[gnso-rap-dt] FW: ICANN Compliance: Response to Questions Posed by the RAPWG
Dear WG: Attached please find additional info regarding WHOIS access provided by the ICANN Compliance Department. Also: ICANN's latest Contractual Compliance Semi-Annual Report was published at the end of December 2009, and is available at: http://www.icann.org/en/compliance/reports/contractual-compliance-report-24d ec09-en.pdf It contains statistics about WDPRS. All best, --Greg _____ From: Stacy Burnette [mailto:stacy.burnette@xxxxxxxxx] Sent: Friday, January 08, 2010 5:25 PM To: Greg Aaron Cc: David Giza; William McKelligott; Marika Konings Subject: RE: ICANN Compliance: Response to Questions Posed by the RAPWG Hi Greg: I hope this e-mail message finds you in good spirits. Attached are responses to the RAPWG's questions regarding the Whois Data Problem Report System (WDRPS) and ICANN's Whois enforcement work. Please let us know if you have further questions or if you need additional information. Warmly, Stacy Burnette Director Contractual Compliance ICANN 4676 Admiralty Way, Suite 330 Marina del Rey, CA 90292 +1(310) 301-3860 _____ From: William McKelligott [mailto:William.McKelligott@xxxxxxxxx] Sent: Sunday, December 13, 2009 7:08 PM To: Marika Konings; Greg Aaron Cc: Stacy Burnette; David Giza Subject: ICANN Compliance: (partial) response to questions posed by the RAP WG Importance: High Marika and Greg, As requested. Per Dave's email, we will provide additional responses to questions posed by the WG by 8 January 2010. Please contact me if you have any questions or if Compliance can be of further assistance. Best, William _____ Q1. What are the ICANN compliance reports published in the last three years that discuss WHOIS availability and accuracy reporting? I am aware of the following; are there any others? * 2007 "ICANN's Whois Data Accuracy and Availability Program": http://www.icann.org/en/whois/whois-data-accuracy-program-27apr07.pdf * October 2007 Contractual Compliance Semi-Annual Report: http://www.icann.org/en/compliance/reports/contractual-compliance-audit-repo rt-18oct07.pdf * July 2008 Contractual Compliance Semi-Annual Report: http://icann.org/en/compliance/reports/contractual-compliance-audit-report-2 9jul08-en.pdf * February 2009 Contractual Compliance Semi-Annual Report: http://icann.org/en/compliance/reports/contractual-compliance-report-27feb09 -en.pdf I have been unable to find the September 2009 Semi-Annual Report. Was one published this autumn? RESPONSE: The above reports are all of the reports published in the last three years regarding Whois availability and Whois accuracy. The 2009 Contractual Compliance Semi-Annual Report will be published on or about 31 December 2009 and it will include statistics regarding the WDPRS. Q2. ICANN has a system to monitor and enforce registrar compliance with port 43 Whois service requirements; the 2007 report said it would include both automated WHOIS server testing and manual reviews of registrar WHOIS output on a regular basis. Can you provide any observations and data related to this monitoring, and is it described in any already-published documents? Specifically, can you tell us how many registrars ICANN found were not providing port 43 and/or Web WHOIS access? Has ICANN encountered notable downtimes or lapses of registrar port 43 availability, or any other issues of note? RESPONSE: Section 3.3 of the RAA, "Public Access to Data on Registered Names" defines the terms and conditions under which Registrars must provide a Port 43 and interactive web-based Whois service available for public query. The timeframes mentioned in the RAA single out the frequency in which Whois data fields must be updated (daily). The RAA, however, is different from the registry operator agreements in that it doesn't specify any service level agreement (or performance metrics) of the continued availability of the Whois service provided by registrars. ICANN has developed a Whois server audit tool which monitors access to registrars' Whois servers over a Port 43 connection. The script developed for this task retrieves data for 4 registered domain names for each accredited registrar. These domains are selected from the zone file which is obtained by ICANN periodically. The purpose of the audit is to flag Whois servers that are down for an amount of time that is suspect and probably not just a manifestation of periodic server maintenance or scheduled update. What is the "reasonable amount of time" for a server to be down? Probably no more than an hour or so per day, although these are ICANN internal, 'soft metrics', not agreed-upon timeframes with registrars. The script records the results and flags registrars that prevent access to data on registered names. Transient network problems are less of a concern, so ICANN focuses on long-term behavior, i.e., registrars which ICANN is unable to communicate with for several days in a row. Once ICANN identifies the registrar(s), ICANN Compliance conducts Port 43 queries from alternate IP addresses to ensure that the communication error was not due to a problem with ICANN's server. If the problem is verified, ICANN reaches out to the registrar. The same occurs when ICANN obtains complaints from the community that experience either trouble locating the interactive web-based search tool for Whois queries for a registrar or are unable to obtain any results from these queries. The RAA requires that registrars provide access to data on registered names but also recognizes that, in some instances, the data can later be used for the wrong purpose... This may be one of the reasons why registrars commonly block specific IP addresses from resolving queries on their Whois server and place them on a black list. There is no set definition on the number of queries that would be 'reasonable' before a specific IP address is blocked and potentially blacklisted. After reaching out to registrars to resolve access issues, they frequently create 'white lists' of IP addresses that are brought to their attention to allow them to access Whois data. ICANN Compliance regularly follows up with the complainant to see if the problem persists and, fortunately, this appears to be an effective (informal) mechanism to resolve these problems. ICANN also reaches out to registrars that provide access to data on registered names but provide 'thin', not 'think', Whois data. The former does not provide details on the registered name holder and additional contacts, which is required by the RAA. Aside from metrics on informal outreach to resolve blocked Whois servers and incomplete, or 'thin', Whois data with registrars, which have been more than two dozen in the past 6-8 months, Compliance could provide bi-weekly statistics to the WG from here on out to on the number of registrars that showed a pattern of restricting access to their Whois server over a Port 43 connection. These statistics have not been published before. Details to follow. Q4: In the last three years, how many notices of breach of the Registrar Accreditation Agreement has ICANN sent to registrars for failure to adhere to WHOIS-related obligations? (Including failure to provide Web-based or port 43 access, or related to WHOIS data inaccuracies.) ICANN sent eleven (11) escalated compliance notices (e.g. notices of breach, termination or non-renewal) to registrars for failure to comply with Whois provisions of the Registrar Accreditation Agreement. This information is published on the Contractual Compliance website at http://www.icann.org/en/compliance/. For your convenience, please see the links below for detailed information regarding the escalated compliance notices sent. Notices of Breach, Termination and Non-Renewal 19 November 2009: ICANN Notice of Non-Renewal of RAA <http://www.icann.org/correspondence/burnette-to-dicker-19nov09-en.pdf> (Domain Jingles, Inc.) 9 October 2009: ICANN Notice of Non-Renewal of RAA <http://www.icann.org/correspondence/burnette-to-bahlitzanakis-09oct09-en.pd f> (BP Holdings Group, Inc. dba IS.COM) 8 October 2009: ICANN Sends Notice of Breach to Registrar <http://www.icann.org/correspondence/burnette-to-bahlitzanakis-08oct09-en.pd f> (CodyCorp) 11 September 2009: ICANN Sends Notice of Termination to Registrar <http://www.icann.org/correspondence/burnette-to-sundin-11sep09-en.pdf> (Red Register, Inc.) 30 July 2009: ICANN Notice of Non-Renewal of RAA <http://www.icann.org/correspondence/burnette-to-friedman-30jul09-en.pdf> (South America Domains Ltd. dba namefrog.com) 9 April 2009: ICANN Sends Notice of Termination to Registrar <http://www.icann.org/correspondence/burnette-to-valdes-09apr09-en.pdf> (Parava Networks, Inc. dba 10-Domains.com) 8 April 2009: ICANN Sends Notice of Termination to Registrar <http://www.icann.org/correspondence/burnette-to-bordes-08apr09-en.pdf> (DropLimited.com, Inc.) 27 February 2009: ICANN Sends Notice of Breach to Registrar <http://www.icann.org/correspondence/burnette-to-valdes-27feb09-en.pdf> (Parava Networks, Inc.) 4 February 2009: ICANN Sends Notice of Breach to Registrar <http://www.icann.org/correspondence/burnette-to-bordes-04feb09-en.pdf> (DropLimited.com, Inc.) 30 September 2008: ICANN Sends Notice of Breach to Registrar <http://www.icann.org/correspondence/burnette-to-hu-30sep08-en.pdf> (Beijing Innovative Linkage Technology) 30 September 2008: ICANN Sends Notice of Breach to Registrar <http://www.icann.org/correspondence/burnette-to-legenhausen-30sep08-en.pdf> (CSL Computer Service Langenbach GmbH) Attachment:
RAPWG Responses (final1).pdf
|