Hi folks,

ICANN has posted a request by Afilias for a new registry service:

http://www.icann.org/registries/rsep/index.html#2008007
http://www.icann.org/registries/rsep...st-20jun08.pdf

in relation to "abusive" domains in dot-info.

While in general the proposal is motivated by good intentions, the devil is in the details. While most folks here (including myself) probably care very little about the .info TLD, my concern is that any bad implementation in .info might be copied or used as a precedent in other more important TLDs, in particular .com run by VeriSign.

In particular:

Pursuant to Section 3.6.5 of the RRA, Afilias reserves the right to deny, cancel or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status,
that it deems necessary, in its discretion;........

I would be against giving VeriSign (if the model was copied to .com) that discretionary power over my company's domains, especially the "right to cancel." What exactly is "illegal"? In China, I'm sure there are many things that are illegal that are perfectly legal in Canada, the USA or the EU. Suppose a domain name gets hacked for a brief time, and is temporarily used to serve up spam or malware, etc. That company experiencing bad luck, having their site hacked, can then be put totally out of business in the event that the registry operator, "in its discretion," decides to cancel the domain name.

Thus, I think we should voice our concern that any implementation be very conservative in order to protect the inherent right of registrants to due process. The potential for harm in a bad implementation is enormous, and businesses could literally be put out of business if a valuable domain name is taken from a registrant.

Sincerely,

George

Wow.....that is pretty scary quote.

Thanks for posting.

Tough one.

One situation come to mind for myself. Long ago I subdomained the domain I use for my whois email. I went from:

Domains@gots.info

to

Domain@75.gots.info

I did this at the time because I'd discovered that spam email harvesting logic would reject an email that was subdomained .... The way I knew thus was all the "returned spam" I was getting and did not want to give up the domain just to have another one compromised.

Of late the "returned spam" level has been increasing, yet *I* have never sent any spam from that email. So how does the registry tell decide not to delete the domain since I'm not doing it, nor is anyone authorized by me, even though that spam *IS* making .INFO look bad and making me look like a spammer.

I guess I need to make a call.

According to:

http://gnso.icann.org/mailing-lists/.../msg05146.html

we are allowed to make comments at any time on proposed new services.

I added:

"I'd like to put my comments below that I posted on the GA list on the record. I'd oppose setting up registries as judge, jury AND executioner. Even the UDRP has checks and balances. So should any new policy, in order to protect the inherent rights of registrants to due process. Removing a domain name from the zone file, without cancelling the domain, is surely sufficient for even the most urgent cases of abuse."

Ho do I post and ho do I see what you/I post?

Thanks!

Send an email to registryservice@icann.org (i.e. that's what it said on that link above). You'll be sent an email that you need to confirm (either by clicking on a link or replying to) as an anti-spam measure.

It'll then show up at:

http://forum.icann.org/lists/registryservice/

So it's not threaded against the proposal, just "free for all" unorganized post threading?

Thanks!

George, what do you think about the registry fining a registrar instead? Fact is a registrar can allready delete or dezone a domain for any reason per TOS. Note GoDaddy charging for disputed domains.

Bottom line seems to me registrar support of the proposal does not make sense as is, it does not protect them from credit card issues, it just allows them to place blame on a third party and shrug their sholders. However being fined does create motivation for registrars to change behavior and policy espicially those setup just for related purposes.

Originally posted by ILikeInfo
So it's not threaded against the proposal, just "free for all" unorganized post threading?
Thanks!

Yes.

Originally posted by ILikeInfo
Fact is a registrar can allready delete or dezone a domain for any reason per TOS.

You have a choice about which registrar to use. You can't avoid the registry operator, though (e.g. VeriSign for .com), unless you decide not to register ANY domains in that TLD.

I'm certainly not going to stop registering .com domains (if .info was removed from the root, I wouldn't notice), so there should be no precedents created in these minor TLDs in order to later give VeriSign the right to be judge, jury and executioner in a major TLD.

Originally posted by GeorgeK
You have a choice about which registrar to use. You can't avoid the registry operator, though (e.g. VeriSign for .com), unless you decide not to register ANY domains in that TLD.

I'm certainly not going to stop registering .com domains (if .info was removed from the root, I wouldn't notice), so there should be no precedents created in these minor TLDs in order to later give VeriSign the right to be judge, jury and executioner in a major TLD.

I feel you did not answer my question regarding having the registry *FINE* the registrar thus forcing the registrar to act however they wish.

Originally posted by ILikeInfo
I feel you did not answer my question regarding having the registry *FINE* the registrar thus forcing the registrar to act however they wish.

Sorry, I didn't fully understand the question before -- it would depend on what basis they're fining the registrar. e.g. John Smith emails Afilias saying that you're a spammer, and then Afilias says to GoDaddy "delete example.com or you'll be fined $1000" obviously is still not reflecting due process. The registry operator needs to respond to court orders, etc., or something official. If the government of Iran writes to VeriSign or Moniker "please delete Israel.com", the registrar should be able to say "No", not unless a court that has jurisdiction that we recognize says so. And even then, if Moniker went off the reservation, the name should at most be removed from the zone file but not cancelled, until the registrant has exhausted all their appeals (e.g. Supreme Court of the United States, or whatever, depending on the jurisdiction of the registrant, registrar, etc.).

Sorry for the confusion / ambiguity.

I was thinking a fine, period, but say it's and escalating fine per month for a given issue instance. Point being to have registrar choose their customers as well as the services they choose to offer them - Tasting being one of those services.

BFL: The more I think of this the more BS it comes across as. If I'm *REALLY* making that much via the declared methods, I just don't see how deletion does anything. I just move to another domain, I delete during add/grace (if I'm a currupt registrar), and the money I'm making covers another domain that will likely take 2 weeks for anybody to get wise to. Seems to me it's got to be forcing the registrars to get involved / motivated.

Worse still - anyone with a liking to your domain could complain you sent spam from it, and then get it cancelled and pick it up on the drop/cancellation!

Originally posted by devolution
Worse still - anyone with a liking to your domain could complain you sent spam from it, and then get it cancelled and pick it up on the drop/cancellation!

I did ponder the accountabililty side before I'd posted. Given the registry controls it's TLD section of the internet DNS servers I *THINK* there are ways of fingerprinting the queries on thier DNS servers to find spammers, etc.

So I thinks it's easy for then see see what domains are an issue, but not so sure it's easy for them to seperate "identity theft" use of someone else domain for spam (my case). Probably have to do this like a Google "how long registered" type of operation.

The registries will never have a perfect system of determining abuse, that's why we need checks and balances. They essentially want to have immunity in the event of a false positive, i.e. that in their "discretion" they harm an innocent registrant.

If someone blasts out a million spams promoting your website, without your authorization, in order to frame you, no technical method is going to detect that just using internet DNS queries (i.e. the frameup would have no DNS footprint, whereas a real spammer could have also set things up with a face to face meeting, also leaving no DNS footprint).