Becky, 
 
you are the lawyer, I am not. 
 
I just mean a concept. 
 
Can you take down a Registered Name, just because (at least) another Name registered by same Registrant has been mitigated?
 
If a single Registrant has 5 Names, 1 reported, investigated, proven as phishing, and mitigated accordingly, ADC done, and 3 of the others are mitigable, I still don't like that the 5th one would or could be mitigated as well. 
 
However as Marc wrote, you act against the Registrant (for violating the Terms and Conditions). 
 
How would that work? Can you really unilaterally decide to take Names down, or do you have to give notice of termination of the Registrant agreement (0 to n days notice)? So they transfer the Name elsewhere, and perhaps even register the mitigated Names again.
 
Now you take a Reseller which has a Million Names. ADC finds 50, 500 or even 5000 in need of mitigation. 
 
Do you take the 50, 500 or 5000 names down or do you cancel the agreement with the Reseller (for violation the Terms and Conditions). What happens then to the Names left? 
 
Or if the Reseller is just irritated enough that they transfer significant Revenue elsewhere? There are enough accredited Registrars around, after all.
 
The obviously even more difficult question is how to prevent them from becoming wise to the Policy and transferring the rest of a portfolio to another Registrar, when a single one is taken down, ie before the ADC can be done?
 
 
We have not thought through the consequences of our considerations, and/or the cost. 
 
 
 
el


--
Dr. Eberhard W. Lisse \ / Obstetrician & Gynaecologist (retired)
el@lisse.NA / * | Telephone: +264 81 124 6733 (cell)
PO Box 8421 Bachbrecht \ / If this email is signed with GPG/PGP
10007, Namibia ;____/ Sect 20 of Act No. 4 of 2019 may apply
On Apr 14, 2026 at 18:50 +0200, Becky Burr <bburr@pir.org>, wrote:
I am confused by the use of the term “guilt by association” here.  That usually means you consider one person guilty of some bad act because that person is associated with someone else who is a known bad guy.  And yes, in that context, there are significant human rights concerns.

Here, we are just saying that if a registrant/account holder is known to be using one domain for DNS abuse then we are going to check to make sure the same registrant/account holder isn’t using other domains for DNS abuse.  And, if the answer is no, then nothing happens to the associated domains.  So, unless you are arguing that domains themselves have human rights, I don’t see what the guilt by association issue is.  

Am I missing something? 

Logo

Becky Burr