>> Not sure the RPZ hammer has been brought out in force yet. I've seen a
few recommendations on various mailing lists, but no concerted effort.
Unfortunately, there is no easy/scalable way to determine who a registrar
for a given name is,
> That is called RDAP,
I said "scalable".
Given RDAP is based on TCP and there is this concept known as
"registration data lookup rate limiting", I'm somewhat skeptical RDAP is
the appropriate choice for (e.g.,) a "DNS Block List"-like solution that
would (say) dump email that came from domains registered via
Fair enough. There are though non-standard UDP-based domain lookup
implementations like isavail that could address both this use case and
provide faster availability searches.
> but ICANN currently blocks gTLD registries from offering RDAP.
Ignoring the above, and as I'm sure you're aware, the community has not
determined the policies by which RDAP may be offered as an official
registry service using production data, e.g., whether and how
differentiated services will be permitted among other details. As such, it
is more accurate to say that registries are not permitted to deploy new
services because of contractual obligations the registries entered into
that requires them to have new services evaluated to ensure those services
don't impact DNS security, stability or competition, something the
community required ICANN enforce as a result of the SiteFinder episode ages
ago. Registries can, of course, request that evaluation and I'm told some
have and are actually offering RDAP.
But I would agree it is much easier to simply blame ICANN.
RDAP is totally different from other possible registry services since it's
already baked into registries contracts...
specification 4. It's basically the same service already offered thru
WHOIS, RDDS, over a different protocol.
The contract already allows ICANN to trigger a requirement to support RDAP,
but doesn't allow registries to support if before they are required. ICANN
could have, and has been suggested to, allow it before it triggers the
requirement in order to have willing registries support it, and hasn't done
So in this particular case I don't have any problems blaming ICANN... and
the great level of transparency of ICANN meetings being recorded and
transcribed provides plenty of evidence in that regard.
As for gTLD registries offering RDAP, I couldn't find any at
https://www.icann.org/resources/pages/rsep-2014-02-19-en, the page where
new registry services are described and published for comments... the only
registries I know deploying RDAP are ccTLDs, which do not operate inside
ICANN gTLD policy framework.