Internet Corporation for Assigned Names and Numbers

ICANN Publishes Registrar Website Compliance Audit Report

17 May 2007

EXECUTIVE SUMMARY

ICANN performed a Registrar Website Compliance Audit of all ICANN-Accredited Registrars’ websites to determine compliance with Registrar Accreditation Agreement (RAA) requirements. Among active ICANN-Accredited Registrars, the audit team found 19 registrars with non-working websites and 20 registrars with no Whois service available on their websites. All active ICANN-Accredited Registrars found out of compliance with RAA website requirements were notified and given an opportunity to cure cited violations.

AUDIT OBJECTIVES

The general objectives of the Registrar Website Compliance Audit were to:

  • Assess how many active ICANN-Accredited Registrars have non-working websites in violation of the website requirements as set forth in Section 3.3 of the Registrar Accreditation Agreement (RAA);[1]
  • Assess how many active ICANN-Accredited Registrars do not provide whois service on their websites for public use as required by Section 3.3 of the RAA;
  • Notify active registrars identified as non-compliant with RAA website requirements and provide a reasonable time for cure;
  • Encourage compliance with Registrar Accreditation Agreement requirements regarding the provision of working websites and working whois service by publishing a report regarding ICANN’s audit findings; and
  • Report observations made from the audit findings and provide follow-up actions to be taken by ICANN.

METHODOLOGY

The methodology for the Registrar Website Compliance Audit was determined by ICANN staff, in consultation with registrar community members, prior to the commencement of the audit.[2] The staff members that undertook the audit tasks were familiar with registrar websites and the navigational tools frequently used by registrars to provide public information regarding various registrar services. To maintain focus on the objectives of the Registrar Website Compliance Audit, ICANN staff performed the audit by completing three sequential tasks.

1. Website Examination

ICANN staff examined every ICANN-Accredited Registrar’s website. At the time of the audit, there were approximately 881 ICANN-Accredited Registrars. If a registrar had a website, the website was deemed working if it was interactive. Registrars with working websites were deemed in compliance with this portion of the audit. In those cases where registrars were found not to have working websites, ICANN staff noted that information for the purpose of later notifying those registrars of the apparent RAA violation.

2. Assessment Regarding the Availability of Whois Service on Websites

Of those registrars that had working websites, ICANN staff looked for Whois service on their websites. If Whois service was found on a registrar’s website, ICANN staff tested the Whois service to determine operability. ICANN staff input a registered domain name in each Whois service to test whether the service would provide a responsive message. Referral messages that included the name of the sponsoring registrar and other pertinent information regarding the domain names as well as messages with complete whois data were considered compliant. When acceptable responsive messages were returned, the registrar was deemed in compliance with this portion of the audit. In those cases where registrars were found not to have any Whois service available on their sites or the Whois service was inoperable, ICANN staff noted that information for the purpose of later notifying those registrars of the apparent RAA violation.

3. Transmission of Notices to Registrars Found out of Compliance with RAA Requirements

Prior to transmitting notices of noncompliance, ICANN staff compiled a list of all registrars that did not have working websites and a list of registrars that did not have Whois service available for public use. These lists were checked against ICANN’s list of registrars currently managing active registered names. Those registrars that were not managing any active registered names at the time of the audit were excluded from the list of registrars considered for notification of non-compliance. As explained in the Findings section of this report, Section 3.3.1 of the RAA only requires registrars that are managing active registered names to comply with the website requirements. There were approximately 32 registrars that were not managing active registered domain names at the time of the audit, but were found to have either non-working websites or no Whois service available on their websites.

Upon finalizing the list of active registrars thought to be out of compliance with RAA website requirements, ICANN notified those registrars via electronic mail. Below is a sample non-compliance notice transmitted by ICANN as part of the Registrar Website Compliance Audit.

Dear Registrar Representative:

Over the past six weeks ICANN conducted an audit to determine whether Registrars are in compliance with website requirements as provided by the Registrar Accreditation Agreement. Specifically, ICANN looked at each Registrar’s website to assess whether:

  • There was a working website as required by section 3.3 of the RAA; and
  • There was a working whois service available on the website as required by section 3.3 of the RAA.

ICANN audited your company’s website between 5 April 2007 and 12 April 2007. ICANN determined that your company is not in compliance with Section 3.3 of the RAA because your company does not have a working website.

Failure to have all of the information and services required by the RAA on your website constitutes a breach of the RAA. On or before 18 May 2007, please respond to this electronic mail message by providing an explanation as to when this problem was corrected. Failure to cure breaches within the time period specified in the RAA is grounds for termination of your registrar accreditation agreement. We intend to look at your company’s website again after 18 May 2007 to determine if these violations of the RAA have been cured.

ICANN will be engaged in other website audit checks in the coming months to determine whether registrars have information on their websites concerning their deletion and renewal policies as required by the RAA. You are encouraged to make whatever adjustments are necessary to your website now to ensure compliance and avoid future notices of this kind.

Please contact me at the telephone number below if you have any questions.

Regards,

Stacy Burnette
Director,
Contractual Compliance
ICANN
4676 Admiralty Way
Marina del Rey, CA 90292

Although several registrars are currently engaged in discussions with ICANN regarding the notices of non-compliance and their interpretations of the RAA website requirements, a significant number of non-compliant registrars cured the RAA violations cited in the notices of non-compliance within days after receiving the notices. Complete information regarding time to cure the violations cited by ICANN will be published on ICANN’s website within the next thirty days.

FINDINGS

As part of the Registrar Website Compliance Audit process, ICANN examined 881 registrars’ websites. At the time of the audit, the audit team found that there were 102 ICANN-Accredited Registrars that were not managing any active registered names, and therefore, were not required to have interactive websites and Whois service available on their websites pursuant to Section 3.3.1 of the RAA.[3]

The audit team found 19 registrars managing active registered names with non-working websites. In those instances when ICANN staff attempted to examine a registrar’s website and found a non-working website, the server returned either an error message or a place holder page with a message such as "This site is under construction" or "Coming Soon."

The audit team found 20 registrars managing active registered names with working websites, but no Whois service available on their websites. The audit team carefully searched these websites and used all of the navigational tools available on these sites to find Whois service.

The pie charts below provide a pictorial of the Registrar Website Compliance Audit findings.

OBSERVATIONS

  • ICANN observed that approximately 4% of all ICANN-Accredited Registrars are not in compliance with the studied RAA website requirements.
  • ICANN observed that twelve of 19 active registrars, that do not have working websites, have been accredited by ICANN for two years or less.
  • ICANN observed that eleven of 19 active registrars, that do not have working websites, are based in North America.
  • ICANN observed that ten of 20 active registrars, found to have no working whois service available on their websites, have been accredited by ICANN for two years or less.
  • ICANN observed that ten of 20 active registrars, found to have no working Whois service available on their websites, are based in North America.
  • ICANN observed that ten of 20 active registrars, found to have no working Whois service available on their websites, are based outside of North America ( China, Germany, Portugal, Australia, Russia, Turkey, Jordan, Israel and Sweden).

FOLLOW-UP ACTIONS

  • ICANN requires remedial action by those registrars found to be in a state of non-compliance. Registrars that do not take this action will be sent formal notices that they are in breach of their agreement.
  • ICANN, in consultation with the Registrar Constituency, will develop Registrar compliance materials for newly accredited registrars to assist them in understanding their contractual obligations as ICANN-Accredited Registrars.
  • ICANN will engage in registrar website compliance audits on an annual basis as such audits serve as a valuable tool in assessing website compliance by the registrar community.

[1] A registrar is considered "active" by ICANN if the registrar is currently managing active registered names. Conversely, those registrars that are ICANN-Accredited, but are not managing active registered names, are considered "inactive" by ICANN.

[2] The methodology was modified slightly after the audit commenced due to unforeseen complexities and lessons learned during the course of the audit.

[3] A Registered Name is defined in Section 1.7 the RAA as,

"…a domain name within the domain of a TLD that is the subject of an appendix to the Agreement, whether consisting of two or more (e.g., john.smith.name) levels, about which a TLD Registry Operator (or an affiliate engaged in providing Registry Services) maintains data in a Registry Database, arranges for such maintenance, or derives revenue from such maintenance. A name in a Registry Database may be a Registered Name even though it does not appear in the zone file (e.g., a registered but inactive name)."

Section 3.3.1 of the RAA states in relevant part, "At its expense, Registrar shall provide an interactive web page and a port 43 Whois service providing free public query-based access to up-to-date (i.e., updated at least daily) data concerning all active Registered Names sponsored by Registrar for each TLD in which it is accredited." Emphasis added.

Stay Connected

  • News Alerts:
  • Newsletter:
  • Compliance Newsletter:
  • Policy Update: