[RDS-WHOIS2-RT] Subgroup 4 Compliance draft report
Volker Greimann
vgreimann at key-systems.net
Mon Jun 18 15:25:42 UTC 2018
Hi Susan,
>
> 3.2.1.1 - Analysis, second paragraph: In my operative experience, the
> main reason for the cancellation or suspension of a domain name after
> receiving an inaccuracy complaint is nowhere near as nefarious as the
> subgroup assumed, but rather the fact that the registrant did not
> respond to the request of the registrar to either confirm or update
> his data. This can be due to the contact data on file being outdated,
> a reseller failing to forward the inquiry, This is an issue we should
> review if the reseller is not following through which would constitute
> noncompliance by Registrar. the registrant failing to respond (mail
> ignored/seen as spam/overlooked/mailbox not main mailbox/etc) and
> things like that. As the
My point is that we reach out to the registrant and do not receive a
response. Why that is would be speculation. I just gave a few examples I
have heard of.
> RAA states unequivocally that a non-response within a certain time and
> as we do not have the time and ressources to chase after each such
> registrant, this usually causes: first the deactivation, then a call
> from an irate customer and then the re-instatement of the domain.
> Registrants often do not understand their responsibilities when
> registering a domain name which is something more communication by the
> Registrar could alleviate. Of course, many registrants do not even
> notice the deactivation, for example if the domain is parked or unused.
We can only communicate so much before it becomes viewed as spam and
results in all our mails being discarded.
>
> The sad fact of the matter is that this contractual requirement
> causes at least as much harm for the registrants as it does
> provide benefits for those interested in more accuracy. I
> absolutely disagree with this statement and would fall into
> category of you making an assumption, as you have accused me in
> the following paragraphs, unless you can provide hard data on this.
>
Here is an article based on a study done by the RRSG regarding suspended
domain names due to the RAA reqs:
http://domainincite.com/16963-a-million-domains-taken-down-by-email-checks
> I hope that we can update the analysis to move out of the realm of
> speculation did you read all the ARS reports? and more into the
> realm of
>
I reviewed all of them, but I have not read every word therein due to
time constraints. The latest one was a good read though, with very good
contactibility numbers.
>
> experience based evidence. My analysis is experience based but not
> YOUR experience. The only domain names I would bother to file an
> inaccuracy report on are those that are already acting in an
> abusive manner. I have no interest in a domain name record that
> is not abusive.
>
That is ther main problem of perspective, since you will from your line
of work see more problematic domains than I would, skewing the perceived
size of the issue. If you only look for abusers, that is what you will
find. I see the by-catch as well, the domain owners trapped by the
requirements that have done nothing wrong with their use of the domain
but still got caught for having problematic data in whois.
>
> And by that, I am not disputing that there are also cases where
> the record was intentionally false. But in my experience, these
> make up less than 10% of the cases I see. Please provide data on
> your 10% assumption.
>
This is entirely based on experience of looking at our whois complaints
queue over time, as I stated above. In most cases the problem with the
record was a result of an oversight, outdated data, or other issues, not
a malicious use of false data. These exist too, but do not make out the
bulkl of complaints we receive for incorrect data.
>
> As for the issues following from that earlier assumption: While
> the registrar has the ability to unsuspend at any time, ICANN
> compliance will follow up on such cases and demand the same type
> of evidence they would ask for in a case where the registrant
> updated his whois details. So i am not really sure this actually
> is an issue...We should clarify with compliance whether this is an
> issue.
>
Agreed.
>
> Second issue: I am not actually sure that there are more
> suspensions for abuse than for nonpayment for example. What data
> was used to determine that statement that "most of them (occur)
> for abusive activity"? My personal experience and analysis but if
> a registrant never steps forward to rectify inaccurate data on a
> suspended domain name please let me know what other conclusions
> could be made. Or is this
>
I gave numerous examples of why a domain may have been suspended that
have nothing to do with abusive use.
But the main issue is that personal experience is not a goodf basis for
an overall statement and I accept that this applies to my own
perspective as well. We should base our statements more on cold, hard
data, not just experience.
So the above statement should read: *"with an unkown percentage of them
occurring due to abusive activity*".
> speculation and assumptions again? I worked very hard on reviewing
> all the reports and developing a sound analysis so let's change
> the rhetoric and stop the name calling. It is not fruitful or
> helpful. This may be a language barrier but I take offense that
> your analysis is correct and my is speculation and assumptions.
>
As I stated above, my perspective is differentm, but likely biassed as
well. _That_ is why we need to base our statements on data, not just
experience. See also: Analogy of the 10 blind men and the elephant.
>
> My flight is taking off so will have to finish my responses once the
> wifi works.
> I am very concerned that I will not be on this call so that we could
> have had a reasonable dialogue.
No rush, we will have time to discuss later. I am fine with neutral
language and fact based statements.
>
> Susan
>
>
> I also note that the statement that the inaccurate data is still
> visible in the WHOIS is outdated since last month ;-)
>
> Third point: This should be already taken care of by the
> compliance follow-up that will follow any unsuspension.
>
> The recommendation is problematic as this would effectively result
> in domain names without any data. I would prefer the "incorrect
> data" to remain in place as we do not know why the domain was
> suspended. Again, suspension usually just means someone did not
> reply in time. Also, suspensions can occur for a multitude of
> other reasons. Forcing a whois verification for a unsuspension
> after a bill is paid late for example seems unreasonable.
>
> f) Grandfathered domains: Correction: The actual calendar date is
> irrelevant to whether a domain is considered grandfathered or not.
> Instead, only only relevant date is the effective date the
> sponsoring registrar signed on to the 2013 RAA. So the section
> would have to be reworded.
> Obviously I also disagree with the conclusions drawn here, so I
> provide an alternative for those as well.
>
> Suggestion:
>
> /40% of the WHOIS ARS domain names that are sampled for this
> program are grandfathered domain names that have not yet been
> subjected to the rigorous verification and validation requirements
> of 2013 RAA. The 2009 RAA neither required the collection and
> display of Registrant email address, postal address or phone
> number it not the validation or verification of the data. This
> applies to domain names registered prior to the date that the
> sponsoring registrar signed on to the 2013 RAA that have not since
> been transferred to a registrar that had at the time of the
> transfer signed on to the 2013 RAA and that did not have a change
> of RNH occur after such a time.
> /
>
> ////
>
> /*Analysis:*//If we assume the sample of ARS domain names of 40%
> grandfathered domain names then we can extrapolate (based on wrong
> assumption of what constutes a legacy domain name).///
>
> //
>
> /We have asked the compliance team to provide data on this
> statistics but they do not track this data./
>
> /P//roblems/Issues:/
>
> /There are domain name registrations that currently do not comply
> with the current WHOIS format requirements and/or policy
> requirements as they were registered under contractual terms
> different to those required now and have since then not been
> updated in a meaningful way. In fact, the last registrar under the
> 2009 RAA is expected to switch from the 2009 to the 2013 RAA this
> year. The current process foresees a smooth and gradual transition
> of legacy domain names to the new requirements upon the occurrence
> of certain trigger events and it is expected that the number of
> such domain will gradually drop over time as they are deleted, get
> transferred between registrars or the RNH data gets updated.
> Further, as such domain names are usually significantly older
> domain names, the likelyhood of abusive registrations amongst them
> is significantly lower than for newly registered domain names. The
> WG therefore currently sees no need to suggest modifications to
> the transition process foreseen in the 2013 RAA./
>
> /
> /
>
> 3.2.1.3 For this section, I question the viability of this tool
> under GDPR. As bulk whois inquiries are now a thing of the past,
> it seems counter-intuitive to continue to provide a bulk complaint
> tool as the complainant has no way of knowing if the data of
> multiple domains is identical. We should discuss this point more.
>
> 3.2.1.4 Strike the last sentence in the first paragraph, or
> replace by:
> /Potential benefits of a more proactive approach to RDS inaccuracy
> should be investigate as better data quality is seen as beneficial
> to internet users.
>
> /Question: Do we have any indication about the investigative and
> financial ressources such a proactive approach would require? We
> should not make a recommendation that would result in an
> unreasonable increase in costs of the compliance function. So the
> recommendation should at a minimum also require a cost/benefit
> study prior to any expansion of the compliance function into this
> area. ICANN is strapped for cash as it is...
>
> Open Questions:
> This actually is not an open question. Work between ICANN and
> registrars on identifying a solution that meets the requirements
> of the RAA is ongoing. There is no compliance issue to this until
> the time that such a program becomes an actual contractual obligation.
>
> 4 Problem issues:
> a) Problem, second paragrph, first sentence, replace by:
>
> Registrars are contractually required by the 2013 Registrar
> Accreditation Agreement (RAA) to conduct verification and
> validation operations regarding registration data.
>
>
> Recommendation #2:
> I would actually support removing this recommendation entirely, as
> described above. Maybe we can add something that ICANN should
> monitor whether the soft transition process included in the 2013
> RAA actually works as intended, e.g. the number of such domain
> names is gradually decreasing. Anyway, the statement that it has
> been a 5 year transition time is blatantly false and misleading,
> as detailed above, but I do not blame anyone for the misconception.
> Such an undertaking as proposed would also be highly unfeasible as
> especially for these older registrations as the only contact
> between registrars and these customers often is their payment of
> the invoices. Having to reach out proactively to these customers
> without any indication of an issue will just lead to countless
> unjustified and problematic suspensions and angry customers.
>
> Recommendation #3 should be changed as described above. I also do
> not get why the renewal reference is in there. Even suspended
> domains get renewed after all... Also note that a "suspension for
> incorrect data" may also occur under the current RAA requirements
> regardless of whether the whois is actually correct or incorrect
> as non-response already triggers suspension.
>
> Recommendation 7:
> I move to strike this in its entirety. This is based on so many
> errouneous assumptions and will result in so much additional work
> for contracted parties, it isn't even funny. I have argued this in
> previous mails, so I will leave it at that. This one has to go...
>
> Recommendation8 is missing the feasibility section, which I think
> is key for this section. In itself it is a good idea, but the
> benefits must be weighed against the costs.
>
> Apologies that this went longer than I originally intended, thanks
> for bearing with me,
>
> Volker
> /
> /
> Am 15.06.2018 um 15:18 schrieb Susan Kawaguchi:
>> Hello All,
>>
>> I have updated the Compliance report for subgroup 4.
>>
>> Please see attached.
>>
>> Susan
>>
>>
>> _______________________________________________
>> RDS-WHOIS2-RT mailing list
>> RDS-WHOIS2-RT at icann.org <mailto:RDS-WHOIS2-RT at icann.org>
>> https://mm.icann.org/mailman/listinfo/rds-whois2-rt
>> <https://mm.icann.org/mailman/listinfo/rds-whois2-rt>
>
> --
> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>
> Mit freundlichen Grüßen,
>
> Volker A. Greimann
> - Rechtsabteilung -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901
> Fax.: +49 (0) 6894 - 9396 851
> Email:vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>
>
> Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net>
> www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>
>
> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
> www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>
> www.twitter.com/key_systems <http://www.twitter.com/key_systems>
>
> Geschäftsführer: Alexander Siffrin
> Handelsregister Nr.: HR B 18835 - Saarbruecken
> Umsatzsteuer ID.: DE211006534
>
> Member of the KEYDRIVE GROUP
> www.keydrive.lu <http://www.keydrive.lu>
>
> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
>
> --------------------------------------------
>
> Should you have any further questions, please do not hesitate to contact us.
>
> Best regards,
>
> Volker A. Greimann
> - legal department -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901
> Fax.: +49 (0) 6894 - 9396 851
> Email:vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>
>
> Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net>
> www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>
>
> Follow us on Twitter or join our fan community on Facebook and stay updated:
> www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>
> www.twitter.com/key_systems <http://www.twitter.com/key_systems>
>
> CEO: Alexander Siffrin
> Registration No.: HR B 18835 - Saarbruecken
> V.A.T. ID.: DE211006534
>
> Member of the KEYDRIVE GROUP
> www.keydrive.lu <http://www.keydrive.lu>
>
> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
>
>
>
>
> _______________________________________________
> RDS-WHOIS2-RT mailing list
> RDS-WHOIS2-RT at icann.org <mailto:RDS-WHOIS2-RT at icann.org>
> https://mm.icann.org/mailman/listinfo/rds-whois2-rt
> <https://mm.icann.org/mailman/listinfo/rds-whois2-rt>
>
>
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/rds-whois2-rt/attachments/20180618/1fa86e14/attachment-0001.html>
More information about the RDS-WHOIS2-RT
mailing list