FINAL VERSION SUBMITTED (IF RATIFIED)
The final version to be submitted, if the draft is ratified, will be placed here by upon completion of the vote.
FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC
The final draft version to be voted upon by the ALAC will be placed here before the vote is to begin.
DRAFT SUBMITTED FOR DISCUSSION
The first draft submitted will be placed here before the call for comments begins. The Draft should be preceded by the name of the person submitting the draft and the date/time. If, during the discussion, the draft is revised, the older version(S) should be left in place and the new version along with a header line identifying the drafter and date/time should be placed above the older version(s), separated by a Horizontal Rule (available + Insert More Content control).
See: Google Doc (comment-only)
The At-Large community welcomes both the initiative by the Registrar Stakeholder Group (RrSG), to address Registrant Protections in DNS Abuse Mitigation, as well as the opportunity to comment. The occasionally conflicting interests of registrant and non-registrant individual end users demands we find the right balance in the fight against DNS Abuse.
Overall, the paper represents an excellent collection of redress mechanisms that ought to be available to registrants, in the case of mistaken take-down. The At-Large would like to proffer just a few points.
The topic of poorly constructed and poorly supported complaints is ongoing and the At-Large would like the RrSG to consider more fully exploring this topic with examples, even if hypothetical. Giving registrars a checklist or framework, with which to evaluate a complaint, would help standardize both the formulation and resolution of complaints. Perhaps some criteria for identifying a pattern of abuse would be helpful in separating the the spurious from the systemic.
- 3rd Party Abuse
The white paper makes two references to 3rd party responsibility for abusive conduct. In the second, case it is mentioned in the context of a reversal, of an action taken by a registrar, based on an abuse report. This seems wholly appropriate. However, in the first instance, there is a suggestion that "a domain name should not be labelled as abusive when the abusive usage results from the action of a third party." This would seem to imply that determination of responsibility should happen prior to any action, taken by the Registrar and that seems inappropriate. If the domain hosts verifiable abuse, particularly as its primary function, it should be taken down immediately and restored after a fix has been applied. The fact that the abuse was not the result of malice by the domain holder should not deter action taken to mitigate that abuse.
- Proportion of of domain use
It is also often mentioned that random abuse, in an otherwise non-abusive domain, needs to be handled Differently. If, for example, a comment, on a news site, contains.a phishing link, it's not appropriate to take down the entire domain. Perhaps a framework for alternative mitigation, involving the domain owner or website host, is appropriate. Again, the more that can be laid out, with examples, the better.
We of the At-Large community appreciate the opportunity to comment and welcome any ongoing dialog on the issue of DNS Abuse mitigation. We hope these comments are helpful.