Public Comment

Public Comment is a vital part of our multistakeholder model. It provides a mechanism for stakeholders to have their opinions and recommendations formally and publicly documented. It is an opportunity for the ICANN community to effect change and improve policies and operations.


  • English

Name: Amy Cadagin
Date:6 Jan 2022
Affiliation: Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)
Summary of Attachment

M3AAWG’s attachment to this submission is a letter detailing our comments on the EPDP Phase 2A Policy Recommendations. The letter is in lieu of individual responses to each of the recommendations on the form.

Summary of Submission

It is in the public interest for anti-abuse actors to be able to contact, and obtain information about, the registrant of a public resource such as a domain name, in order to address cyber crime, hacking, botnets, phishing, and other abuse. For bona fide actors with a legitimate interest, access to WHOIS must be effective, functional, timely, and efficient to ensure appropriate cybercrime and abuse response.

The following is a summary of our comments for each of the recommendations:

EPDP Recommendation 1 – While it makes sense to differentiate between legal and natural persons, as different rules apply to these groups, for this to be workable to be workable, the field must be required for every registration, and used consistently with globally valid identifiers by all contracted parties. 


EPDP Recommendation 2 – Uniformity is required to ensure the WHOIS is functional and predictable for registrants, contracted parties, and cybersecurity specialists. Therefore, following relevant guidance and creating documentation should be mandatory. Making this voluntary will also burden those contracted parties who comply, while enabling those who choose to ignore the recommendation. 


EPDP Recommendation 3 – A baseline Code of Conduct that applies to all registrars and registries is necessary to establish a functional and uniform system.


EPDP Recommendation 4 – The ICANN community should establish clear rules and requirements that apply to all registrars and registries. Providing a pseudonymized point of contact directly available to trusted parties via RDDP/SSAD should be a requirement for all registrations to enable registrants to be contacted.