The following compliance projects, intended to improve Whois data accuracy and Whois service accessibility, are underway by ICANN.
- ICANN Commences Whois Data Accuracy Study
- Registrar Whois Data Reminder Policy Audit
- Registrar Investigation of Whois Inaccuracy Claims Audit
- Whois Accessibility Study
I. ICANN Commences Whois Data Accuracy Study
Over the years ICANN constituencies and others have observed apparent inaccuracies in Whois contact information provided by registrants when registering and maintaining their domain names. In an attempt to contribute to community discussion regarding Whois policy, ICANN has undertaken a study of domain name Whois contact information accuracy.
With a great deal of Internet community interest behind it, ICANN commenced this study in November 2007 by developing a sampling plan to draw a representative sample of domain names from the gTLD name population. In consultation with a statistician, ICANN developed an algorithm to determine the appropriate sample population size – one that provides acceptable accuracy and certainty levels. In the first phase of this study, ICANN will select a sample from what is (for statistical purposes) an infinitely large data base that will provide a measure of accuracy to +/- 5% with a certainty of 95%. Staff will then randomly select domain names in accordance with statistical sampling practices.
ICANN is currently defining the steps staff will take to determine the accuracy of Whois contact information associated with each registered domain name and address within the representative sample. It is ICANN’s goal to ensure that staff uses practical and reasonably reliable means to assess accuracy of each data set.
After finalizing the methodology to determine the Whois data accuracy of each data set, staff will execute the steps for each registered domain name within the representative sample. Staff anticipates several steps will be necessary to determine Whois data accuracy. Therefore, staff will conduct this study in phases. ICANN will publish status reports as staff completes work in connection with each phase of the study. The first report regarding this study will be published by February 2008.
II. Registrar Whois Data Reminder Policy Audit
ICANN adopted the Whois Data Reminder Policy (WDRP), through the consensus policy process, on 27 March 2003. Partially aided by staff audit and compliance efforts, there is a very high level of compliance by registrars with this policy implementation. This is illustrated by the fact that most registrar activities in compliance with this requirement are timed to occur coincidentally with the annual ICANN compliance audit.
The WDRP requires all Registrars to:
- present current Whois information to each registrant on an annual basis.
- request each registrant review the information and if necessary, make any corrections.
- remind each registrant that the provision of false Whois information can be grounds for cancellation of their domain name.
All ICANN-accredited registrars must comply with the WDRP for registrations they sponsor in all top-level domains for which they are accredited.
The WDRP audit requests that all registrars respond to a survey designed to obtain information regarding registrar compliance with the WDRP. Additionally, ICANN request registrars to provide a sample copy of the WDRP notice transmitted to their registrants for assessment by ICANN staff. Staff determines whether the notice is compliant with WDRP requirements.
ICANN transmitted the WDRP survey to ICANN-accredited registrars in October 2007. Registrars were given until 16 November 2007 to respond to the WDRP survey and provide a copy of their WDRP notices. ICANN will publish its 2007 WDRP Report in February 2008. As has become tradition, ICANN has witnessed registrar compliance with this contractual requirement, sending the notices to registrants, within the past few weeks.
III. Registrar Investigation of Whois Inaccuracy Claims Audit
ICANN commenced an audit in November 2007 to assess registrar compliance with Registrar Accreditation Agreement (RAA) requirements concerning the investigation of Whois inaccuracy claims filed through ICANN’s Whois Data Problem Report System (WDPRS).
ICANN’s WDPRS receives and tracks complaints regarding incomplete or inaccurate Whois data entries. ICANN assesses and reports annually the WDPRS activity and apparent level of success this tool has in improving Whois accuracy. As a result, ICANN can make a preliminary determination as to whether complaints of inaccuracy are routinely investigated by registrars. This investigation is a contractual requirement.
ICANN recently transmitted Notices of Concern to registrars that appeared to take inadequate action in response to WDPRS complaints. Prior to sending the notices, staff analyzed complaints and complainant follow-up correspondence. As an example, the Notices of Concern included a sample of domain names complainants filed as of 7 July 2007 that remained unchanged on 7 December 2007.
Staff requested registrars provide ICANN with details regarding the steps taken to investigate the claimed inaccuracies as required by Section 3.7.8 of the RAA. If after analyzing registrar responses ICANN determines that registrars breached section 3.7.8 of the RAA, ICANN will issue breach notices to those registrars not in compliance with this requirement and who have not filed a plan to cure this failure. ICANN will publish a report regarding the purpose, methodology and findings concerning the Registrar Investigation of Whois Inaccuracy Claims Audit by February 2008.
IV. Registrar Whois Accessibility Audit
Pursuant to Section 3.3.1 of the RAA, a registrar is required to provide free port 43 Whois service, allowing the public query-based access to up-to-date data concerning all active registered gTLD names under the registrar’s sponsorship.
To monitor and enforce registrar compliance with port 43 Whois service requirements, ICANN developed an application to regularly, and on an ongoing basis, determine if registrars maintain port 43 Whois service for public use. ICANN’s new application is being used to conduct a Registrar Whois Accessibility Audit.
After obtaining gTLD names from VeriSign, ICANN selected up to five (5) domain names from each unique registrar in the VeriSign Whois database.  ICANN used the domain names selected to query the Whois servers of 850 registrars to determine if the registrars were providing free port 43 Whois service as required by the RAA. Responses to ICANN’s queries were divided into five (5) categories.  The first query revealed that 745 registrars returned “good” responses indicating that the Whois service for those 745 registrars was available to the public at the time of the query. ICANN is examining the responses that were not returned “good” and where appropriate, informing registrars of port 43 Whois service violations. To monitor whether registrars’ port 43 Whois services are functioning in conformance with RAA requirements, ICANN will commence regular, weekly queries and inform registrars when port 43 Whois service violations are observed. A report regarding the Registrar Whois Accessibility Audit will be published in February 2008.
1. A substantial number of registrars manage .com and .net domain names and therefore ICANN commenced its query testing by utilizing domain names obtained from VeriSign. Future queries will include domain names from other registries to ensure that all registrars’ servers are queried.
2. Query response categories were: Good – Whois look-up worked; Refused – Server responded, but the result was not readable based on the script used by ICANN; Non-response – Server did not respond at all; and Not Found – Server responded , but did not find the domain name.