Registering, Managing and Cancelling Policy Review Submission
From: Ihug
Received: 12 February 2007

RE: RMC Review – ihug Submission

Dear Debbie,

As the Registering, Managing and Cancelling Domain Names policy is up for review ihug would like to take the opportunity make comment on some of the issues that have been raised.

The five day grace period be used as a public notification period

While using the five days to review applications for unaccepted domain names may be a good procedure to follow, the information should not be made public. To change the policy in this way is giving people with phishing intentions the means to do so. They can use this information to create lists to then later use for mass mailing. Unsuspecting users can be persuaded into names of a similar nature or to transfer the domain name.

The requirement that the Office of the Domain Name Commissioner is required to check applications of domain names

This is not a feasible plan for New Zealand in this day and age. The environment and nature here is “I want it and I want it now”. It would take Kiwis a lot of adjusting to have to take a backwards step and for their applications to be moderated. Established Grades of Services would need to be downgraded to include this moderation time.

Moderating of all domain names would not only be time and labour intensive for the DNC but also for the Registrars to daily monitor applications. In bad scenarios time also will be wasted with people chasing up the moderation or pushing for faster turn around times.

Time will also need to be taken to unravel or amend already fully automated systems.

Payment should be received before domain names are registered

For this policy proposal bears a similar argument as the above issue; it will hinder the registration process. Grades of Service will need to be amended. It will take more time and more work for Registrars.

In some cases it may prevent a personal party or company from being able to register a domain name, or at least make it more difficult.

This is an unnecessary precaution and a step in the wrong direction.

A list of restricted words be drawn up by the DNC as a guide for registrars carrying out their functions

If the policy is changed to where the Registrar is responsible for what is and what is not registered then it would be necessary for the DNC to provide a list of restricted and frowned upon words for the Registrars to base their filtering.

It would be impossible to create a perfect automated filter for domain registration. A manual step will be required to check the applications. Unfortunately humans do make mistakes. This opens the possibility where if a fraudulent domain name is registered, the Registrar will be held liable instead of the Registrant – who is the guilty party.

What if a perfectly unsuspecting domain name is registered and their site and business are found to be fraudulent - who then would need reprimanding or correcting? How far is a Registrar to investigate a company or person applying for a domain name?

Registering of domain names should remain the Registrants responsibility/liability and for the policy to remain on the same 'buyer beware' and 'first in first served' basis.

The issuing of UDAI codes

Clause 7.6 – The registrar will pass the details of the registration onto the registrant, including the UDAI. The UDAI must be sent out to registrants, and must also be provided to registrants upon request.

Clause 11.5 – Registrars are required to pass on the UDAI to registrants whenever a new UDAI is generated, for example, on registration and transfer. This applies from when a Registrar first connects to the SRS.

The current policy enables the registrant to move between Registrars freely, which they often do. For manual applications that are received, it is not far from the truth that one in three will provide the wrong UDAI and you will need to chase up the applicant for the correct information. The time spent chasing up applicants could be prevented if a new UDAI was generated upon the registrant's request, when they leave their current provider.

There are also many cases where a registrant has unbeknown provided the UDAI to a web provider who then came back to the old provider to complain the domain had been transferred without their request. Such cases would be minimised if they don't have unnecessary UDAI's filed in their system.

I agree with the statement made that it is bad business to give the key to leave upon the registration or transfer and therefore concur with ICONZ's policy proposal.

Most of the issues raised or requested will not help with the registration process; it will bring slower process times, involve more work and prevent the current smooth flow of registrations in New Zealand. All to stop a few phishing scams. We instead should educate people not to fall for or participate in fraudulent attempts.

Warm Regards

Gabi Hunter
Senior Domains Administrator
Ihug Limited