(warning)  As per the decision reached on plenary call #14, the WHOIS1 Rec #4 Compliance subgroup and the Topic 7 Compliance subgroup have been merged into one subgroup, and this wiki page will be the page used by that combined subgroup moving forward.
(red star)Objectives

Topic (1)
Consistent with ICANN’s mission and Bylaws, Section 4.6(e)(iv), the Review Team will (a) evaluate the extent to which ICANN Org has implemented each prior Directory Service Review recommendation (noting differences if any between recommended and implemented steps), (b) assess to the degree practical the extent to which implementation of each recommendation was effective in addressing the issue identified by the prior RT or generated additional information useful to management and evolution of WHOIS (RDS), and (c) determine if any specific measurable steps should be recommended to enhance results achieved through the prior RT’s recommendations. This includes developing a framework to measure and assess the effectiveness of recommendations, and applying that approach to all areas of WHOIS originally assessed by the prior RT (as applicable). 

RT1 Recommendations to be assessed by this subgroup:
Recommendation #4 - Compliance

Topic (7)
Consistent with ICANN’s mission to ensure the stable and secure operation of the Internet's unique identifier systems by enforcing policies, procedures and principles associated with registry and registrar obligations to maintain and provide access to accurate and up-to-date information about registered names and name servers, the review team will (to the extent that this is not already covered in prior RT recommendations), (a) assess the effectiveness and transparency of ICANN enforcement of existing policy relating to WHOIS (RDS) through Contractual Compliance actions, structure and processes, including consistency of enforcement actions and availability of related data,  (b) identifying high-priority procedural or data gaps (if any), and (c) recommending specific measurable steps (if any) the team believes are important to fill gaps.

(red star)Leader/Rapporteur: Susan Kawaguchi

(red star)Members: Erika Mann, Carlton Samuels, Chris Disspain, Susan Kawaguchi, Thomas Walden

(red star)Mailing-list archives:  http://mm.icann.org/pipermail/rds-whois2-rec4-compliance/

(red star)Conference calls: see here

(red star)Review Team Templates: see here

Subgroup Documents


Document (Versions in Red are latest)


Subgroup Report








v12 (incl. FtoF #3 Agreements)DOCX






















Face-to-Face Mtg #2 Slides - Findings



Planning Questions


Next Steps


First Pass Document


Compliance v2 (merged doc)DOCX


Compliance v1 (merged doc)DOCX


Assembled topic 1 rec #4 v3 & topic 7 v1 (Draft for subgroup rapporteur and subgroup's approval)DOCX


Topic 1 Rec #4 v3DOCX


Topic 1 Rec #4 v2DOCX


Topic 1 Rec #4 v1DOCX


Topic 7 v1DOCX

Background Documents

Further background documents may be found on the Review Team's overall Background Materials page.

ICANN Org Briefings/Answers

Open Actions/Requests

*To be provided once reasonable date is determined by appropriate subject-matter expert

Item #Source of RequestDate of RequestAction Item RequestAction Owner

Anticipated Completion Date*

Progress Notes


Incorporate a note about percentage # being under review and community input is welcome.





Susan and Stephanie the action to draft supporting text for the recommendation, explaining what “a risk-based approach” is intended to mean



Completed Actions/Requests

*To be provided once reasonable date is determined by appropriate subject-matter expert

Item #Source of RequestDate of RequestAction Item RequestAction Owner

Anticipated Completion Date*

Progress NotesCompleted ResponseCompletion Date


On P/P, which is intended to cover the case where PPSAI implementation stalls or providers do not seek accreditation, it is unclear whether a recommendation is needed. If it is, it belongs in the P/P section: Volker to add to the P/P section and rephrase along the lines of: “The board should monitor PPSAI implementation. In that event, the board should direct ICANN Org to negotiate an amendment to the RAA to…”Volker



Propose updated text to address items in [ ] for RT review and determination of consensus.Susan



Does ARS have access to non-public data under the Temporary Specification? Is the WHOIS data that is sampled by ARS obtained from the Registrar or Registry (for thick TLDs, since under GDPR much contact data may be redacted?)ICANN org





For domains rechecked after suspension, what % are found to be unsuspended in total and the % that are still non-compliant?ICANN org






Request for clarification: What are the process and criteria used to determine the domain names to review with ARS?ICANN org






Requests for clarification:

  • If we assume the sample of ARS domain names of 40% grandfathered domain names then we can extrapolate this to 40% of all domain names registered before 2013 MAY not have this registrant data collected, displayed, verified or validated. Can GDD tell us how many domain names total fall into the Grandfathered category? 




+ clarification




  • How many reports they have received concerning timeouts on the WHOIS lookup tool on ICANN.org?

  • How many WHOIS inaccuracy reports relate to proxy privacy registrations?






Schedule a WHOIS1 rec #4 subgroup call after Susan produces new draft addressing ICANN62 comments.ICANN org/Subgrou



Rec 4.8: Clarify that the DAAR blacklist is but one source of input, not considered authoritative.Susan



Rec. 4.7:Clarify recommendation to indicate the audit would apply only in cases where there is a pattern of failure to validate as required by the RAA.Susan, Lili



Rec 4.3: Susan to clarify recommendation to indicate how data would be updated.Susan



Volker to review latest draft from Susan and share comments.






Susan to update draft to reflect decisions reached and respond to Volker's commentsSusan

Draft Report




ICANN org to schedule a follow-up call for compliance subgroupICANN org

Draft Report




Carlton to draft finding/recommendation on use of DAAR to improve accuracy of WHOIS.


Draft Report




Question 1: Susan to formulate a follow-up question for Compliance (possibly also GDD) regarding counting of null fields and the subset of null fields that occur for grandfathered domains.Susan

Draft Report




Susan to research 2013 RAA negotiation materials to determine any reasons for allowing grandfathering. 


Draft Report




Susan to examine CCT recommendation on DAAR to build this subgroup’s recommendation


Draft Report




Susan to formulate recommendation to include compliance taking a risk-based approach that is not just reactive - addressing systemic complaints and taking a risk-based approach


Draft Report




Subgroup to try testing recommendation on WHOIS policies that are being examined by this review (e.g., PP, IDN) to see if metrics/monitoring/reporting and enforcement have been defined for those


Draft Report




Susan to liaise with ICANN org on a Doodle poll for a subgroup callSusan

Email sent individually to Alice & Jean-Baptiste




Brussels follow-up list of questions to ICANN complianceICANN org




13#26 - Email


Susan to confirm questions for ICANN compliance.






Subgroup members to read ICANN compliance's answers and to advise of any follow-up questions. Subgroup





Susan to reach out to Thomas to identify policies (from above list) that he will volunteer to review.Susan



Susan to include her findings about grandfathered domain names in draft subgroup report (see decisions reached, #3).Susan

Draft Subgroup Report



Subgroup members to review and attempt to answer questions prior to F2F meeting as follows:

  • Erika to work on AWIP and CLDP
  • Carlton to work on Procedures for Conflicts with Local Law and Transition of .COM, .NET, and JOBS to Thick WHOIS Policy 
  • Other policies needing a volunteer to review: Inter-Registrar Transfer Policy, UDRP/URS, ERRP, Translation/Transliteration

Questions to be addressed (at minimum):

  • Status of each of the following policies? Created/implemented/being reviewed? 
  • What impact does WHOIS have on each of these policies? 
  • Are there issues with these policies? 
  • How is WHOIS used in these policies? 
  • Are these effective?
  • Compliance issues
Subgroup, Carlton, ERika

Draft Subgroup Report



MSSI Secretariat to send out a new doodle.MSSI-Secretariat





Interview/discussion questions - second setICANN org





Interview/discussion questions - first setICANN org





Suggest timeline for completing briefing questions and desired timeframe for that briefing with ICANN Org compliance.






Subgroup 2-day face-to-face meeting: Alan and Susan requested to hold a two days subgroup face-to-face meeting with Compliance Department at ICANN org office in Los Angeles, only a small conference room would be needed. This would happen before the next plenary face-to-face meeting. ICANN org to liaise with meetings team to confirm notification time needed with meetings teamto prepare such meeting to identify a possible date (also taking into consideration compliance department staff would be available).ICANN org

Meeting #3 - with Compliance Management (1 February 2018)

Written answers to 1 Feb questions




Next Week’s Kick-Off Meeting with ICANN org Compliance Team (exact date to be confirmed):

Initial 1hour kickoff meeting between subgroup members who are in LA next week and members of the compliance Department

- Questions raised on today's call to be shared with the subgroup (see below), subgroup members not attending the call to share input/edits by Wednesday COB.

- Subgroup members to review attached first pass planning document and raise any questions, edits, by tomorrow COB.

- ICANN org to look into the possibility to add remote participation during the meeting with compliance for remote subgroup members.

Subgroup/ICANN org



Susan to take a first look at filling in the work statement based on today's discussion, and share it with the subgroup for input. 




Susan to provide ICANN org with dates for future subgroup call. Doodle to be sent out to subgroup based on this.


Decisions Reached

Source of RequestDateDecision
FtoF #3


R4.8 ICANN should direct ICANN Contractual Compliance to proactively monitor and enforce WHOIS data accuracy requirements to look for and address systemic issues. A risk based approach should be executed to assess and understand inaccuracy issues and then take the appropriate actions to mitigate them.
FtoF #3


R4.7 ICANN should direct ICANN Contractual Compliance to look for patterns of failure to validate and verify WHOIS data as required by the RAA. When such a pattern is detected, an audit should be initiated to check if the Registrar follows WHOIS contractual obligations and consensus policies. Sanctions should be applied if significant deficiencies in WHOIS data validation or verification are identified.
FtoF #3


R4.6 ICANN should review the WHOIS records of gTLD domain names sampled by ARS for each region to determine whether lack of knowledge of WHOIS inaccuracy reporting tools or other critical factors are responsible for low WHOIS inaccuracy report submission rates in some regions.
FtoF #3


R4.5 ICANN should publicize and encourage use of the Bulk WHOIS inaccuracy reporting tool (or any successor tool).
FtoF #3


R4.3 ICANN contracts or GNSO policy should require that gTLD domain names suspended due to WHOIS contact data which the registrar knows to be incorrect, and that remains incorrect until the registration is due for deletion, should be treated as follows.  (1) The WHOIS record should include a notation that the domain name is suspended due to incorrect data; and (2) Domain names with this notation should not be unsuspended without correcting the data.
FtoF #3


R4.2 (with 2 objections) - The ICANN Board should direct ICANN Organization to assess grandfathered domain names to determine if information is missing from the WHOIS Registrant field. If [X%] of domain names are found to lack data in the Registrant field, then the ICANN Board should initiate action intended to ensure that all gTLD domain names adhere to the same registration data collection requirements [within Y months].
FtoF #3


R4.1 ICANN should recommend the GNSO adopt a risk-based approach to incorporating requirements for measurement, auditing, tracking, reporting and enforcement in all new RDS policies.
FtoF #3


The latest % be cited in the report (30%) and note downward trend.
FtoF #3


No further recommendation is needed regarding the Compliance reporting structure.



Rec. #1 - revise to read "enforced as required" to address Stephanie's comment on F2F#2


Rec 8: Dig further and consult with Lili

Rec #7: Policy should integrate metrics, measurements, and reporting to ensure that the policy is effective in addressing the issue, and when metrics are defined, compliance would audit, track, report, and enforce as applicable for the policy.

Rec #6: Agreed but need to be fleshed out further (for example, that grandfathering should not apply after renewal).

Rec #5:
Should lead to two related recommendations - one on outreach to raise awareness of bulk WHOIS inaccuracy reporting, and a second on making it easier for registrars to receive multiple inaccuracy reports related to the same problem or the same domain name

Rec #4: Agreed but possibly belongs under Outreach or Accuracy recommendations

Rec #3 :

  • (1) Policy or contracts should require that WHOIS indicate whether a domain is on hold due to inaccurate data
  • (2) Domains on serverHold due to inaccurate data in WHOIS should not be unsuspended without inaccurate data being remedied

Rec #2 may be covered under Rec 3

Rec #1 to be redrafted to apply to registries not registrars



Question 4: subgroup agreed to Susan's draft recommendation.


Question 2: Recommendation that a policy or best practice be developed to flag in WHOIS when a domain name has been suspended for inaccurate data.

subgroup may suggest a policy such as updating the inaccurate record.



Include in briefing questions: 

  • Of the 60% of legacy gTLDs that are grandfathered on the 2009 RAA, how many comply with the 2013 RAA anyway? Note this is a possible gap to be addressed by a recommendation for a policy issue to be addressed.
  • Is there anything that would make compliance enforcement easier?

  • No labels