[At-Large] [ALAC] Fwd: A million domains taken down by email checks

Christopher Wilkinson cw at christopherwilkinson.eu
Fri Jul 4 09:18:36 UTC 2014

Dear Rinalia Abdul Rahim:

On 04 Jul 2014, at 04:14, Alan Greenberg <alan.greenberg at mcgill.ca> wrote:

> ... a bit of discussion would raise other questions as well.
Thankyou for drawing this to our attention. A quick review of some of the available links indeed leads me to ask more questions than to make substantive comments or recommendations at this stage:
1.     What was the At Large participation in the preparation of the 2013 RAA? What was the final ALAC position? 
Were missions of designated At Large participants to each of the relevant ICANN/GNSO meetings funded by ICANN? Were they in a position to report back to the At Large community?
Why does the implementation of the 2013 RAA place a disproportionate burden on the individual registrants? The 15 day limit is clearly too short. The sanction of deleting the domain is optional, although it appears that the Registrars are deleting them all, anyway. Why?

There should be a much more articulated procedure, including a longer delay, requirements for reminders and acknowledgement of receipt, proactive visits to the relevant website, actual physical addresses could be checked, etc. People go on holiday. Some e-mail addresses are monitored only intermittently e.g. an NGO without permanent secretariat etc. Some 'proxies' may well be even more inefficient than are the individual registrants!

The balance of costs, prices and funding between Registrars, Registries and ICANN, in this area probably needs to be reviewed. (Since Registrars are evidently sufficiently profitable to be able to pay the exhorbitant ICANN fees for - sometimes multiple - new gTLDs, then they could reasonably be required at least to invest more in the appropriate care and maintenance of their existing portfolios.)

If and when there is an agreed policy that actually works, how exactly do the Registrars ensure that their 'Resellers' (who do not have contracts with ICANN) effectively respect the RAA?
What is the actual breakdown of the reported '800k.' deletions? 
Private individual users; SMEs, NGOs, Speculators and Cybersquatters?

Personally, I would not mind if bulk registrations for speculative purposes with incorrect Whois data were to be deleted, en bloc. These are expropriated names which should be available, at the basic registration price, to individual registrants who wish to use them.

What has been done about 'educating' the registrants in their new obligations under the 2013 RAA? (Although as a sample of one registrant, responsible for one gTLD domain, - not statistically significant ;-)) - nonetheless, I have seen nothing of that. My other domains are ccTLD.
Actually, the vade-mecum on the ICANN website is rather cute: the idea of millions of Registrants buzzing off to ICANN, spontaneously, to read all about updating their Whois data ... well, you get the point.

Is it possible to resolve the current issue without reference to the EWG report and its eventual implementation? 

In that context, in the light of recent history, the proposed centralised database would obviously have to be outside US jurisdiction. Also, as long as the 'Legal Contact' data is 'outside the gate' - to use EWG parlance – the problem of incorrect data will persist for privacy reasons and a fortiori for misuse.

How does any of all of the above apply in non-English languages and in the IDNs?
More generally, these issues derive from a long history of cumulatively lax implementation of Whois accuracy by ICANN and gTLD Registries and Registrars. The backlog is considerable.
That situation has been aggravated by continued breach of privacy laws – at least in the EU – through the open publication of gTLD registration data. Thus the interests of Law Enforcement and the trademark industry are, in practice, at loggerheads.
Regards to you all
Christopher Wilkinson

On 04 Jul 2014, at 04:14, Alan Greenberg <alan.greenberg at mcgill.ca> wrote:

> The registrars are asking for data from law enforcement, and rightfully so.
> However, before I would charge off and recommend that the ALAC takes a position, I would like to see some data from registrars.
> 800,000 is a large number. But it is also just 0.5% of all gTLD registrations. In the past when the ALAC has raised issues related to similar problems (such as loss of registrations after accidental expiration), one of the replies from registrars has been that the number is only a tiny fraction of the registrations that are not lost. In my mind, the issue was not the percentage but the absolute number of people suffering problems, and it still is in this case.
> When we were looking at expiration issues, and how to alert a registrant that a name had expired, the PDP WG came to the conclusion that the best way to wake up a registrant who is either ignoring e-mails, or has e-mails directed to an invalid or dead e-mail box, it to take down the domain. Not working does catch people's attention! Yes, it is a harsh way to do this, but very effective. The first reports that we are getting from Contractual Compliance is that with these new measures in place, complaints are way down, as much as 50% for some expiration-related complaints.
> So I would want to understand something about where this 800,000 number comes from, and how it is broken down. Examples of questions that come to mind and should be explored are:
> - how many of those 800,000 result in the registrant correcting the data and the domain goes live again
> - how many are not due to bad registrant contact information, but bad contact information for the a privacy/proxy service or web hosting company
> I'm sure a bit of discussion would raise other questions as well.
> So I am all for the ALAC making a statement, But the content of that statement should be based on a better understanding of what is going on here.
> Alan
> Postscript: One of the issues that came up during the expiration renewal PDP was that many registrations use the domain in question for the contact e-mail. For example, the domain example.com might had a contact e-mail address of webmaster at example.com. If the domain stops working for any reason, the contact address is by definition useless. Registrant need to be educated to NOT use the domain being registered for its own contact address. The PDP recommended that registrars warn registrants about this. Perhaps it is being done, but I have not seen it.
> At 03/07/2014 06:36 AM, Rinalia Abdul Rahim wrote:
>> Dear ALAC,
>> In reference to Joly MacFie's mail to the At-Large (see forwarded), the
>> topic was also raised by Registrars during their meeting with the ICANN
>> Board in London.
>> Fadi posed a question to the Registrars on whether they have engaged with
>> the At-Large on the matter. Fadi then raised the issue to the At-Large
>> during his ATLASII Fayre speech.
>> It would be important that the At-Large articulates its position on the
>> issue (possibly via an ALAC statement) as it is being presented as a
>> problem for Internet users.
>> Best regards,
>> Rinalia
>> ---------- Forwarded message ----------
>> From: "Joly MacFie" <<https://atlarge-lists.icann.org/mailman/listinfo/alac>joly at punkcast.com>
>> Date: Jun 26, 2014 1:00 AM
>> Subject: [At-Large] A million domains taken down by email checks
>> To: "At-Large Worldwide" <<https://atlarge-lists.icann.org/mailman/listinfo/alac>at-large at atlarge-lists.icann.org>
>> Cc:
>> Fwd over from the NCSG list. I underdtand that this would have been
>> > discussed in today's EWG and privacy sessions. Any comments?
>> >
>> >
>> > <http://domainincite.com/16963-a-million-domains-taken-down-by-email-checks>http://domainincite.com/16963-a-million-domains-taken-down-by-email-checks
>> >
>> >  A million domains taken down by email checks
>> > <
>> > <http://domainincite.com/16963-a-million-domains-taken-down-by-email-checks>http://domainincite.com/16963-a-million-domains-taken-down-by-email-checks
>> > >
>> > Kevin Murphy <<http://domainincite.com/about>http://domainincite.com/about>, June 24, 2014, 14:34:25
>> > (UTC), Domain Registrars
>> > <<http://domainincite.com/category/domain-registrars>http://domainincite.com/category/domain-registrars>
>> >
>> > *Over 800,000 domain names have been suspended since the beginning of the
>> > year as a result of Whois email verification rules in the new ICANN
>> > Registrar Accreditation Agreement.*
>> >
>> > That’s according to the Registrars Stakeholder Group, which collected
>> > suspension data from registrars representing about 75% of all registered
>> > gTLD domain names.
>> >
>> > The actual number of suspended domains could be closer to a million.
>> >
>> > The 2013 RAA requires registrars to verify the email addresses listed in
>> > their customers’ Whois records. If they don’t receive the verification,
>> > they have to suspend the domain.
>> >
>> > The RrSG told the ICANN board in March that these checks were doing more
>> > harm than good
>> > <
>> > <http://domainincite.com/16375-are-whois-email-checks-doing-more-harm-than-good>http://domainincite.com/16375-are-whois-email-checks-doing-more-harm-than-good
>> > >
>> > and today Tucows CEO Elliot Noss presented, as promised, data to back up
>> > the claim.
>> >
>> > “There have been over 800,000 domains suspended,” Noss said. “We have
>> > stories of healthcare sites that have gone down, community groups whose
>> > sites have gone down.”
>> >
>> > “I think we can safely say millions of internet users,” he said. “Those are
>> > real people just trying to use the internet. They are our great
>> > unrepresented core constituency.”
>> >
>> > The RrSG wants to see contrasting data from law enforcement agencies and
>> > governments ­ which pushed hard for Whois verification ­ showing that the
>> > RAA requirement has had a demonstrable benefit.
>> >
>> > Registrars asked at the Singapore meeting in March that law enforcement
>> > agencies (LEA) be put on notice that they can’t ask for more Whois controls
>> > until they’ve provided such data and ICANN CEO Fadi Chehade said
>> > <
>> > <http://domainincite.com/16375-are-whois-email-checks-doing-more-harm-than-good>http://domainincite.com/16375-are-whois-email-checks-doing-more-harm-than-good
>> > >
>> > “It shall be done by London.”
>> >
>> > Noss implied that the majority of the 800,000 suspended names belong to
>> > innocent registrants, such as those who had simply changed email addresses
>> > since registering their names.
>> >
>> > “What was a lovely political win that we said time and time again in
>> > discussion after discussion was impractical and would provide no benefit,
>> > has demonstrably has created harm,” Noss said.
>> >
>> > He was received with cautious support by ICANN board members.
>> >
>> > Chair Steve Crocker wonder aloud how many of the 800,000 suspended domains
>> > are owned by bad guys, and he noted that LEA don’t appear to gather data in
>> > the way that the registrars are demanding.
>> >
>> > “We were subjected, all of us, to heavy-duty pressure from the law
>> > enforcement community over a long period of time. We finally said, ‘Okay,
>> > we hear you and we’ll help you get this stuff implemented,’”, he added.
>> > “That creates an obligation as far as I’m concerned on their part.”
>> >
>> > “We’re in a ­ at least from a moral position ­ in a strong position to say,
>> > ‘You must help us understand this. Otherwise, you’re not doing your part of
>> > the job’”, he said.
>> >
>> > Chehade also seemed to support the registrars’ position that LEA needs to
>> > justify its demands and offered to take their data and concerns to the LEA
>> > and the Governmental Advisory Committee.
>> >
>> > “They put restrictions on us that are causing harm, according to these
>> > numbers,” he said. “Let’s take this back at them and say, hey, you ask for
>> > all these things, this is what happened.”
>> >
>> > “If you can’t tell me what good this has done, be aware not to come back
>> > and ask for more,” he said. “I’m with you on this 100%. I’m saying let’s
>> > use the great findings you seem to have a found and well-package them in a
>> > case and I will be your advocate.”
>> >
>> > Director Mike Silber also spoke in support of the RrSG’s position.
>> >
>> > “My view is if what you are saying is correct, the LEA’s have blown their
>> > credibility,” he said. “They’re going to have to do a lot of work before we
>> > impose similar disproportional requirements on actors that are not proven
>> > to be bad actors.”
>> >
>> > So what does this all mean for registrants?
>> >
>> > I don’t think there’s any ongoing process right now to get the Whois
>> > verification requirements overturned ­ that would require a renegotiation
>> > of the RAA ­ but it does seem to mean demands from governments and police
>> > are going to have to be much more substantiated in future.
>> >
>> > Noss attempted to link the problem to the recommendations of the Whois
>> > Expert Working Group (EWG), which propose a completely revamped,
>> > centralized Whois system with much more verification
>> > <<http://domainincite.com/16855-whois-killer-is-a-recipe-for-a-clusterfuck>http://domainincite.com/16855-whois-killer-is-a-recipe-for-a-clusterfuck>
>> > and not much to benefit registrants.
>> >
>> > To paraphrase: if email verification causes so much harm, what harms could
>> > be caused by the EWG proposal?
>> >
>> > The EWG was not stuffed with LEA or governments, however, so it couldn’t
>> > really be characterized as another set of unreasonable demands from the
>> > same entities.
>> >
>> >
>> > --
>> > ---------------------------------------------------------------
>> > Joly MacFie  218 565 9365 Skype:punkcast
>> > WWWhatsup NYC - <http://wwwhatsup.com>http://wwwhatsup.com
>> >  http://pinstand.com - <http://punkcast.com>http://punkcast.com
>> >  VP (Admin) - ISOC-NY - <http://isoc-ny.org>http://isoc-ny.org
>> > --------------------------------------------------------------
>> > -
>> > _______________________________________________
>> > At-Large mailing list
>> > <https://atlarge-lists.icann.org/mailman/listinfo/alac>At-Large at atlarge-lists.icann.org
>> > https://atlarge-lists.icann.org/mailman/listinfo/at-large
>> >
>> > At-Large Official Site: <http://atlarge.icann.org>http://atlarge.icann.org
> _______________________________________________
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/at-large
> At-Large Official Site: http://atlarge.icann.org

More information about the At-Large mailing list