Concerns have been expressed over the possibility that ICANN may not have the resources necessary to combat DNS abuse through the usage of its contracts with registries and registrars.
The recent report on abuse that was compiled by the “small team” of investigators working for the GNSO has brought to light two “gaps” in the present Compliance regime. These “gaps” may be allowing registrars to get away with turning a blind eye to abusive clients.
The standard Registrar Accreditation Agreement as it exists today requires registrars to keep an abuse contact email and to “take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.” Registrars are also required to “take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.”
According to the findings of the small team study, the issue is that it does not appear as though ICANN Compliance has a standard meaning of the terms “reasonable,” “prompt,” and “appropriately.” The registrant is not required to do any particular corrective actions in accordance with the terms of the contract.
According to the article, “Members of the tiny team are concerned that this interpretation may allow DNS abuse to stay unchecked.” This fear is based on the fact that different registrars have different regulations regarding the usage and abuse of domain names.
It appears that this is the first time Compliance has gone on the record regarding how it enforces this aspect of the contract, judging by exchanges that took place at ICANN 75 the previous month.
When ICANN does issue a public breach notice to a registrar for failing to respond to abuse allegations, the notification often relates to the registrar’s failure to retain documents detailing how it responded, but this occurrence is relatively uncommon.
The report from the small team believes that there is also a blind hole in ICANN’s standard Registry Agreement, which in turn compels registries to incorporate, in their Registry-Registrar Agreements, clauses mandating anti-abuse requirements in the Registration Agreements of the registrars. However, the small team believes that this blind spot exists.
The tiny team makes the observation that this intricate chain of contractual requirements does not appear to be enforced. They add that “more attention may need to be given to what Registries are doing to guarantee the content is truly included in the Registration Agreement (ie Registries enforcing their own Registry-Registrar Agreements”).”
Before moving further with policy-making, the small team strongly suggests that the contractual parties continue their conversation with ICANN regarding prospective contract revisions or best practices documentation. In the latter part of this month, the GNSO Council will discuss the proposals.