Skip to main content

What’s happening with Whois compliance activities?

Whois has been a complex issue within ICANN, and continues to receive attention at the policy level. While this important policy work goes on, ICANN still has the clear responsibility to enforce existing Whois provisions in the Registrar Accreditation Agreement (RAA), and to better understand the real world status of Whois accuracy and Whois related services (e.g. privacy and proxy registration services).

So, what is ICANN doing for Whois compliance? Here is a recent survey of activities:

1. A Whois Accuracy Study to Assess the Accuracy of Registrant Data in the Whois Database
Understanding the Whois environment is important. The GNSO is considering, and the GAC has called for, various Whois-related studies. You may or may not know that there has been study work underway, and some new work is just starting. There has been a long-running and challenging effort underway to statistically answer the question “How accurate is Whois data?” After multiple starts on such a study, an initial study/contract phase has just been completed with the National Opinion Research Center (associated with the University of Chicago) to design such a study. NORC recently provided ICANN with a proposed methodology for selecting a representative sample of domain names and a proposed methodology for verifying the accuracy of Whois data. ICANN is analyzing this information and we’re optimistic that this will turn into an executable study plan within the next few weeks.

2. A Registrar Privacy/Proxy Registration Services Study to Assess the Extent to Which Registrants Are Using Privacy/Proxy Registration Services
ICANN has initiated a study of Proxy/Privacy Registration Services. The purpose of this study is to determine the extent to which registrants are using privacy and proxy registration services and to obtain information regarding the business models used to provide such services. As part of this study, ICANN will send a survey to all ICANN-accredited registrars requesting that they provide, among other things, information regarding the number of registrations they manage that currently use privacy or proxy registration services. The survey is being finalized and it is anticipated that registrars will receive ICANN’s survey before the end of 2008.

3. ICANN’s Whois Data Problem Report System (WDPRS) is Undergoing a Redesign to Improve Functionality and Meet Community Needs
The Whois Data Problem Report System (WDPRS), implemented in 2002 to assist registrars in complying with their obligation to investigate Whois inaccuracy claims, is undergoing a system redesign. ICANN frequently receives thousands of Whois inaccuracy claims through this system per day. The redesigned software system (to be completed in November), will include components that allow for better, hands-on analysis of actual problem reports and processing of bulk Whois inaccuracy claims. I’m happy to note that there has been consultation with high volume submitters and representatives from the Intellectual Property and Registrar constituencies regarding the system redesign (these high volume submitters account for about 80% of inaccuracy complaints filed through the WDPRS.)

A demonstration of the redesigned WDPRS will be provided at the Cairo meeting as well as information regarding ICANN’s findings relative to our manual reviews of Whois inaccuracy claims. This work should result in quality improvements for users of the WDPRS and system improvements that allow ICANN to better monitor Whois accuracy compliance. Moreover, we anticipate the use of the redesigned WDPRS to lead to a better understanding of the environment: How long does it take to go from an inaccuracy complaint to resolution of that complaint? How many complaints are successfully resolved the first time?

4. Recent Whois-Related Enforcement Action – Notices of Breach
The community may have noted that in October two registrars, and, were sent breach notices regarding insufficient follow-up on complaints of Whois inaccuracy. Inaccuracy investigation, per the RAA, is a requirement and it is important that this requirement be taken seriously.

ICANN analyzed both registrars’ responses to ICANN’s notices of breach and found that appeared to take reasonable steps to investigate the Whois inaccuracy claims provided. Conversely, was found non-compliant, as it failed to take reasonable steps to investigate the Whois inaccuracies indentified by ICANN.

Consistent with RAA requirements, cured the cited breach within 15 days to avoid termination by ICANN. However, in an effort to ensure that complies with the registrar Whois accuracy requirements set forth in Section 3.7.8 of the RAA, ICANN developed a remediation plan that requires to provide monthly reports identifying, among other things, exactly what steps were taken to investigate each Whois inaccuracy claim sent to via the WDPRS. has agreed to remain on ICANN’s remediation plan for six months.

5. Whois Data Inaccuracy Audit – Ongoing
ICANN has conducted a Whois Data Inaccuracy Investigation Audit, and will continue to do this in the future. Thirty ICANN-accredited registrars were part of the audit. Each of these 30 registrars was asked to provide specific information on 10 domain names randomly selected from the WDPRS. From the selected sample, 187 domain names were included in the audit. Registrars took action on 89 of them, and as of 12 June 2008, registrars report they are currently investigating an additional 26 domain names.

6. Whois Data Reminder Policy Audit – Ongoing
The Whois Data Reminder Policy Compliance Audit has been ongoing. In the first half of 2008, reports showed 850 of 901 registrars responded, and 98% of responders were found in compliance. (Follow-up action has been taken with non-respondants.) This means that the vast majority of gTLD registrants are contacted at least annually regarding updating their Whois records.

ICANN will continue to broaden its efforts to enforce the Whois provisions of the RAA and study trends that impact Whois accuracy, but I thought it would be useful to review the plans for future Whois compliance action and the Whois compliance actions underway right now.

For current information regarding ICANN’s Whois-related compliance activities, community members are encouraged to read and subscribe to the monthly ICANN Compliance Newsletter (see In almost every issue, you’ll find some update on Whois compliance actions.


    Domain Name System
    Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."