To me, all checks qualify as associated domain checks. The only difference is that some of them pivot on open source publicly accessible data (like NS or MX records or public abuse reports) and others pivot on personal data, like the registrant name or email address. As I understand, Farzy has a problem not with the associated domains check itself, but with the datapoints that are used as pivot points. If you pivot on host IP for example, it's ok. If you pivot on registrant email then it is considered more intrusive. Maybe we can explore this specific issue further. Regards, Naoum ΜΕΓΓΟΥΔΗΣ Ναούμ Αστυνόμος Α' Διεύθυνση Δίωξης Κυβερνοεγκλήματος Τμήμα Διαδικτυακής Προστασίας Ανηλίκων Λ. Αλεξάνδρας 173, 115 22, Αθήνα<https://www.google.com/maps/place/%CE%94%CE%B9%CE%B5%CF%8D%CE%B8%CF%85%CE%BD...> MENGOUDIS Naoum Police Major Cyber Crime Directorate Online Child Protection Department Alexandras Avenue 173, 115 22, Athens<https://www.google.com/maps/place/%CE%94%CE%B9%CE%B5%CF%8D%CE%B8%CF%85%CE%BD...> T: (+30) 2106476475 E: n.mengoudis@cybercrimeunit.gov.gr<mailto:n.mengoudis@cybercrimeunit.gr> ------------------- Email Disclaimer This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Think green before printing ________________________________ From: Eberhard W Lisse via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org> Sent: Friday, April 24, 2026 15:13 To: Bruna Martins dos Santos via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org> Cc: Dns-techs <dns-techs@na-nic.com.na> Subject: [Gnso-dnsabuse-pdp] Re: ]ADC Should Be Triggered by Multiple Signals, Not One Abusive Domain Is Signal Checking not already ADC? el -- Sent from my iPhone On 24. Apr 2026 at 14:02 +0200, farzaneh badii via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org>, wrote: Hi Nick, just to be clear we are not saying don’t start any kind of investigation. We are saying before you go to ADC check based on one abuse report, check these other signals. In order to do ADC you need to have access to registrar backend or database. These other signals I mentioned don't need access to backend it's public information. are not (I managed to gather the signals without being a registrar, I am only a detective) So in effect, to find out about those signals you don’t have to do ADC as your first action as I demonstrated. Those signals along with abusive domain could establish the trigger for ADC. Farzaneh […]