<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; "><div>Dear All,</div><div><br></div><div>Please find below the feedback from ICANN Compliance in relation to provision 3.18 of the 2013 RAA.</div><div><br></div><div>Best regards,</div><div><br></div><div>Marika</div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div><div>+++++++++</div><div><font face="Calibri,sans-serif"><br></font></div><div><font face="Calibri,sans-serif">Section 3.18, from a Compliance perspective, is going well. While no major barriers have been identified that frustrate ensuring compliance with the 2013 RAA, Compliance has identified two main issues leading to some community uncertainty: understanding of registrar requirements of Section 3.18.1, and the expectations of complainants. </font></div><div><font face="Calibri,sans-serif"><br></font></div><div><font face="Calibri,sans-serif">The areas requiring clarification by registrars are abuse contact posting requirements and investigating abuse complaints. Registrars were not conspicuously posting an abuse email address as required by Section 3.18.1, either omitting any link or providing a web form instead. Once abuse reports were received, registrars were not taking reasonable and prompt steps to investigate reports under 3.18.1. Some registrars did not undertake any investigation, only performed a Whois inaccuracy investigation, or confused abuse reports submitted under 3.18.1 with the requirements of 3.18.2. Other registrars claimed that abuse reports would only be reviewed under court order, which is not a requirement in the 2013 RAA. These issues were resolved though the 1-2-3 notice process, with approximately 5 registrars requesting conference calls to discuss and clarify the requirements of Section 3.18.1. </font></div><div><font face="Calibri,sans-serif"><br></font></div><div><font face="Calibri,sans-serif">To date, all complaints to ICANN under Section 3.18.1 have been resolved before the formal resolution process (breach). The number of these complaints is decreasing as more registrars understand their obligations under the 2013 RAA. ICANN Compliance has not received any complaints under Section 3.18.2. </font></div><div><font face="Calibri,sans-serif"><br></font></div><div><font face="Calibri,sans-serif">The other area of concern is the expectations of complainants. This includes filing abuse complaints against registrars not under the 2013 RAA, or for non-abuse concerns (such as customer service complaints). Additionally, complainants generally expect that a domain name subject to an an abuse complaint will be suspended or deleted. While many registrars do suspend domains in response to abuse complaints, this is not required by the 2013 RAA. The registrar must demonstrate to ICANN that it took reasonable and prompt steps to investigate and respond appropriately. At a minimum this includes forwarding the complaint to the registrant, and other additional steps depending upon the circumstances. Because Compliance’s informal resolution process remains confidential, a registrar may provide ICANN with sufficient documentation to demonstrate compliance with Section 3.18.1 that cannot be shared with the complainant. Several complainants have expressed frustration to ICANN regarding the inability to force suspension or cancellation of domains subject to abuse complaints, including those involving alleged illegal activity. </font></div><div><br></div><div><font face="Calibri,sans-serif">Adding an abuse report requirement to the P/P Accreditation Agreement may be beneficial, however the Working Group may want to consider providing additional guidance regarding the types of abuse complaints allowed and the types of actions P/P providers should take regarding abuse reports. The Working Group may also want to consider alternative abuse report options other than publishing an email address on a website (and in the Whois output) as registrars have expressed concern regarding increasing spam volumes for published email addresses. </font></div></div><div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px;"><br></div></div></span></body></html>