Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 1 of 30
GNSO Issues Report on
Post-Expiration Domain Name Recovery
STATUS OF THIS DOCUMENT
This is the Issues Report on Post-Expiration Domain Name Recovery requested by the At-Large
Advisory Committee (ALAC).
SUMMARY
This report is submitted to the GNSO Council on 5 December 2008 in response to a request received
from the ALAC pursuant to a Motion proposed and carried during the ALAC teleconference meeting
on 14 October and request subsequently submitted on 20 November 2008.
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 2 of 30
TABLE OF CONTENTS
1. EXECUTIVE SUMMARY 3
2. OBJECTIVE 6
3. BACKGROUND 7
4. STAFF ANALYSIS AND RECOMMENDATIONS 14
5. IS THE ISSUE WITHIN SCOPE OF GNSO POLICY
MAKING? 18
ANNEX I – ALAC REQUEST FOR ISSUES REPORT 20
ANNEX II – THE EXPIRED DOMAIN DELETION POLICY28
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 3 of 30
1. Executive Summary
1.1 Background
This report is submitted in response to the request (see annex I) from the At-Large
Advisory Committee (ALAC) for an Issues Report on Post-Expiration Domain Name
Recovery.
In this request ALAC alleges that current measures aimed at recovering an expired
domain name ‘have proven to be ineffective’ and asserts that ‘the loss of a domain name
can cause significant financial hardship to the registrant, and that harm can increase with
the time required to recover the name. Less concrete harm in the form of damaged
reputation and permanently lost business is also relevant’. Furthermore, the ALAC
considers previous attempts to instil predictability for post-expiration domain recovery
‘not successful’.
In order to understand the current process better and identify potential issues that might
exist for post-expiry domain recovery, an overview of the current life cycle of a gTLD
Domain Name, and more specifically the post-expiration grace periods, has been
provided in Chapter three.
1.2 Summary of Current Process and Staff Analysis
The Redemption Grace Period (RGP) is not a consensus policy and therefore not
binding on all registrars, although many registrars do offer RGP. Few domain names
seem to enter RGP because they are not deleted by the registrar; but instead their
registrations are sold, auctioned and/or transferred to a third party during the preceding
Auto-Renew Grace Period when the registrant fails to renew. Registrars may offer an
auto-renewal policy to registrants to renew a domain name following expiration and/or
share the profits of a sale or auction with the registrant, but registrars are not obligated to
do so.
The Registrar Accreditation Agreement (RAA) does contain a number of provisions
outlining the obligations of registrars to communicate the details of their deletion and
auto-renewal policies to new registrants. However, it is not always obvious what certain
terms and conditions might entail and it is possible that registrants may not fully
understand the implications of certain clauses in their contracts. It is current practice for
many registration agreements to include a clause in which the registrar obtains the right
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 4 of 30
to renew and transfer the domain name to the registrar through a subsidiary or affiliate or
a third party and/or redirect the domain name following expiration.
There is no requirement during the Auto-Renew Grace Period to put the domain name
on hold, which might result in the registrant only realising the domain name has expired
after it moves into RGP or after the domain name registration has been sold to another
registrant.
It is currently not possible to change registrars during RGP.
1.3 Staff Recommendations
ICANN staff recommends the GNSO Council to initiate a PDP to review and consider
changes to the Expired Domain Deletion Policy or develop a new consensus policy
addressing:
- Whether adequate opportunity exists for registrants to redeem their expired
domain names
- Whether expiration-related provisions in typical registration agreements are clear
and conspicuous enough
- Whether adequate notice exists to alert registrants of upcoming expirations
- Whether additional measures need to be implemented to indicate that once a
domain name enters the Auto-Renew Grace Period, it has expired (e.g. hold
status, a notice on the site with a link to information on how to renew, or other
options to be determined)
- Whether, and if so, how best to enable the transfer of a domain name in RGP.
On the latter point, the GNSO Council might want to consider whether this should be
investigated in the context of the upcoming Inter-Registrar Transfer Policy PDP C, ‘IRTP
Operational Rules Enhancements’.
In addition, ICANN staff recommends that any subsequent policy development effort
engaged in by the Council pursue the availability of further information from ICANN
compliance staff to understand better how those provisions that are currently part of the
RAA such as the obligation to provide details of the deletion and auto-renewal policy, as
well as information on the web site on the fee charged for the recovery of a domain
name during the RGP, are enforced.
Furthermore, the GNSO Council could consider enhancements, which would highlight
more clearly or visibly the provisions of the contract in relation to auto-renew and
expiration policies. It should be noted that ICANN staff does not recommend that this be
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 5 of 30
included in a PDP as it is at the discretion of the registrar to decide which services to
offer as long as within the scope of consensus policies and it is the obligation of the
registrant to understand what he or she signs up to. A previous Chair of the GNSO noted
in this context that ‘perhaps ICANN and the GNSO can assist with providing authoritative
information on the policies and processes of domain name registration to these
[consumer protection] organisations’.
1.4 Is the issue within scope of GNSO policy making?
Post-expiration domain name recovery involves the allocation and assignment of domain
names. ICANN is also responsible for policy development reasonably and appropriately
related to these technical functions. As explained further in Chapter 5 below, the issue
is within the scope of ICANN’s mission statement. As post-expiration domain name
recovery concerns gTLDs, the issue is within the scope of the GNSO to address.
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 6 of 30
2. Objective
This report is submitted in response to the request from the At-Large Advisory
Committee (ALAC) for an Issues Report on Post-Expiration Domain Name Recovery as
expressed in its request (see annex I).
In this context, and in compliance with ICANN Bylaws requirements:
a. The proposed subject raised for consideration is post-expiration domain name
recovery.
b. The identity of the party submitting the issue is the At-Large Advisory Committee.
c. How that party is affected by that issue: "At-Large" is the name for the community of
individual Internet users who participate in the policy development work of ICANN.
The ALAC request requesting this issues report states that:
‘ICANN’s mission is to “coordinate, at the overall level, the global Internet’s systems
of unique identifiers, and in particular to ensure the stable and secure operation of
the Internet’s unique identifier systems.” The ICANN Bylaws list 11 core values that
should guide ICANN’s decisions and actions in furtherance of its mission.
Enabling predictable post-expiration recovery of domain names while at the same
time allowing for innovation in domain registration involves the following core values:
1. Preserving and enhancing the operational stability, reliability, security, and global
interoperability of the Internet.
6. Introducing and promoting competition in the registration of domain names where
practicable and beneficial in the public interest.
7. Employing open and transparent policy development mechanisms that (i) promote
well-informed decisions based on expert advice, and (ii) ensure that those entities
most affected can assist in the policy development process.’
9. Acting with a speed that is responsive to the needs of the Internet while, as part of
the decision-making process, obtaining informed input from those entities most
affected.
d. Support for the issue to initiate a PDP: The motion to request an issues report was
adopted by consensus by ALAC on 14 October 2008.
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 7 of 30
3. Background
3.1 Background
At a teleconference on 14 October 2008, the At-Large Advisory Committee (ALAC) voted
to request an Issues Report on the subject of registrants being able to recover domain
names after their formal expiration date. The motion called for the draft request to be
revised during the Cairo ICANN meeting before submission to the Generic Names
Supporting Organisation (GNSO).
The ALAC formed a small Working Group to work on this request, which was adopted
unanimously on 5 November 2008.
The request was submitted to the GNSO Council on 20 November 2008.
3.2 Request for Issues Report
The ALAC request asks for ‘the creation of an Issues Report on Post-expiration Domain
Name Recovery by the original registrant’.
The request alleges that current measures aimed at recovering an expired domain name
‘have proven to be ineffective’.
The request asserts that ‘the loss of a domain name can cause significant financial
hardship to the registrant, and that harm can increase with the time required to recover
the name. Less concrete harm in the form of damaged reputation and permanently lost
business is also relevant’.
As the ALAC request considers previous attempts to instil predictability for post-
expiration domain recovery ‘not successful’, it notes a number of ‘desired outcomes’ it
would like to see coming from a possible policy development process, including:
o Domains are guaranteed to be recoverable by the original registrant for a specific
period immediately following expiration (nominally 30-45 days), during which the
registration may not be sold or auctioned.
o If the domain name resolves for web access, the page to which it resolves must
identify the domain name as a post-expiration domain name and provide details on
how the name can be recovered.
o Following expiration, e-mail should not be delivered or bounce with an appropriate
error code.
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 8 of 30
o Any other services normally accessible via the domain name must no longer be
accessible.
o The cost of recovering the name during the EGP should be predictable i.e. published
and not depend on the perceived resale or auction value of the domain name.
o The mechanism to transfer a domain name during the recovery process should be
possible, documented and published.
o If a domain name is ultimately deleted, the RGP must be offered to registrants, and
the pricing should be predictable.
o There should be an ability to change registrars during the RGP recovery.
o The term ‘published’ means the information must be readily locatable on the
registrar’s web-site.
In addition to the desired outcomes, attachment 1 outlines a number of issues related to
domain expiration and recovery, namely:
o Notices of expiration were sent and received, but the registrant did not take timely
action.
o Notices were sent but not consciously received by the registrant, typically because
they were treated as spam, or the e-mail address still existed but was not being
checked.
o Auto-renewal had been requested by the registrant, but at renewal time, there were
insufficient funds available or the credit card on file was not accepted.
o Notices were attempted to be sent, but could not be delivered, either due to mail
system malfunction or out-of-date registration contact information.
o The registrar did not send the required notices due to system malfunction or
deliberate inaction.
o The registrant is using a privacy service and that service does not forward the
expiration notices.
o Auto-renewal has been requested but was not carried out by the registrar (or privacy
service).
o The domain has been hi-jacked and contact information changed, allowing the
transfer of the domain to another registrar.
o The domain may never have been registered in the “registrant’s” name. This is
particularly prevalent in the cases where a domain name is bundled into a hosting
agreement by a reseller.
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 9 of 30
3.3 Current Post-Expiration Grace Periods and Practices
In order to understand the current process better and identify potential issues that might
exist for post-expiry domain recovery, an overview of the current life cycle of a gTLD
Domain Name (see figure 1), and more specifically the post-expiration grace periods, are
described in this section.
A number of elements described below are part of the Expired Domain Deletion Policy
(EDDP, see annex II) which is a consensus policy that revised the domain registration
expiration provisions in ICANN’s Registrar Accreditation Agreement in December 2004.
Figure 1 – Life Cycle of a gTLD Domain Name
3.3.1 Prior to Expiration
Under the terms of the Registrar Accreditation Agreement (RAA) as modified by the
EDDP, a Registrar ‘shall provide notice to each new registrant describing the details of
their deletion and auto-renewal policy’, including any changes made to this policy during
the term of the registration agreement.
The RAA furthermore specifies that the registrar should clearly display on its web-site
‘details of Registrar’s deletion and auto-renewal policies’ and ‘state, both at the time of
registration and in a clear place on its website, any fee charged for the recovery of a
domain name during the Redemption Grace Period’.
The Registrar is required to send at least two notices or reminders to the registrant to
alert the registrant that their domain name is about to expire and what needs to be done
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 10 of 30
in order to renew it. In practice, most registrars will send more than two notices to the
registrant.
Some registrars provide an optional automatic renewal service to registrants, by which
the domain name gets automatically renewed prior to expiration.
3.3.2 Auto-Renew Grace Period
The Auto-Renew Grace Period is a specified number of calendar days following an auto-
renewal. An auto-renewal occurs if a domain name registration is not renewed by the
expiration date; in this circumstance the registration will be automatically renewed by the
registry the first day after the expiration date. Often the registrar’s account is assessed
the registry renewal fee at that time, though some registries may not assess a fee on the
registrar until after the auto-renew grace period ends. The current length of the Auto-
Renew Grace Period is 45 days, but a registrar can opt to delete the domain name prior
to then.
During the Auto-Renew Grace Period, a domain name might resolve normally, stop
resolving or resolve to a registrar-designated IP address which hosts a parking, “under
construction” or other temporary page. In the latter case, the registrant will likely have
agreed to this option at the time of initial registration as one of the provisions of the
registration agreement. A review of the registration agreements of the top 10 domain
registrars covering over 66% of domain names, shows that seven registration
agreements contain such provisions, one registration agreement does not have a
provision in place but in the FAQ it is mentioned that the domain name is parked
following expiration and two registration agreements do not contain such a provision.
If a domain is deleted within the Auto-Renew Grace Period and the Registry has already
assessed a renewal fee on the Registrar, the sponsoring Registrar at the time of the
deletion will receive a credit from the registry of the renewal fee. The domain
immediately goes into the Redemption Grace Period (see next section).
A domain can be renewed within the Auto-Renew Grace Period. The account of the
sponsoring Registrar at the time of the additional extension will be charged by the
registry for the additional number of years the registration is extended.
If a domain is transferred within the Auto-Renew Grace Period, the losing Registrar is
credited with the registry renewal fee and the year added by the Auto-Renew operation
is cancelled. The expiration date of the domain is extended by one year up to a total
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 11 of 30
maximum of ten and the gaining Registrar is charged by the registry for that additional
year.
There is no obligation in the RAA or EDDP for the Registrar to return the domain name
to the original registrant during the Auto-Renew Grace Period, should the registrant
decide it would like to renew the domain name. However, registrars do have the option to
offer this possibility. The conditions for renewal are normally outlined in the auto-renewal
policy of the respective registrar. In practice, most registrars have an auto-renewal policy
in place, which allow the registrant to renew a domain name after the expiration date.
If the domain name is deleted, it automatically enters the RGP. It should be noted
though, and this is one of the concerns expressed by ALAC; some domain names never
reach the RGP because their registrations are sold, auctioned or transferred to another
party which, the ALAC asserts, cannot be prevented by the original registrant. Many
registration agreements provide for the right of renewal by the registrar and transfer of
ownership to the registrar through a subsidiary or affiliate or a third party in case the
original registrant does not renew the domain name. In practice, registrars may offer the
possibility for the original registrant to renew the domain name registration as part of
their auto-renewal policy and/or share in the profits of a sale or auction of the domain
name.
Rob Hall, a registrar representative in a 2007 tutorial offered at the ICANN public
meeting in Lisbon on ‘How the Marketplace for Expiring Names Has Changed’, noted
that ‘if the domain has any value over $6, they’re no longer entering the redemption
grace period’, but the domain name is kept by the registrar. As a result, ‘the individual
registrars are in fact becoming the de facto registry for that domain name. The only place
you can get it is at that registrar’.
During the Auto-Renew Grace Period, a domain name can be transferred to another
registrar as outlined in the ‘Policy on Transfer of Registrations between Registrars’.
3.3.3 Redemption Grace Period (RGP)
Following a rising tide of problems and complaints relating to deletion of domain-name
registrations, in 2002 ICANN developed the Redemption Grace Period (RGP) for
unsponsored TLDs to prevent unintentional deletions. It should be noted that the RGP
was not established by an ICANN consensus policy and it is therefore at the sole
discretion of the registry and registrar whether to offer or not to offer the Redemption
Grace Period service. In practice it is believed that most registrars offer this service.
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 12 of 30
The RGP is a 30-day registry "hold" period for all domain names deleted by registrars.
This hold period is designed to allow registrars the ability to "restore" names that were
deleted accidentally or without the intent of the registrant.
During this 30-day period, the deleted name will be placed on REGISTRY-HOLD, which
will cause the name to be removed from the zone. The domain name, therefore, will not
function/resolve. This feature is intended to ensure notice to the registrant that the name
is subject to deletion at the end of the Redemption Grace Period, even if the contact data
the registrar has for the registrant is no longer accurate.
During the Redemption Grace Period, the original registrant can redeem its registrations
through the registrar. Registrars can redeem the name in the registry for the original
registrant by paying renewal fees, plus a service charge, to the registry operator. Any
party requesting redemption is required to prove its identity as the original registrant of
the name.
The RAA states that the registrar must have ‘both at the time of registration and in a
clear place on its website, any fee charged for the recovery of a domain name during the
Redemption Grace Period’.
It is currently not possible to transfer a domain name in RGP to another registrar; the
domain name can only be recovered by the existing registrar.
3.3.4 Pending Delete
A domain name is placed in PENDINGDELETE status if it has not been restored during
the Redemption Grace Period. A domain name cannot be recovered or transferred by
anyone at this point .A domain name is deleted from the registry database a specified
number of calendar days after it is placed in PENDINGDELETE status. The current
length of this Pending Delete Period is five calendar days. Once the domain name has
been deleted from the registry database, it becomes available for registration by a new
registrant.
3.4 Renewal and Expiry Rates
According to the Verisign ‘Domain Name Industry Brief’ of September 2008 ‘the renewal
rate for .com and .net averaged 74 percent for the first quarter of 2008. Renewal rates
have historically been in the mid-70 percent range over the last few years. […] Whether
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 13 of 30
a domain name resolves to a Web site is a key factor in the renewal rates since domain
names that resolve to Web sites are more likely to be renewed’.
It is estimated that anywhere between 20,000 and 65,000 domain names are deleted
every day (see https://www.snapnames.com/faqs.jsp, http://www.pool.com/).
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 14 of 30
4. Staff Analysis and Recommendations
4.1 Analysis
The RGP was intended to stop names from being re-registered immediately after being
deleted in error. The EDDP was intended to stop registrars from allowing registrations to
remain registered and active indefinitely following the expiration of the original
registration agreement. While both work as originally intended, they do not address
concerns raised by the ALAC that some registrants may not have sufficient notice or
opportunity to recover expired domain names. In addition, the RGP is not a consensus
policy and therefore not binding on all registrars, although many registrars do offer RGP.
Also the practice is becoming more common whereby domain names, especially those of
value, never enter the RGP because they are not deleted, but the registrations are sold,
auctioned and/or transferred to a new registrant before that time. It should be noted that
many registrars do offer RGP. Many registrars do offer an auto-renewal policy with the
possibility for registrants to redeem their domain name, and/or offer the possibility to
share in the profits of the sale or auction of the domain name. However, this is a
voluntary decision by the registrar, they are not obligated to do so.
The RAA does dictate that registrars ‘shall provide notice to each new registrant
describing the details of their deletion and auto-renewal policy’, including any changes
made to this policy during the term of the registration agreement. In most cases, details
relating to the deletion and auto-renewal policy are included in the registration
agreement, which is a document that is expected to be read and understood by
registrants before signing. As noted before, it is current practice at many registrars that
this agreement includes a clause in which the registrar obtains the right to renew and
transfer the domain name to the registrar through a subsidiary or affiliate or a third party
and/or redirect the domain name following expiration. A prospective registrant could
always review the registration agreements of multiple registrars in order to find the
conditions that fit best with his or her needs, but it is not always obvious at the outset
what certain terms and conditions might entail (e.g. a parked page – does this include
advertising, does it link to another content page, is it the original domain with an
expiration banner?). In addition, registrants may not fully understand the implications of
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 15 of 30
certain clauses in the contracts, especially those relating to expiration. Some registrants
also may not be focused on term related to expiration at the time of signing.
Registrars are required to send at least two notices to registrants before each domain
name expires, informing them about the upcoming expiration and how to renew the
domain name. However, there is no requirement during the Auto-Renew Grace Period to
put the domain name on hold as happens during the RGP. This might result in the
domain name resolving normally, even after expiration. Some registrars may include a
banner or notice on the (parked) web-site indicating it has expired, but again, this is not
an obligation. The registrant may not realise that the domain name has expired until after
it moves into RGP or after the registration has been sold to another registrant who
changes the content of the site.
It is currently not possible to change registrars during RGP. However, it might be
worthwhile to investigate whether it would be appropriate to make this option available to
registrants in the context of the ‘Policy on Transfer of Registrations between Registrants’.
It would facilitate matters such as in the case where a reseller is not responsive to the
request from the registrant to recover the domain name and could promote increased
competition in the marketplace.
4.2 Recommendations
Taking the above into account, ICANN staff recommends that the GNSO Council initiate a
PDP to review and consider changes to the Expired Domain Deletion Policy or develop a
new consensus policy addressing:
- Whether adequate opportunity exists for registrants to redeem their expired
domain names
- Whether expiration-related provisions in typical registration agreements are clear
and conspicuous enough
- Whether adequate notice exists to alert registrants of upcoming expirations
- Whether additional measures need to be implemented to indicate that once a
domain name enters the Auto-Renew Grace Period, it has expired (e.g. hold
status, a notice on the site with a link to information on how to renew, or other
options to be determined)
- Whether, and if so, how best to enable the transfer of a domain name in RGP.
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 16 of 30
On the latter point, the GNSO Council might want to consider whether this should be
investigated in the context of the upcoming Inter-Registrar Transfer Policy PDP C, ‘IRTP
Operational Rules Enhancements’.
In addition, ICANN staff recommends that any subsequent policy development effort
engaged in by the Council pursue the availability of further information from ICANN
compliance staff to understand better how those provisions that are currently part of the RAA
such as the obligation to provide details of the deletion and auto-renewal policy, as well as
information on the web site on the fee charged for the recovery of a domain name during the
RGP, are enforced.
Furthermore, the GNSO Council could consider enhancements, which would highlight more
clearly and visibly the provisions of the contract in relation to auto-renew and expiration
policies. It should be noted that ICANN staff does not recommend that this be included in a
PDP as it is at the discretion of the registrar to decide which services to offer as long as
within the scope of consensus policies and it is the obligation of the registrant to understand
what he or she signs up to. A previous chair of the GNSO noted in this context that ‘perhaps
ICANN and the GNSO can assist with providing authoritative information on the policies and
processes of domain name registration to these [consumer protection] organisations’,
4.3 ALAC Desired Outcomes
In relation to the desired outcomes stated by ALAC in its request, ICANN staff notes that
while most, if not all, outcomes might be achieved by the recommendations identified by the
ALAC, it would be helpful for all parties concerned to engage in a more fulsome dialogue on
the extent and detailed nature of the concerns to determine whether these are shared
desired outcomes and if so, how these could best be addressed in policy work going
forward, including a more robust discussion of the merits and drawbacks of various solutions
to address agreed concerns. The GNSO Council might consider such an activity, which
could take the form of one or more public workshops at an upcoming ICANN meeting, for
example, as a precursor for the launch of a PDP as it would help to define and focus the
policy development process on one or more specific proposed changes. While this could
also be explored by a working group following the launch of a PDP, staff recommends
further fact finding first to figure out what policy options might exist, and then conduct a PDP
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 17 of 30
to assess the impact of those policy options and confirm community support for a preferred
policy choice.
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 18 of 30
5. Is the issue within scope of GNSO Policy
Making?
In determining whether the issue is within the scope of the ICANN policy process and the
scope of the GNSO, ICANN Staff and the General Counsel’s office have considered the
following factors:
Whether the issue is within the scope of ICANN’s mission statement
The ICANN Bylaws state that:
“The mission of The Internet Corporation for Assigned Names and Numbers
("ICANN") is to coordinate, at the overall level, the global Internet's systems of
unique identifiers, and in particular to ensure the stable and secure operation of the
Internet's unique identifier systems. In particular, ICANN:
1. Coordinates the allocation and assignment of the three sets of unique
identifiers for the Internet, which are
a. Domain names (forming a system referred to as "DNS");
b. Internet protocol ("IP") addresses and autonomous system ("AS")
numbers; and,
c. Protocol port and parameter numbers.
2. Coordinates the operation and evolution of the DNS root name server
system.
3. Coordinates policy development reasonably and appropriately related to
these technical functions.”
Post-expiration domain name recovery involves the allocation and assignment of domain
names. ICANN is also responsible for policy development reasonably and appropriately
related to these technical functions. Under items 1a and 3 above, the issue is within the
scope of ICANN’s mission statement. As post-expiration domain name recovery concerns
gTLDs, the issue is within the scope of the GNSO to address.
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 19 of 30
Whether the issue is broadly applicable to multiple situations or organisations
A consideration of the issues surrounding post-expiration domain name recovery would be
broadly applicable to multiple situations or organisations, including each existing gTLD under
contract with ICANN, each of 900+ accredited registrars, and a diversity of existing and
potential registrants. Note however that a consensus policy resulting from the policy
development process would only be applicable to contracted parties (registries and
registrars).
Whether the issue is likely to have lasting value or applicability, albeit with the need
for occasional updates
Completion of policy development work on issues surrounding post-expiration domain name
recovery would affect future gTLDs, future registrars, and potential business or non-
commercial entities which have not as yet entered the market.
Whether the issue will establish a guide or framework for future decision-making
The outcome of a policy development process will have lasting value as precedent, although
the particular circumstances of the market will continue to evolve, and will thus establish a
framework for future decision-making on related issues.
Whether the issue implicates or affects an existing ICANN policy
The issue does affect an existing ICANN policy, namely the Expired Domain Deletion Policy
and the Policy on Transfer of Registrations between Registrars (only relating to the question
of a transfer of a domain name in RGP). A list of consensus policies is available at
http://www.icann.org/general/consensus-policies.htm.
Based on the above, the General Counsel finds that the proposed issue is within scope of
the ICANN policy process and within the scope of the GNSO.
ICANN staff recommends that the Council move forward on a policy development process,
including further fact-finding and research as described above to provide more data and
further insights to assist policy development and illuminate potential policy options. Staff
resources can be made available to support these research activities and objectives.
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 20 of 30
Annex I – ALAC Request for Issues Report
Request for Issues Report on Post-expiration Domain Recovery
The At-Large Advisory Committee requests the creation of an Issues Report on Post-
expiration Domain Recovery by the original registrant
1
.
Note: for the purposes of this document, the term “registrar” refers to both
registrars and their resellers.
Note: for the purposes of this document, the term “expiration” refers to the
date showing as the domain “expiration date” effective during the preceding
year. The reason for such cumbersome wording is the provision in many
Registrar-Registrant agreements such as the following example which could
result in the domain name never actually expiring: "Should you choose not to
renew your domain name during any applicable grace period, you agree that
we may, in our sole discretion, renew and transfer the domain name to a third
party on your behalf (such a transaction is hereinafter referred to as a "Direct
Transfer")."
Over the years, ICANN has implemented several measures aimed at ensuring that a domain
that had recently expired could be recovered by its original registrant. These measures have
proven to be ineffective. Registrars have developed means of circumventing them to make
both the possibility of recovery, and the price of such recovery, quite unpredictable.
A short summary of the issues related to domain expiration and recovery is included in
Attachment 1.
If a registrant does not renew its domain name before the registration’s expiration date, the
registrant may first become aware of the non-renewal when its website is not accessible or
its e-mail does not work. Typically a web URL will now resolved to a parked page which may
1
In the context of this document, the “registrant” is the entity that has the benefit of the original registration and not a proxy
service or other intermediary that may be the reflected in whois data.
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 21 of 30
or may not give an indication that the domain name has expired and could be recovered, or
the process for such recovery. Most likely the page will have pay-per-click links, with the
subject matter somehow related to the domain name or the content of the original site. It is
also possible that the web/e-mail could continue to work during this period, providing no
indication at all that the domain has expired.
When a registrant tries to recover a domain following the expiration and before deletion,
some combination of the following may occur:
The domain may be recoverable, but the price may be set based on the registrar’s
perceived market value of the domain, and/or the amount of time that has elapsed since
expiration.
The domain may have already been transferred, sold or auctioned and is no longer
available.
The domain name has been deleted and the Registrar does not offer redemption under
the RGP, or the RGP is offered, but at an excessive price.
Consequences of “Lost” Domain Names
A 2002 ICANN Discussion Paper on Redemption Grace Periods
(http://www.icann.org/en/registrars/redemption-proposal-14feb02.htm) summarized the
impacts of lost domain names on registrants (described as consumers).
To consumers (individuals, businesses, non-commercial organizations, and
governmental and educational entities), the consequences of an unintentional
domain registration deletion can be devastating. If a domain is deleted and re-
registered by a third party, the original registrant's web, e-mail and other Internet
services will, in the best circumstances, simply stop working. Worse still is the
potential for e-mail and web traffic intended for the original registrant to be redirected
to and captured by a third party whose intentions may not be benevolent. In many
cases the prior registrants of names find that "their" domains have been pointed to
content they find to be distressing. (For example, in some cases deleted church-
group domain names have been re-registered and directed to adult-content sites.)
Some registrants of expired domains are interested primarily in profiting from a
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 22 of 30
mistaken deletion by obtaining click-through revenue the domain will draw. Others
have demanded ransom for return of inadvertently deleted names that they re-
register; they sometimes enhance the ransom value by placing content on the site
calculated to harm the former registrant.
The loss of a domain name can cause significant financial hardship to the registrant, and
that harm can increase with the time required to recover the name. Less concrete harm in
the form of damaged reputation and permanently lost business is also relevant. For non-
commercial domain names, the impact can also be significant; examples include sites
serving networks for parents of terminally ill children, political campaigns and a host of
others. Moreover the time and cost to recover a domain can be substantial, particularly if
those who have taken over a domain have found that it draws high traffic. If a name is
ultimately not recoverable, the harm to the registrant may be very large.
In cases where a claim can be made that the entity taking over a domain name is violating
the Intellectual Property rights of the original registrant, there may be recourse under the
UDRP. However, many small enterprises and individuals do not pursue relief under the
UDRP.
In many cases, the registrants are providing a variety of services to the community at large,
and with the redirection of a domain name, the services are no longer available. The impact
of the loss of these services on which the end user relies can vary from minor inconvenience
or annoyance to major impact on their livelihood if such services were a necessary input into
their own business.
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 23 of 30
Relevance to ICANN’s Mission
According to ICANN’s bylaws, ICANN’s mission is to “coordinate, at the overall level, the
global Internet's systems of unique identifiers, and in particular to ensure the stable and
secure operation of the Internet's unique identifier systems.” The ICANN Bylaws list 11 core
values that should guide ICANN’s decisions and actions in furtherance of its mission.
Enabling predictable post-expiration recovery of domain names while at the same time
allowing for innovation in domain registration involves the following core values.
1. Preserving and enhancing the operational stability, reliability, security, and global
interoperability of the Internet.
6. Introducing and promoting competition in the registration of domain names where
practicable and beneficial in the public interest.
7. Employing open and transparent policy development mechanisms that (i) promote well-
informed decisions based on expert advice, and (ii) ensure that those entities most affected
can assist in the policy development process.
9. Acting with a speed that is responsive to the needs of the Internet while, as part of the
decision-making process, obtaining informed input from those entities most affected.
Desired Outcomes
Previous attempts to ensure predictability in post-expiration domain recovery have not been
successful. Possibly, this is because they have been process-based instead of outcome-
based. As a result, we now have a Redemption Grace Period in place, but even for
registrars that pass the right on to registrants, it is rarely applicable. We have an Auto-renew
Grace Period, but it has been circumvented by registration contractual terms.
The ALAC supports the following outcomes:
1. Domains are guaranteed to be recoverable by the original registrant for a specific period
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 24 of 30
immediately following expiration (nominally 30-45 days) – the Expiration Grace Period –
EGP. They may not be sold or auctioned during the EGP. Note that this is NOT a
recommendation to create an Expiration Grace Period. The term and the acronym EGP
are used here purely as a shorthand in the following points.
2. If the domain name resolves for web access, the resultant home page must identify the
domain name as a post-expiration name and provide details on how the name can be
recovered. Such a page should not include pay-per-click links, advertising, or other
similar content. The name must not resolve, directly or indirectly, to its original IP
address(es); specifically, the original web site must not be accessible via the domain
name.
3. During the EGP, e-mail must either not resolve or bounce with an appropriate error code,
but under no conditions be delivered to the original owner or another recipient.
4. Any other services normally accessible via the domain name must no longer be
accessible.
5. The cost of recovering the name during the EGP must be fixed
2
and published.
6. The mechanism to change registrars during the recovery process must be documented
and published.
7. If a domain is ultimately deleted following the EGP, the RGP must be offered to
registrants, and the pricing must be fixed and published.
8. There should be an ability to change registrars during the RGP recovery.
9. The term “published” means the information must be readily locatable on the registrar’s
web site.
Although not an issue within the scope of a PDP, ICANN must have in place procedures for
addressing registrar or reseller failure to abide by expiration-related processes, and must
facilitate procedures for addressing registrant complaints with respect to such processes
(timely investigation is critical).
2
By “fixed” we mean that the cost does not vary over time or based on the perceived resale/auction value of the name.
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 25 of 30
Attachment 1 (to the ALAC Request for Issues Report): Summary of Domain
Expiration and Recovery Issues
Historically, a domain was registered for a specific period of time. Near the end of the period,
the registrar was (and still is) required to notify the registrant of this expiration. If the domain
was not renewed, the registrar would eventually notify the registry to delete the domain. The
timing of “eventually” could be as little as zero days and was not limited. On deletion, the
domain name would re-enter the pool of available domains and could be re-registered by the
original owner or by someone else.
In 2002, the ICANN Board approved the Redemption Grace Period (RGP). Under the RGP,
a deleted domain would not re-enter the available pool but would be placed in a hold status
for 30 days with the intention of allowing the original registrant, through the registrar, to have
the domain restored and renewed. There were registry fees associated with the process,
which could be marked up by the registrar. The RGP has been voluntarily implemented by
all unsponsored gTLDs [with the possible exception of .name].
Concurrent with the Board discussion of the RGP a DNSO/GNSO PDP was started looking
at domain deletion issues (http://www.dnso.org/dnso/notes/20030617.DeletesTF-report.html)
including whether more specific rules should apply to when a registrar must delete an
expired domain name. As a result, in 2004, ICANN announced such a policy. The
announcement (http://www.icann.org/en/announcements/announcement-21sep04-2.htm)
read:
Today ICANN announced the implementation of the Expired Domain Deletion Policy
(EDDP). This consensus policy defines a uniform deletes practice that registrars
must follow at the time of domain name expiration, as well as specific requirements
for registrar handling of expired names that are subject to a UDRP dispute.
The EDDP was developed through ICANN's Generic Names Supporting
Organization in response to concerns in the community about registrar practices in
regards to deletion of expired names. In the past, some registrars have held on to
domain registrations that the original registrant did not act to renew. With the new
policy in place, all ICANN-accredited registrars will be required to delete domain
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 26 of 30
names by the conclusion of the 45 day auto-renewal period that follows the
expiration of a domain name, unless the registrant has consented to have the
domain names renewed.
Names deleted by registrars at the conclusion of any registrar grace period following
expiration will continue to be subject to the Redemption Grace Period (RGP). The
RGP is a thirty (30) day registry "hold" period for all domain names deleted by
registrars. This hold period is designed to allow registrars the ability to "restore"
names that were deleted accidentally or without the intent of the registrant.
In short, a registrar was required to delete the name within 45 days, after which the RGP
would kick in.
Unfortunately, before the policy was implemented, some registrars began changing their
user agreements to allow them to take over or transfer expired domains to other parties,
thereby allowing the name to be monetized, and/or sold or auctioned. In some cases, the
original registrant receives a percentage (ranging up to 80%) of the sale price. By
immediately monetizing these names, their value can be gauged.
If an original registrant attempts to recover their name, the registrar may make it available at
some price if it has not yet been irrevocably sold.
Registrants may unintentionally allow their domain names to expire for many reasons. These
include:
Notices of expiration were sent and received, but the registrant did not take timely action.
Notices were sent but not consciously received by the registrant, typically because they
were treated as spam, or the e-mail address still existed but was not being checked.
Auto-renewal had been requested by the registrant, but at renewal time, there were
insufficient funds available or the credit card on file was not accepted.
Notices were attempted to be sent, but could not be delivered, either due to mail system
malfunction or out-of-date registration contact information.
The registrar did not send the required notices due to system malfunction or deliberate
inaction.
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 27 of 30
The registrant is using a privacy service and that service does not forward the expiration
notices.
Auto-renewal had been requested but was not carried out by the registrar (or privacy
service).
The domain has been hi-jacked and contact information changed, allowing the transfer of
the domain to another registrar.
The domain may never have been registered in the “registrant’s” name. This is
particularly prevalent in the cases where a domain name is bundled into a hosting
agreement by a reseller.
Some of these reasons may implicate registrar violations of ICANN and/or customer
agreements, but enforcement is often difficult or impossible.
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 28 of 30
Annex II – The Expired Domain Deletion Policy
Expired Domain Deletion Policy - Posted: 21 September 2004
The Expired Domain Deletion Policy is a revision to the domain registration expiration
provisions in ICANN's Registrar Accreditation Agreement. Pursuant to a Consensus Policy
recommendation from the GNSO Council, and as approved by the ICANN Board of
Directors, the following changes to the obligations in the RAA will apply beginning 21
December 2004. (These requirements retroactively apply to all existing domain name
registrations beginning 21 June 2005.) These revised contractual provisions will be
applicable to all registrars pursuant to the Consensus Policies provision (§4.1) in the
Registrar Accreditation Agreement. A new form of the agreement including these revisions
will be posted shortly.
Section 3.7.5 currently reads as follows:
"Registrar shall register Registered Names to Registered Name Holders only for fixed
periods. At the conclusion of the registration period, failure by or on behalf of the Registered
Name Holder to pay a renewal fee within the time specified in a second notice or reminder
shall, in the absence of extenuating circumstances, result in cancellation of the registration.
In the event that ICANN adopts a specification or policy concerning procedures for handling
expiration of registrations, Registrar shall abide by that specification or policy."
Beginning on 21 December 2004, Section 3.7.5 will be replaced with the following language:
3.7.5 At the conclusion of the registration period, failure by or on behalf of the Registered
Name Holder to consent that the registration be renewed within the time specified in a
second notice or reminder shall, in the absence of extenuating circumstances, result in
cancellation of the registration by the end of the auto-renew grace period (although Registrar
may choose to cancel the name earlier).
3.7.5.1 Extenuating circumstances are defined as: UDRP action, valid court order,
failure of a Registrar's renewal process (which does not include failure of a registrant to
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 29 of 30
respond), the domain name is used by a nameserver that provides DNS service to third-
parties (additional time may be required to migrate the records managed by the
nameserver), the registrant is subject to bankruptcy proceedings, payment dispute (where a
registrant claims to have paid for a renewal, or a discrepancy in the amount paid), billing
dispute (where a registrant disputes the amount on a bill), domain name subject to litigation
in a court of competent jurisdiction, or other circumstance as approved specifically by
ICANN.
3.7.5.2 Where Registrar chooses, under extenuating circumstances, to renew a domain
name without the explicit consent of the registrant, the registrar must maintain a record of
the extenuating circumstances associated with renewing that specific domain name for
inspection by ICANN consistent with clauses 3.4.2 and 3.4.3 of this registrar accreditation
agreement.
3.7.5.3 In the absence of extenuating circumstances (as defined in Section 3.7.5.1
above), a domain name must be deleted within 45 days of either the registrar or the
registrant terminating a registration agreement.
3.7.5.4 Registrar shall provide notice to each new registrant describing the details of
their deletion and auto-renewal policy including the expected time at which a non-renewed
domain name would be deleted relative to the domain’s expiration date, or a date range not
to exceed ten days in length. If a registrar makes any material changes to its deletion policy
during the period of the registration agreement, it must make at least the same effort to
inform the registrant of the changes as it would to inform the registrant of other material
changes to the registration agreement (as defined in clause 3.7.7 of the registrars
accreditation agreement)."
3.7.5.5 If Registrar operates a website for domain name registration or renewal, details
of Registrar's deletion and auto-renewal policies must be clearly displayed on the website.
3.7.5.6 If Registrar operates a website for domain registration or renewal, it should
state, both at the time of registration and in a clear place on its website, any fee charged for
the recovery of a domain name during the Redemption Grace Period.
Issues Report on Post-Expiration Domain Name Recovery Date: 5 December 2008
Issues Report on Post-Expiration Domain Name Recovery
Author: Marika Konings
Page 30 of 30
3.7.5.7 In the event that a domain which is the subject of a UDRP dispute is deleted or
expires during the course of the dispute, the complainant in the UDRP dispute will have the
option to renew or restore the name under the same commercial terms as the registrant. If
the complainant renews or restores the name, the name will be placed in Registrar HOLD
and Registrar LOCK status, the WHOIS contact information for the registrant will be
removed, and the WHOIS entry will indicate that the name is subject to dispute. If the
complaint is terminated, or the UDRP dispute finds against the complainant, the name will
be deleted within 45 days. The registrant retains the right under the existing redemption
grace period provisions to recover the name at any time during the Redemption Grace
Period, and retains the right to renew the name before it is deleted.
