ICANN Registrar Data Escrow
As a global leader in escrow, verification and domain services, NCC Group is uniquely positioned to provide global registrar data escrow.
Ensuring that your gTLD domain name registration information is protected, secure and held by an independent third party.
As part of the Internet Corporation for Assigned Names and Numbers (ICANN) responsibility to help control and manage the Internet’s naming system, registrars are encouraged to protect domain name data in a secure escrow environment.
If a situation occurs which leads to an ICANN accredited registrar becoming unable to provide or fulfil its services, it can create a potentially disastrous situation where support is required for the domain name ownership. This risk can be mitigated by depositing critical domain name data in an escrow agreement.
Why NCC Group
- Network of deposit centres throughout Europe and the US
- Compliance with European data regulations
- Secure online deposit portal
- ICANN approved data escrow agent
- Compliance with ICANN Specification 2 b
- Over 30 years of experience in escrow
ICANN Registry Data Escrow
How can we support you in complying with ICANN regulations?
As an Internet Corporation for Assigned Names and Numbers (ICANN) approved registry data escrow agent we provide services to generic Top Level Domain (gTLD) back end registry operators (BEROs), ICANN-accredited registrars, as well as a number of ccTLDs around the globe. We work together with ICANN and the greater domain industry to provide a secure and reliable solution to registry operators and registrars who have an obligation to comply with ICANN regulations.
As part of the ICANN responsibility to help control and manage the internet's naming system and the introduction of new gTLD's, BEROs are required to make daily transfers of WHOIS data to a reputable escrow agent, via a Registry Data Escrow (RyDE) agreement. Without this critical data being held in an escrow agreement it creates a potentially disastrous situation for domain owners and end users should a back end registry operator no longer be able to provide support, due to business or technical failure.
Registry data escrow ensures that a copy of the gTLD registration information held by a back end registry operator is protected, secure and held by an independent third party.
You can download a copy of the RyDE agreement here.
If you require any information, whether it is for Q46 of your gTLD application, compliance with specification 2, or the next stage of the process with Pre-Delegation Testing please visit our Frequently Asked Questions or contact us for more information.
- Secure management of WHOIS daily data deposits which are encrypted to ICANN standard via our secure SFTP portal.
- Pre Delegation Testing and Extended Verification services ensure that deposits are verified to ICANN standard.
- Global deposit processing infrastructures located in the United Kingdom and America.
- In-house technical and legal teams, guaranteeing an independent and quality service.
- ICANN approved gTLD registry data escrow agent.
Registry Data Escrow (RyDE) FAQs
Should I receive additional contracting information from NCC Group beyond the Letter of Intent we completed in 2012?
Yes, you should receive the Registry Data Escrow agreement ("RyDE" agreement) from NCC Group shortly. The agreement will be populated with your details and entered into our system before being emailed out to you.
When does the RyDE need to be signed?
Once you have received the RyDE agreement and are happy to proceed, please sign a copy of the RyDE agreement and return it to NCC Group. If the Registry Agreement has been completed, please advise us of the date of the Registry Agreement when returning the RyDE agreement. If the Registry Agreement has not been completed you should still return the RyDE agreement to us and we will hold it in readiness for completion until the Registry Agreement is signed.
When is the RyDE dated?
When the Registry Agreement has been signed and dated by ICANN, and the RyDE agreement has been signed by the Registry Operator and returned to NCC Group.
What happens when the RyDE agreement is completed?
Following the completion of your Registry Data Escrow (RyDE) agreement, these are the next steps that will take place to ensure everything is ready prior to the delegation of your TLD.
NCC Group will send you the following items:
a. The executed RyDE agreement. This will include the signed agreement, the Notice of Compliance, which certifies that the executed RyDE agreement complies with Specification 2, and the NCC Group Escrow Protection Certificate (EPC). These documents will be merged into one file. You will need to upload this file to the TLD Application System (TAS) prior to commencing Pre-Delegation Testing.
b. Data Escrow Agent On-boarding details. The file will contain the information needed to complete the ICANN ONBIR (On-boarding information request).
c. NCC Group RyDE Points of Contact. This will contain details of your primary and secondary contacts, which will be requested by ICANN.
You will need to select your preferred location for the storage of your registry data, either the UK or US.
NCC Group will contact your appointed back end registry operator (BERO) to ensure that they are able to upload test registry data escrow deposits to NCC Group’s pre-live system. This will ensure that once your TLD is delegated, both NCC Group and your BERO are in a position to start data escrow.
NCC Group will monitor the status of the TLD. Once the TLD has been delegated, NCC Group will contact your appointed BERO to request the daily registry data escrow deposits.
ICANN requires two points of contact for the RyDE agreement, who should I include?
The NCC Group RyDE Points of Contact document will be issued to you after completion of the RyDE agreement, however if you need to request this information separately please email firstname.lastname@example.org to request the details of your primary and secondary contacts.
The fees are going to be paid by a 3rd party. What do we need to do?
If payments are made by your backend registry operator or another third party, the Third Party Paying Agreement needs to be completed and signed by the third party. The Third Party Paying Agreement is Appendix 3 of the RyDE agreement.
Is NCC Group ICANN approved?
Yes, NCC Group has been approved by ICANN to provide data escrow services.
What is the relationship between NCC Group Escrow Limited and NCC Group Escrow Associates LLC?
NCC Group Escrow Limited and NCC Group Escrow Associates Limited are both NCC Group companies that are approved to provide data escrow services to both registries and registrars. The provision of services is the same from both NCC Group companies, however, NCC Group Escrow Limited is a European escrow agent registered in England and Wales, while NCC Group Escrow Associates Limited is a US escrow agent registered in Georgia, USA.
Where does NCC Group store the data?
NCC Group will store the data at one of its sites in the UK or US.
Do we need to keep a copy of the data?
The Back End Registry Operator should always keep a copy of the data as it may need to redeposit the data to comply with a deposit verification failure notice under Section 7.3 of the RyDE Agreement.
Do you know what ICANN check during the PDT?
There are two sides to the Data Escrow PDT tests which are fully documented on the PDT sub site http://newgtlds.icann.org/en/applicants/pdt under here you should find PDT Test Specifications v.2.2. These documents detail the tests the PDT tester will follow:
1. PDT tester to validate deposits from ROs to make sure they match the specification. The main aims being to fulfil: [R21] Validate the format of one full and one incremental data escrow deposit as provided by the applicant for compliance with the New gTLD Registry Agreement Specification 2 - Data Escrow Requirements set forth in Module 5 of the AGB. [R22] Verify that the applicant's data escrow profile is in compliance with section 3 of the New gTLD Registry Agreement Specification 2 - Data Escrow Requirements set forth in Module 5 of the AGB.
2. PDT Tester to request a release of a specific set of deposits from the DEA. The main aim here is to confirm that the release process can be followed and that the RO has been able to deposit to their elected DEA. However this is an optional test which may be run against any TLD at ICANN's request.
We need the NCC Group password and IP addresses for the ICANN on-boarding document, what should we do?
During the ICANN on-boarding process you will be required to provide ICANN with the password and IP addresses of the Data Escrow Agent that will originate connections to the ICANN Registry Interfaces for each gTLD. NCC Group will send this information to you as soon as the RyDE agreement has been completed. If you need to request this information then please email ICANNDeposits@nccgroup.com and NCC Group will provide this information.
NCC Group’s Domain Assured service uses expert threat intelligence capabilities to deliver a complete picture of a domain’s threat landscape with continual monitoring of the major domain abuse types to provide rapid notifications of any attacks.
Complying with ICANN Specification
As part of the allocation of new gTLD’s registries are required to comply with ICANN specifications, namely
Specification 11 3 (b):
Registries will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware and botnets.
Our domain abuse monitoring service supports ICANN requirements, providing registrars and registries with a proactive approach to seeking out abuse and monitoring a domains overall health and reputation.
With an easy to use web portal the domain owner will have 24/7 access to the monitoring of their domain portfolio. Instant abuse alerts will be sent across a broad range of categories, including malware, phishing, spam, botnets and advanced persistent threat (APT) command and control.
Features of Domain Assured
- In-house NCC Group legal and technical expertise dedicated to monitoring and solving cases of domain abuse.
- Building on NCC Group’s expertise in global information assurance, our proprietary algorithms identify common threat indicators to identify abusive domains before they become widely reported.
- A configurable abuse threshold allows clients to filter out potential false positives and concentrate their abuse teams on the highest scoring risk offenders.
- The easy to use web portal can be accessed at any time, providing the ability to conveniently view the current status of the Domain Assured process and authorise any legal actions undertaken by NCC Group.
- Domain Assured maintains historic records for DNS, IP and WHOIS data to support investigators in determining if a domain has been hijacked or intentionally created with abuse in mind.
- Detailed information, including a timeline of events relating to the case can be viewed on the web portal.
Benefits of Domain Assured
- Demonstrates compliance with ICANN’s anti-abuse requirements for new top level domains (gTLDs).
- Provides comprehensive protection for various types of domain abuse including phishing, malware, spam, botnets and more.
- Real time updates, delivering automatic notifications and alerts.
- 24/7 easy to use web portal and documented reports.
- Ability to identify and monitor poorly performing domains.
- Reduces pressure on internal technical resources and costs associated with in-house anti-abuse department.
- Proactive approach to domain portfolio management.
As an ICANN approved gTLD Data Escrow Agent we work together with ICANN and the greater domain industry to provide a secure and reliable solution to registry operators and registrars who have an obligation to comply with ICANN regulations.
Registry Data Escrow Partners
How does NCC Group work with the ICANN community?
We have a strong presence within the ICANN community providing cTLD and gTLD registry data escrow services to Registry Operators and Registrars.
The following companies are partnering with us to ensure that they are compliant with ICANN specifications whilst providing security and assurance to their end clients.
Internet Systems Consortium, Inc. (ISC) is a non-profit public benefit corporation dedicated to supporting the infrastructure of the universal connected self-organising Internet - and the autonomy of its participants - by developing and maintaining core production quality software, protocols, and operations.
Key-Systems' KSregistry provides features and functions to successfully operate a registry and meets the needs of existing ccTLDs, applicants for new gTLDs as well as companies planning to establish their name or brand as a new TLD. Due to the modular design of the KSregistry, customer-specific solutions can be designed and expanded to meet the changing needs of clients in a cost effective manner.
NetNames is one of the world's largest corporate brand protection specialists. Through its industry leading brand protection, domain name management, online security, anti-piracy and acquisitions services, the company is responsible for keeping corporate brands one step ahead of online threats across the globe.
Nominet provide bespoke, added-value registry services for exceptional organisations. Headquartered in the UK with global reach we partner with organisations to whom we believe we can offer genuine added value. We bring a world-class infrastructure and a commitment to innovation with global leadership in DNS security development, data protection, insight & analytics and Internet governance.
RegistryASP, a division within Qinetics Solutions Berhad, has over six years' experience in providing software solutions, maintenance, consultation and training for gTLD & ccTLD Registries and Registrars globally.
TLD-BOX is a sister company of nic.at, the registry for .at, .co.at or .or.at. Our experts have more than 14 years of experience in managing TLD and enum registries. Thus, our modular software "registry-in-a-box" is reflecting the development effort of approximately 100 man-years.
Registry Data Escrow Clients
The following are Registry Operators who have chosen NCC Group to escrow their WHOIS data per ICANN requirements.
CloudNames provides a turnkey solution for brand owners who wish to own a top-level domain (TLD) name. By outsourcing the responsibilities and tasks related to applying for and operating a TLD to CloudNames, brand owners can concentrate on strengthening their brands by effectively using their top-level domain.
Dot ECO is the leading community-led application for the .ECO domain. Since 2008, over 40 of the world's largest and best known organisations from around the globe, including WWF, Greenpeace, and IUCN have aligned to ensure .ECO is protected. Their objective is to ensure that .ECO is operated with the oversight of the global environmental community in support of their interests and goals.
DotGreen demonstrates and presents tremendous opportunity in the growing movement toward strategic partnerships as corporations realise the profitability of teaming up with non-profits, and the profitability of going green in many ways.
dotHIV with the new top-level-domain .hiv, establishes a domain- ending, solely serving a social cause. This new domain has three fields of impact: financial support, awareness and Destigmatisation.
DotJetzt offers a new, smart gTLD for the German speaking market and for everyone who wants to be successful in this market. “Jetzt” means now in German and provides a domain to everyone who wants to communicate up-to-date content and motivate users to get involved.
TLD Registry The Chinese name, pronounced “Yu Tong Lian Da”, means “Domains Connect Connect Connect”, with “the three connects” sounding like “TLD”. This name expresses the mission using contemporary Mandarin. All Chinese characters in the brandmark and logos are connected, as are the eight dots in the octagonal logos, symbolizing the power of our TLDs to connect Chinese netizens with the Chinese web, and to connect the world to China.