[ga] The .Pro Fiasco

["Richard Henderson" <richardhenderson@xxxxxxxxxxxx>]

Registration of .Pro domains has descended into shambles as the Registry responsible for their administration has allowed a flood of domain registrations which appear to be in breach of the strict rules restricting who can register a .pro domain and the certified credentials required before any such domain can work.

The .Pro TLD was set up to provide a credentialed area of the namespace where verified professionals could establish their web-presence and benefit from profession-related DNS functions. In particular, provision was intended for professionals in the legal, medical, and accounting workplace. This designation of .pro for credentialed professionals is explicitly set out in the ICANN-Registry Agreement which constitutes the contractual basis for the operation of the registry.

Appendix L of ICANN's Agreement with RegistryPro, allowing them to operate the .pro registry, states:

"Registered Names are restricted to persons and entities that are credentialed by appropriate entities (such as through governmental bodies and professional organizations) to provide professional services within a stated geographic region (a "Licensing Jurisdiction"). "

By the terms of the ICANN Agreement, the .pro registry undertakes to verify the credentials of these registrants:

"Registrants of Registered Names in the .pro TLD will be required to certify that they meet the qualifications set forth in this Appendix L. Qualifications for registration of Registered Names will be verified and periodically re-verified, and will be signified by digital credentials recorded in the registry database. "

Specifically Section 7.2.1 states that "at the time of an initial registration of a Registered Name (i.e. a domain name), the registrant will be required to provide to the sponsoring registrar identity and contact information about the registrant, data and supporting evidence about the registrant's qualifications to register, and other data required for issuance of a digital certificate. "

Furthermore, the Agreement allows for these crdentials to be challenged, under the Qualification Challenge Policy:

"Qualifications for both Registered Names and Standard Defensive Registrations, however, will be subject to challenge under the Qualification Challenge Policy described in Appendix M. "

What has emerged is that, in the past month, a thousand or possibly many more generic words have been registered and activated through RegistryPro - names like f**k.pro and c**t.pro which appear to have no relevance to any of the recognised professional entities entitled to legitimise a .pro registration. This spate of registrations appears to have been carried out by domain speculators and on the face of it DomainPro has failed to carry out its obligation to check and verify each application before activating the domains.

See here for examples of this flood of recent registrations:
http://gnso.icann.org/mailing-lists/archives/ga/msg02433.html

The Registrars themselves (in most of these cases it involves the ICANN-accredited EnCirca registrar) are not obliged to carry out the verification process themselves. Section 8.1 of Appendix L states that the verification may be carried out by the registrar or the registry.

However, the registry (RegistryPro) have a specific responsibility *NOT* to activate any registered domain - " it will not resolve in the DNS until such time as the Verification Process has been successfully completed and the eligibility for registration confirmed. "

RegistryPro appear to have failed to apply this rule. As a result, the integrity and reputation of the .pro TLD has been seriously damaged, along with the integrity of the Registry's processes, which were supposed to be upheld both for contractual reasons and as part of ICANN's "Proof of Concept" approach to launching New TLDs. The Agreement talks about the need for digital certificates to support registrations "to enhance the security and trust of .pro domains" and so that "consumers can easily establish trust" when accessing these domains. RegistryPro seem to have failed in this area of 'trust' by activating so many uncertified domains.

In Section 2 of Appendix L it states:

"All Registered Names must meet the requirements in the Registry Agreement and its appendices " and furthermore that "The Registry Operator shall implement technical measures reasonably calculated to enforce the requirements. "

It would appear that the "technical measures" to prevent this surge of unverified applications were either ineffective or were not in place (in which case RegistryPro has failed in its contractual obligations to protect the integrity of the namespace).

As a safeguard, the ICANN-Registry Agreement requires the creation of an Advisory Board (Appendix L Section 6) and "if the Advisory Board finds that the Registry Operator's management is taking actions that will violate the restrictions of the .pro TLD or its PS-SLDs, the Advisory Board may send written notice of its recommendation regarding such action to the Registry Operator's Board of Directors and to ICANN. " (Appendix L Section 6.1.2.7)

It is to be hoped that, in the present debacle, the Advisory Board will intervene and liaise with ICANN over what appears to be a "violation of the restrictions" on .pro registrations.

The action open to ICANN and RegistryPro includes the right to terminate these uncertified registrations on the grounds that they violate the conditions for registration:

"violation of any of the provisions described ...shall be grounds for termination of the registration, without any refund of fees to the registrant. " (Appendix L Section 7.1.7)

Furthermore (and this provides the likely resolution of this problem): "Any domain that has been registered for 60 days without successful confirmation of such eligibility may be deleted by the Registry Operator. There shall be no refund of fees paid for such deleted names."

Having read the EnCirca website, and tried to understand why so many people have rushed into registrations in the past month, I have to say that I personally find the wording of EnCirca's 'new approach' ambiguous, and it led me to understand that I could legitimately proceed to pay them for a registration which would be accepted (however I did not register any names!).

Nevertheless, it seems to me that on the basis of the ICANN Agreement with the Registry, it is the Registry themselves who have failed to put in place technical measures to prevent this rush of uncertified registrations, and it most certainly seems to be the Registry that has been responsible for activating a thousand of more registrations *PRIOR* to full verifiaction, and in breach of their Agreement with ICANN.

Thousands of domain names like fu*k.pro and c*nt.pro are active and resolving. This should not be happening until there are digital certificates to authorise the registrations. Where are these digital certificates? I do not believe that they exist. So why has RegisterPro activated the domains.

I call on ICANN and RegistryPro to immediately de-activate all recent domain names which lack digital certification, and I advise that after a 60-day period these registrations should then be cancelled.

I also call on ICANN to censure RegistryPro for its failure to adhere to its contractual obligations.

I also call into question the actions of the ICANN-accredited Registrar EnCirca, who not only appeared (to me) to encourage unwitting consumers to engage in a "landrush" of .pro names, but also appear to have registered .pro names themselves with the function of re-directing traffic to their own Registrar website. I draw attention, for example, to:

http://www.credit.pro
http://www.dating.pro
http://www.diet.pro
(there may be others) ?

EnCirca appear to be claiming that they did not mislead registrants into inappropriate registration of .pro domain names, but surely their own registration of these domains, for themselves, and resolving to their own nameservers to forward traffic, is a demonstration of an abuse or misunderstanding of the .pro regulations by EnCirca themselves?

Surely this use of .pro contravenes the intentions and purpose of the .pro sTLD? What possible case can there be for .pro registrations for credit, dating, and diet and their use as traffic-grabbers to route people to the EnCirca Homepage?

Has RegistryPro checked to see if EnCirca has registered these names with verified professional credentials? Does RegistryPro possess digital certifiactes for these registrations? If not, why are the domains active?

My conclusion is that both at Registry and at Registrar level the process has been neglected, and the vital trust and professionalism that is meant to be built into the .pro registry has been jeopardised as a result.

These thousand or possibly several thousand domain names should never have been registered (Appendix L Section 10 makes that clear) - the verification and certification is supposed to take place "before the Registry Operator will process domain name applications" (this actually somewhat contradicts other suggestions in the same Appendix which imply that the certification need not be complete before the registration takes place, though it must be complete prior to activation... an example, perhaps, of carelessly constructed Agreements on ICANN's part).

Finally, one other question to Tim Cole and RegistryPro. Apart from the fact that these domain names should not have been activated until verifiaction was complete, what was RegistryPro thinking of in accepting and activating so many (thousands?) of spurious .pro names? During the four or five weeks when, day after day, these registrations were pouring in and being activated, did RegistryPro meet its contractual obligation to notify ICANN of the problem (although, in truth, they were part of the problem because they were activating the domains themselves). Specifically, Appendix L Section 10.1.4 states:

"If it comes to the Registry Operator's attention that an Authorized Registrar is not complying with the restrictions and policies described in this Appendix, the Registry Operator will send prompt electronic and written notice to the Authorized Registrar, with a copy by the same method to ICANN, describing the restrictions and policies being violated. The ensuing procedure concerning the Authorized Registrar's eligibility to continue to sponsor Registered Names (including suspension and de-accreditation) in the .pro registry is governed by the RRA (Appendix F) and the Registrar Accreditation Agreement."

On what date did RegistryPro send such notice to ICANN, if it did at all. How many domains had they registered by then? How many domains had they activated (in breach of their Agreement) by then? Why were domains like carrental.pro and flight.pro still being registered on March 18th, after the exchange of correspondence between Tim Cole and the registrar involved?

Of course, RegistryPro could hardly complain about abuse of process when their 'activations' were in breach of process as well. In many cases, you need to "look to the money". Was there any complicity in the 'oversight' that seems to have occurred both at Registry and Registrar level?

Are Registrars or Registries just allowed to flout their contracts at will? What sanctions is ICANN prepared to take to defend the integrity of its processes and, more importantly, to defend the consumers for whom the "Domain Supply Industry" is supposed to exist in the first place?

Yrs,

Richard Henderson
www.atlarge.org