Home / Blogs

What is Good Policy for a Domain Name Registry?

Back from the holidays I must admit I was thinking quite a bit on what is good policy for a registry? Of course I have my own personal favorites that I can not walk away from easily, but instead of thinking for too long, I decided to write down now immediately what is in my head. The main reasons for this are two: the decision by ICANN to change the rules for change in policy regarding the Add Grace Periods.

What is Add Grace Period you might ask? ICANN writes: A grace period is a specified number of calendar days following a generic Top-Level Domain (gTLD) registry operation in which the operation may be reversed and a credit may be issued to a domain Registrar. In short, it is a time period after registering a domain name when that registration can be revoked, and no charges will apply.

This has sometimes been called tasting and is something I personally feel is bad, very bad, for the registrant. Might sound weird because the whole idea behind grace periods is that the registrant should be able to change its mind. But the bad thing is that this of course is used by people making money in various pay per click mechanisms, or trading of domain names. They register a domain name, use it for a day (or whatever the grace period is) and if no revenue is connected with the domain name, it is given back. When the domain name is given back, another registrar doing the same thing, is immediately registering the domain name again. Because of this, almost all thinkable domain names are of course in use all the time, without anyone paying for it. And on top of that, the large number of transactions (registrations + deletions) make it non-trivial to ensure Domain Name System (DNS) is working properly.

So tasting is bad, and it is a good thing ICANN is moving towards a more strict add grace period. But why so complicated rules? Why not just say that any registrar that registers a domain name in a registry has to pay for it. Many county code Top-Level Domains (ccTLDs) have that policy and it is the only way to get rid of tasting. .ORG has experience in this, and other registries/TLDs as well. Sure, it might look bad in the numbers as the number of registrations might look like if they are going down, but I claim that the number of paid registrations goes up. So to conclude, I think ICANN will still have a too relaxed policy after this change in policy (but I welcome the policy as it is better than the old one).

Second thing that irritates me a bit is the decision to move forward with addition of new TLDs. I can see a reason for Internationalized Domain Name (IDN) versions of existing TLDs, and I can see a reason for many sponsored TLDs, but to open the door completely for any TLD, as long as one pays. I am sorry, but that is just plain wrong. And one can see in the comments to the policy proposal that everyone is not completely happy. My technical explanation is simple. The DNS is designed to be a hierarchal namespace. Not flat. And every step to make DNS more flat will create problems. What problems one might ask? Several, and I will not explain them here. But let me try to turn the question around, simply because I do not understand why I am to argue why I do not want new TLDs. I think the ones that really want new TLDs should explain why. “Just because” is not good enough.

The two favorite other things that I have to mention, because even in Sweden people start asking about them. Although we have them implemented in .SE and it shows it is a good thing. First, that the list of domain names that will be available a certain date and time is published beforehand. Excellent, because that limits the amount of hammering on DNS and Whois servers. It also makes it possible for newspapers to see what high value domain names have forgotten to pay the bill. Best way to make people pay (print a notice about it in the newspaper). Secondly, the ability for people to register a domain name without delegating it. That even makes it possible to implement DNSSEC (with NSEC) without being afraid of integrity issues with zone walking.

I can see that TLDs that have not implemented these two policies this way are the ones most against DNSSEC, while the ones that have better policy (like .SE) have less problems with DNSSEC.

What could be improved in many TLDs though (including .SE) is the sunrise that happens every time a domain name is made available. But more about that in a different post.

By Patrik Fältström, Technical Director and Head of Security at Netnod

Filed Under


Let's not confuse current efforts to curtail, tax or eliminate the Add Grace period as "Good" Policy Thomas Barrett  –  Jan 9, 2009 8:07 PM

Dear Patrik,

This is an interesting post.  I would like to provide another perspective on “Good” Policy.

Let’s not confuse current efforts to curtail, tax or eliminate the Add Grace period as “Good” Policy.

Many of the long-time policies in the domain name industry were not conscious decisions, but were reverse-engineered based on limitations of the computer systems.

For example, why must domain name registrations be a yearly increments?  This is driven by limitations in billing and payment systems, not a result of a any deliberate policy-making.  These limitations exist at registrars, registries and ICANN itself (who are all deriving revenue from registrations)

I would argue that the Add Grace Periods should be longer, say 30 days.  Why can’t I return a domain name after 30 days and get a pro-rated refund?  This “policy” is simply a limitation in billing and payment systems.  The pain effects both registrars and consumers.

Most retail businesses offer return policies for unwanted or defective goods.  This is “Good” policy.  The five-day Add Grace Period is a compromise between Good Policy of longer return periods and limitations in computer systems.

If a domain name transaction is a mistake or mis-spelled, and therefore is not used, why should the registries and ICANN be allowed to collect their fees while the consumer and registrar incur losses?  Is this “Good” Policy?

I believe ICANN and Registries has followed the wrong path when it comes to “Good” policy regarding return policies.  There should be more efforts focused on consumer-friendly policies instead of punishing everyone for a few bad actors engaged in tasting.

Here is an example of a “Good” policy.  Allow domains to be registered for a full refund for 10, 15 or 30 days.  The condition is that the names cannot resolve in the DNS, thus avoiding the “tasting” issue.  This service could be priced as a monthly service, at a fraction of the annual cost.  The customer can upgrade at any time to an annual subscription to get the domain to resolve in the DNS.

I am willing to bet that a lot of businesses and consumers would love this service.  Payment gateways already support recurring billing, so Registrars could offer this service.  I am also willing to bet that it will not happen because limitations in billing systems at the registries and ICANN do not support it.

Best regards,

Tom Barrett
EnCirca, Inc

You are of course correct, but... Patrik Fältström  –  Jan 9, 2009 8:23 PM

If you buy something in a store, you can get full refund if you have not used what you buy, when you have not opened the package the goods come in, but in some other cases stores let you get full refund regardless of reasons. But for some goods (in Sweden often underwear and swimwear) you do not get any refund at all. We should while discussing these things not mix up the policy between the registry and registrar with the policy used between registrar and registrant. They do not have to be the same. But to go back to the registry/registrar policy. Sure, if the domain name has never been in DNS, that could be one reason for allowing a refund. But I have asked myself many times, WHY should a registrar get a refund from a registry? The registrar can give full refund to the registrant if they want to anyway, and the registrars can even have different policies. The policy could as other services (I’ll get back on that) be part of the differentiation between registrars.

Regarding recurring payment, that is a difficult issue. Many registrars (or whoever is invoicing customers) like sending an invoice at least once a year. Many registrants move, and forget to report their new address. If one try to have communication between registry and registrar at least once a year, it is normally possible to trace the registrant. But this invoice, or non payment thereof, does not have to imply that the registrar does not pay the registry. The registrar might have dozens of services that are similar to insurances where the registrant is guaranteed to never ever loose the domain name. Many many registrars are better and better at this. And, one more important thing, lately it has been much more common to loose a domain name by having the registrar being “hacked” (note the quotation) than a lost payment.

The problem has been, I claim, that many registrars have made it easy for the registrant to make changes, when in reality the registrant want it to be hard, very very hard, to make changes. How often does an NS record change, or even more seldom, how often is there a change of registrant for a domain name? When those events happen, it is ok to be very very very hard to do the change. Two different means of communication might be needed? Also here the registrars can innovate and come up with schemes that are simple to use for the registrant.

So sure, good policies could be something else than not having any grace period, but to provide some policy that is simple, easy to implement, objective etc etc. Remember that the fee per domain name and year is very very low, so the cost to implement and do the transaction must be low. And, once again, just because the registry does not refund the registration fee, the registrar can still do it.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign


Sponsored byVerisign

New TLDs

Sponsored byRadix