If you have a solution that you think will work, then you need to structure it rather than post long tracts like this.

The one area where ICANN can impact the registrars is with the Registrar Accreditation Agreement. As I point out, this contract is actually undergoing review at this very moment.

And you are able to put forward suggested changes to that contract now by simply sending an email.

I can’t stress enough that I have no power or even ability to make the changes you ask for. Nor do ICANN staff. You have to persuade the Internet community – who are also the experts on the Internet.

I am simply the person that tries to get people with passion like you to get in there, and try to persuade people that the system will work better with a change here and a change there.

So don’t tell me any more. Read the contracts that define ICANN’s relationship to registrars. Then devise a way of adjusting those agreements. And then try to persuade the rest of community why those changes are a good idea.

Incidentally, if you think that registrars are already breaking the RAA, you can report that to ICANN’s compliance team (I have already linked to them above) and they will look into it.

Incidentally, I do agree with Maria’s point below about relevance. This discussion shouldn’t be happening in this post. It only confuses and irritates people if they click on one post to find a discussion of something totally unrelated.

I would however like to see your organisation’s name appear in the comment forum on changes to the RAA all the details you need ae here: http://www.icann.org/public_comment/#raa-consultation.

Kieren

We did not intend to for this issue to evolve as it did, our initial response was clear and to the point and in the framework of the ‘spelling of ICANN’ which is what this thread was originally about. We simply asserted that in today’s framework, those in our community commonly refer to ICANN in the terms of ICANNOT due to what appears to be an overrun of issues that have occurred during ICANN’s watch. That was our intial response, than we simply responded to comments to us at that point (which is more than acceptable amongst most familiar with the blogging culture). I will forward comments to Kiernen directly from this point on.

Chris
SearchCOPS

I appreciate that you are concerned about issues unrelated to this post, and that Kieren has kindly responded to you about them.

But you should take a look at our comment policy. The ICANN blog is no different from other blogs, and relevance of comments is important;

“Relevance
We would also like to stress that comments covering an entirely different topic to the actual blog post they are attached to are also frowned upon. If it is a mistake, we have no problem, but the ICANN blog is there to be a reasonable and helpful communication and interaction tool – not to lobby by the backdoor, or harangue staff over the same issue out of context.”

The rhetorical feint of ‘name-check the issue under discussion, but claim it can’t possibly be dealt with unless your pet issue is finally resolved’ does not count as relevant. If you really do appreciate open dialogue, then you need to follow accepted blogging norms.

We can’t encourage other ICANN staff to blog about topics if they think their threads will be hijacked by the cause du jour. And Kieren already does a fine job of creating threads on burning issues.

I have forwarded a message to you as well on this subject which will hopefully more fully explain our points on this matter. However, the mere fact that you, as a representative of ICANN, incorrectly stated that Joker (aka CSL Computer Service Langenbach GmbH d/b/a joker.com) and the BILTS (aka Beijing Innovative Linkage Technology Ltd. dba dns.com.cn) group did not have a contract with ICANN is simply wrong. Please review the accredation list yourself: http://www.icann.org/registrars/accredited-list.html
This fact has me deeply concerned and simply demonstrates how out of touch ICANN has become with this issue. The mere fact that ICANN has been ‘working’ on this problem for the better half of 7 years now, does not inspire alot of confidence in me. The technology already exists to correct huge holes in the current strategies – and while there isnt a 100% cure, suring up the registry would definitely be a huge step in the right direction. This would allow us to more definitively engage these criminals in a place that some have been drove into (utilization of Zombie Networks) which carry very serious international criminal penalties and would allow us to expedite these folks into the penal system. Both of the registrars listed above need to sure up their registration systems. The fact that over 75% of recent spamming activities in our honeypots over the past 3 months have initiated with registrations on Joker and BILT is all that is needed to know. During this same period, we have not even had one occassion to inquire as to the whois status of a GoDaddy registered domain (and this includes their Wild West reseller group) and one of the reasons for this is GoDaddy IMMEDIATELY takes action upon those who violate their “TOU” resulting in immediate suspension of those domain activities, which is one of the reasons why spammers have run like wildfire away from GoDaddy as their registrar. There are many other Registrars within your ICANN wing that do a wonderful job at policing their own registries, the mere fact that over the past 6 months, only Joker, BILT, Xin Net Technology Corporation, Directi Internet Solutions (d/b/a PublicDomainRegistry.Com), and ENOM have come upon our radar is a service to the other 795+ Registrars who seem to be doing a far better job in monitoring and overall enforcement. As I have stated, this problem begins and ENDS with the Registrars….without a domain name for the spammers to resolve to, it makes the spammers jobs’ incredibly more difficult and far more dangerous for them to attempt in the first place. With your help, we could probably dwindle the ROKSO 200 down to about 10 and really concentrate our efforts at that point. Btw, as a side note to any registrars who may be reading this blog, the following group is in our crosshairs at this moment:

Domain Name………. thoughpose.com
Creation Date…….. 2007-08-25 12:51:42
Registration Date…. 2007-08-25 12:51:42
Expiry Date………. 2008-08-25 12:51:42
Organisation Name…. happyinternational.inc
Organisation Address. chaoyang avenue 468
Organisation Address.
Organisation Address. beijing
Organisation Address. 100438
Organisation Address. BJ
Organisation Address. CN

Admin Name……….. huan huan
Admin Address…….. chaoyang avenue 468
Admin Address……..
Admin Address…….. beijing
Admin Address…….. 100438
Admin Address…….. BJ
Admin Address…….. CN
Admin Email………. dfeendloonesegou@hotmail.com
Admin Phone………. +86.1045875892
Admin Fax………… +86.1093859833

Tech Name………… he sir
Tech Address……… shennanzhong rd
Tech Address………
Tech Address……… Shenzhen
Tech Address……… 518031
Tech Address……… GD
Tech Address……… CN
Tech Email……….. adminspeed123@126.com
Tech Phone……….. +86.75583233325
Tech Fax…………. +86.75583233325

Bill Name………… he sir
Bill Address……… shennanzhong rd
Bill Address………
Bill Address……… Shenzhen
Bill Address……… 518031
Bill Address……… GD
Bill Address……… CN
Bill Email……….. adminspeed123@126.com
Bill Phone……….. +86.75583233325
Bill Fax…………. +86.75583233325
Name Server………. ns0.nuspharkosa.com
Name Server………. ns0.pharokufuma.com
Name Server………. ns0.kopepharas.com
Name Server………. ns0.mukopkufude.com

AND

Domain Name………. topmedslay.com
Creation Date…….. 2007-08-25 12:41:01
Registration Date…. 2007-08-25 12:41:01
Expiry Date………. 2008-08-25 12:41:01
Organisation Name…. happyinternational.inc
Organisation Address. chaoyang avenue 468
Organisation Address.
Organisation Address. beijing
Organisation Address. 100438
Organisation Address. BJ
Organisation Address. CN

Admin Name……….. huan huan
Admin Address…….. chaoyang avenue 468
Admin Address……..
Admin Address…….. beijing
Admin Address…….. 100438
Admin Address…….. BJ
Admin Address…….. CN
Admin Email………. dfeendloonesegou@hotmail.com
Admin Phone………. +86.1045875892
Admin Fax………… +86.1093859833

Tech Name………… he sir
Tech Address……… shennanzhong rd
Tech Address………
Tech Address……… Shenzhen
Tech Address……… 518031
Tech Address……… GD
Tech Address……… CN
Tech Email……….. adminspeed123@126.com
Tech Phone……….. +86.75583233325
Tech Fax…………. +86.75583233325

Bill Name………… he sir
Bill Address……… shennanzhong rd
Bill Address………
Bill Address……… Shenzhen
Bill Address……… 518031
Bill Address……… GD
Bill Address……… CN
Bill Email……….. adminspeed123@126.com
Bill Phone……….. +86.75583233325
Bill Fax…………. +86.75583233325
Name Server………. ns0.nuspharkosa.com
Name Server………. ns0.pharokufuma.com
Name Server………. ns0.kopepharas.com
Name Server………. ns0.mukopkufude.com

These folks known as the “Canadian Pharmacy” have been spamming ever since i can remember and they can show us some of the immediate warning signs which should trigger an audit:

1. Admin name/Tech name: huan huan/he sir….I mean come on common sense people.

2. Phone numbers: as you can see only the Admin phone number could even be possible, because Bejing, China’s country code is 86 and the area code is 10….75 is not even a valid area code in China.

3. Addresses: simple usage of some of google’s backend tools (APIs) could automatically red flag domains in question.

4. Name Server(s): Last but certainly not least, anytime a domain is registerd that has a number (2 or more) of DNS names that are completely different should be a complete no-brainer red flag. This is due to the fact that their name servers are suspended quite often and they need back up name servers in those events.

Finally, there are soo many groups out there that already exist that have the data necessary to blacklist these folks prior to them even getting off of the ground. I apologize, Kieren, however, I think I have made my point and we will not settle for further excuses. I do appreciate your open dialogue with us

Sincerely,
Chris
SearchCOPS

Yes, please *do* share your research, and if you have solid changes to the contracts ICANN has with registrars or registries that you will think will help combat spam, please do draw them up and put them into the ICANN system.

The best place to raise it would probably be with the Non-Commercial Users (NCUC) constituency within the GNSO. Either that, or approach the At Large Advisory Committee – or better, approach both.

Believe me, if you can come up with a workable solution to help limit spam, you will find support from every quarter.

However, I do need to point out some inaccuracies in your response. While ICANN does indeed having contracts with many registrars, it does not have contracts with all of them – and, predictably enough, it doesn’t have a contract with the two registrars you mention (you can see the full accredited list here).

Now, there is an issue under discussion at the moment where companies are able to act as registrars without a registrar agreement by striking a reseller deal with an accredited registrar. Through changes in the RAA, ICANN is seeking to tighten these rules up. You can see the issue outlined in clear language here.

I am not kidding when I say if you want to change this *all you have to do* is put together your arguments, preferably with as much evidence as possible, to explain what changes should be made and why.

All the details you need are here, and the email address to send your comments to is raa-consultation@icann.org.

Alot of people misunderstand that this is what ICANN does – we help co-ordinate between the Net’s different groups. Someone raises a point, it is put through the consultative process, in which *anyone* can comment. And then ICANN works as hard as it can to produce a consensus on changes.

If you want to see changes, you have to get involved. Complaining on this blog will get my attention, and will get you the information above, but it is up to you to make the difference.

The second point where you are very unfair is the OECD’s anti-spam toolkit. In fact, it is quite comprehensive and far, far more than simply blocking spam as you appear to imply.

But my main point is: get involved. If you want any information on how to do that, or you want to know more about how ICANN works, or you want contact details for people, just ask. Either here or feel free to email me at kieren [dot] mccarthy [at] icann {dot} org.

Kieren

Respectably,
Chris Luccaterro
SearchCOPS

Yes. I agree. We agree. And ICANN is working on several fronts to deal with this.

The Whois discussions have been going on for no less than seven years. The most recent report came out last week (you can download it here). That will go to the GNSO Council this week where they will most likely find that there continues to be a lack of agreement in the Internet community over how to deal with the issue.

The arguments are far too lengthy and complex to even start to go into here. But fundamentally ICANN works as a co-ordination body because that is the best way to progress for the whole Internet, and so we form policy by getting people to arrive at consensus. Were it otherwise and ICANN decided itself what should happen, the Internet would cease to be what it is now.

A related issue is that of domain name tasting. As we speak a working group is reviewing the problem in depth, and ICANN staff are also compiling and analysing alot of information about this, including how different registries across the world deal with the issue of domains. That may provide some useful patterns and lessons.

A further important aspect, as you raise, is making sure that registrars and registries are kept in check. All those involved with gTLDs have contracts with ICANN and ICANN’s compliance team has already been making sure those contracts are followed for several months, if perhaps we haven’t been shouting about it from the rooftops.

But all the information is there is you want to review it. You can see it at: http://www.icann.org/compliance/

And one other aspects which you don’t explicitly raise but which is a part of the larger jigsaw is the issue of registrants’ rights and the RegisterFly issue. There are changes going through into the Registrar Accreditation Agreement – you can see the suggested amendments in full here – that will improve the situation. Added to which, ICANN has just hired a specialist data storage company to act as a data escrow provider for domain details, so the details of domain ownership can be safely retained and restored where needs be.

But despite all of this, it would have only a very limited impact on spam, as you well know. The big problem – the biggest problem – with spam is that is requires concerted effort by a very large numbers of very different organisations to tackle it.

There have been alot of governments passing anti-spam laws – with little lasting effect. There have been countless technical efforts with limited effect. There are numerous commercial products aimed at dealing with it, which are partially effective.

The truth is that it requires global understanding and co-operative action to deal with spam. It only takes one compromised server, or one country with weaker efforts in law or by its ISPs and spammers will locate it and exploit it.

The best answer at the moment is the Internet Governance Forum, set up by the United Nations to deal with exactly these issue. Last November, the OECD used the IGF’s inaugural meeting to launch its Anti-Spam toolkit – you can find all you need to know about that here.

The hope is that this November in Rio, more people will have signed up to this effort, plus learnt more about spam, plus be willing to help others. Unfortunately, a chunk of that valuable time looks as if it will be taken up with people discussing ICANN rather than dealing with the wider problems out there.

If you want to get annoyed with someone, if you want to make a difference, my advice would be to go to the IGF and keep asking people what they are doing to combat spam – and then provide them with practical measures for doing so.

But in the meantime, please do review what ICANN is doing in the areas where it can do something and interact with us. A good place to start is the public comment page which outlines what is currently out for public review and the background behind it. You can find that at http://www.icann.org/public_comment/.

I hope this helps answer your queries.

Kieren McCarthy
General manager of public participation, ICANN

Sincerely,
Chris Luccaterro
SearchCOPS