Security Experts:

Controversial Domain Registrar Tightens Registration Policy

Controversial Domain Registrar Tightens Policy After Reports of Rogue Online Pharmacy Links

Registrar has changed its domain name registration policy in light of reports criticizing its links to as many as one-third of the rogue pharmacies on the Internet.

Though the registrar continues to call the reports “inaccurate and defamatory,” the company has decided to implement a stricter policy that sets additional requirements for an online pharmacy to register and maintain a domain name.

“The foundation of the policy is that a customer may register, maintain or transfer-in a domain name to be used for an online pharmacy only if the online pharmacy is not listed under the National Association of Boards of Pharmacy's (NABP) "Not Recommended Sites" list,” CEO Marco Rinaudo said in a statement. “Exceptions will be granted to domain names that are certified by one of the four recognized online pharmacy accreditation services: the Canadian International Pharmacy Association (CIPA),, the Pharmacy Accreditation Services (PAS), or the NABP's Verified Internet Pharmacy Practices Site (VIPPS).”

“Current customers not in compliance with the new online pharmacy policy will receive an e-mail notice from Corp stating that they have thirty (30) days to either comply or transfer away their domain to another Registrar,” he continued. “Failure to do so will result in their domain being terminated by Corp.”

The changes were the result of a report last month by the company LegitScript, which in an undercover operation was able to get to register more than 175 domains despite telling the firm that it was selling counterfeit drugs and that its websites had been shut down by regulatory agencies such as the U.S. Food and Drug Administration. In the aftermath, claimed LegitScript had been deceptive by registering domains with fake WHOIS data and said its reluctance to take action at the time was due to its respect of the laws of different jurisdictions.

"In each single email mentioned in the ... report, Corp. is always making it clear that the domain name has to comply with applicable laws," the registrar said in a statement at the time. "The fact that a Canadian pharmacy domain is not subject to FDA regulations is a clear example. On the other hand, while FDA regulations do not apply to Canada, other and as stringent as FDA regulations apply to Canadian pharmacy domains."

Garth Bruen - president of Internet security research company KnujOn, a company that has also criticized for its practices - told SecurityWeek he is cautiously optimistic in regards to’ policy change.

“We're obviously having an effect, but has a long way to go,” he said. “Anyone can institute a policy, but will they enforce it? We'll have to check them over several months.”

view counter