Who is going to pay for all of this? el -- Dr. Eberhard W. Lisse \ / Obstetrician & Gynaecologist (retired) el@lisse.NA / * | Telephone: +264 81 124 6733 (cell) PO Box 8421 Bachbrecht \ / If this email is signed with GPG/PGP 10007, Namibia ;____/ Sect 20 of Act No. 4 of 2019 may apply On Jun 1, 2026 at 19:06 +0300, trachtenbergm--- via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org>, wrote:
As I mentioned on the call today, in my view the only practical way to be able to determine if registrars are complying with the policy is if there are logs of what is done. Unlike the DNS Abuse obligations, where external reports are the primary driver for investigation by ICANN Compliance, we know that this is unlikely to be a driver in ADC because in most cases the reporter will bever know whether the ADC was done and won’t be able to submit any evidence that it wasn’t (excluding maybe a few edge cases). That means that the only way ICANN Compliance will be able to check for registrar compliance with the policy is through regular and /or random audits. But what will they look at during the audit if there are no logs? They will be doing ad hoc checks on random domains where there was actionable evidence of DNS abuse? And then look at what if there is not even a record of whether the ADC was done or how it was done or what it found? This will be even more complicated when Compliance is looking at something that happened (or didn’t happen) months in the past. The only way to have even a glimmer of hope that there is some meaningful way to determine registrar compliance is by checking the logs. Note that even for the DNS Abuse obligations where there is meaningful availability of external reports as a driver for ICANN Compliance investigations there are logging requirements for the registrars.
This said, I understand and acknowledge the concerns expressed by some that logging could create significant time and administrative burdens that could have undesirable impacts in other areas, like processing of abuse complaints. Accordingly, I think a good compromise might be to agree on some basic items to be logged that will balance providing meaningful data for compliance against keeping the administrative burden as low as possible. These elements could be:
1. When was the abuse complaint where there was actionable evidence of DNS Abuse received (presumably this is already captured) 2. Did the ADC occur 3. When did the ADC commence 4. What data elements were checked 5. What domains were determined to be associated 6. What actions were taken against associated domains 7. When did the ADC conclude
These elements would seem to provide meaningful data for compliance purposes, but also for other concerns expressed like proportionality, and also for effectiveness of the policy. It would also seem that there are efficient ways to capture this data like in a spreadsheet or simple form.
Note that this is just intended as a starting point for discussion. I look forward to people’s thoughts on the above.
Best regards,
Marc H. Trachtenberg Shareholder Chair, Internet, Domain Name, e-Commerce and Social Media Practice Greenberg Traurig, LLP Aspen Chicago 411 E. Main Street 360 North Green Street Suite 207 | Aspen, CO 81611 Suite 1300 | Chicago, IL 60607 T +1.970.300.5313 T +1.312.456.1020 M +1.773.677.3305 M +1.773.677.3305 trac@gtlaw.com | www.gtlaw.com | View GT Biography <image001.png> <image002.png>
If you are not an intended recipient of confidential and privileged information in this email, please delete it, notify us immediately at postmaster@gtlaw.com, and do not use or disseminate the information. _______________________________________________ Gnso-dnsabuse-pdp mailing list -- gnso-dnsabuse-pdp@icann.org To unsubscribe send an email to gnso-dnsabuse-pdp-leave@icann.org