[ NOTE: We will be posting a follow-up to address the many questions that have come up out of this. One thing we’ll mention now since it’s the most asked question: .CA domains are not affected by this (they already undergo a validation process by CIRA – more on that in the follow up) ]
easyDNS has met the automatic renewal requirements under our ICANN Registrar Accreditation Agreement and will thus renew into the 2013 RAA on June 23rd, 2015.
WHY THIS IS UNFORTUNATE
This means that as of June 23rd we will be subject to enforcing the new Whois Accuracy Program (WAP) which was enacted by ICANN earlier this year. All registrants of any domains under which easyDNS is directly accredited (.COM, .NET, .ORG .BIZ, and .INFO) will henceforth be subject to the WAP. (Note, all new GTLDs such as .website, .host and are handled through our OpenSRS Resellers tag and are thus already subject to the WAP).
WHAT IS THE WHOIS ACCURACY PROGRAM?
The Whois Accuracy Program (WAP) was created by ICANN, the body that oversees internet namespaces such as .com/.net/.org etc in co-operation with various Law Enforcement Agencies (LEA) in attempt to increase accuracy of data supplied in domain Whois records (see “What is a domain Whois record” below)
In this stage of the program what is required is that at certain specific points in a domain name’s life cycle, domain registrants must complete an action that attests to the accuracy of the data supplied in the Registrant data supplied.
Key domain lifecycle points or events that trigger the WAP are:
- Registration, renewal or transfer of a domain name using a new (previously unverified) contact data.
- Modification of a domain’s Whois record to new values that are not previously verified.
- If an administrative email such as a renewal notice, or a Whois Data Reminder Policy (WDRP) bounces or is otherwise undeliverable.
In any of these case, a Whois Accuracy Program process is initialized which takes the form of sending emails to the Registrant (yes, this can mean sending this notice to the same address that bounced and started this process in the first place), requesting them to verify their Whois data:
This normally takes the form of visiting a web page that displays the current Registrant data for a domain, and clicking on a button that asserts that the information is true and accurate:
The initialization of this process commences a time limited process (we refer to this process internally as the “Domain DOOMSDAY CLOCK”, which is 15 days in length.
YOUR DOMAIN WILL CEASE FUNCTIONING IF YOU FAIL TO CONFIRM YOUR DATA
If the Whois data remains unverified after 15 days, the Registrar must suspend the domain, causing it to cease resolving over the internet, until such time as it can verified.
THIS IS NOT A SICK JOKE
This is a real policy, enacted by ICANN, which binds all domain registrars accredited under the 2013 RAA. Many Registrars are already operating under it, and there are already numerous horror stories in which high profile, super busy domains have been shut off and ceased operating because of failure to comply with this policy.
IT IS IMPORTANT FOR ALL EASYDNS MEMBERS TO BE AWARE OF THE FOLLOWING:
After June 23, 2015 whenever one of your domains hits an event outlined above, you will be receiving an email notice from us asking you to “Click this link to verify your Whois data”. Even though it looks like an obvious phishing attempt, it isn’t.
You can thank ICANN for this policy, because if it were up to us, and you tasked us with coming up with the most idiotic, damaging, phish-friendy, disaster prone policy that accomplishes less than nothing and is utterly pointless, I question whether we would have been able to pull it off at this level. We’re simply out of our league here.
Follow Up Questions:
What is a domain’s Whois Record?
You may not be aware of this but every time you register a domain name your registration details (name, address, email, phone, fax) must be entered in the relevant registries “Whois Database”, which is a publicly accessible database and those details are visible by anybody.
For examples see http://www.easywhois.com which is our web based gateway to any whois database in the world.
What if I use Whois Privacy / MyPrivacy For my Domain Records?
If you use Whois Privacy, you will still have to confirm your underlying Registrant data – even though your public Whois records will be those of the privacy proxy.
 It’s since been pointed out to me that renewals don’t trigger WAPs. Renewals were in the original specification but the Registrars Stakeholder Group managed to get it taken out.
- As deadly as a DDoS, ICANN Unleashes Whois Accuracy Program
- Discussion of this article on Hackernews.