[Gnso-ppsai-pdp-wg] FW: Section 3.18 - Registrar's Abuse Contact and Duty to Investigate Reports of Abuse of the 2013 RAA

[Marika Konings]

Dear All,

Please find below the feedback from ICANN Compliance in relation to
provision 3.18 of the 2013 RAA.

Best regards,

Marika

+++++++++

Section 3.18, from a Compliance perspective, is going well.  While no major
barriers have been identified that frustrate ensuring compliance with the
2013 RAA, Compliance has identified two main issues leading to some
community uncertainty: understanding of registrar requirements of Section
3.18.1, and the expectations of complainants.

The areas requiring clarification by registrars are abuse contact posting
requirements and investigating abuse complaints.  Registrars were not
conspicuously posting an abuse email address as required by Section 3.18.1,
either omitting any link or providing a web form instead.  Once abuse
reports were received, registrars were not taking reasonable and prompt
steps to investigate reports under 3.18.1.  Some registrars did not
undertake any investigation, only performed a Whois inaccuracy
investigation, or confused abuse reports submitted under 3.18.1 with the
requirements of 3.18.2.  Other registrars claimed that abuse reports would
only be reviewed under court order, which is not a requirement in the 2013
RAA.  These issues were resolved though the 1-2-3 notice process, with
approximately 5 registrars requesting conference calls to discuss and
clarify the requirements of Section 3.18.1.

To date, all complaints to ICANN under Section 3.18.1 have been resolved
before the formal resolution process (breach).  The number of these
complaints is decreasing as more registrars understand their obligations
under the 2013 RAA. ICANN Compliance has not received any complaints under
Section 3.18.2.  

The other area of concern is the expectations of complainants.  This
includes filing abuse complaints against registrars not under the 2013 RAA,
or for non-abuse concerns (such as customer service complaints).
Additionally, complainants generally expect that a domain name subject to an
an abuse complaint will be suspended or deleted.  While many registrars do
suspend domains in response to abuse complaints, this is not required by the
2013 RAA.  The registrar must demonstrate to ICANN that it took reasonable
and prompt steps to investigate and respond appropriately.  At a minimum
this includes forwarding the complaint to the registrant, and other
additional steps depending upon the circumstances. Because Compliance¹s
informal resolution process remains confidential, a registrar may provide
ICANN with sufficient documentation to demonstrate compliance with Section
3.18.1 that cannot be shared with the complainant.  Several complainants
have expressed frustration to ICANN regarding the inability to force
suspension or cancellation of domains subject to abuse complaints, including
those involving alleged illegal activity.

Adding an abuse report requirement to the P/P Accreditation Agreement may be
beneficial, however the Working Group may want to consider providing
additional guidance regarding the types of abuse complaints allowed and the
types of actions P/P providers should take regarding abuse reports. The
Working Group may also want to consider alternative abuse report options
other than publishing an email address on a website (and in the Whois
output) as registrars have expressed concern regarding increasing spam
volumes for published email addresses.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/attachments/20140610/8c3fc4dc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5056 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/attachments/20140610/8c3fc4dc/smime.p7s>