DNSO Mailling lists archives


<<< Chronological Index >>>    <<< Thread Index >>>

[comments-whois] Comments

Dear WHOIS task force,

Please find my comments about your final report on "Accuracy and Bulk

Accuracy of data in WHOIS databases is desirable, but it must be noted
that in real life some degree of inaccuracy is unavoidable, due to a
number of reasons, such as:

a) the complex and burdensome procedures that many registries,
especially in ccTLDs, require users to follow to update their details;
in many countries, updating name server or contact details requires
written applications and/or the intervention (sometimes at a fee) of
the registrar, and it may take several days, if not weeks.

b) the fact that minor or major alterations of contact data are
presently in most registries the only instrument a registrant can use
to protect his/her own personal data from being published and visible
to the whole world, and used (as it usually happens) for spamming
purposes, or for personal harassment by badly intentioned third

c) the fact that disclosing your identity as the owner of domain names
used for politically or socially sensitive services, especially in
some parts of the world, might put your life or your career at risk.

d) the usual complexity of the world: for example, whenever you move
your home you have to do a million things, and there's nothing
particularly wrong in forgetting to do the million-and-first - ie
updating the contact address for your domain name.

Thus, automatically connecting inaccurate data, even if voluntarily
provided, with a fraudulent intent or unlawful behaviour is not per se

Until reasonable instruments can be provided for personal data to be
protected from general public access and reserved to the knowledge of
the registry/registrar, law enforcement agencies, and other selected
and authorized parties, there is a huge incentive to supply incorrect
or useless contact data when registering domains, especially for

Moreover, as individual and especially business users invest money and
time in promoting the value of their domain names and/or use them
every day for valuable business and personal communication, it should
be ensured that in no case a valid registration will be removed or put
on hold only due to unwilful or minor inaccuracies in registration
data, and without adequate attempts to contact the registrant and give
him/her enough time to correct the problems.

Under this light, a period of 15 days for corrections to be made is
completely inadequate to the purpose.

When a complaint about the validity of registrant data is made,
registries/registrars should be required to:
- contact the registrant via e-mail at the presently registered
contact details, at least twice;
- if such attempts fail to get any answer, to try to use other
reasonable e-mail addresses, such as the RFC822-mandated
"postmaster@domain" address, or other quasi-standard e-mail addresses
(such as hostmaster@domain and webmaster@domain), or any e-mail
addresses that might be immediately found from a website at the URL
- if all attempts by e-mail fail to get answer after reasonable time
for e-mail communication (for example, 10 business days in the
registrant's country) an attempt via telephone should be made, at
least twice in two different days, during business hours in the
registrant's country;
- if this fails, an attempt using the standard postal service should
be made; in this case, at least 30 calendar days should be allowed for
the letter to be delivered and processed.

For these reasons, I think that ICANN should:

- adopt a contact verification process made in steps, allowing for at
least 45 days from the beginning to the end, and ensuring that a
significant number of attempts to communicate with the registrant,
using different instruments, is made prior to any domain cancellation
or holding to be allowed;

- foster the creation of simple instruments where each registrant (at
least for gTLDs) may edit his/her own details in the registry and
registrar databases; this might be simplified by increased uniformity
and by the adoption of technical protocols for data exchange and
synchronization, or for data referral, between different WHOIS

- suggest (and later, mandate, as required by law in many countries)
registries and registrars to allow registrants not to be included by
default in the WHOIS service databases, but to opt-in into it (except
for their name and an e-mail contact address, which should be usually
available through WHOIS);

- allow for a number of cases where the registrant may choose even for
his/her own name and e-mail address not to be disclosed to anyone but
law enforcement agencies.

I also note that the WHOIS service as currently implemented by most
registries is clearly illegal in a number of countries, including the
European Union. Putting excessive stress on the need of keeping
accurate data collected through systems of doubtful lawfulness, while
not solving the other side of the problem (privacy protection), could
once more damage ICANN's credibility in a number of online
environments, or give way to unnecessary litigations and discussions.

vb.            [Vittorio Bertola - v.bertola [a] bertola.eu.org]<---
-------------------> http://bertola.eu.org/ <-----------------------

<<< Chronological Index >>>    <<< Thread Index >>>