Post-Expiration Domain Name Recover Meeting
Monday, 26 October 2009
ICANN Meeting
Seoul, Korea

>>ALAN GREENBERG:  This is the ICANN music, maybe a little bit of a
song and a dance while we're waiting?

>>MARIKA KONINGS:  I think I can already get started without having
the slides up because, first of all, I would just like to give a
little bit of introduction and welcome you all to this meeting of the
-- organized by the post-expiration domain name recovery working group.

So for those of you that are new to this issue, this was an issue
that was brought to the GNSO by the At-Large Advisory Committee,
asking some questions related to somewhat extent should registrants
be able to reclaim their domain names after they expire, is
sufficient notice provided, should through be a possibility to
transfer domain names during the redemption grace period.

So it raised a number of questions in relation to the current
policies related to renewal, transfer, and deletion of expired domain
names.

So a policy development process was initiated be by the GNSO Council
in May of 2009, and a working group started its deliberations in July
2009, and has been looking at the following charter questions.

So these are the five questions that this group is tasked with.  I'm
not going to read them aloud, as they I said, they all relate to
whether there are adequate opportunities, notices, and conspicuous
provisions related to post-expiration and renewal policies.

So the working group started out with addressing a number of
definitional issues related to how do you define the different
parties that play a role in this process.  We had quite extensive
discussions on evidence of harm and do we have sufficient data on
these different questions to make informed -- have informed
deliberations and make informed recommendations for changes or new
policies on these issues.

And we also developed a public comment announcement and held a
public comment forum in which we received quite a number of comments
from the community on these issues, and we've also requested input
from the different GNSO constituencies and stakeholder groups.

This is also a group that has the participation of the ICANN
compliance team, and they have already provided a number of updates
on audits that they have undertaken in relation to a number of
questions that are related to these issues.  For example, on do
registrars have the fees for RGP posted on their Web sites as
required by the expired domain name deletion policy, is information
on renewal and deletion policies available on their Web sites.

And as part of an effort to gather further information on the
different questions, this group developed a registrar survey, which
was intended to gather further information on registrar practices
regarding domain name expiration, renewal, and post-expiration
recovery.

So just very briefly on the public comment period, as mentioned we
did receive 14 comments.  We put forward the five charter questions
to the community, with the request to provide input on those, and
also with a question to provide evidence or examples of, you know,
issues that they had encountered in relation to post-expiration
practices.

So most of the charter questions received responses on both sides of
the spectrum, because we asked questions, is there adequate notice. 
Some said yes, some said no, some said, you know, maybe.  Which
basically I think was an indication for the group that, you know,
further discussion is required on all of these questions.

And further information will be needed.

There were a number of new issues that were put forward that didn't
seem to fall explicitly within the questions that were raised.  For
example, what are -- what could be the implications on UDRP
provisions on any of the outcomes this group, or any of the
recommendations this group, might come up with.

A number of commenters also raised issues related to confusion over
WHOIS data following expiration, which was deemed not very helpful
for registrants to understand whether the domain name had expired or
was still going to expire.

Issues related to the explicit cancelling of registration and some
raised as well whether there were possible incentives for resellers
to let registrations expire.

So the working group has reviewed all these comments and will take
these into account when continuing with their deliberations.

So on the registrar survey, as mentioned before, the objective of
the survey was really to gather further information on the registrar
practices in these areas.  They were set out to look at, in the first
instance, at the top 10 registrars by total domains as we think that
will probably give us a good insight as it covers a large number of
domain names registrations.

Today, we've managed to cover the first four on those list, which
represent over 55% of domain names.  This information has been
gathered by looking at information on registrar Web sites, so looking
at registration agreements, FAQs, help sections that provide
information on the different questions, and for those questions that
we weren't able to find information on the different sites, we
reached out to the different registrars and got feedback from them
directly.

So the results of the initial findings have been posted on the Wiki
of the working group and anyone that's interested, those that are not
members of the working group, you can come afterwards and I'll
provide you with the link or I think it might be on one of the next
slides.

So that's -- if the working group wants to review in further detail
in this meeting, I can pull it up here as well.

The initial findings, I think those of that you had a chance to look
at those, I think at this stage there's not really much more that we
can say, except that practices really vary.  I don't think for any of
the questions, the answer was the same.  I think we really need to
see as well once we've covered the other registrars on the list if
that is a trend that applies to all registrars that are part of the
survey or whether just by chance the first four have different
practices from each other.

So that's all I wanted to cover in my bit.  I don't know if you want
to go in more detail over the survey now or you prefer first to talk
about...

>>ALAN GREENBERG:  No, I -- I'm going to refer to the results of the
survey without talking specifically about them, although we can go
into more detail later on if there's an interest.

I do have one -- just a bit of insight before I start my
presentation, which I thought I'd share with you.

Let's see if I can go back to the charter questions.

You'll notice the last charter question is whether to allow transfer
of a domain name during the redemption grace period, which is the
period after a name is deleted.

The original request for an issues report and the issues report
itself did not consider the concept of a transfer post-expiration but
prior to the RGP, because at least some of us -- and I'll be -- I'll
say I was one of the ones guilty -- believed that was a right that
registrants had, based on a number of statements that ICANN had made
in previous years.  It became obvious, as we did more analysis, that
although it's a right they have, it's not a right that they can
normally exercise for a variety of subtle reasons.

So it's a complex issue, how we -- how the group handles that, I'm
not quite sure at this point, but it just shows that even when we
think we understand the process, there's still little gotchas along
the way.

Now, if you give me a moment to change presentations, we'll go on to
the other one.

Okay.  Now at past meetings we've had reviews of the domain name end-
of-life-cycle process and what happens.  I'm going to do something
related to that but from a somewhat different perspective and try to
look at it from what the typical registrant sees in terms of the real
activities.  The contents of this presentation are largely made up
from what we saw in the survey, and the survey of a number of other
contracts and things like that.

Now, first, a quick review of what does it -- what happens at
expiration time, and there's two distinct views of that.

One is what happens between the registrar and registry, and it's
relatively simple process.

For most of the large gTLDs -- not all of them, though -- there is
an auto-renew grace period.  At that point, as soon as it -- the
domain expires, it is renewed automatically and the registrar is
charged for it.  And it's a 45-day period.

During that period, in theory the registrant could ask for the
domain back, come to agreement with the registrar and pay for it and
they would then be back in business again.  The policy that was
adopted by ICANN several years ago said that the registrar may not
extend that period past 45 days.  At the end of the 45 days, they
must delete the name, at which point it goes into the RGP, at which
point for a 30-day period, I believe, the registry can still reclaim
the name or give you back the name for an additional increased fee.

That 45 days is up to the registrar, however.  It can be as short as
zero, and there's no requirement to do it for any particular period
of time.

And that essentially is the whole process.

If we look at the registrant/registrar experience, it's a little bit
different right now.  If you ask, "What happens to the domain name
post-expiration," the answer is, "It may be redirected or it may
still work."

If you look at WHOIS, to see who owns the domain, you may own it. 
Somebody else may own it.

If you're not expert at looking at WHOIS and you look at the
expiration date, it may say last week or it may say year from now.

A lot of people use domains for e-mails, some of them exclusively e-
mails, so the question is what happens to your e-mail at that point. 
The answer is, it may be delivered, it may not be delivered.

Again, this will depend on the processes that each particular
registrar has in place.

The domain may temporarily be reassigned to the registrar or someone
related to the registrar.  It may ultimately be sold, transferred, or
auctioned to someone.  And in most cases, as far as we can tell,
during this process -- which is of indeterminate time -- the domain
name is probably retrievable by the original registrant for some
price.  In some cases, the price is predictable based on the
agreements; in other cases, it isn't.

So as Marika said, highly variable.

Now, anytime you're going to look at this whole process, I think one
of the first questions you have to ask is:  Why do domains expire at
all?  And there's a whole range of answers.  The first one is, it's
not wanted anymore.  It was used for some particular purpose, no one
cares about it.

The next one is, it was supposed to be renewed by it didn't work for
some reason.  You left a credit card with the registrar and the
credit card bounced -- charge bounced because the expiration date
wasn't valid anymore.  And for some reason, you haven't been told
about it or you haven't responded and done something about it.  Now,
if you think about it, if the domain has been transferred somewhere
else temporarily to point to someone else and the e-mail address you
were using was that domain name, the e-mails are never going to get
to you.

The registrant forgot about expiration.  The obligation at the first
level is on the registrant to remember that on November 22nd, it's
expiring, and you should do something before then.  But people aren't
necessarily very meticulous with their calendars regarding domain
names.

The registrant got warnings and ignored them.  You know, how many
people get e-mails from someone telling you your subscription is --
or paper mails saying your subscription is expiring and you say, "Ah,
I'll worry about it later, I'm busy right now"?  Certainly that
happens.

The registrant never got the warning or never gets the warning after
expiration.

Most common reason?  They have an address which isn't up-to-date,
it's not an address you read anymore.  And again, the obligation is
up to you to keep you, the registrant to keep your WHOIS information
up-to-date.  But that doesn't always happen.

It's quite common for spam filters to cut -- to cut this out.  This
is mail that you never got before, or mail from an entity you
typically never got before, because usually it comes from a different
entity than the registrar's normal e-mail address.

It may be of a form that looks to spam filters like spam.

And the last one, of course, is the warnings were never sent.  Now,
whether that's never sent because there is a failure in the
registrar's processes, which can happen occasionally -- presumably
not often -- or it's a registrar who simply isn't honoring
agreements.  That one of the last reasons.

Now, a lot of the rationale on why domains expire comes down to
notification.  Now, the notification, as we just talked about, can
come from various ways.  The registrant's own records, looking at
WHOIS, looking at the policies for the registrar, e-mail and other
contact, what happens with the use of the domain name on the Web, and
what happens on e-mail.  And we'll very quickly look at some of these
from a number of perspectives.

Okay.  The first one is WHOIS.  The RAA has a lot of stuff in it
regarding RAAs, the registrar accreditation agreement, the contract
that governs what registrars do.

The RAA has a lot -- a lot of specificity saying what the registrar
must do regarding the information associated with a domain name, and
one of them is keep up-to-date the contacted information for the
registered domain holder.  So I then went to look at what is the
definition of "registered domain holder," because remember we were
talking about the WHOIS information sometimes gets changed after
expiration, and it's a very clear definition.  The registered domain
holder is the holder of the registered name.  A rather circular
definition which doesn't help at all in the process.

In real life, registration agreements tend to give the registrar the
right to reassign the name to a new registrant by the contract, so as
soon as it is expired, it may be reassigned.  The WHOIS data may
change, the WHOIS data may not change.  And specifically, if you look
at a number of the common contracts, they say, "The WHOIS data may
change and the WHOIS data may not change."

Policies.  The RAA is quite explicit about saying that policies must
be posted, it must address certain issues -- in this case, describing
the details of deletion and auto-renewal.  They talk about what
happens if the registrar has a Web site.

Based on the registration agreements, if you look at them, some
registrars have the registration agreement readily available, a link
off the first page, easy to find, easy to understand, written in
clear language, and definitive.  It says exactly what will happen. 
Other ones are not easy to find, maybe nonexistent, difficult to
understand because they're couched in legal terms, they're long, and
they're very vague.  They say things like, "The registrar may, at its
choice, do one of several things."

So from a point of view of a registrant, it's not always easy to
know what's going to happen.

Notifications.  Or rather, e-mail notifications.

This one was an eye-opener for me.  The only mention of
notifications in the RAA says -- and I will quote verbatim -- "at the
conclusion of the registration period, failure by or on behalf of the
registered name holder to consent that the registration be renewed
within the time specified in the second notice, it shall result in
the cancellation."

Now, from that, you can deduce that a second notice must be sent out
sometime prior to expiration.  Otherwise, the time that it refers to
would be negative.  It doesn't say exactly when it should be sent
out, and it makes absolutely no notice -- no mention of a first
notice, but one can presume that semantically, if there's a second
notice, there must have been a first.

But the RAA is silent on that.

Elliot?

>>ELLIOT NOSS:  Yeah.  I just -- I mean, I'm hoping one of the --
yeah.  I was just going to say, I thought there were -- my
recollection is -- and I wish Adam were here -- that there are two
proscribed notices.

>> JEFF ECKHAUS: Yeah.  It is --

>>ALAN GREENBERG:  By implication, I believe.

>> JEFF ECKHAUS: No, it's not by implication.  In the RAA, we are
bound by the EDDP policy and that states specifically that two
notifications must be sent.  So it's not by deduction; it's by fact
and by contract.

>>ELLIOT NOSS:  You know, I think -- I think those are even
specified time periods.  I thought there was two that we bind our
resellers to, so -- yeah.

>>ALAN GREENBERG:  Okay.  Then we need to do some research because
the current RAA adapted as adopted in May rolled in the verbiage from
EDDP.  Which present -- or previously had been separated --
separately listed in the consensus policy, and was rolled in.  If it
wasn't rolled in properly, then you may be right and I'm wrong.  As
far as I can tell, this is what the posted RAA says.  So something to
investigate.  Thank you.

In any case, even if that was -- that was what was in place up to a
few years ago, one is curious how it came into being that one only
talks about notices by reference.

Now, in fact, what happens if you look at both -- both the contracts
of what registrars commit to, they range from many notices with
explicit timing before and after, including registrars who attempt to
notify you by means other than e-mail after expiration.  Some of them
basically say we do the two notices we're obliged to, some say one,
and some have provisions for no notices.

Clearly that's in violation of the RAA, but that is what agreements
say today.

Now, what happens to the Web site.  Well, the RAA is quite silent on
that.  The only reference to it is it says the ED -- the domain --
the -- I've lost my words -- the 45-day grace period, the grace
period no longer than 45 days expires, the domain must be deleted, at
which point be the registry puts it in a status where it goes dark
and no longer is usable.

That is the only reference to what actually happens from a live
perspective of the domain name.

In reality -- again, highly, highly variable -- it ranges from it
still works and you can't see anything visibly to indicate that it
has expired to it doesn't resolve.  The page may or may not say that
it has expired, and this is how to recover.  It may be a pay per
click page.

And the domain may or may not just disappear and be taken over by
someone else at some point.

Now, all of that notwithstanding as I noted in an earlier slide,
from most registrars, as far as we can tell, there is a reasonable
length of time by which you can get the domain back if you approach
them and carry out whatever the process is that needs to be carried
out.

In some cases, it's pay them the original fee; in some cases, it's
pay them the original fee and a small mark-up.  In other cases, it's
provide extensive legal documentation proving you own the domain.

Last one.  What happens to e-mail?

Now, in general, the RAA is silent.  It doesn't talk about it at
all.  And it's rather interesting because, first of all, a lot of
people, quite inappropriately, using an e-mail address that is self-
referring to the domain.

Second of all, there are many, many people who do not use domain
names for Web sites at all, but use them purely for e-mail.  So what
happens to e-mail is quite important.

And again, the answer is all over the place.  Registration
agreements rarely talk about e-mail.  I don't think I've seen any
that do.

The mail may still be delivered.  It may bounce.  It may just
disappear into a black hole.  If you believe in conspiracy theories,
someone else is picking up all of your e-mail and reading it.  I
don't think there are many registrars who would have the time to do
that, but there's certainly nothing prohibiting it.

And of course as I mentioned, chances are, if the e-mail contact
uses the expired domain name, almost surely something is not going to
work very well, and in the survey we did explicitly ask registrars,
"Do you take that into account and try to use some other way of
contacting the person?"  And the answer so far was universally, "No."

Anyone who wants to try reading the RAA, there's the URL.  It's
available on ICANN's Web site if you go into the main Web site and
look at, "Documents, major agreements."  We are still looking for
volunteers to participate in this process.  We have done a lot of the
initial investigation.  We have not done a lot of the determination
of what, if anything, are we going to do about this.

In parallel, there's a new -- there's a working group in place
looking at revisions to the registrar accreditation agreement, the
RAA, which I believe is also looking for new participants, if
anyone's interested.  We'd be delighted to have you.  Thank you.

>>MARIKA KONINGS:  Just coming back to the point of the second
notice, I just looked up the EDDP and also consulted with my
compliance colleague and there's only -- it is the language that Alan
put up there, and there is only mention of a second notice which by
implication, I guess, means there was a first notice, and no time
line is provided for when that notice should be sent.

>>ALAN GREENBERG:  I will say after talking to a number of
registrars -- and Elliot is one of them -- I was rather surprised to
find that language.  I was expecting something a lot more specific.

>>ELLIOT NOSS:  Yeah, I can tell you the way that it lives in our
system and who knows if this is just an artifact of previous drafts
of the EDDP.  It sounds like, you know, Jeff is under the same
delusion that I am, that we -- you know, there's -- we -- we allow,
you know, a lot of, you know, sort of customization on behalf of our
resellers, so they can change the message and they can -- you know,
other than proscribed sections of the message and they can pick times
and they can pick methods, but there are two notices at very set
times that we require be sent, and they're not able to be overridden
in the system.

So at some opponent in, you know, ICANN's great and grand history,
there must have been something there, because it's -- you know, it's
kind of -- that's a kind of a hard-coded feature of the system and I
don't know if --

>>JEFF ECKHAUS:  Yeah.  So just for somebody who has a reseller
model, what we do is it is hard-coded in the system that notices have
to go out and we give the resellers either a chance to brand it as
their own or coming from, you know, just domain renewals, but those
two notices have to get sent out.  I guess as Elliot is saying, it's
a relic from the old system where it was required in the previous
piece, so -- 

>>ELLIOT NOSS:  So the good news is we haven't found this loophole
and exploited it, yet.

[Laughter]

>>ALAN GREENBERG:  Marika -- now that you know about it...

>>ELLIOT NOSS:  We'll make sure we thank you.  All credit to Alan on
that.

>>JEFF ECKHAUS:  The Greenberg notice.

[Laughter]

>>ALAN GREENBERG:  Marika, are the answers we got to the survey on
the Web explicitly?

>>MARIKA KONINGS:  They are on the Wiki.

>>ALAN GREENBERG:  The Wiki, okay.  I will quote one of them. 
Again, this does not necessarily reflect what the registrar does, but
it reflects to what the registrar commits to to the registrant.  And
it says, We may send an e-mail address, "may send an e-mail address,"
but if we do, it is as a courtesy.  The obligation is yours to renew
your domain on time.

So that's -- Elliot has described what he does.  There are other
people who do different things, and there are other people who commit
to doing one thing and then do something perhaps much better.  But
we're looking at the agreements as the first attempt to try to find
out what the registrant might see living out in registrant life --
world.

We have almost -- or 25 minutes roughly to go.  We have not planned
anything explicit.  We were hoping that we'd get some input from the
people around the table, not only the registrars but certainly
registrars welcomed also, in terms of what you have seen in real
life, in terms of what you think -- what kind of path you think we
should take.  

As Marika said, in the comment period, we can't follow all of the
suggestions made in the comment period because they range all over
the mark.

Where do we go from here?  Who would like to volunteer right now? 
We're taking names.  And any other questions or questions for the
group?  Not all but many of the people in the working group are
around the table today.  So hopefully I won't be the only one speaking.

>>JAMES BLADEL:  Hi, Alan.  James.  I was just thinking as you were
running through the charter questions, once again -- and I know we
keep touching on this issue, but we never really kind of dealt with
it head-on is the definition of "adequate opportunity."  And I think
looking at the registrar surveys and some of the results that have
been submitted so far, it is clear that there is an opportunity.  And
I think that it depends on what one would consider adequate.

So do we want to even make an attempt at defining what that is? 
Because I'm sure based on, especially the registrar surveys but even
some of the comments, you know, is 90 days adequate?  100 days?  Six
months?  What's a "adequate opportunity"?

>>ALAN GREENBERG:  That's a good question.  According to the RAA
right now, the longest possible opportunity you would have if the
rules were followed maximizing the time frames is you would have 75
days in which to renew the domain name through one of the processes
or the other.  That could be shortened to as much as zero according
to the agreements that one signs in most cases.

That is, the 45-day period could be shortened to zero.  If they
choose to delete it at that point -- I don't think anyone does --
there would then be a 30-day redemption grace period.  If they sold
it and said, "Tough, it is too late," it becomes effectively zero.  

The range right now during which you can redeem it for some price
and that price may vary depending on the time frame and the registrar
you are dealing with is zero to 75 days, what's a reasonable time
frame?

I will ask at the same time as people do that, what's the start of
the time frame?  Is it when the registration expires?  When the Web
site goes dead?  I'm sure you have other variations.

>> MICHELE NEYLON:  Sorry, Alan.  It is a Michele.  With all due
respect, most registrars are going to inform the registrant prior to
the expiry.  In many cases on multiple occasions, you are going to
tell your registrant, "Your domain name is coming up for renewal, you
need to renew it. Your domain is coming up for renewal, you need to
renew it."  

As far as I'm concerned, that's when the clock starts ticking. 
Nevermind anything else, I have already said to the registrant,
"Okay, your domain is coming up for renewal."  It is not a surprise. 
You can't turn around to me and suddenly go, "Oh, my God, my Web site
is gone."  We have already told you on more than one occasion, that
this is going to happen.  The domain is going to cease to resolve.

>> ALAN GREENBERG:  I will give a quick answer, but I'd like to hear
other answers around the table.  That presumes that the mail got
delivered, and we know in many cases it doesn't.  

Now, that's not the fault of the registrar typically, but that is a
real-life situation.  There are certain cases where the Web site not
resolving is the first indication they may get.  Shouldn't be that
way, but I think is.

>> MICHELE NEYLON:  Two things on that.  One, it is the registrant's
responsibility to keep their contact details up to date.

>>ALAN GREENBERG:  That's what I said.

>> MICHELE NEYLON:  Two, who in their right mind thinks that when
you buy something for a one-year period that one year becomes longer
than one year, if you don't pay for it again?

>>ALAN GREENBERG:  The people who follow the ICANN policy processes.

[Laughter]

For anyone who is in the back, there are microphones available.

>> ROLAND PERRY:  I'm just going to ask a stupid question here.

>>ALAN GREENBERG:  Can you identify yourself?

>> ROLAND PERRY:  I'm Roland Perry.  I'm speaking as an individual,
but I'm actually in one of the other working groups, dealing with
domain name registration abuse.  

What is the role of reseller in this situation?  Because we have
been talking here about the registrant, end user.  But I've in the
past lost domain names when the Internet service provider, who is
actually the intermediary, lost contact me with me and I lost contact
with them.  And they have been bought and sold several times, and
even now I have a domain that has been hanging in limbo for about
five years and nobody knows who quite is in charge of it.

When you are talking about these post-expiration notices flying
backwards and forwards, are they always going to go from the registry
to the end user or will the reseller have some responsibility to
receive them and forward them?

>>ALAN GREENBERG:  I can answer part of that, and I would like to
turn it over to some of the registrars.  In terms of who's
responsible, ICANN legal counsel has said that since the registrars
have an agreement, if they have chosen to have a reseller take over
some of the responsibilities and rights of that agreement, it is
still up to that registrar to make sure that the agreement is followed.

Now, that's a theory.  Practice may be different.  In terms of who
sends the notices, again, it is a registrar responsibility.  They may
delegate it to the reseller.  In some cases, reseller models say the
registrar still sends the notices.  It varies.

>>ELLIOT NOSS:  You know, I don't think it varies very much
actually.  I think there's probably -- I mean, there's no large
wholesale registrar -- I'm trying to sort of see you down there. 
There's no large wholesale registrar that I'm aware of that has
resellers who manage that renewal process themselves.  It would be a
huge overhead and burden on them.  

You know, all of us have kind of, you know, these very complicated,
deeply configurable systems that are quite complex.  So, I mean, we
really don't have resellers, and I can't imagine any of the others
do, of the large players, who sort of do their own thing outside of
that process.

What we see happening most often, Roland, when you are describing
that situation where you have lost touch with that supplier is
exactly that, that there's -- there wasn't a, you know, kind of
relationship in the first place.  And that's usually the cause for
something falling on the ground.

And it's -- you know, it's one of those things where I tell my
friends and relatives to deal with people that they have some
familiarity with or that they know.  Lots of times that doesn't
happen, and I think then for all of us we end up back-stopping that
process and usually having to start that back-stopping with
frustration and anger from the registrant.  

So we get pretty used to turning the other cheek at first instance. 
So I think it's -- there are very, very -- if we have a situation --
And, again, I think most of the large guys are the same.  You know,
if we have a situation where there's a reseller who is doing
something untoward, we just take care of the registrant.  It's so
much more -- it is just smart business practice for us to do it that
way.

>>ALAN GREENBERG:  Just one quick comment.  In terms of registrars
turning over responsibility to a reseller, I've never signed one of
those agreements so I can't tell.  I have dealt with resellers and
the messages are branded with "from" addresses and words in the
message as if they come from a reseller.  Were they sent actually by
the registrar making it look like they came from the reseller?  Maybe.

>>ELLIOT NOSS:  Yes, I would say overwhelmingly yes.

>>ALAN GREENBERG:  From the registrant's perspective, they are
dealing with the reseller for that whole process.

>>ELLIOT NOSS:  That's what we encourage because if they have that
relationship with the reseller, then they have a much greater chance
of keeping their services, being happy with their services, buying
other services.  It is in everybody's interest through the
distribution channel to see that that relationship is as healthy as
possible.

>>ALAN GREENBERG:  And, certainly, we know there are Web-hosting
companies, for instance, that have been known to sell a domain name
or provide a domain name with a Web-hosting contract and never even
put it in your name but keep it in their name.  That's a sleazy
business practice.  It is probably illegal, and there is nothing we
are going to do in this policy development to fix people who
blatantly ignore rules.

>>ELLIOT NOSS:  I will give you some interesting market feedback
there.  First, if it is in their contract, it is not illegal. 
Second, our experience is some of the bigger companies who are from
outside of the Internet space who have come into hosting and other
services do exactly that practice.  That's what they come in -- and
they bring with them from other industries, and they typically do
that, because from their perspective it is part of this bundle that
they are providing.

It's not kind of some small fly-by-night hosting company that's
doing this.  It is big, often public or otherwise companies who are
engaging in that.  And, believe me, I don't think, in fact, it is
illegal.  And they don't view it as sleazy.

>>ALAN GREENBERG:  Touche'.

>> TATIANA KHRAMTSOVA:  I have a little study about Russian
registrars.  I can't compare with others.

>>ALAN GREENBERG:  Could you give your name for the scribes.

>> TATIANA KHRAMTSOVA:  Tatiana Khramtsova.  So all the registrars
send e-mails right to the end users, not the resellers.  And, of
course, it is the main page Web site of each reseller.  There are
information about the registrar with whom they are working, and at
their notification there is information about their registrar.  I
can't compare with all others, but Russian is this situation.

>> ROLAND PERRY:  Can I just add some information.  I was looking at
some of my registrations here.  The ones which I've made through one
particular, call them a Web-hosting company if you would like, is all
entirely branded by that Web-hosting company.  All the e-mails seem
to come from them.  I have got a control panel at their Web site, and
they are reselling Tucows as far as I can tell because that's what
shows up if I do a WHOIS on that.

>>ELLIOT NOSS:  That's great.  That was exactly what we want to be
doing right now to using us in the first place.

[Laughter]

>>ALAN GREENBERG:  No advertising.

Who else?  Go ahead.

>> LIYIANG WANG:  Thank you.  This is Liyiang Wang from CONAC.  In
order to guarantee our legal rights are for the domain name honors
and to prevent the abusive use of the domain name, as a registry, we
have the preverification process to check the domain name's
authentication for the domain name, also for the registrar and the
registrant.

Could we use this process to replace the sunrise process?  Is there
any other efficient way to achieve the same goal?  Thank you.

>>ALAN GREENBERG:  I think this is a little bit outside of our
domain, excuse the language.  We're looking right now at the
Registrar Accreditation Agreement which governs the behavior of
registrars for the gTLDs.  So although experience within the ccTLDs
is interesting, it's not governed by what we're talking about.

>>J. SCOTT EVANS:  J. Scott Evans.  I'm a little confused as to why
we're even sitting in this room.  It seems to me that we have
identified the fact that there are some contractual issues because it
looks like there may have -- something may have gotten lost, when
there were versions.  So ICANN staff or someone needs to figure out
what the process is and historically get that document correct.

And then it seems to me that the system as written probably works. 
The problem is there are bad actors, and ICANN needs to get into
contract compliance.  It seems to me you have a one-sentence report. 
You need to get your contracts in order and then you need to enforce
your contracts, period.

[Applause]

>>ALAN GREENBERG:  I think -- in one moment, Carlton.  I think that
describes some of the actions that need to be taken.  However, if we
look at the RAA right now, it allows -- now, I'm not claiming
registrars do this on a regular basis, but it allows a registrar to --
the moment a domain name expires to transfer it, sell it, use it with
no possibility of the registrant getting it back after that moment.  

And the question is:  Is that sufficient?  Should we rely on the
goodwill of the registrars to not take that kind of extreme action? 
Or do we need to build some sort of protection into the process to
make sure that a registrar -- a registrant who is not contactable for
whatever reason, including their own negligence, has some opportunity
to fix the problem.  And that's a lot of the question we're asking.

>>J. SCOTT EVANS:  Okay.  But you say they "automatically." Isn't
there a 30-day redemption grace period where it goes dark and the
registrant has 30 days at that point to reclaim it, usually for a
premium price.  Is that correct?

>>ALAN GREENBERG:  Only if the registration is deleted by the
registrar.  And only really boring registered domain names are
deleted these days.  They tend to be auctioned or sold before that --
before they get deleted, or so I am told by the registrars who
actually talk to me.  There is one or two of them who do.  

Carlton had a comment.

>> CARLTON SAMUELS:  I just want to ask.  The statement was if it's
in the contract, it is not illegal.  Was that what I heard?

>>ALAN GREENBERG:  It was Elliot who said that, and I think he was
talking about the contract that a Web hoster may offer to a customer,
that they may say, "We will register the domain name in our name and
take good care of you."  And that's completely legal if they do and
you sign that agreement.

>> CARLTON SAMUELS:  Specific to the Web hosting and not as a
general principle of law?

>>ALAN GREENBERG:  A registrar I do not believe could do it because
there are specific rules.  But what names registrars can own in their
own name -- now, they could turn it over to a subsidiary company, but
-- which is essentially the Web hoster, but -- or not.

>> CARLTON SAMUELS:  We probably have a fundamental difference of
opinion there because I don't care -- it seems to me that if
something -- simply by having a contract, that is not to say
something you are doing is illegal.  It seems to me it is a
philosophical perspective.  That might have a lot to do with what's
happening in the registrar-registrant communities.

>>ALAN GREENBERG:  Many contracts have clauses saying illegal
clauses are not valid no matter what we sign.  But in this particular
case, I don't think that's illegal.  But I may be wrong.  I'm not a
lawyer.  Elliot first and then Mike Palage.

>>ELLIOT NOSS:  I was going to just come back to J. Scott's comment.
You know, I think that's true in a narrow sense.  I found myself
thinking here that there might be a gray opportunity, you know, given
this is sort of ALAC driven.

I think every registrar in the room would agree that 90-plus percent
of the situations that end up with registrants being frustrated are
because they don't understand what's -- sort of what's going on and
how things work.

And, you know, from our perspective, it's very hard to get people to
take the time to be educated.  This could be a great opportunity to
use kind of ICANN's good offices.  They're renting rooms and
providing staff and doing all sorts of great things for this, to take
that and drive it into some useful education process or set of
resources or something.  I mean, I don't know.  I leave that to you.

But, you know, that's really the -- by far, the big portion of the
problem and one sort of seems well within the ambit to tackle.

>>ALAN GREENBERG:  The working group decided on real early that
education has to be part of the process.  I question whether one can
ever take any ICANN process and make it clear and simple enough that
the common man, as it were, who decides to have a little Web site is
going to understand it.  But education has got to be part of that
process.

>>MICHAEL PALAGE:  Thanks, Alan.  Mike Palage.  J. Scott, getting
back to your question, one of the things that I've been advocating
since I have been participating in this particular working group is
the need for registrants to have openness, transparency and
predictability with regard to what happens with their domain name.

Now, as Elliot has said, and others as well, there have been various
registrars that have begun to implement different contractual terms. 
And that has, I think, led to some of the confusion in the
marketplace and one of the reasons, I think, this group is looking
for what are those minimal safeguards that we can reincorporate.

Because what was very interesting early on when this working group
started was we went back to when ICANN originally created the
redemption grace period.  I originally was intended to be a two-phase
process.  And phase two which was never implemented was an idea of an
inter-registrar transfer post-expiration.  So these are some of the
things that we've kind of struggled. 

And, you know, very thankful to ICANN staff, Marika and others for
doing this, if you will, survey to help us identify what the
landscape is.  So I appreciate walking in and saying, "Why are we
here?"  But there are some nuances to why we're here and why we are
trying to sort of plow through this minutia to look for that
openness, predictability and transparency for registrants.

>>ALAN GREENBERG:  Thank you, Mike.

>>TIM RUIZ:  Alan -- Tim with GoDaddy -- I haven't had a chance to
really see the results of the survey that was done, so I apologize. 
But just curious if from the data that was collected, if it looks
like we'll be able to kind of determine what the potential scope of
the problem could be based on, you know, what percentage or what
market share of domain names are not covered by some opportunity to
be recovered by registrars.

In other words, you know, is it 10% from what we can determine of
names registered that we don't know what happens or there's zero
opportunity?  Are we going to be able to get to something like that
from the information that has been collected?

>>ALAN GREENBERG:  We're not going to be able to find out what
percentage of domain names act -- for which -- for what percentage
there is no opportunity.  The best we can come up with is for what
percentage is there potentially no opportunity based on the contract.

>>TIM RUIZ:  Some of the information that was collected, though, was
about -- I believe, wasn't it about processes that registrars go
through in the domain name life cycle after expiration?  So that we
maybe turn it around and say, "Well, it looks like from what we've
collected, you know, X percent of domain name registrations have at
least a minimum of X days," or whatever it might be, "to be recovered
before any of these other events occur."

>>MARIKA KONINGS:  Just to comment on that because I think, yes, for
the registrars we have done so far, most of the information does come
back there, there is an opportunity to recover the domain name.  But
if you purely look at the registration agreement, that's not clear
because many say we may or may not give you an opportunity.

In many cases, I understand that's the legal language and you need
to, you know, keep options open and you don't want to change the
agreements too often.  And the information on what actually happens
is provided in other places.

But if you purely look at the agreements, I don't think a registrant
can say with security what will happen once a domain name has
expired, not in all cases at least.

>>ALAN GREENBERG:  I mean, wording like "we may sell, auction,"
whatever, "the domain name to any something at any time" have been
included in some contracts.

Tim, did you want to comment back and then Rob and then -- I can't
see who it is.

>>TIM RUIZ:  I still think that's relevant information.  I think
it's something that the group should consider because what we're
talking about is -- I mean, we want -- not that we shouldn't be
concerned but we can't get, you know, too deep into, well, "what
if's."  What we really want to look at and what we have been asking --
or several have been asking for since day one is just trying to
figure out what the scope of this problem is.

So I think actual practices are as important, if not even more
important, than what an agreement might say based on, you know, what
a business might typically -- how they might typically construct such
an agreement just based on legal needs or concerns or whatever.  But
I think the actual practices are important here and that they should
be considered as well.

>>ROB HALL:  I want to take exception to something you said, Alan. 
You threw out the word "illegal" earlier and that got a bunch of
people inflamed.  And now you have said that it appears that some
contracts allow the person -- the registrar to take the name and
transfer it at any time.  And I don't think that's true.  I don't
think anyone in this room is saying that prior to expiration
registrars are taking domain names away from registrants.

>>ALAN GREENBERG:  At any time after expiration, sorry.

>>ROB HALL:  The thing we are debating here is after someone's
contract has ended, should they have any rights?  And what should
they be after they stop paying for the domain?  In fact, we are
getting into the area of should we take away the right for someone to
contract what that can be?  

In other words, are you taking away the right of a registrant to
say, "At expiration I want to give you this right"?  I think we have
to be very careful here about what time frames we're talking about
because you are really talking about giving people rights after their
contract expires and not allowing them to change that right.

>>ALAN GREENBERG:  My only comment to that is we're not really
talking about giving them rights.  We're talking about restoring
rights which were traditionally there prior to, you know, the
evolution of the domain name marketplace.

>>ROB HALL:  Not contractually.  That's not a true statement. 
Contractually, their right ends at the end of their contract.  And
they've agreed to the contract at the time they registered the
domain.  That's what the vast majority of registrar contracts say. 
So now you are trying to bestow a right upon them that they've
contractually agreed not to have.

>>ALAN GREENBERG:  I believe if you look at the documentation
associated with the adoption of the EDDP, the intention was to give
them at least that 30-day RGP even if the registrar chose to have a
zero-day grace period.

>>ROB HALL:  Again it was left in the hands of the registrar at
implement.

>>ALAN GREENBERG:  Okay.  We had one comment back there and then
Mike Palage, again.

>>EUN-JOO MIN:  This is Eun-Joo Min, from the World Intellectual
Property Organization Arbitration and Mediation Center, one of the
ICANN accredited UDRP service providers, and it seems to me that the -
- the transparency and predictability that Mike Palage was referring
to, that is available only to certain registrars, and resellers, and
at times not to the registrants and not to the UDRP complainants and
not to the UDRP providers.

The slide that you had indicated earlier, Alan, the e-mail may or
may not work, the Web site may or may not work, the registration may
or may not be renewed, I think it is really important for the -- not
only for -- especially for the registrants, but also for the general
public to have some predictability about the life of that
registration and not be subject to the whim of different registrars.

>>ALAN GREENBERG:  Before we go on, the -- our hour is officially
up, but there's a half hour before the registrar/registry separation
debate, which I think we all want to go to.

>>ELLIOT NOSS:  Great.  I find it ironic that comment is coming from
WIPO.  Having been a participant in a number of UDRP proceedings,
there is an order of magnitude more transparency in registrars'
processes than there is in the UDRP process.  In fact, we would see
bordering on arbitrary decisions around time periods for submissions,
the availability of submissions, things that would be found late an
hour after a time period, things that would be allowed three weeks
after a time period, and they all tended to go in a single direction.

So I would hope that WIPO could aspire to the level of transparency
that registrars generally offer.

>>EUN-JOO MIN:  Are published on the Internet.

>>ELLIOT NOSS:  They're published but not followed.

>>EUN-JOO MIN:  They're very transparent.

>>ELLIOT NOSS:  And they say you may or may not allow extra time for
submissions.  You may or may not honor the time periods.

>>MICHAEL PALAGE:  Thank you.  Getting back to, Rob, your comment
about contractual rights, one of the questions that I've raised --
and I don't think the group has yet got to delve into -- is in order
for a domain name to be in a registry database, there needs to be a
right.  And I don't think we've necessarily delved into what is the
legal basis that a name exists.  So we need to look at the agreement
between the registry and the registrar, because the registry
potentially could provide some, if you will, guidance in defining
these rights.  Because, again, these names still exist and they -- in
order for that name to exist in the com or any of the other gTLD
databases, there must be a contract.

>>ROBERT HALL:  Yeah, but with all due respect, Mike, the names
exist because you auto-renew them for the extra year, so our RAA says
we can only register domains for one-year periods and what we're
really arguing about here is how long exactly is a one-year contract,
which is an interesting question.

So the fact that you auto-renew for another year.

>>MICHAEL PALAGE:  Well, not all do and as I said, Rob --

>>ROBERT HALL:  45 days, you renew for a year, right?  So --

>>MICHAEL PALAGE:  And not all do, Rob and that's one of the things
that Alan commented.  Some of the initial -- some of the initial work
we did is not all registries engage in the same practice, so the
majority of registries will debit, will take the $6 out of a
registrar's account, at the auto-renew.  NeuStar, dot tel, dot
travel, dot coop and I believe dot cat are five registries that don't.

>>ROBERT HALL:  Now you're talking about a funding issue.  All of
those registries you named auto-renew for another year right away on
expiration.

>>MICHAEL PALAGE:  But it doesn't -- they give you -- there's a
grace period, Rob.  The WHOIS does not change.  See, so this is,
again, one of the other things that we're looking at here, as far as
rights, and this goes exactly to my point of we don't have openness,
we don't have transparency, and we don't have predictability.  We
have divergent practices in the marketplace that I think leads to
confusion and potential harm, and that's what I think we're trying to
get to.

>>ROBERT HALL:  But to my knowledge no ICANN registry doesn't auto-
renew.  Because that would solve all -- some of these issues.  If the
registry on expiry put the domain on hold, a lot of these issues
you're talking about wouldn't happen.

>>MICHAEL PALAGE:  Well, let me ask you this question:  If a
registry were -- if a registry was to do that, would they be able to
sit there and then dictate who -- who can enforce those rights and
whether those rights can be transferred to a third party?  Would you
give a registry that authority?

>>ROBERT HALL:  Would I give a registry the authority to delete the
domain at expiry?  I mean, that's essentially what you're saying.

>>MICHAEL PALAGE:  No.  Would you --

>>ROBERT HALL:  Delete it and make it available to someone else to
register.

>>MICHAEL PALAGE:  I or provide a service themselves.

>>ROBERT HALL:  Interesting idea.

>>ALAN GREENBERG:  And indeed, some of those things may be what
comes out of this a long time from now, I suspect.  We do have a
question online from Barry Cobb.  Is Barry really online?

>>TIM RUIZ:  Could you get me in the queue, too?

>>BARRY COBB:  Yes, this is Barry Cobb.  Can you hear me okay?

>>ALAN GREENBERG:  Yes.

>> BARRY COBB: Okay.  Great.  Thank you.  I just wanted to say that
I am a member of the BC, but I'm speaking -- or asking the question
on behalf of myself.

And I guess this really kind of carries on from what Mike Palage is
talking about, and I'm really keying off of the one term, this
"predictability."  You know, when you're looking at domain names in
the marketplace that are getting ready to expire -- or, you know, I
guess this is kind of a use case, but the question that I have and
I'll get into the use case is:  Why is it that once a domain name
expires, that we have such a high degree of variability as to how
that domain name goes till it's eventually deleted and either allowed
back on the market or picked up in aftermarket through auctions and
that kind of stuff.  So essentially, why was it not mandatory for
everybody to adopt the auto-renew grace period?

And the reason why I ask this is whether I'm a registrant of that
domain name or not, the biggest question that I have is --
regardless, if I'm monitoring that domain name as it's going through
the cycle from being owned to being dropped, when that thing -- to
carry on to my point is when that flips and a registrar does auto-
renew it and the registrant actually just wanted to let it expire,
because of that high degree of variableness, it loses predictability
as to who actually renewed that.  And that's, I think, where we need
to take a lot of this, or actually consider just the general
marketplace perspective and not necessarily specifically always about
registrant rights about whether it expired at the end of the
contract, et cetera.

So my question is, ultimately:  Why was the policy, when it was
enacted whenever -- I'm not sure what the time frame was -- why did
registrars not have to all mandatorily adopt that.  Thank you.

>>ALAN GREENBERG:  I think the quick -- may I try and answer and
then you can rebut it if you don't agree.  I think the quick answer
is:  There is no policy and in the absence of policy, registrars have
adopted various business practices and business models within the
marketplace.

>>TIM RUIZ:  Yeah.  This is Tim --

>>ROBERT HALL:  Sorry.  Not exactly.

So every registrar has equal access to the 45-day auto-renew grace
period, so there's no policy that says some use it -- or some don't
have access to it and some do.

So we all have equal access to the 45 days.  What we do within that
45 days of when we delete the domain used to be driven by financial
incentives.  Some registrars delete it right-away to get their six
bucks back, others didn't.  But the 45 days is available to every
registrar.

Now, have some registrars innovated different ways and different
business models?  I mean, that's the competitive layer.  That's what
we're supposed to do.  So, yes, different registrars have done
different things and provide different services to their clients as
they should in a competitive marketplace but we all do it within the
same defined 45-day period.

So there's no difference in policy between one registry and another
about how long the period is.  It's all 45 days.  It's equal to all
registrars.  And we all play within that same sandbox, if you will.

>>ALAN GREENBERG:  Tim?

>>TIM RUIZ:  Thank you, Alan.

Tim Ruiz, Go Daddy, again.  I think that partly my point as well is
that, you know, transparency, predictability are fine, but what
originally started this whole thing is the desire to introduce
competition into the marketplace.  So now you have 900-some-odd
registrars in 300-some-odd registrar families, and tens of thousands
of resellers.

So that is going to promote some innovation, some differentiation
between competitors.  So things aren't going to be the same.  We
can't have everything be exactly the same.  So there's going to be
some differences in the way things are handled there.

I don't think that's a bad thing.  And what we need to do is not get
caught up in just what we see as potential problems by the way a
contract might be written or what the RAA may allow.

But, again, look at what the actual practices are, and the scope of
the actual problem, and I think that's still the aspect that's
missing from the work that we've been doing.

>>ALAN GREENBERG:  Adam had a comment.  Oh, I assumed.

>>ADAM PEAKE:  Many of these policies we're talking about -- and I
actually had to be quite clearly noted on the registrar's Web sites
in a conspicuous manner, I think was the language from the deletes
task force many years ago, so we have consensus policy that I think
is perhaps not being followed because it's very historical and
business models have emerged over time that have sort of somewhat
superseded this.  But if I remember correctly, going way back to
probably DNSO days, then there should be more conspicuous
notification of what these policies are.  And what the users should
be expecting, as an assort of consumer transparency and understanding
point of view.  We have to go back to some of these old policies.

But I think, you know, things have evolved over time.  Competition
has evolved over time.  Resellers have come up and all kinds of
things.  But there's still a basic policy there that says that you
should be being more transparent in what your policies are, with all
of these issues.  Or may be mis-recalling.

>>ALAN GREENBERG:  Thank you, Adam.  Next?

>>PHILIP CORWIN:  Philip Corwin.  Following up on that, I was having
a similar thought.  I think Tim made a very valid point that it's
good to have diverse business models but particularly for the
unsophisticated registrant, perhaps some consideration should be
given to some kind of very simple disclosure -- standard disclosure
like the nutrition guide on a box of cereal or what's done for credit
cards in the U.S., where you reveal and decide what are the key terms
and then let the registrant be able to compare registrar A to B to C
and decide they're going to vary in some forms and let them decide
which one, for their intended use of the domain name, is the best
registrar for them to go with.

>>ALAN GREENBERG:  Mike?

>>MICHAEL PALAGE:  Tim, I fully agree, competition, innovation, and
choice in the marketplace are good things, and that's one of the
things ICANN should always be striving for.

But that is not an absolute.  That always needs to be balanced
against the -- I think the public interest or the interest of the
registrants.  And this public interest is something that was
specifically referenced in the affirmation of commitments, which
ICANN just signed and which will be periodically reviewed.

So I just would urge caution that we do not want to put competition
and maximization of profit, et cetera, to supersede the interests of
the registrants, and I think we're in agreement there.

>>TIM RUIZ:  Yeah, yeah.  I absolutely agree, Mike.  Again, Tim. 
And that's why I'm asking that -- so that we don't make an error,
that we clearly identify, you know, what the real problem is, what
the scope of it is, and that we're not trying -- because it concerns
me that we mentioned, "Well, here's what the agreement could possibly
-- a registrar could possibly do," and if we get off into all these,
you know, speculations about what might happen, I think that's going
to be a real problem for us and we're going to get bogged down.  So
let's look at what the real problem is, what the scope of it is, and
solve it based on what actual practice is.

>>ALAN GREENBERG:  James and then I'll put myself in the queue.

>>JAMES BLADEL:  Yeah, and I think I'm going to echo a lot of what
Tim just said, so Michael's response, is that -- so I'll try not to
duplicate too much but the idea that I think we see and understand
and probably could quantify the benefits of the competitive landscape
and the innovative products and services that have arisen for that,
but what we can't see and quantify is the harm, and if we go off, I
think, without really understanding that, and making changes on
these, we put the other at risk.  So maintaining that balance is
essential.  I agree with you.

>>ALAN GREENBERG:  I was going to say something similar, I guess
from a different angle.

One of the charter questions is indeed to ask, is there adequate
opportunity, and although Tim is correct that we don't want to go off
on a tangent because of what contracts say, if that is not the
practice, as a number of people here have pointed out, this is a
marketplace which has variable practices and very innovative
practitioners.  I think you could say a lot of things about
registrars, but there is no one who would debate whether they have
been innovative.  And, therefore, if we're looking for adequate
opportunity, I -- I don't want to be the one to -- I don't want to be
the ones who are on the EDDP and thought that they were doing
something and then found out that the registrars innovated around
them pretty much in parallel with them coming up with those policies.
And I think we don't -- we've already gone through this process three
times in ICANN, as far as I can tell.  I think we should become tired
of it, put in place some reasonable policies, if we need them that
will not cause us to do this again in three years.  We've got better
things to work on.

>>TIM RUIZ:  Yeah.  I don't disagree, again, Alan, but I -- just as
an example, the fact that registrar could delete a domain name, you
know, on the day it expired.  I mean we've been able to do that since
I've been involved in ICANN in 2001 and I think even before that.

Did that ever occur?  I don't know of any registrar that ever did
that.  You know, it was never really a problem.  So is it -- but just
because that was the capability, is that a problem we need to solve? 
I don't think so.  So that's just an example of what I'm -- what I'm
trying to get to, as far as trying to identify where the real issues
are.

>>ALAN GREENBERG:  We're into judgment calls here.

If there's no one else, we're 15 minutes past the end of our period,
14 minutes before registrar/registry separation.  Thank you all for
coming.  No, I think that's in a -- that is in Crystal A on the
second floor.