examples of questions that come 
to mind and should be explored are:
- how many of those 800,000 result in the 
registrant correcting the data and the domain goes live again
- how many are not due to bad registrant contact 
information, but bad contact information for the 
a privacy/proxy service or web hosting company

I'm sure a bit of discussion would raise other questions as well.

So I am all for the ALAC making a statement, But 
the content of that statement should be based on 
a better understanding of what is going on here.


Postscript: One of the issues that came up during 
the expiration renewal PDP was that many 
registrations use the domain in question for the 
contact e-mail. For example, the domain 
example.com might had a contact e-mail address of 
webmaster at example.com. If the domain stops 
working for any reason, the contact address is by 
definition useless. Registrant need to be 
educated to NOT use the domain being registered 
for its own contact address. The PDP recommended 
that registrars warn registrants about this. 
Perhaps it is being done, but I have not seen it.

At 03/07/2014 06:36 AM, Rinalia Abdul Rahim wrote:

>Dear ALAC,
>In reference to Joly MacFie's mail to the At-Large (see forwarded), the
>topic was also raised by Registrars during their meeting with the ICANN
>Board in London.
>Fadi posed a question to the Registrars on whether they have engaged with
>the At-Large on the matter. Fadi then raised the issue to the At-Large
>during his ATLASII Fayre speech.
>It would be important that the At-Large articulates its position on the
>issue (possibly via an ALAC statement) as it is being presented as a
>problem for Internet users.
>Best regards,
>---------- Forwarded message ----------
>From: "Joly MacFie" 
><<https://atlarge-lists.icann.org/mailman/listinfo/alac>joly at punkcast.com>
>Date: Jun 26, 2014 1:00 AM
>Subject: [At-Large] A million domains taken down by email checks
>To: "At-Large Worldwide" 
>at atlarge-lists.icann.org>
>Fwd over from the NCSG list. I underdtand that this would have been
> > discussed in today's EWG and privacy sessions. Any comments?
> >
> >
> > 
> <http://domainincite.com/16963-a-million-domains-taken-down-by-email-checks>http://domainincite.com/16963-a-million-domains-taken-down-by-email-checks
> >
> >  A million domains taken down by email checks
> > <
> > 
> <http://domainincite.com/16963-a-million-domains-taken-down-by-email-checks>http://domainincite.com/16963-a-million-domains-taken-down-by-email-checks
> > >
> > Kevin Murphy 
> <<http://domainincite.com/about>http://domainincite.com/about>, 
> June 24, 2014, 14:34:25
> > (UTC), Domain Registrars
> > 
> <<http://domainincite.com/category/domain-registrars>http://domainincite.com/category/domain-registrars>
> >
> > *Over 800,000 domain names have been suspended since the beginning of the
> > year as a result of Whois email verification rules in the new ICANN
> > Registrar Accreditation Agreement.*
> >
> > That’s according to the Registrars Stakeholder Group, which collected
> > suspension data from registrars representing about 75% of all registered
> > gTLD domain names.
> >
> > The actual number of suspended domains could be closer to a million.
> >
> > The 2013 RAA requires registrars to verify the email addresses listed in
> > their customers’ Whois records. If they don’t receive the verification,
> > they have to suspend the domain.
> >
> > The RrSG told the ICANN board in March that these checks were doing more
> > harm than good
> > <
> > 
> <http://domainincite.com/16375-are-whois-email-checks-doing-more-harm-than-good>http://domainincite.com/16375-are-whois-email-checks-doing-more-harm-than-good
> > >
> > and today Tucows CEO Elliot Noss presented, as promised, data to back up
> > the claim.
> >
> > “There have been over 800,000 domains suspended,” Noss said. “We have
> > stories of healthcare sites that have gone down, community groups whose
> > sites have gone down.”
> >
> > “I think we can safely say millions of internet users,” he said. “Those are
> > real people just trying to use the internet. They are our great
> > unrepresented core constituency.”
> >
> > The RrSG wants to see contrasting data from law enforcement agencies and
> > governments ­ which pushed hard for Whois verification ­ showing that the
> > RAA requirement has had a demonstrable benefit.
> >
> > Registrars asked at the Singapore meeting in March that law enforcement
> > agencies (LEA) be put on notice that they can’t ask for more Whois controls
> > until they’ve provided such data and ICANN CEO Fadi Chehade said
> > <
> > 
> <http://domainincite.com/16375-are-whois-email-checks-doing-more-harm-than-good>http://domainincite.com/16375-are-whois-email-checks-doing-more-harm-than-good
> > >
> > “It shall be done by London.”
> >
> > Noss implied that the majority of the 800,000 suspended names belong to
> > innocent registrants, such as those who had simply changed email addresses
> > since registering their names.
> >
> > “What was a lovely political win that we said time and time again in
> > discussion after discussion was impractical and would provide no benefit,
> > has demonstrably has created harm,” Noss said.
> >
> > He was received with cautious support by ICANN board members.
> >
> > Chair Steve Crocker wonder aloud how many of the 800,000 suspended domains
> > are owned by bad guys, and he noted that LEA don’t appear to gather data in
> > the way that the registrars are demanding.
> >
> > “We were subjected, all of us, to heavy-duty pressure from the law
> > enforcement community over a long period of time. We finally said, ‘Okay,
> > we hear you and we’ll help you get this stuff implemented,’”, he added.
> > “That creates an obligation as far as I’m concerned on their part.”
> >
> > “We’re in a ­ at least from a moral position ­ in a strong position to say,
> > ‘You must help us understand this. Otherwise, you’re not doing your part of
> > the job’”, he said.
> >
> > Chehade also seemed to support the registrars’ position that LEA needs to
> > justify its demands and offered to take their data and concerns to the LEA
> > and the Governmental Advisory Committee.
> >
> > “They put restrictions on us that are causing harm, according to these
> > numbers,” he said. “Let’s take this back at them and say, hey, you ask for
> > all these things, this is what happened.”
> >
> > “If you can’t tell me what good this has done, be aware not to come back
> > and ask for more,” he said. “I’m with you on this 100%. I’m saying let’s
> > use the great findings you seem to have a found and well-package them in a
> > case and I will be your advocate.”
> >
> > Director Mike Silber also spoke in support of the RrSG’s position.
> >
> > “My view is if what you are saying is correct, the LEA’s have blown their
> > credibility,” he said. “They’re going to have to do a lot of work before we
> > impose similar disproportional requirements on actors that are not proven
> > to be bad actors.”
> >
> > So what does this all mean for registrants?
> >
> > I don’t think there’s any ongoing process right now to get the Whois
> > verification requirements overturned ­ that would require a renegotiation
> > of the RAA ­ but it does seem to mean demands from governments and police
> > are going to have to be much more substantiated in future.
> >
> > Noss attempted to link the problem to the recommendations of the Whois
> > Expert Working Group (EWG), which propose a completely revamped,
> > centralized Whois system with much more verification
> > 
> <<http://domainincite.com/16855-whois-killer-is-a-recipe-for-a-clusterfuck>http://domainincite.com/16855-whois-killer-is-a-recipe-for-a-clusterfuck>
> > and not much to benefit registrants.
> >
> > To paraphrase: if email verification causes so much harm, what harms could
> > be caused by the EWG proposal?
> >
> > The EWG was not stuffed with LEA or governments, however, so it couldn’t
> > really be characterized as another set of unreasonable demands from the
> > same entities.
> >
> >
> > --
> > ---------------------------------------------------------------
> > Joly MacFie  218 565 9365 Skype:punkcast
> > WWWhatsup NYC - <http://wwwhatsup.com>http://wwwhatsup.com
> >  http://pinstand.com - <http://punkcast.com>http://punkcast.com
> >  VP (Admin) - ISOC-NY - <http://isoc-ny.org>http://isoc-ny.org
> > --------------------------------------------------------------
> > -
> > _______________________________________________
> > At-Large mailing list
> > 
> <https://atlarge-lists.icann.org/mailman/listinfo/alac>At-Large 
> at atlarge-lists.icann.org
> > https://atlarge-lists.icann.org/mailman/listinfo/at-large
> >
> > At-Large Official Site: <http://atlarge.icann.org>http://atlarge.icann.org

More information about the At-Large mailing list