Latest news of the domain name industry

Recent Posts

Almost half of registrars “deficient” in compliance audit

Kevin Murphy, July 8, 2014, 11:16:48 (UTC), Domain Registrars

Almost half of accredited domain name registrars were found “deficient” during a recent ICANN compliance survey.

Results of an audit published today show that 146 of 322 registrars (45%) picked at random for the September 2013 to May 2014 study had to carry out some form of remediation in order to comply with their contracts.

The report comes at the end of the second year of ICANN’s audit program, which aims to bring all accredited registrars and gTLD registries into compliance over three years.

The deficiencies noted at 146 registrars cover areas ranging from compliance with ICANN consensus policies to the availability of Whois services over the web and port 43.

In almost every instance the numbers were down on last year.

For example, ICANN documented 86 registrars who could not initially show compliance with requirements on the retention of registrant data, down from 105 a year ago.

Only 15 registrars of the 322 (4.6%) flunked the audit and will be re-tested. The others were all able to bring their systems into line with ICANN’s requirements during the course of the audit.

Three registrars were terminated as a result of deficiencies identified during this phase of the program.

The full report, along with the list of participating registrars, can be found here.

Tagged: , ,

Comments (5)

  1. The document doesn’t seem to give much information on the kind of “deficiencies” that had been found. Almost half seems like a lot, until you know the kind of things that are seen as deficiencies.

    We were one of the audited registrars who had been asked to fix deficiencies. These were however:
    1) The same person was in one place listed with one e-mail address and in an other place with an other e-mail address (both of which would end up with that person). This needed to be changed to show the same e-mail address.
    2) For some domain names we had indicated we hadn’t sent out an e-mail related to the “Expired Registration Recovery Policy”. This was correct, as those name simply hadn’t come into a period in which sending out that e-mail is mandatory. So the “deficiency” here was that we needed to explain exactly why.

  2. Andrew says:

    We were audited too. I think we passed with flying colors, however they pointed out that we were using two fax numbers (one in radar, a different one on our website.) This is intentional on our part. ICANN said that needed to be fixed. We pointed out both faxes are valid and work and they then said we were in compliance. So I would have liked to see more details in this document about what registrars were found in compliance and which ones were found deficient and for what reasons. I have to wonder if we were found in compliance or deficient for this trivial issue. Like Bart Mortelmans said above, it sounds like this report is considering “clarifications” as deficiencies.

  3. Michele says:

    We were audited as well and similar to the two registrars who commented previously, had similar “issues”.
    From what I can gather a lot of the “deficiencies” that were noted across all the registrars audited simply required some extra explanation or similar ie. registrars weren’t non-compliant but there was a “gap” between what we (collectively) provided and ICANN understood.

  4. Are the above commenting Registrars thinking those are trivialities?

  5. kd says:

    We operate multiple faxes and VeriSign pointed out the one we have listed with them is not the one which is displayed on our website. But both faxes work… Yes this is a triviality that needs to not be a “compliance” issues, but “clarification” or “double check”.

    For example the faxes to the number we have listed with ICANN and VeriSign, etc goes directly into my office, as I am the technical lead on our registrar and I have definitive control of all things when it comes to compliance issues, account balances and other such stuff. The faxes that come in from our website goes elsewhere within the company to be brought through the chain of command. I personally don’t kneed to know about every transfer request, every new customer, or junk fax that comes in. But when it comes from high value partners – there is a different level of priority. And part of my job is maintain relationships with our partners.

    Hope this helps answer the question for you. To assume we use ONE fax number on our site is shortsighted. A better test would have been to come back and ask the clarification “does your company control both/all of t
    he fax numbers we have limited?” Or better yet to send a fax. The fax would say “Hi. This is ICANN. You need to respond to this fax otherwise you will be found to not be out of compliance.” Easy enough.

    So my perspective… This report did not calculate such things. The report going future needs to be broken into

    1- Passed Compliance
    2 – Needed a few followup questions, but still passed Compliance
    3 – Failed Compliance

    Otherwise as I read this story it is a “this is what we want you to hear” report. But they should really clarify what things were in compliance, versus what were out of compliance and needed further auction.

    right now it sounds like this is a typical report “protecting someones job”. “Hey we did great, most registrars are not in compliance.” I see through this and am not fond of it given we were probably in the “failed compliance” group.

    I have been through many audits with ICANN. While most are not fun, it is what ICANN is there to do. And it keeps the good registrars on their toes and becoming better. I fully support the yearly audits. I just wish the reporting was a little more unbiased and told the truth a little more about what registrars failed for what reasons. And then at least giving myself a reason to explain if I was found to be in compliance.

Add Your Comment