<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.17023" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=841362318-04042010><FONT face=Arial
color=#0000ff size=2>Alan,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=841362318-04042010><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=841362318-04042010><FONT face=Arial
color=#0000ff size=2>You are correct Alan. We reject claims that simply
cite fraud as the reason without sufficient details to justify the
exception. The 10% allowance should be more than adequate to cover most
instances of fraud if a registrar is properly managing its services. If
there are cases that go beyond that, then we will evaluate them on a case by
case basis. As our experience has shown, if we simply approve exceptions
if someone uses the key word fraud, it will be abused.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=841362318-04042010><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=841362318-04042010><FONT face=Arial
color=#0000ff size=2>Chuck</FONT></SPAN></DIV><BR>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Alan Greenberg
[mailto:alan.greenberg@mcgill.ca] <BR><B>Sent:</B> Friday, April 02, 2010 7:03
PM<BR><B>To:</B> Gomes, Chuck; icann@rodenbaugh.com; Craig Schwartz; GNSO
Council<BR><B>Subject:</B> RE: [council] AGP Limits Policy - Status Report
Inquiry<BR></FONT><BR></DIV>
<DIV></DIV>Chuck, if I am reading your message correctly (and specifically the
part that says "then we expect them to be able to substantiate their claim and
not just use one of the industry’s hot buzz words and expect that we will
grant the exemption"), this means that you are rejecting claims that simply
cite "fraud", but that if a registrar were to make a claim with specific
details indicating the particulars (on X date, we received Y registrations
within a Z hour period all using different credit card numbers or whatever)
and backing it up with records from their credit-card service, and perhaps a
plan to avoid the problem in the future, you might treat it as an valid
exception?<BR><BR>Alan<BR><BR>At 02/04/2010 06:10 PM, Gomes, Chuck wrote:<BR>
<BLOCKQUOTE class=cite cite="" type="cite"><FONT face="Arial, Helvetica"
color=#0000ff size=2>Mike,<BR></FONT> <BR><FONT face="Arial, Helvetica"
color=#0000ff size=2>I contacted Barbara Steele in our customer affairs
office and she shared the following.<BR></FONT> <BR><FONT
face="Arial, Helvetica" color=#000080 size=2>Given that there is a 10%
deletion allowance, it is their opinion that this should be adequate to
address any issues that a registrar is having with traditional fraud, i.e.,
stolen credit cards, etc. If they have deletes of more than 10% “due
to fraud”, then the registrars experiencing this have bigger issues that
they are not addressing. What we have found is that registrars would
claim fraud when submitting a request for an exemption and when we denied
the request indicating that we don’t view fraud as an extraordinary
circumstance, the registrar’s AGP deletion percentage would drop down below
the 10% threshold or they moved on to claims of phishing. We do want
registrars to “do the right thing” and take down domains that are being used
for nefarious activity but if they are exceeding the AGP threshold, then we
expect them to be able to substantiate their claim and not just use one of
the industry’s hot buzz words and expect that we will grant the
exemption.</FONT><FONT face="Arial, Helvetica" color=#0000ff size=2>
</FONT><BR><BR><FONT face="Arial, Helvetica" color=#000080
size=2> <BR></FONT><BR><FONT face="Arial, Helvetica" color=#000080
size=2>If fraud (and unsubstantiated phishing) were deemed to be valid
examples of extraordinary circumstances, then I think that ICANN would find
that their ‘successful’ policy is not so ‘successful’ after all. Even
with the low number of exemption requests that we receive each month, we
spend a huge amount of time trying to substantiate the claims and then
getting the internal approvals of our recommendations. I have concerns
that if “fraud” and “phishing” become the “get out of jail” free card for
submitting exemption requests, then we will see more registrars exceeding
the 10% threshold and then submitting an exemption request for the domain
names over the threshold. I don’t think that VeriSign (or any other
registry) would want to hire the number of people that it would take to
process the increase in claims and I don’t think that ICANN would be very
happy with the number of AGP deletes increasing.
<BR></FONT><BR>Chuck<BR><BR>
<DL>
<HR>
<DD><FONT face=Tahoma size=2>From:</B> owner-council@gnso.icann.org [<A
href="mailto:owner-council@gnso.icann.org" eudora="autourl">
mailto:owner-council@gnso.icann.org</A>] On Behalf Of </B>Mike
Rodenbaugh<BR>
<DD>Sent:</B> Friday, April 02, 2010 3:48 PM<BR>
<DD>To:</B> 'Craig Schwartz'; 'GNSO Council'<BR>
<DD>Subject:</B> RE: [council] AGP Limits Policy - Status Report
Inquiry<BR></FONT><BR>
<DD>Thanks Craig.<BR><BR>
<DD><BR><BR>
<DD>I am curious to know from contract parties whether the fraud issue is
really a significant issue needed Council consideration. Otherwise,
I think this issue can be closed and no further reports are needed to the
Council since the stats are reported in the monthly registry reports
anyway.<BR><BR>
<DD><BR><BR>
<DD>Mike Rodenbaugh<BR><BR>
<DD>RODENBAUGH LAW<BR><BR>
<DD>tel/fax: +1 (415) 738-8087<BR><BR>
<DD><A href="http://rodenbaugh.com/">http://rodenbaugh.com</A><BR><BR>
<DD><BR><BR>
<DD>From:</B> owner-council@gnso.icann.org [<A
href="mailto:owner-council@gnso.icann.org" eudora="autourl">
mailto:owner-council@gnso.icann.org</A>] On Behalf Of </B>Craig
Schwartz<BR>
<DD>Sent:</B> Friday, April 02, 2010 6:38 AM<BR>
<DD>To:</B> GNSO Council<BR>
<DD>Subject:</B> [council] AGP Limits Policy - Status Report
Inquiry<BR><BR>
<DD><BR><BR>
<DD>Dear Councilors,<BR><BR>
<DD>The AGP Limits Policy contains a provision that requires ICANN staff
to provide semi-annual updates to the GSNO on the implementation of the
Policy. To date ICANN has issued two reports, the first in June 2009 and
the second in December 2009. With excessive AGP deletes down by 99.7%, the
Policy is achieving its desired outcome and this was stated in the last
report. <BR><BR>
<DD>Also noted in the last report were some registrar complaints about
exemptions requests that had been denied when the basis for the request
was fraud. From the 14 December 2009 report, ICANN noted: A question the
GNSO Council may wish to consider in the future is whether modifications
to the Policy are necessary and/or appropriate given the results and
community reaction to date. For example, should the GNSO Council consider
defining the terms “extraordinary circumstances” or “reoccur regularly?”
During the policy development process on domain tasting some community
members suggested that the mitigation of instances of consumer fraud may
be a legitimate use of AGP deletes. Additionally, if a registrar
proactively takes down (i.e., deletes) domains that are known to propagate
a fraudulent activity such as phishing, should the registrar bear the cost
if the deletions cause the registrar to exceed the threshold defined in
the Policy?<BR></I><BR>
<DD>Staff recommends that the GSNO consider whether further work is needed
in light of the fact that excessive AGP deletes are down by 99.7%.
Staff further recommends that the Council consider whether semi-annual
reports should be continued and if so, with what frequency? <BR><BR>
<DD>I’m happy to join the next GNSO call to discuss this and to answer any
questions you may have.<BR><BR>
<DD><BR><BR>
<DD>Best,<BR><BR>
<DD><BR><BR>
<DD>Craig Schwartz<BR>
<DD>Chief gTLD Registry Liaison<BR>
<DD>ICANN<BR><BR>
<DD><BR> </DD></DL></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>