To me, all checks qualify as associated domain checks. The only difference is that some of them pivot on open source publicly accessible data (like NS or MX records or public abuse reports) and others pivot on personal data, like the registrant name or email address.

As I understand, Farzy has a problem not with the associated domains check itself, but with the datapoints that are used as pivot points. If you pivot on host IP for example, it's ok. If you pivot on registrant email then it is considered more intrusive.

Maybe we can explore this specific issue further. 

Regards,
Naoum

ΜΕΓΓΟΥΔΗΣ Ναούμ
Αστυνόμος Α'
Διεύθυνση Δίωξης Κυβερνοεγκλήματος
Τμήμα  Διαδικτυακής  Προστασίας  Ανηλίκων 
Λ. Αλεξάνδρας 173, 115 22, Αθήνα

MENGOUDIS Naoum
Police Major
Cyber  Crime  Directorate
Online Child Protection Department
Alexandras Avenue 173, 115 22, Athens

T: (+30) 2106476475
E: n.mengoudis@cybercrimeunit.gov.gr
-------------------
Email  Disclaimer
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for
the individual named. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately
by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.If you  are not the intended recipient you are notified that
disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
Think green before printing

From: Eberhard W Lisse via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org>
Sent: Friday, April 24, 2026 15:13
To: Bruna Martins dos Santos via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org>
Cc: Dns-techs <dns-techs@na-nic.com.na>
Subject: [Gnso-dnsabuse-pdp] Re: ]ADC Should Be Triggered by Multiple Signals, Not One Abusive Domain
 
Is Signal Checking not already ADC?
 
el

-- 
Sent from my iPhone
On 24. Apr 2026 at 14:02 +0200, farzaneh badii via Gnso-dnsabuse-pdp <gnso-dnsabuse-pdp@icann.org>, wrote:
Hi Nick, just to be clear we are not saying don’t start any kind of investigation. We are saying before you go to ADC check based on one abuse report, check these other signals. In order to do ADC you need to have access to registrar backend or database. 
These other signals I mentioned don't need access to backend it's public information. are not (I managed to gather the signals without being a registrar, I am only a detective

So in effect, to find out about those signals you don’t have to do ADC as your first action as I demonstrated. Those signals along with abusive domain could establish the trigger for ADC.



Farzaneh 

[…]