Skip to main content

Registrar Advisory Concerning Inappropriate Lending of Registry Access

Based on recent communications with registrars, it has become apparent that some ICANN-accredited registrars may be inappropriately lending their access to registries to third-party proxies. If not appropriately conducted, providing registry access to third parties can violate registrars' agreements with ICANN and jeopardize their continued accreditation. While registrars are permitted to enter into reseller arrangements with agents that assist them in providing service to customers, registrars are not permitted otherwise to lend access to their connections directly to entities that are not accredited registrars.

The purpose of this advisory is to assist registrars in understanding their obligations under the Registrar Accreditation Agreement (RAA) in matters relating to lending access to entities that are not accredited registrars. Where appropriate, ICANN will exercise its right to audit registrar records in order to ensure compliance with the RAA.

Pertinent Provisions of the Registrar Accreditation Agreement

The current version of the RAA is divided into 5 sections: section 1 defines terms; section 2 describes ICANN's obligations to registrars; section 3 describes registrars' obligations to ICANN; section 4 describes how ICANN's consensus process can create new policies that would be binding on registrars; and section 5 covers miscellaneous subjects such as termination and assignment.

Section 3's "Registrar Obligations" cover topics such as submission of data to registries, data retention requirements, public access to Whois data, accreditation fees, and also various business requirements and restrictions binding on registrars. These operational mandates are set forth in Section 3.7, entitled "Business Dealings, Including with Registered Name Holders." Several of these provisions are relevant to lending of registrar-registry access. These include:

3.3.1 At its expense, Registrar shall provide an interactive web page and a port 43 Whois service providing free public query-based access to up-to-date (i.e., updated at least daily) data concerning all active Registered Names sponsored by Registrar for each TLD in which it is accredited. ...

3.4.2 During the Term of this Agreement and for three years thereafter, Registrar (itself or by its agent(s)) shall maintain ... records relating to its dealings with the Registry Operator(s) and Registered Name Holders ... .

3.7.3 Registrar shall not represent to any actual or potential Registered Name Holder that Registrar enjoys access to a registry for which Registrar is Accredited that is superior to that of any other registrar Accredited for that registry.

3.7.4 Registrar shall not activate any Registered Name unless and until it is satisfied that it has received a reasonable assurance of payment of its registration fee.

3.7.7 Registrar shall require all Registered Name Holders to enter into an electronic or paper registration agreement with Registrar ... .

In summary, based on these provisions a registrar:

  • must have a contract with a registrant for every domain name it registers (3.7.7);

  • must not "add" domains into a registry without advance assurance of payment of the registration fee (3.7.4);

  • must not represent that it has superior access to the registry (3.7.3);

  • must maintain a record of all registration data it submits to the registry (3.4.2); and

  • must provide Whois data, updated at least daily, for every domain it sponsors in the registry (3.3.1).

Registrar Access-Lending Schemes

At least one registrar access-lending scheme currently in operation raises significant issues under these provisions of the RAA. One registrar recently reported that it was unaware that it was responsible for hundreds of domain registrations that had been added to and then deleted from the registry without the registrar's participation. The registrations had been processed through a machine provided by a third party that had been installed on the registrar's network. This registrar had agreed to install the third party's machine in exchange for monetary compensation paid to the registrar. The third party was using the machine's access to the registry to add domain registrations into the registry on behalf of the third party's customers.

Those customers had not agreed to enter into the registrar's registration agreement (in violation of RAA section 3.7.7); indeed, it appears the registrar had no relationship with the customers involved. The customers had not paid (or promised to pay) the registrar prior to the activation of the registrations (in violation of 3.7.4). The registrar apparently did not have any record of the domains that had been registered (and subsequently deleted) through its systems (in violation of 3.4.2). Since the registrar didn't even know it had made some of the registrations, it was not providing updated Whois data for those registrations (in violation of 3.3.1).

Overarching these other violations is a breach of section 3.7.3, which prohibits registrars from representing that they have superior registry access. It appears that the third party has been claiming it offered the best chance to acquire expired names. Registrars allowing, in violation of the above provisions, a third party to enjoy the registrars' access to the registry are responsible for the superior-access claims that third party makes.

Permissible Registrar Wholesale/Reseller Models Distinguished

Many ICANN-accredited registrars operate or participate in wholesale/reseller business models that can be readily distinguished from the impermissible access-lending schemes outlined above. In a standard registrar/reseller model, the registrar complies with all of the above provisions of the RAA. The registrar that processes domain registrations through resellers is required to have a contract with every registrant, obtain assurance of payment before activating registrations, maintain its own records of all registration data, and provide public access to updated data for all domains it sponsors.

Conclusion

All ICANN-accredited registrars are strongly encouraged to undertake an immediate review of any access-lending schemes in which they are currently participating to ensure that they are in compliance with all of the provisions of the Registrar Accreditation Agreement. Registrars that continue to operate in breach of the RAA should review section 5.3 of the agreement, which covers termination of accreditation. ICANN considers registrar compliance with accreditation agreements to be a high priority. ICANN will exercise its right under Section 3.4.3 to audit registrar records as appropriate.


More Announcements
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."