Flaws In the Registrar Accreditation Agreement (RAA)

Questions have been arising lately as to the real protective power of the Registrar Accreditation Agreement (RAA) which is a commitment that governs the relationship between ICANN and its accredited registrars. Following in the footsteps of KnujOn.com, Spamlaws.com has been investigating the serious flaws within the framework of the RAA and invites our readers to push ICANN to further amend the Registrar Accreditation Agreement and take a tougher stance against the accreditation of spam and malware hosts.

What Is ICANN?

ICANN was formed in 1998 as a non-profit corporation dedicated to providing a secure Internet. Its main responsibility is for managing the assignment of domain names and IP addresses. Every computer connected to the Internet has a unique address provided for it. When logged onto the Internet the Internet Service Provider (ISP) assigns an IP address from a block of IP addresses at its disposal. Every website must also have a unique address and both this domain name, used as the website address, and the IP address provided for each computer are used in order for each website and computer to both send information across the web and to receive information from other sites and parties. However, the question on the lips of every crusader against fake websites and companies known to disseminate spam and malware is: Why does ICANN provide legitimate domain names and IP Addresses for these companies and sites? How can the RAA be further amended in order to assure the legitimacy of the site or computer being accredited?

An Example

Phantom registrars who distribute urls to senders of spam, unsolicited email and malware, have gained accreditation from ICANN. KnujOn.com has found at least 48 such examples and fears that this may only be the tip of the iceberg. All 48 uncovered by KnujOn were traced back to one firm, Directi Group, which heads and controls such companies as Directi, PublicDomainRegistry, and Answerable and Logic Boxes-all of whom are associated with disreputable web operations. None of the registrars under Directi are really licensed companies and all use their position to back online pharmacies. One of Directi's subsidiaries, PrivacyProtect.org, backs 1,820 fake pharmacies domains. All 1,820 use the same IP address and this IP address is constantly move around the world to different locations, making it difficult to track. The phony pharmacies sites using this IP address are responsible for selling illegal drugs, steroids and distributing malware.

So the question that must be asked is: Why does ICANN allow this? Why are these firms and sites provided with legitimate IP addresses and domain names and why are they accredited under the RAA?


In December 2008 the RAA proposed amendments to try to address this issue and increase the availability of the public to companies' and sites' registrar data and contact information.

The two new proposed amendments are:

  • Licensee Contact Information Disclosure - Requires a Registered Name Holder that licenses use of a domain name to disclose the contact information provided by the licensee under certain circumstances. (Presently, only the identity of the licensee need be disclosed.)
  • Registrar Contact Information - Requires registrars to provide their accurate contact details on their websites including valid email and mailing addresses

However, many advocates against spam are asking if these amendments are enough and are wondering when will ICANN pull the accreditation of such malicious companies like Directi?


Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Identity theft comes in many forms.

A person\92s identity can be 'borrowed' for the purpose of creating fictional credit cards or a person\92s entire identity can be usurped to the point where they can have difficulty proving that they really are who they claim to be.

Up to 18% of identity theft victims take as long as four years to realize that their identity has been stolen.

There are many ways to protect your personal identity and many steps you can take to prevent your identity from being stolen:

*Never give out unnecessary personal information
*Never provide bank details or social security numbers over the Internet
*Always remain aware of who is standing behind you when you type in your personal credit codes at ATM machines and at supermarket checkout swipe machines.