As part of our mission to help create an internet everyone can trust, LegitScript regularly reports "rogue" internet pharmacies to the registrars that sponsor these domain names. Our Domain Name Enforcement program has helped to stop more than 83,000 rogue pharmacy websites since its inception. In 2021 alone, LegitScript issued 65 notifications comprising 3,147 domain names. A total of 3,330 domain names were "enforced" in 2021, meaning that the registrar suspended the domain name after LegitScript sent a notification. These include some whose notifications were issued in the last few months of 2020.
To shut down a domain name that is used for the illicit sale of drugs, we request that the registrar or registry suspend and lock the domain name. This is an effective way to interrupt the operation of rogue pharmacy websites because it disables the website itself and prevents it from being transferred.
Despite our efforts, not all registrars comply with LegitScript's complimentary abuse notifications. A small percentage of registrars may be effectively complicit in the operations of the rogue internet pharmacies they sponsor because the registrars show blatant disregard for their illegal operations. Below are some of the most common excuses registrars use to refrain from taking action despite reports of abuse.
Excuse #1: “Sorry, but you need a court order for that.”
Actually, you don’t need a court order to report domain name abuse. According to ICANN’s 2013 Registrar Accreditation Agreement, Section 3.18.1, a “Registrar shall take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.” Promptly investigating reports of abuse is not dependent on a court order. Further clarification can be found in this letter from ICANN.
And to the same point: if the vast majority of registrars around the world take action without a court order, no registrar can credibly claim that a court order is necessary. For example, one Russian registrar has repeatedly insisted that a court order is necessary under Russian law…but when asked, has never been able to provide a statute or court ruling showing that it is.
Excuse #2: “We only manage the domain name. The website content is not hosted on our servers.”
Section 1.13 of the ICANN Registrar Accreditation Agreement says: “'Illegal Activity' means conduct involving use of a Registered Name sponsored by Registrar that is prohibited by applicable law … in furtherance of conduct involving the use of a Registered Name sponsored by Registrar that is prohibited by applicable law.” We encourage you to ask, what is the domain name used for? If it is used to illegally market pharmaceuticals, then according to Section 1.13 of the 2013 RAA, it falls on the registrar.
And in a broader sense, it doesn’t matter whether you are providing domain name registration, content hosting, delivery, payment processing, or any other service to a criminal enterprise: if your paid services are being used to facilitate the criminal activity, once you are put on notice, you are potentially legally liable if you don’t do something about it and instead turn a blind eye to the activity. Registrars are not being singled out compared to other facilitators.
Excuse #3: “The registrant provided us a valid pharmacy license.”
If this is the case, then the registrar should pass the pharmacy documentation along to LegitScript for verification. However, we sometimes get told that this isn’t possible because the documents are “confidential.” Pharmacy licensure is always public information. A pharmacy has no right to privacy. It's worth noting that by concealing the information the registrant has provided, and by knowingly permitting them to continue using the domain names for illegal activity, opens up risk for the registrar itself under criminal conspiracy statutes.
So, how do you really know if the provided pharmacy license is valid? And how do you know it’s not a falsified document that some criminal entity is using to hide their illicit operations?
The answer is pretty simple — and it's free. We never expect registrars to know all the applicable pharmaceutical rules and regulations. This is why we created a complimentary Internet Pharmacy Guide for registrars, registries, and hosting providers.
LegitScript is an advocate for greater safety and transparency in the online space, and we work together with registrars and registries that share the same values all over the world. Most registrars do a great job of voluntarily taking action against criminal enterprises abusing their services and putting internet users’ health and safety at risk. We're proud to partner with these entities. If you are a registrar with questions about how to effectively terminate services to cybercriminals using your services, please contact us. We look forward to helping from you.
