NordVPN Promotion

Home / Blogs

Domain Registrar Hide and Seek

BLACK FRIDAY DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]

In the past year ICANN has been putting a lot more effort into its compliance activities, which is a good thing, since the previous level was, ah, exiguous. That’s the good news. The bad news is that while they’re paying more attention to misbehaving registrants, the registrars, gatekeepers to the world of domains, have serious issues that ICANN has yet to address.

One straightforward problem is registrar (as opposed to registrant) compliance with the Registrar Accreditation Agreement (RAA). ICANN has sent out quite a few termination notices for failure to comply, but in nearly every case the failure involves not paying their bills. Other than that, the only meaningful enforcement has been their recent attempt to shut down EstDomains for the felony conviction of one of their principals.

Registrar Dynamic Dolphin is run by infamous high volume e-mail deployer Scott Richter. In 2003 Richter pled guilty to felony charges of receiving stolen property. Earlier this year Richter settled a suit with MySpace for $6 million, for spamming MySpace users using phished accounts. Section 5.3.3 of the RAA says that ICANN can terminate a registrar if an officer:

is convicted of a felony or of a misdemeanor related to financial activities, or is judged by a court to have committed fraud or breach of fiduciary duty, or is the subject of a judicial determination that ICANN deems as the substantive equivalent of any of these ...

Why hasn’t ICANN acted in this case? ICANN certainly knows about it.

As a separate issue, ICANN gadfly Knujon has discovered that at least 70 accredited registrars are in practice completely anonymous, providing no usable contact information, and in many cases appearing to operate out of countries other than the ones in which they told ICANN they were located. Knujon has not gotten a warm reception from ICANN, who has shut down Knujon founder Bob Bruen whenever he’s tried to bring up registrar behavior issues at ICANN events.

While the RAA does not have specific language about publishing contact information, this is ridiculous. As a friend of mine put it, no other form of near-critical infrastructure, either privatized or public, operates with such anonymity. Section 3.7.1 of the RAA provides for the creation of a registrar Code of Conduct, and having a registrar tell its customers who and where they are would be a good start.

ICANN’s basic problem here is that it never occurred to them that they would have to enforce their contracts. For a long time there was no compliance at all, and their moves toward it have been slow and painful. At some point they’ll have to realize that they are in practice a regulator, every rule or agreement they have is going to be subverted by bad guys trying to make a quick buck, so compliance needs to be integrated into all of their interactions with the people and organizations they regulate.

 

By John Levine, Author, Consultant & Speaker

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API

NordVPN Promotion