[RDS-WHOIS2-RT] Compliance subgroup draft report
Volker Greimann
vgreimann at key-systems.net
Tue Jun 5 11:43:20 UTC 2018
With all due respect, I utterly reject this recommendation. If
contracted parties had to undergo a full audit for every ARS complaint,
we would get nothing else done. This suggested recommendation is so far
beyond the pale, it defies any common sense.
As I explained before, receipt of a whois inaccuracy complaint or an ARS
ticket does not indicate the registrar is not complying with its
contractual or policy obligations. It merely means some data is
incorrect. This can have many reasons outside the registrar not doing
his job.
I object to any attempt to include this or a similar recommendation in
the report. There is simply no need for such a recommendation. Further,
this recommendation is not based on any facts or findings of patters
where these obligations are regularly violated. It is entirely based on
a ficticious assumption that has no basis in reality - that the
occurance of whois inaccuracies mean that someone is violating their
obligations.
I also want to point out that compliance does inquire about validation
and verification methods being correctly implemented in case there are
indications of misconduct and registrars that receive greater than
average numbers of complaints are already targeted more often in the
scheduled audit runs.
Volker
Am 03.06.2018 um 11:54 schrieb SUN Lili:
>
> Dear all,
>
> For the proposed recommendations, I’d suggest to merge #1 and #7 into
> one, #2 and #6 into one. I support that “all domain name registrations
> adhere to the WHOIS requirements in the 2013 Registrar Accreditation
> Agreement”, but I’m cautious about the necessity of a new policy to be
> developed (maybe it’s a routine within ICANN?). My impression is that
> there are too many policies in the realm of Whois rather than not
> enough. By the end of this year, all registrars will shift to 2013
> RAA, it’s time to endorse a standardized requirement for all gTLDs.
>
> I’d like to propose a new recommendation as below:
>
> *Recommendation:*
>
> Following a valid WHOIS ARS ticket, or Whois inaccuracy complaint, an
> full audit targeting the relating registrar should be initiated, to
> check if the registrar follows the contractual obligations, the
> consensus policies, etc. Sanctions should be applied if deficiencies
> identified.
>
> *Findings:*
>
> All current compliance activities are separate and conducted
> individually. WHOIS ARS sampled Whois records to do accuracy test, the
> Audit programme sampled registrars to conduct audit, no synergies have
> been gained through different action tracks.
>
> *Rationale: *
>
> If a Whois record is not accurate due to registrar didn’t conduct
> validation and verification, it shouldn’t be a standalone case. A
> follow up audit will help to mitigate all issues regarding the
> outstanding registrar.
>
> *Impact of Recommendation:*
>
> Only related registrars will be impacted by this recommendation along
> with the compliance team.
>
> *Feasibility of Recommendation: *
>
> This recommendation will make the Audit program more targeted. The
> compliance team may need further assessment of resources to implement
> this recommendation.
>
> Thanks,
>
> Lili
>
> *From:*RDS-WHOIS2-RT [mailto:rds-whois2-rt-bounces at icann.org] *On
> Behalf Of *Volker Greimann
> *Sent:* Saturday, 26 May, 2018 12:02 AM
> *To:* rds-whois2-rt at icann.org
> *Subject:* Re: [RDS-WHOIS2-RT] Compliance subgroup draft report
>
> Hi Susan,
>
> regarding the analysis section, one brief point:
>
> The cancellation or suspension of the registration does not
> necessarily mean that the data was incorrect. In many cases, the
> registrant simply ignored the message, saw it too late, did not have
> it forwarded by a reseller, etc and therefore did not respond by the
> time the registrar is obliged to take action. So if you take a nice
> three week hiking tour, that is the best time for anyone who wants to
> take down your domain name. Let's be careful with drawing conclusions
> from data that can be interpreted in many ways.
>
> To the next paragraph, ICANN actually monitors suspended domains and
> reaches out to registrars when such domains are unsuspended.
>
> I disagree with the conclusion that a suspended domain should not be
> unsuspended without verification as the suspension can have occurred
> for a multitude of reasons that have nothing to do with the
> registration data. (Most common on our registrar: Hacked wordpress
> blogs with subsites that lead to phishing sites - usually fixed by
> removing the subpages and updating the WordPress by the registrant).
> As for the recommendation, that is a significant implementation impact
> for little to no benefit. I see no harm in having false data in the
> whois of a suspended domain. And I also disagree with the second part
> of the recommendation, as detailed above. And to the added question,
> yes, suspended domain names can and will be renewed.
>
> Re: Grandfathered domains:
>
> I have significant concerns about the logistics of this
> recommendation. Not having to touch legacy domains and their owners
> unless there is active cause to do so has been a significant part of
> the agreement between Registrars and ICANN under the 2013 RAA
> negotiations. I also note that that usually older domains are not as
> much a cause for
>
> Re: Bulk Submission tool:
>
> We should add something that submissions remain manageable by
> registrars of all sizes, since receiving 300 single tickets or one
> ticket with 300 domains can overwhelm the abuse function of smaller
> registrars. So complaints using such a tool need to be for one issue
> with multiple domains, not various issues with multiple domains. So if
> they all use the same incorrect whois for example, that would be a
> valid use, but if they all use different whois data, they should be
> submitted individually. Rules for combining UDRP complaints could
> inform on what should be applied here to keep this tool relevant.
>
> Proactive: The ARS is quite proactive and feeds directly into
> compliance. Should ICANN undertake two or more projects with the same
> goal at the same time? Also, is there actual value in improving whois
> data quality where no other issue exists? We have many cases where
> data is outdated because people moved and forgot to update their
> whois. When we notice this we ask them to update, but is this really
> an issue that needs fixing by the community? Is Whois accuracy an
> aboslute goal in and of itself? I do not support the recommendation
> that compliance should be more proactive in monitoring. With Whois ARS
> and volunteer community effort, sufficient proactive efforts exist.
>
> Cross validation: Cannot be a compliance issue until it is agreed
> between ICANN and registrars. The working group is still deliberating.
>
> Table on Page 18: The RT1 Recommendation refers to proactive
> management and scaling of compliance activities, not proactive
> assessment and enforcement. The RT1 Rec means that Compliance should
> be proactive with regard to its own ability to perform its function,
> not to expand on that function as the comment in the table suggests.
>
> Finally, the document keeps using the term TLDs where domain names are
> meant. This should be updated. Example: "legacy tlds"
>
> Recommendations:
>
> #1: We should not recommend enforcement of a registry policy against
> registrars. If anything, it is a contractual issue between registries
> and registrars and thus behind the picket fence. If anything, it would
> have to be enforced against registries not properly implementing it.
> It therefore cannot be part of the registrar audit.
>
> #2: Strongly disagree with this recommendation, as detailed above.
> Highly unfeasible due to requirement to touch hundreds of thousands of
> customers to basically ask them to add or change formatting on certain
> data. Customer support nightmare and costs highly outweighing the
> benefits. Strongly opposed.
>
> #3: Opposed, as detailed above.
>
> #5: Agreed, provided we include measures to keep such reports
> manageable, applying rules similar to the ones for joining UDPR
> complaints together. Rationale: See above.
>
> #6 Seems to duplicate Rec 2? Strongly opposed as detailed above.
> Logistical nightmare.
>
> #7 Opposed: This issue has been addressed by the GNSO, see:
> https://gnso.icann.org/en/group-activities/inactive/2015/dmpm Let us
> not re-open issues that have already been debated at length by the
> community. And why only the compliance team?
>
> Volker
>
> Am 24.05.2018 um 20:54 schrieb Susan Kawaguchi:
>
> Hello All,
>
> Please see the attached Compliance subgroup draft report.
>
> Apologies to the subgroup in not providing this to you earlier in
> the week for your review but thought it best to hit the deadline
> for the draft report to the full working group.
>
> This report still needs more work, I definitely did not organize
> the information optimally and will continue to work on that. I
> intend to use a table format for some of our analysis as we did
> for the RT1 compliance recommendation.
>
> Also there may be duplicative language as I moved things around I
> may not have caught all of the changes. I also intentionally left
> some duplicative language to remind me to continue editing.
>
> I am hoping the subgroup will meet next week for additional
> discussion on the findings and recommendations.
>
> Best regards,
>
> Susan
>
>
>
>
> _______________________________________________
>
> RDS-WHOIS2-RT mailing list
>
> RDS-WHOIS2-RT at icann.org <mailto:RDS-WHOIS2-RT at icann.org>
>
> https://mm.icann.org/mailman/listinfo/rds-whois2-rt
>
>
>
> --
> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
> Mit freundlichen Grüßen,
> Volker A. Greimann
> - Rechtsabteilung -
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901
> Fax.: +49 (0) 6894 - 9396 851
> Email:vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>
> Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net>
> www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>
> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
> www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>
> www.twitter.com/key_systems <http://www.twitter.com/key_systems>
> Geschäftsführer: Alexander Siffrin
> Handelsregister Nr.: HR B 18835 - Saarbruecken
> Umsatzsteuer ID.: DE211006534
> Member of the KEYDRIVE GROUP
> www.keydrive.lu <http://www.keydrive.lu>
> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
> --------------------------------------------
> Should you have any further questions, please do not hesitate to contact us.
> Best regards,
> Volker A. Greimann
> - legal department -
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901
> Fax.: +49 (0) 6894 - 9396 851
> Email:vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>
> Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net>
> www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>
> Follow us on Twitter or join our fan community on Facebook and stay updated:
> www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>
> www.twitter.com/key_systems <http://www.twitter.com/key_systems>
> CEO: Alexander Siffrin
> Registration No.: HR B 18835 - Saarbruecken
> V.A.T. ID.: DE211006534
> Member of the KEYDRIVE GROUP
> www.keydrive.lu <http://www.keydrive.lu>
> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
> ***************************************************************************************************
> This message, and any attachment contained, are confidential and
> subject of legal privilege. It may be used solely for the designated
> police/justice purpose and by the individual or entity to whom it is
> addressed. The information is not to be disseminated to another agency
> or third party without the author’s consent, and must not be retained
> longer than is necessary for the fulfilment of the purpose for which
> the information is to be used. All practicable steps shall be taken by
> the recipients to ensure that information is protected against
> unauthorised access or processing. INTERPOL reserves the right to
> enquire about the use of the information provided.
> If you are not the intended recipient, be advised that you have
> received this message in error. In such a case, you should not print
> it, copy it, make any use of it or disclose it, but please notify us
> immediately and delete the message from any computer.
> *************************************************************************************************
>
>
> _______________________________________________
> RDS-WHOIS2-RT mailing list
> RDS-WHOIS2-RT at icann.org
> https://mm.icann.org/mailman/listinfo/rds-whois2-rt
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/rds-whois2-rt/attachments/20180605/184eedc1/attachment-0001.html>
More information about the RDS-WHOIS2-RT
mailing list