[At-Large] [ALAC] Fwd: A million domains taken down by email checks
Carlton Samuels
carlton.samuels at gmail.com
Fri Jul 4 14:42:03 UTC 2014
Wise words from Alan. And well advised for the ALAC to consider in
proceeding.
Rights and responsibilities must be in balance.
A similar situation was explored in the EWG to deal with problems linked to
registration data. So the question is, if the verified - note, verified! -
contact information is used and does not yield results, what then?
Should the registrar to be left without any remedial action, that is to
say, swinging in the wind or should a set of actions be defined and
available to the registrar for access and in service of remedy?
The consensus agreement was it was not desirable that the ecosystem remain
exposed to the effect that triggered the reason for that contact request in
the first instance. So, exhaust all the agreed channels set for access and
after some reasonable time of non-response, then suspend. That is the only
rational response mechanism.
We thought we might mitigate the suspension decision by developing
purpose-based contacts (PCBs), at least one of which is mandatory and
unless otherwise denoted, the registrant is the default contact. [This
decision featured in Stephanie's dissent.] This approach we thought allowed
development of an issue-driven triage operation around which gradated
sanctions might be developed. This remains for the community and the
ensuing PDP to deal.
-Carlton
==============================
Carlton A Samuels
Mobile: 876-818-1799
*Strategy, Planning, Governance, Assessment & Turnaround*
=============================
On Thu, Jul 3, 2014 at 10:14 PM, Alan Greenberg <alan.greenberg at mcgill.ca>
wrote:
> The registrars are asking for data from law enforcement, and rightfully so.
>
> However, before I would charge off and recommend that the ALAC takes a
> position, I would like to see some data from registrars.
>
> 800,000 is a large number. But it is also just 0.5% of all gTLD
> registrations. In the past when the ALAC has raised issues related to
> similar problems (such as loss of registrations after accidental
> expiration), one of the replies from registrars has been that the number is
> only a tiny fraction of the registrations that are not lost. In my mind,
> the issue was not the percentage but the absolute number of people
> suffering problems, and it still is in this case.
>
> When we were looking at expiration issues, and how to alert a registrant
> that a name had expired, the PDP WG came to the conclusion that the best
> way to wake up a registrant who is either ignoring e-mails, or has e-mails
> directed to an invalid or dead e-mail box, it to take down the domain. Not
> working does catch people's attention! Yes, it is a harsh way to do this,
> but very effective. The first reports that we are getting from Contractual
> Compliance is that with these new measures in place, complaints are way
> down, as much as 50% for some expiration-related complaints.
>
> So I would want to understand something about where this 800,000 number
> comes from, and how it is broken down. Examples of questions that come to
> mind and should be explored are:
> - how many of those 800,000 result in the registrant correcting the data
> and the domain goes live again
> - how many are not due to bad registrant contact information, but bad
> contact information for the a privacy/proxy service or web hosting company
>
> I'm sure a bit of discussion would raise other questions as well.
>
> So I am all for the ALAC making a statement, But the content of that
> statement should be based on a better understanding of what is going on
> here.
>
> Alan
>
> Postscript: One of the issues that came up during the expiration renewal
> PDP was that many registrations use the domain in question for the contact
> e-mail. For example, the domain example.com might had a contact e-mail
> address of webmaster at example.com. If the domain stops working for any
> reason, the contact address is by definition useless. Registrant need to be
> educated to NOT use the domain being registered for its own contact
> address. The PDP recommended that registrars warn registrants about this.
> Perhaps it is being done, but I have not seen it.
>
>
> At 03/07/2014 06:36 AM, Rinalia Abdul Rahim wrote:
>
> Dear ALAC,
>>
>> In reference to Joly MacFie's mail to the At-Large (see forwarded), the
>> topic was also raised by Registrars during their meeting with the ICANN
>> Board in London.
>>
>> Fadi posed a question to the Registrars on whether they have engaged with
>> the At-Large on the matter. Fadi then raised the issue to the At-Large
>> during his ATLASII Fayre speech.
>>
>> It would be important that the At-Large articulates its position on the
>> issue (possibly via an ALAC statement) as it is being presented as a
>> problem for Internet users.
>>
>> Best regards,
>>
>> Rinalia
>> ---------- Forwarded message ----------
>> From: "Joly MacFie" <<https://atlarge-lists.icann.
>> org/mailman/listinfo/alac>joly at punkcast.com>
>> Date: Jun 26, 2014 1:00 AM
>> Subject: [At-Large] A million domains taken down by email checks
>> To: "At-Large Worldwide" <<https://atlarge-lists.icann.
>> org/mailman/listinfo/alac>at-large at atlarge-lists.icann.org>
>> Cc:
>>
>> Fwd over from the NCSG list. I underdtand that this would have been
>> > discussed in today's EWG and privacy sessions. Any comments?
>> >
>> >
>> > <http://domainincite.com/16963-a-million-domains-taken-
>> down-by-email-checks>http://domainincite.com/16963-a-
>> million-domains-taken-down-by-email-checks
>>
>> >
>> > A million domains taken down by email checks
>> > <
>> > <http://domainincite.com/16963-a-million-domains-taken-
>> down-by-email-checks>http://domainincite.com/16963-a-
>> million-domains-taken-down-by-email-checks
>> > >
>> > Kevin Murphy <<http://domainincite.com/about>http://domainincite.com/
>> about>, June 24, 2014, 14:34:25
>> > (UTC), Domain Registrars
>> > <<http://domainincite.com/category/domain-registrars>htt
>> p://domainincite.com/category/domain-registrars>
>>
>> >
>> > *Over 800,000 domain names have been suspended since the beginning of
>> the
>> > year as a result of Whois email verification rules in the new ICANN
>> > Registrar Accreditation Agreement.*
>> >
>> > That’s according to the Registrars Stakeholder Group, which collected
>> > suspension data from registrars representing about 75% of all registered
>> > gTLD domain names.
>> >
>> > The actual number of suspended domains could be closer to a million.
>> >
>> > The 2013 RAA requires registrars to verify the email addresses listed in
>> > their customers’ Whois records. If they don’t receive the verification,
>> > they have to suspend the domain.
>> >
>> > The RrSG told the ICANN board in March that these checks were doing more
>> > harm than good
>> > <
>> > <http://domainincite.com/16375-are-whois-email-checks-
>> doing-more-harm-than-good>http://domainincite.com/16375-are-
>> whois-email-checks-doing-more-harm-than-good
>>
>> > >
>> > and today Tucows CEO Elliot Noss presented, as promised, data to back up
>> > the claim.
>> >
>> > “There have been over 800,000 domains suspended,” Noss said. “We have
>> > stories of healthcare sites that have gone down, community groups whose
>> > sites have gone down.”
>> >
>> > “I think we can safely say millions of internet users,” he said. “Those
>> are
>> > real people just trying to use the internet. They are our great
>> > unrepresented core constituency.”
>> >
>> > The RrSG wants to see contrasting data from law enforcement agencies and
>> > governments which pushed hard for Whois verification showing that
>> the
>> > RAA requirement has had a demonstrable benefit.
>> >
>> > Registrars asked at the Singapore meeting in March that law enforcement
>> > agencies (LEA) be put on notice that they can’t ask for more Whois
>> controls
>> > until they’ve provided such data and ICANN CEO Fadi Chehade said
>> > <
>> > <http://domainincite.com/16375-are-whois-email-checks-
>> doing-more-harm-than-good>http://domainincite.com/16375-are-
>> whois-email-checks-doing-more-harm-than-good
>>
>> > >
>> > “It shall be done by London.”
>> >
>> > Noss implied that the majority of the 800,000 suspended names belong to
>> > innocent registrants, such as those who had simply changed email
>> addresses
>> > since registering their names.
>> >
>> > “What was a lovely political win that we said time and time again in
>> > discussion after discussion was impractical and would provide no
>> benefit,
>> > has demonstrably has created harm,” Noss said.
>> >
>> > He was received with cautious support by ICANN board members.
>> >
>> > Chair Steve Crocker wonder aloud how many of the 800,000 suspended
>> domains
>> > are owned by bad guys, and he noted that LEA don’t appear to gather
>> data in
>> > the way that the registrars are demanding.
>> >
>> > “We were subjected, all of us, to heavy-duty pressure from the law
>> > enforcement community over a long period of time. We finally said,
>> ‘Okay,
>> > we hear you and we’ll help you get this stuff implemented,’”, he added.
>> > “That creates an obligation as far as I’m concerned on their part.”
>> >
>> > “We’re in a at least from a moral position in a strong position to
>> say,
>> > ‘You must help us understand this. Otherwise, you’re not doing your
>> part of
>> > the job’”, he said.
>> >
>> > Chehade also seemed to support the registrars’ position that LEA needs
>> to
>> > justify its demands and offered to take their data and concerns to the
>> LEA
>> > and the Governmental Advisory Committee.
>> >
>> > “They put restrictions on us that are causing harm, according to these
>> > numbers,” he said. “Let’s take this back at them and say, hey, you ask
>> for
>> > all these things, this is what happened.”
>> >
>> > “If you can’t tell me what good this has done, be aware not to come back
>> > and ask for more,” he said. “I’m with you on this 100%. I’m saying let’s
>> > use the great findings you seem to have a found and well-package them
>> in a
>> > case and I will be your advocate.”
>> >
>> > Director Mike Silber also spoke in support of the RrSG’s position.
>> >
>> > “My view is if what you are saying is correct, the LEA’s have blown
>> their
>> > credibility,” he said. “They’re going to have to do a lot of work
>> before we
>> > impose similar disproportional requirements on actors that are not
>> proven
>> > to be bad actors.”
>> >
>> > So what does this all mean for registrants?
>> >
>> > I don’t think there’s any ongoing process right now to get the Whois
>> > verification requirements overturned that would require a
>> renegotiation
>> > of the RAA but it does seem to mean demands from governments and
>> police
>> > are going to have to be much more substantiated in future.
>> >
>> > Noss attempted to link the problem to the recommendations of the Whois
>> > Expert Working Group (EWG), which propose a completely revamped,
>> > centralized Whois system with much more verification
>> > <<http://domainincite.com/16855-whois-killer-is-a-
>> recipe-for-a-clusterfuck>http://domainincite.com/16855-
>> whois-killer-is-a-recipe-for-a-clusterfuck>
>>
>> > and not much to benefit registrants.
>> >
>> > To paraphrase: if email verification causes so much harm, what harms
>> could
>> > be caused by the EWG proposal?
>> >
>> > The EWG was not stuffed with LEA or governments, however, so it couldn’t
>> > really be characterized as another set of unreasonable demands from the
>> > same entities.
>> >
>> >
>> > --
>> > ---------------------------------------------------------------
>> > Joly MacFie 218 565 9365 Skype:punkcast
>> > WWWhatsup NYC - <http://wwwhatsup.com>http://wwwhatsup.com
>> > http://pinstand.com - <http://punkcast.com>http://punkcast.com
>> > VP (Admin) - ISOC-NY - <http://isoc-ny.org>http://isoc-ny.org
>>
>> > --------------------------------------------------------------
>> > -
>> > _______________________________________________
>> > At-Large mailing list
>> > <https://atlarge-lists.icann.org/mailman/listinfo/alac>At-Large at
>> atlarge-lists.icann.org
>> > https://atlarge-lists.icann.org/mailman/listinfo/at-large
>> >
>> > At-Large Official Site: <http://atlarge.icann.org>http
>> ://atlarge.icann.org
>>
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
>
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+
> Advisory+Committee+(ALAC)
>
More information about the At-Large
mailing list