Home / Blogs

Domain Registrar Hide and Seek

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.
John Levine

In the past year ICANN has been putting a lot more effort into its compliance activities, which is a good thing, since the previous level was, ah, exiguous. That's the good news. The bad news is that while they're paying more attention to misbehaving registrants, the registrars, gatekeepers to the world of domains, have serious issues that ICANN has yet to address.

One straightforward problem is registrar (as opposed to registrant) compliance with the Registrar Accreditation Agreement (RAA). ICANN has sent out quite a few termination notices for failure to comply, but in nearly every case the failure involves not paying their bills. Other than that, the only meaningful enforcement has been their recent attempt to shut down EstDomains for the felony conviction of one of their principals.

Registrar Dynamic Dolphin is run by infamous high volume e-mail deployer Scott Richter. In 2003 Richter pled guilty to felony charges of receiving stolen property. Earlier this year Richter settled a suit with MySpace for $6 million, for spamming MySpace users using phished accounts. Section 5.3.3 of the RAA says that ICANN can terminate a registrar if an officer:

is convicted of a felony or of a misdemeanor related to financial activities, or is judged by a court to have committed fraud or breach of fiduciary duty, or is the subject of a judicial determination that ICANN deems as the substantive equivalent of any of these ...

Why hasn't ICANN acted in this case? ICANN certainly knows about it.

As a separate issue, ICANN gadfly Knujon has discovered that at least 70 accredited registrars are in practice completely anonymous, providing no usable contact information, and in many cases appearing to operate out of countries other than the ones in which they told ICANN they were located. Knujon has not gotten a warm reception from ICANN, who has shut down Knujon founder Bob Bruen whenever he's tried to bring up registrar behavior issues at ICANN events.

While the RAA does not have specific language about publishing contact information, this is ridiculous. As a friend of mine put it, no other form of near-critical infrastructure, either privatized or public, operates with such anonymity. Section 3.7.1 of the RAA provides for the creation of a registrar Code of Conduct, and having a registrar tell its customers who and where they are would be a good start.

ICANN's basic problem here is that it never occurred to them that they would have to enforce their contracts. For a long time there was no compliance at all, and their moves toward it have been slow and painful. At some point they'll have to realize that they are in practice a regulator, every rule or agreement they have is going to be subverted by bad guys trying to make a quick buck, so compliance needs to be integrated into all of their interactions with the people and organizations they regulate.

By John Levine, Author, Consultant & Speaker. More blog posts from John Levine can also be read here.

Related topics: Cybercrime, Domain Names, ICANN, Internet Governance, Law, Policy & Regulation

 
   

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services
Afilias

DNS Security

Sponsored by Afilias
Verisign

Cybersecurity

Sponsored by Verisign

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Industry Updates – Sponsored Posts

Why the Record Number of Reverse Domain Name Hijacking UDRP Filings in 2016?

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

UDRP: Better Late than Never - ICA Applauds WIPO for Removing Misguided 'Retroactive Bad Faith'

The Rise and Fall of the UDRP Theory of 'Retroactive Bad Faith'

.PRESS Supports Press Freedom Day for 3rd Consecutive Year

Leading Internet Associations Strengthen Cooperation

5 Afilias Top Level Domains Now Licensed for Sale in China

Radix Announces Largest New gTLD Sale with Casino.Online

2016 Year in Review: The Trending Keywords in .COM and .NET Domain Registrations

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Afilias Chairman Jonathan Robinson Wins ICANN's 2016 Leadership Award at ICANN 57

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

8 Tips to Find Your Perfect .COM Domain Name

Why .com is the Venture Capital Community's Power Player