Dear all, 

I am providing a real-world example with false positives, bulk suspension, sweeping in innocent registrants and the account was suspended as “high risk” following ADC-related action. We are not asking this PDP to develop a fully fledged complaint mechanisms. However, registrars should at least be required to provide a means for a Registered Name Holder to submit a complaint regarding an account suspension or other actions. It can just be a form. It can be just one sentence in the recommendation. 

Summary:

A registrant using [will provide the name of the registrar upon request] received a single form notice disabling 73 domains across their account and locking the account entirely. This is some part of the communication they received: "Following a thorough review of your domain portfolio and the associated abuse reports, we have assessed that your account poses a high risk."

The notice cited one internal reference number and stated the domains "appear to have been recently registered for the purpose of abuse," with no domain-specific evidence, no explanation of the alleged abuse type, and no appeal path, the email explicitly stated the decision was "final and will not be reversed."

I'm not including the domain list here but can share it, along with the original notice, upon request.

Here we are dealing with a case that we are actually making policy about: 

  • No individualized evidence. All 73 domains were suspended under one blanket determination, with no indication of what conduct, content, or signal triggered the assessment for any specific domain.
  • False positives. At least 4 of the suspended domains were reportedly not owned by the account holder and had never been part of their account activity,  evidence of an error somewhere in the automated attribution/matching pipeline, not merely a disputed abuse judgment.
  • No appeal mechanism. Even with a clear factual error (domains that didn't belong to the account holder), the notice foreclosed any correction process.
  • Legitimate domains swept in. A substantial portion of the suspended names were short/brandable/dictionary-style domains consistent with ordinary domain investment and resale activity, not abuse indicators by any recognized definition.


Honestly, I don't think a specific example should be necessary to establish that this is a problem because the incentive structure alone makes the outcome predictable. Registrars bear real compliance and reputational costs for under-responding abuse reports, and essentially no cost for over-suspending. (I have mentioned this before in numerous DNS abuse meetings we had, at least since 2019)

 Bulk, automated, low-specificity suspension is simply the cheapest way to comply. Absent a requirement for individualized evidence and a mandatory appeal/correction path, this outcome, broad account-level action, misattributed domains, no recourse  is the rational result of the incentives registrars face. 


Happy to provide further documentation on request.


Farzaneh