AT-LARGE GATEWAY

At-Large Website

ALAC

RALOs

At-Large Regional Policy Engagement Program (ARPEP)

At-Large Governance

At-Large Reports

Policy Comments & Advice

Working Groups

ICANN Meetings

At-Large Summit (ATLAS III)

At-Large Review Implementation Plan Development

ALAC and RALO Elections, Selections, and Appointments

At-Large Priority Activities - 2022

比較バージョン

古いバージョン 26

changes.mady.by.user Evin Erdogdu

保存しました

次と比較

新しいバージョン 27

changes.mady.by.user Alperen Eken

保存しました

キー

  • この行は追加されました。
  • この行は削除されました。
  • 書式設定が変更されました。

...

At-Large Policy Session: Tools for Wholistic Contract Compliance - AE

Notes

140 participants with a pretty active chat, very constructive criticism to both ICANN and Registrar.

Jamie - Compliance is enforcing contracts and using different tools. Community decision whether when the CC enough?

James - DNS abuse vs Content abuse where does ICANN’s enforcement end? ICANN’s best practices are questioned.

Jamie: In terms of tools, individual complaints which are inaccuracy etc. ICANN does not take a holistic approach in enforcing contracts. ICANN CC is open for innovative ideas. Small number of Rrs and Rys are responsible for a big part of abuses.

James: ICANN’s scope is limited, they can change, there are legitimate ways to change them after processes. Bad guys are aware that ICANN has a process and the process is open. Industry collaboration is important to stop abuses. More money to registrars is welcomed, in terms of security etc. however we should be very careful to avoid abusing partners.

Jonathan: Most believe that CC is not well equipped for systemic abuse, more tools are needed and some systems should be getting better such as auditing.

  • How should the situations be handled today?
  • Will we have a favorable outcome?


Case #1

2 names are registered with Facebook information

Names used actively for Abuse

30k End Users are targeted through the messenger.

It is reported to Rr and Contracted Party


What should happen next?

What should compliance do?

How long should it take for this to be resolved?

Jamie: A complaint, inaccurate whois: CC first make sure that there is evidence that there is an inaccuracy, if there is an evidence, CC go to Rr and Rr has 15 days to investigate if there is an inaccuracy. It can go back and forth a few times, 2nd and 3rd notice. And there may be a breach at the end. This is a standard approach. It may be a 30-days process but can be way shorter.

James: There are some details missing. If reported to the registrar, you have different revenues to submit a complaint. If this domain name is used for phishing, Rr try to figure out they look at the complaint and address this faster. In the real world, the closer the proximity to the content, Rr can address the issue faster.

Case #2 - Whack - a - Mole

There are 1000 domains, 10 were taken down, can the rest be taken down as well?

Jamie: Rrs may find a pattern and take down many other similar domains registered but not necessarily.

James: Rrs can take lots of different actions depending on the situation, there may be a need for a 1000 complaints or just a complaint.

It is important for Rrs to do their diligence, empowering CC is not the solution.

Case #3 Privacy Proxy

Very probably abusive/phishing domain names have P/P providers, how can they be taken down if they can be?

Jamie: privacy proxy provider maintains full discretion, ICANN’s process is definite.

James: Either they are affiliated providers or not, they can use the PP providers. However, in the first place, it is very hard to get such a website address on Rrs website.

Case #4 - .creditunion

Jamie & James: This is under GAC safeguards, so it is not really possible.

Action Items

  •  Jaime to follow up some cases offline.