Hi Matt

The above article on SecurityWatch based on Knujons factually inaccurate and baseless report. Directi is not linked with any of the activities described in that report and Knujon, in their research have never bothered to get their facts straight from either ICANN or us. The article you publish is false and defamatory and hence I urge you to take it down immediately.

Feel free to connect with me for any clarifications - at bhavin.t-AT-directi.com and I will be happy to share the actual facts with you - something that Knujon has not bothered to do so far. Find below our email to Knujon concerning the gross inaccuracies in their article -

Warm Regards
Bhavin Turakhia
CEO, Directi

----
Dear Garth (from Knujon),

This is with regards to the numerous articles on your website www.knujon.com that frivolously implicate the Directi Group. Before I move to the specifics, Id like to comment on the challenge you've thrown open to us, to take a lead in the endeavor of suspending every illicitly run domain name.

Please understand that Directi continues to be one of the most proactive Registrars today in terms of combating abuse and implementing strict AUPs and we have a significant investment in terms of manpower and processes to achieve just this. We do so, not because were contractually obligated, or to protect our own business interests, but because we sincerely believe in the ideology of making the internet a safer and more secure medium for conducting business. Its really unfortunate that your analysis misrepresents the details, and conveniently ignores all of the active measures we take regularly against spamming, phishing and other forms of abuse activity on the internet. As a matter of fact, we have a ZERO tolerance policy towards unscrupulous activities, and therefore extremely shocked to learn about the baseless allegations made in your report.

Given below, is a list of all the false information, conclusions and accusations that you have repeatedly made about our organization:

1. EST is NOT affiliated to the Directi Group in any way: EST just happens to be one of the several thousand service providers that use our technology to provide domain registration services. Therefore all of the claims that EST is a part of our Group is grossly incorrect.

2. Your claim that the accredited companies we own are: a) Phantom Registrars (ex: Jumbo Names) that are not incorporated or Do Not Really Exist and b) somehow involved in supporting the fake pharmacy business in some way, is not only grossly incorrect, but also seriously defamatory. You may not be privy to the strategic reasons why several of the top web services cos. need to invest in multiple registrar companies. However, there is absolutely no substance in suggesting that these companies are somehow involved in illegal activities. Not only do these registrars operate legitimately, but they also implement the strict AUPs for all sponsored domain names.

3. You claim that the Directi Group is somehow closely linked with Atrivo, which probably is a false conclusion drawn from pt. 1. above.

4. There are several other domain names that you have listed for various issues - software piracy, for instance - and claim that they are privacy protected. These domain names and their sponsoring registrar have not used privacy protection services for several months now; it is unfortunate that you did not choose to verify your data before making these accusations.

5. The statement "While Directi claims they will suspend illicit domains, KnujOn has found on many occasions Directi sponsored domains being removed temporarily only to be restored after a brief period with the same content" is incorrect, but we do acknowledge a technical lapse that may have led you to believe this. The domain names that you've listed were not intentionally restored, but did not get suspended in due process because of a technical error. When vigilant netizens alerted us about the situation, the domain names were suspended immediately.

6. The statement "If a consumer complains to Directi/PublicDomainsRegistry about these sites they simply direct them to the ISP host that serves the content. If and when the site content is closed by the ISP host, Directi/PublicDomainsRegistry just helps them set up at a new IP." is baseless and seriously defamatory. We do not condone any abusive behavior using domain names registered through us, much less facilitate it. There are cases where we forward complaints to the host to pursue in accordance with their AUP, but in no circumstance do we enable purported abusive registrants to setup in any fashion.

7. On several prior instances, we have attempted to explain to your organization the motives and mechanism behind Privacy Protection as a service. Privacy Protect isn't intended to harbor miscreants, but to protect genuine domain owners from them. This service, provided through a network of registrars, is essentially free and has no affiliation with any domain names that use it.

8. Also, as a Registrar, we must categorically state that we have no association with the domain names registered through us. The insinuation that we as a registrar benefit in any form through abusive domain names is grossly incorrect; on the contrary, we invest considerable resources toward mitigating such abuse of our services.

9. During the Prescription Addiction Radioshow, you claimed that the registrar community is unable to effectively police illegal activities and hence most registrars are in violation of the ICANN RAA. This is factually incorrect since the job of policing the internet cannot be the sole responsibility of registrars, and the Registrar Accreditation Agreement doesnt state any such obligation either. Most registrars, purely out of moral reasons, build AUPs to ensure that they proactively prevent their services from being used for any illegal activity.

Based on all of these false assumptions, misrepresentations and factual inaccuracies, you have referred to our organization as beastly, rogue, irresponsible, immoral and a supporter of the illegal narcotics industry. I hope you understand that this sort of frivolous victimization and public abuse is intolerable for our organization, and always tackled with utmost severity. However, since we believe that your intentions are not wrong, we would like to resolve this amicably by requesting all necessary corrections to the information published. We would also need a public clarification which explicitly states that the Directi Group is in NO WAY harboring or, being in any way involved, in any form of illicit activity.

On another note, I request you to understand the limitations registrars face in tackling these issues. Despite having a dedicated abuse complaints processing team, it is impossible for us to deploy the necessary resources and expertise to manually authenticate the legal status of each of the 4 million + sponsored domain names. A false positive could lead to a significant loss for an innocent customer, for which we will be squarely responsible. Things get even more difficult when other registrars that use our platform, are less sensitive towards their moral responsibilities. Sure wed like to pull the plug and permanently close our business with them, but how does one protect the several thousand innocent website owners that also happen to use their services?

I believe you understand as well as we do that a true cleanup process requires the concerted involvement of several industry participants including ICANN, registries, brand owners, law enforcement agencies and registrars. You can be assured that from a registrar standpoint we continue to extend our full cooperation to the community at all points in time. We have always taken this issue seriously and will always continue to do so.

Well also be glad to clarify your doubts on the above mentioned facts, over a conference call which can include the relevant people from our side. Were open to a constructive dialogue with you, and are all ears to any specific suggestion that you may have for us. If youd like that, do provide us with an appropriate time and number on which you can be reached.

Considering the defamatory nature of the content in your posts and the inaccuracy of several accusations, we hope that the requested corrective measures will receive utmost priority and reflect immediately on your website.

Best Regards,

Sandeep Ramchandani
Strategic Partner Manager The Directi Group

Thanks for the feedback Bhavin, I'm going to get in touch with KnujOn and see what their response is to these comments and claims on behalf of Directi. We certainly aim for 100% accuracy here on the blog and at eWeek, so I'd love to flesh this out more and make sure both sides are answering eachother's questions. Stay tuned for more details and clarifications.

Matt

Let’s address the points you bring up.

1. (EstDomains) We did not say that Directi owns EstDomains. We know you
license software to them, this is a business relationship, an “affiliation.” While you may deal with “several thousand service providers”, EstDomains is highlighted on your site with only 4 other companies which denotes a special relationship. However, we can clarify this.

2. (“Phantom Registrars”) There are a few issues here. First, we
never stated in our report that any of the 48 listed registrars had fake pharmacy sites. The issue here is about disclosure and honesty. Your affiliated registrars are listed with U.S. addresses, but you are in India. No problem there, just fully disclose that you are in India.
Next, we were unable to locate Incorporation licenses for any of these companies at the stated addresses in Oregon or New York. Is this incorrect?

3. (Atrivo) We did not state that Directi was linked with Atrivo, we
posted a brief from an article about this topic – you’ll have to ask that author.

4. (PrivacyProtect) If you are no longer using PrivacyProtect.org we
applaud you!!! However, the question remains. Does Directi own PrivacyProtect, or did it at any time (the company and/or domain name)?
If you tell me “no”, I will believe you.

5. (unsuspended domains) If you say it was a technical error, we will
post this information.

6. (ISPs) If you claim you are cleaning up the Registry, I want to
believe you. However, our claim is not baseless. We observed illicit domains being moved from one IP to another. I can understand how this could happen because of the complexity of the Registrar world. Were these illicit domain postings due to one of your resellers? If that is the case, please tell everyone, it would help us all understand your situation better and sympathize with you.

7. (PrivacyProtect, again) I received all of your attempts to explain
the use of Privacy Protection and I responded to each of them. I understand the point of privacy protection; just don’t agree with its use for business-related domains, especially ones selling narcotics. If PrivacyProtect is not intended to harbor miscreants why do they? And why so many? And why is PrivacyProtect’s ownership a secret?

8. (illicit domains) Once again, I want to believe you. However, when
the public observes a healthy portion of a registrar’s business going to illicit traffic, we start to wonder. Have you ever asked a registrant to provide a pharmacy license before registering a pharmacy-related business domain? This may all go back to the reseller question in #6.

9. (ICANN RAA) You said: “the job of policing the internet cannot be
the sole responsibility of registrars”, guess what, I AGREE WITH YOU!!! However, the RAA (through the UDRP) states that registrants are not allowed to register a domain name for an illegal purpose and the Registrar, through its contract has to ensure this.

And, we are of course ready to discuss any of these further and glad you are accepting the challenge to be a clean leader in the Registrar community.

-Garth Bruen
knujon

GARTH:

Find below our response to each of your points:

1. Your report and your website clearly and inaccurately stated According to some documentation we've seen EstDomains is owned by the Directi Group. You also published a flowchart hierarchy (which you have now removed) of the Directi Group which includes EstDomains as one of the Registrars we own. This is a baseless statement. We never owned ESTDomains. You also cannot have ANY documentation that shows us owning ESTDomains. I challenge you to produce this alleged documentation

2. You refer to 48 listed registrars as phantom and claim that do not exist. This is untrue. Each of these companies do exist and are incorporated in the state of Delaware. These companies have no relationship to the rest of the post. All of them combined sponsor under a few thousand domains and have recvd almost zero abuse complaints. Yet you assert, without evidence, that these Registrar companies are somehow connected to spam and malware

3. Im surprised that you disclaim the basic responsibility for verifying the authenticity of any information, prior to publishing it on your website.

4.& 7. As with any free service, there will always be miscreants that will find loopholes to exploit the service, and in some cases even use it for illegitimate practices. We have a strong abuse processing team that promptly deals with these miscreants. If you find any illicitly run domain on using the privacyprotect or even any specific reseller that is knowingly using it to harbor unlawful activities, we welcome you to bring these cases to our attention. You can be assured that they will be dealt with promptly as they always have been in the past

6. We do not know what you mean when you say you saw some domains moving from one IP to another. In almost all circumstances any domains that we have recvd abuse complaints for have not been hosted by us. We have merely been the Registrars of the same. If their IP address changed in any duration, it was a result of their hosting provider and not us.

7. You claim that we have a fair number of spammers registering domains through us. This is not much different from any other Registrar. If we have a larger share than some other registrars it is only because we are one of the lowest cost registrars out there. We still sell domain names at $6.49 while godaddy charges $9.99. Clearly as a spammer you are more likely to register a domain name at a registrar who is cheaper. Having said that, the number of miscreants registering domain names with us is still well under 1%. We have a very proactive abuse team that ensures that miscreants are suspended within record time.

8. You seem to somehow think that because spammers and other miscreants register domain names with us we are somehow in violation of our registrar accreditation agreement. You are completely wrong in this assertion. The RAA has no obligation that requires a Registrar to suspend domain names or police the Internet or respond to abuse complaints. All Registrars including ourselves do so entirely out of our own good faith and moral responsibility and not out of any necessity to do so. I challenge you to produce a legal confirmation of any provision in the RAA that states that Registrars by allowing someone to buy a domain name for spamming is violating the contract. I challenge you to obtain any statement from ICANN stating that they require Registrars to check the intention of every domain registrant.

Having clarified all the points you mentioned in your email, I must also point out the second egoistic, non-clarifying post that you have now made on your website.

You state that Directi is willing to sever its ties with EST. I must clarify we NEVER had any ties with EST to begin with except in providing them a software that they have purchased from us. We cannot control any actions they choose to take on their own as an independent company. What we have done is stopped providing them OUR privacy protection services. This does not however prevent them from using their own privacy protection services independently.

You claim that Directi is willing to clean up its act making it sound as if we have been in the wrong all this while. We likely have a larger investment in terms of time and resources in our abuse department in comparison to most other Registrars. We have always taken proactive action wherever possible with respect to abuse complaints, in most cases within less than 24 hours

Garth: We have demonstrated significant patience up till now. Our actions will now depend on your actions. If you truly are a genuine individual with a conscience, and truly want to set the record straight, and truly wish to be fair - you will do the following

(1) put up clarifications thatI have independently sent you via email verbatim on your website in its entirety, instead of self-serving excerpts that now exist in your follow up post

(2) post a genuine apology from your side for not verifying facts in your previous post which has caused us a significant business and reputation loss

(3) rectify your original article too so that anyone reaching it directly from a google index can see the rectifications

The ball is now in your court, and I sincerely hope your intentions are indeed to cooperatively and honestly clean up the Internet with us all, than to simply gain publicity by posting sensational but completely untrue research.

I am happy to jump on a conference call with you. I have sent you my cellular number twice. Alternatively if you provide me with your phone number I would be happy to call you up.

Directi has vigorously responded to KnujOn's report, rejecting many of the claims in it. Directi has provided us with some commentary and we will discuss it in the context of our report.

EstDomains

Directi is now severing ties with Estdomains amid complaints that the Eastern European company makes it too easy to register sites that are used by spammers and scammers. "Just the reputation loss and the confusion because of these linkups has been more detrimental to us than the commercial gain from that one-off sale," said Directi CEO Bhavin Turakhia. "We felt it was the right move morally."

The link with EstDomains was one of our biggest concerns, and we have to applaud Directi for taking this step. EstDomains has not responded to requests to disclose their real location in Eastern Europe. Turakhia says he looks forward to the day when he can completely sever ties with Estdomains. "I would really love to detach ourselves from that organization," he said.

Awesome.

Phantom Registrars

In investigating the 48 Directi-owned Registrars with questionable locations, we reported facts. The address used by many of these Registrars: "14525 SW Millikan Way Beaverton, OR 97005-2343" is the address of a mail forwarding service called Earthclassmail. According to Directi, the listed companies are registered in Delaware, but not in Oregon or New York as listed in the ICANN Directory. Directi is headquartered in Mumbai, India. KnujOn feels that any company given so much responsibility over the Internet should fully disclose where they are located, but this is apparently not an ICANN requirement.

Indeed, Stacy Burnette, director of contractual compliance at ICANN, said the organization is satisfied the registrars are incorporated in the location listed in their application. Telephone numbers in the contact information need not correspond to the location of incorporation, she said. ICANN doesn't require registrars to publicly disclose their place of incorporation.

To which KnujOn says: Huh? So, as the expression goes, don't hate the player hate the game. Directi merely acquired these accreditations by ICANN's own rules. Summary: One address in the application, a second address disclosed to the public. Read this line again: "ICANN doesn't require registrars to publicly disclose their place of incorporation." How does this figure into ICANN's mission to be an open and transparent organization? "Telephone numbers in the contact information need not correspond to the location of incorporation". How can there be any accountability? This situation is upside-down. Registrants are required to list their valid contact information, but the Registrars who sponsor their domains are not.

PrivacyProtect.org

Directi has informed us they no longer use PrivacyProtect. This is encouraging news, and we applaud them.

Un-suspended Domains

Directi says that a technical error caused some fake pharmacies to reappear. We'll have to take their word on it.

Illicit Sites

Most importantly, Directi has accepted KnujOn's challenge to dump illicit sites and become an example in the industry. We have offered them our assistance in this endeavor.

Interested parties may also want to read this blog post on the whole debate filed by Bhavin yestersday.

http://blog.directi.com/

Is anyone from ICANN reading all this yet? You would seem to be the missing voice in this important conversation.

Matt

Been my experience that ICANN is too busy with internal administrivia to follow what happens in the outside world- ESPECIALLY as relates to SPAM. ICANN is one of the few agencies that seems genuinely proud of their ignorance.

Months ago they slapped the twenty most offending registrars wrists. But (of course) the follow up is nada.
It is easy to see why XIN NET is back to their old habits.

Toothless seems too kind a word. One can only hope a re-vamped FTC, under a new administration, may get ICANN to pull their heads out of the sand (or some-such dark place).