Redemption Grace Periods for Deleted Names

Introduction

In recent months, ICANN has experienced a rising tide of problems and complaints relating to deletion of domain-name registrations. Businesses and consumers are losing the rights to their domain names through registration deletions caused by mistake, inadvertence, or fraud. Current procedures for correcting these mistakes have proven inadequate. To move toward a solution to these problems, this proposal is presented to the Internet community for discussion in the time leading up to and at ICANN's meetings in Accra, Ghana, 10-14 March 2002 .

Causes of Unintentional Domain Registration Deletions

Domain-name registrations can be (and frequently are) deleted from TLD registries without a deliberate decision by the current registrant to let them expire. Unintentional deletions can result from registrant mistake, registrar mistake, or in some cases fraud or domain-name hijacking.

Probably the most common type of unintentional deletion is caused by registrant mistake. Registrants sometimes inadvertently fail to renew registrations due to a clerical mistake or failure to receive a renewal notice (usually as a result of failing to keep registration contact information up-to-date.) If a registrant moves or changes Internet service providers, the registrant might not receive a notice from its registrar informing it that a renewal payment is due. Also, some registrants may accidentally overlook a renewal notice or mistake it for a solicitation or spam. Section 3.7.5 of the Registrar Accreditation Agreement requires registrars to cancel the registration of any domain name for which the registrant fails to pay a renewal fee at the conclusion of a fixed registration period.

Another class of "inadvertent" deletions arises from the actions of domain-name hijackers. Hijackers have been known to compromise a registrant's account at a registrar, modify the registrant's contact information, request a transfer of the registration to another registrar, and then issue a request to the registrar to delete the registration. The hijacker or a third party can then register the domain immediately through some other registrar. "Laundering" the hijacked domain through two, three, or more registrars can frustrate the process of trying to correct the original error and get the registration restored to its legitimate registrant.

Yet another category of unintended domain registration deletions arises from registrar mistakes, including those caused by registry/systems-related confusion. There is a provision in the current version of the Registrar Accreditation Agreement that is meant to address mistakes of this type (specifically Section 3.7.7.11), but in practice this has proved to be less-than-fully effective. The current procedure is not mandatory – it requires voluntary cooperation by registrars to correct mistakes. In many cases, registrars have been reluctant to assist in correcting mistakes, especially when the correction would require taking away a domain name from the registrar's paying customer and handing it back to some other registrar and its customer.

Under the current grace-period system, deleted names are available for re-registration by others either instantaneously, or in some cases after a five-day registry hold " delete pending period." The current five-day delete pending period only applies to names deleted outside of an applicable grace period. Names deleted while subject to a grace period are immediately deleted from the registry and made available for re-registration by others.

The exact details of each registry's grace period policy are set forth as part of the functional specifications in Appendix C to each applicable registry agreement. (An example grace period policy, for .com, can be found at <http://www.icann.org/tlds/agreements/verisign/registry-agmt-appc-16apr01.htm#3>.)

Effects of Unintentional Deletions

Domain names deleted as a result of mistake, inadvertence, or fraud create negative consequences for both consumers and providers of domain-name-registration services. To consumers (individuals, businesses, non-commercial organizations, and governmental and educational entities), the consequences of an unintentional domain registration deletion can be devastating. If a domain is deleted and re-registered by a third party, the original registrant's web, e-mail and other Internet services will, in the best circumstances, simply stop working. Worse still is the potential for e-mail and web traffic intended for the original registrant to be redirected to and captured by a third party whose intentions may not be benevolent. In many cases the prior registrants of names find that "their" domains have been pointed to content they find to be distressing. (For example, in some cases deleted church-group domain names have been re-registered and directed to adult-content sites.) Some registrants of expired domains are interested primarily in profiting from a mistaken deletion by obtaining click-through revenue the domain will draw. Others have demanded ransom for return of inadvertently deleted names that they re-register; they sometimes enhance the ransom value by placing content on the site calculated to harm the former registrant.

Domain name registrars and registries also experience negative effects from mistaken domain deletions. Registrars receive customer complaints and threats of lawsuits in many cases where the registrant claims that it didn't want its registration to be canceled. Registrants sometimes complain after their domains have been deleted that they never received any warning or notice. Also, in cases of acknowledged registrar mistake, the registrar can incur extraordinary loss of time and expense in trying to correct the mistake. Registrars are faced with having to investigate each case to determine the facts, and then enter into negotiations with the new sponsoring registrar and in some cases the new registrant to get the name returned to their customer.

Registries are not immune from these effects either. Registrants and registrars will often try to involve the registry in settling disputes or rectifying mistakes. Also, the registry operator involved is forced to cope with extraordinary re-registration demand from domain-name speculators for the rights to domains that were mistakenly or unintentionally deleted. Indeed, anecdotal evidence indicates that a significant portion of the demand for registration of deleted domains involves domains that the former registrant did not intend to have deleted. If the only names that became available to the market for re-registering expired names were ones that were truly no longer wanted by the original registrants, the demand for expired names would be less intense, and perhaps significantly so. The "add-storm" phenomenon of multiple registrars simultaneously sending millions of requests in a race to grab a few names being deleted from the registry is at least partly fueled by speculators seeking names that the original registrant had no intention of dropping.

The public interest would be served by reform of the current system, which operates to allow a few well-informed and well-connected profiteers to prosper from others' mistakes.

Proposed Solution

Correcting the problems outlined above would promote reliability and confidence in the domain-name-registration system. Ultimately, reform would benefit both consumers and providers of domain-name registration services. In that spirit, the following proposed solution is presented to the Internet community for discussion:

• Any "delete" of a domain name (whether inside or outside of any applicable grace period) will result in a 30-day Deleted Name Redemption Grace Period. This grace period will allow the domain name registrant, registrar, and/or registry time to detect and correct any mistaken deletions.
  
  
• During this 30-day period, the deleted name will be placed on REGISTRY-HOLD, which will cause the name to be removed from the zone. (The domain name therefore will not function/resolve.) This feature will help ensure notice to the registrant that the name is subject to deletion at the end of the Redemption Grace Period, even if the contact data the registrar has for the registrant is no longer accurate.
  
  
• During the Redemption Grace Period, registrants could redeem their registrations through registrars. Registrars would be able to redeem the name in the registry for the original registrant by paying renewal fees, plus a service charge, to the registry operator. Any party requesting redemption would be required to prove its identity as the original registrant of the name.
  
  
• Registries would implement procedures allowing for rapid restoration of resolution (within one day).
  
  
• The proposed Redemption Grace Period would apply to all unsponsored TLDs (currently .biz, .com, .info, .name, .net and .org.)

ICANN invites community comment and discussion of this proposal. Questions and comments can be e-mailed to <redeem-comment@icann.org>.