Name: Amy Cadagin
Date: 6 Jan 2022
Affiliation: Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)
Original Public Comment: EPDP Phase 2A Policy Recommendations for ICANN Board Consideration
Summary of Attachment
M3AAWG’s attachment to this submission is a letter detailing our comments on the EPDP Phase 2A Policy Recommendations. The letter is in lieu of individual responses to each of the recommendations on the form.
Summary of Submission
It is in the public interest for anti-abuse actors to be able to contact, and obtain information about, the registrant of a public resource such as a domain name, in order to address cyber crime, hacking, botnets, phishing, and other abuse. For bona fide actors with a legitimate interest, access to WHOIS must be effective, functional, timely, and efficient to ensure appropriate cybercrime and abuse response.
The following is a summary of our comments for each of the recommendations:
EPDP Recommendation 1 – While it makes sense to differentiate between legal and natural persons, as different rules apply to these groups, for this to be workable to be workable, the field must be required for every registration, and used consistently with globally valid identifiers by all contracted parties.
EPDP Recommendation 2 – Uniformity is required to ensure the WHOIS is functional and predictable for registrants, contracted parties, and cybersecurity specialists. Therefore, following relevant guidance and creating documentation should be mandatory. Making this voluntary will also burden those contracted parties who comply, while enabling those who choose to ignore the recommendation.
EPDP Recommendation 3 – A baseline Code of Conduct that applies to all registrars and registries is necessary to establish a functional and uniform system.
EPDP Recommendation 4 – The ICANN community should establish clear rules and requirements that apply to all registrars and registries. Providing a pseudonymized point of contact directly available to trusted parties via RDDP/SSAD should be a requirement for all registrations to enable registrants to be contacted.