Analysis of Institutional Correspondence: Namecheap, Enom, .BUILD Registry, ICANN Compliance, Ombudsman & Board

Namecheap’s Responses Often Referred Questions to Third Parties

Despite multiple follow-ups over the course of more than a month, Namecheap provided only one clear answer: the EPP code was not requested. All other questions were met with vague responses, repeatedly referring inquiries to the upstream provider or the Registry. From my perspective, I did not observe escalation or any clear acceptance of responsibility in the responses I received.

Namecheap’s Reply on Key Questions (Date: Mon, Jul 14, 2025 at 3:20 PM)

From: Namecheap Domains Support Team <[email protected]>
Date: Mon, Jul 14, 2025 at 3:20 PM
To: <[email protected]>

Hello,

Thank you for getting back to us.

> What exactly happened to the domain? > Unfortunately, it seems that the domain was transferred from your account. At this point, we cannot specify what exactly happened, we are waiting for the reply from the Registry and our upstream provider.

> Was it transferred — and if so, by whom? > Most likely, it was transferred. However, we cannot tell who initiated the transfer. Only Registry operates the domain names and can check the history, status, including past and present ownership details and changes over time. That is why we are waiting for their reply.

> Was an EPP code issued or used? > No, according to our logs, the EPP code was not requested.

> On what authority was the domain placed in “reserved” status at the registry? > We are clarifying this point with the Registry. Once we have any news from them, we will address this question.

> What concrete actions has Namecheap taken internally to investigate or escalate this, beyond contacting the registry and upstream provider? > We have checked our logs and correspondence with the Registry. Unfortunately, we received no notices from the Registry. So, we are waiting for their clarifications.

> If this delay continues indefinitely, and the registry remains unresponsive, what is Namecheap’s plan? > We are not currently considering this possibility as we expect to receive the updates from the Registry and upstream provider in the foreseeable future. However, as soon as we have some news from them, we will be able to answer this question more specifically.

> Will Namecheap formally escalate this matter to ICANN? > We are not considering this option at the moment, because we need information from upstream provider and Registry first and foremost.

> At what point does Namecheap accept responsibility as the registrar of record at the time of the incident? > Once we have some news from the Registry and upstream provider, we will understand the picture and then we will be able to clarify who is responsible for this. However, we would like to emphasize that as the Registrar, we do not transfer domains for customers.

Moreover, according to our logs, the EPP code was not requested, so we cannot say what specifically happened, which is why we are waiting for the response from the upstream provider and Registry.

> Most importantly, can Namecheap confirm that it will accept full financial responsibility for the losses incurred due to the unauthorized loss of malaysia.build and the prolonged delay in resolving the issue? > We cannot confirm this without understanding the full situation. We will consider this once we have more information.

Please rest assured that we are constantly monitoring this case. We will provide you with all the details and decisions as soon as we clarify everything with the corresponding Registry.

Your understanding is highly appreciated.

As of today, despite my complaint with ICANN and my communications with Namecheap, I personally have not received what I would consider a clear explanation or resolution regarding the domain’s removal. Namecheap’s own email responses have confirmed that no EPP code was requested, yet they have provided conflicting statements regarding the transfer process, leaving me without what I would consider a clear resolution or understanding of how responsibility was determined in this case.

Here is a timeline of their shifting explanations and lack of action: Click on the date/time to view the email.

• Initial Delays (June 12 – July 13, 2025):
  • “Regrettably, we find ourselves in need of additional time to thoroughly review your case.” (Date: Thu, Jun 12, 2025 at 3:01 AM)
  • “We need some more time for additional investigation.” (Date: Fri, Jun 13, 2025 at 3:42 PM)
  • “To our deepest regret, we are still investigating this issue and will update you as soon as possible.” (Date: Tue, Jun 17, 2025 at 5:13 PM)
  • “We are still working on the issue. We are monitoring the case and will contact you as soon as we have any information.” (Date: Thu, Jun 19, 2025 at 3:26 PM)
  • “We are currently in contact with our upstream provider and Registry and waiting for further updates.” (Date: Sat, Jun 21, 2025 at 3:42 PM)
  • “Unfortunately, we do not yet have exact details regarding why the domain was removed. Right now, we are still waiting for updates from our upstream provider and the Registry.” (Date: Thu, Jul 3, 2025 at 4:21 AM)
  • “…we’ll notify you immediately the moment we receive any update.” (Date: Mon, Jul 7, 2025 at 12:52 AM)
  • “To our regret, there are still no updates regarding the domain.” (Date: Fri, Jul 11, 2025 at 11:59 PM)
  • “Unfortunately, a time estimate cannot be provided, but as soon as there are any news we will let you know.” (Date: Sat, Jul 12, 2025 at 2:09 AM)
  • “As soon as we receive any updates or further information from them, we will let you know immediately.” (Date: Sat, Jul 12, 2025 at 2:39 PM)
  • “…but the investigation may take some time. We’ll share any updates or new information with you as soon as we receive it.” (Date: Sat, Jul 12, 2025 at 4:16 PM)
  • “Thus, we are just waiting for the information about the domain status.” (Date: Sun, Jul 13, 2025 at 3:02 AM)
• Conflicting Information, Shifting Explanations and Responsibility (July 13 – July 14, 2025):
  • Regarding the transfer: Namecheap stated on July 13, 2025: “Yes, the transfer out was processed from our database on 12/4/2023.” Yet, in the same communication, they admitted, “we cannot clarify who exactly requested/ initiated it. This point is under investigation.” (Date: Sun, Jul 13, 2025 at 3:02 AM) Later, on July 14, 2025, they stated, “No, according to our logs, the EPP code was not requested.” (Date: Mon, Jul 14, 2025 at 3:20 PM)
  • Regarding responsibility: On July 12, 2025, Namecheap replied “We are currently investigating how and why the malaysia.build domain was transfered with our Upstream provider, currently we do not know how the transfer occurred in this case.” (Date: Sat, Jul 12, 2025 at 2:09 AM) On July 13, 2025, Namecheap claimed, “only Registry operates the domain names and can check the history… Thus, we are just waiting for the information about the domain status.” This directed inquiries about domain history and status to the Registry. (Date: Sun, Jul 13, 2025 at 3:02 AM)
  • Inability to Revert: Namecheap confirmed, “It is possible to cancel a domain transfer, but only if it’s still in a pending state. Since the case was processed back in 2023, we cannot revert it.” This highlights their inability to rectify an issue that occurred under their management. (Date: Sun, Jul 13, 2025 at 3:02 AM)
  • Contradiction on EPP: On July 13, 2025, Namecheap stated, “Based on our logs, we have not detected any requests for EPP codes.” This directly conflicts with their previous statement of a “transfer out was processed from our database.” (Date: Sun, Jul 13, 2025 at 4:35 PM)
  • Shifting Accountability: In several responses, Namecheap pointed to its upstream provider (Enom) and the .BUILD Registry as responsible parties, ie, “Please rest assured that as soon as we received your request, we submitted it to our upstream provider. Since then, we’ve been closely monitoring the progress, which, unfortunately, is still pending on their end.” (Date: Mon, Jul 7, 2025 at 12:52 AM) Enom replied once, stating that the registry executed the removal. The .BUILD Registry, although copied in every email, has remained silent to date.
  • Regarding financial/reputational impact: “Regarding the concerns about potential financial and reputational impact, we are actively exploring all available options. However, we first need to receive a response from the registry to determine the appropriate next steps.” (Date: Sun, Jul 13, 2025 at 4:35 PM).
  • Acknowledgment of Losses: On July 13, 2025, Namecheap stated: “Your business means a lot to us. We completely agree that this may cause losses to your company.” This is a direct acknowledgment of the financial impact. (Date: Sun, Jul 13, 2025 at 10:29 PM)
  • Non-Committal on Financial Responsibility: Despite acknowledging potential losses and being directly asked about financial responsibility, Namecheap consistently provided vague and indefinite answers. For instance, on July 14, 2025, when asked “can Namecheap confirm that it will accept full financial responsibility…?“, their reply was, “We cannot confirm this without understanding the full situation. We will consider this once we have more information.” (Date: Mon, Jul 14, 2025 at 3:20 PM). Earlier, on July 14, 2025, they stated, “depending on the final outcome of the ongoing investigation, we will be carefully reviewing all circumstances involved, including those that may warrant further consideration regarding the compensation on our side.” (Date: Mon, Jul 14, 2025 at 1:51 AM). Namecheap consistently stated they could not confirm financial responsibility without more information.
• Final Denial & Redirection (July 15, 2025):
  • “The responsible party in this case is the .Build Registry. Only the Registry can provide answers to your questions or determine whether your domain can be restored or re-registered. We recommend reaching out to them directly to pursue this matter further.” (Date: Tue, Jul 15, 2025 at 11:09 AM)
  • “If you have any further questions, please do not hesitate to contact our Legal team directly at [email protected].” (Date: Tue, Jul 15, 2025 at 3:57 PM)
  • “As such, Namecheap was not involved in and is not responsible for the transfer.” — Namecheap Legal Department (Date: Tue, Jul 15, 2025 at 1:51 PM)
  • Premature Closure: On Date: Tue, Jul 15, 2025 at 11:09 AM, Namecheap stated, “This email will be closed now,” ending the thread without any resolution, explanation, or acknowledgment of responsibility.
  • When I challenged “Namecheap was not involved in and is not responsible for the transfer” on Date: Wed, Jul 16, 2025 at 9:40 PM, requesting clarification on how they could disclaim responsibility as the registrar of record, I received no further response. Subsequently, Namecheap has ceased all direct email replies.

To me, Namecheap’s explanations appeared inconsistent at times, as their emails mentioned both a ‘transfer out’ and that no EPP code was requested. According to their internal records, a “transfer out” of the domain occurred, yet they have also stated that they had “no involvement” and that no EPP code was requested. This apparent contradiction raises questions, in my view, about the transfer process and Namecheap’s role and responsibilities as the registrar of record at the time.

While Namecheap informed me by email that the domain had been transferred out, I did not notice this message at the time because I receive a high volume of emails daily and had relied on the domain’s auto-renewal feature to ensure continuity. I registered and paid for the domain through Namecheap and had no direct relationship with the .BUILD Registry. To my mind as a registrant, I expected that my auto-renewal status would keep the domain secure unless I was directly required to take action. The circumstances surrounding the transfer left me uncertain about how registrar practices are applied in such cases.

The financial impact I’ve experienced is tangible and significant — including development costs, delays to launching the platform, lost business opportunities, and reputational setbacks. These losses arose because I unexpectedly lost access to malaysia.build, even though the domain was fully paid and valid during its active registration period. From my point of view, this sudden loss disrupted a project that had been under development for years and created serious financial consequences.

From my perspective, the combination of delays, limited responses, and silence raised questions for me about how customer service and communication are handled in such situations. Based on the evidence, the domain disappeared under Namecheap’s management as registrar of record.

My direct attempts to resolve this issue were met with a wall of silence, beginning with my last email to Namecheap on July 16, 2025, which received no response. This silence was conclusively demonstrated when a final follow-up sent on September 26, 2025, which clearly stated a 48-hour deadline, was also completely ignored.

This coordinated silence has now lasted 325 days, representing a willful and systematic refusal to resolve this dispute.

Direct Communication with Upstream Provider (Enom) Reveals Registry Action

Due to Namecheap’s persistent delays and vague excuses about awaiting answers from their upstream provider (Enom) and the .BUILD Registry, and having struggled with this issue for over a month, I was compelled to contact Enom directly. The reply received from Enom on Mon, Jul 14, 2025 at 10:49 PM provides crucial clarity:

From: Compliance Support <[email protected]>
Date: Mon, Jul 14, 2025 at 10:49 PM
To: <[email protected]>

Hello,

We received the following from the .build Registry regarding this domain (malaysia.build) on December 1, 2023.

“Dear Registar partner,

This email is to inform you that we have been requested by ICANN to remove / Block the domain malaysia.build from registration due to it violating Spec 5 of our Registry agreement. Thank you for your assistance in this matter.

Sincerely,
<redacted>
Founder / CEO .build
<redacted>
www.about.build”

You will need to contact the registry directly for any answers to these questions, as this action was taken by them directly. This is also why we have no record of the transfer, or distribution of an Auth Code for transfer, as the action was performed solely at the Registry level.

Thank You,

Enom, a Tucows Company
96 Mowat Avenue
Toronto ON M6K 3M1
Canada

My direct attempts to resolve this issue were met with a wall of silence. Despite multiple emails being sent and consistently copied to eNom, none received a response. This pattern of non-engagement was conclusively demonstrated when a final follow-up sent on September 26, 2025, which clearly stated a 48-hour deadline, was also completely ignored.

Enom has attempted to fully absolve itself of responsibility by shifting all blame to the Registry. Their position is that because the action was performed solely at the Registry level, they have no record of the transfer or the distribution of an Auth Code. Consequently, they insist I contact the Registry directly for any answers—a directive that has resulted in an additional 326 days of coordinated silence from all parties involved.

Why The Reply Received from Enom Statement Provides “Irrefutable Evidence of Bad Faith”:

• Exposing the “Record Gap”: By stating they have “no record of the transfer,” they are essentially admitting to a failure of oversight. Under ICANN’s Registrar Accreditation Agreement (RAA), registrars are required to maintain accurate records of domain status changes.

• The Registry Trap: My documentation shows that when I did contact the Registry as instructed, they remained silent. This proves that Enom’s advice was not a “solution” but a deflection tactic intended to lead me into a dead end.

• Fact-Check on Auth Codes: Claiming they have no record of an Auth Code for a domain they were supposed to be managing is a major red flag for US-based regulators. It suggests either a technical breach or a manual intervention that bypassed standard security protocols.

The Registry’s Silence: No Answers from .BUILD

Despite Namecheap’s (and subsequently Enom’s) insistence on directing inquiries to the .BUILD Registry, repeated attempts to contact the Registry directly (Date: Wed, Jul 9, 2025 at 8:59 PM), including online form submissions, have yielded no reply to date. This further highlights an important issue, leaving me uncertain about the extent of transparency and communication among the parties involved.

Form Submission Confirmation: Screenshot showing successful submission on the .build registry, confirming the report was filed.

From the outset of this dispute, my efforts to obtain a resolution have been met with an absolute accountability vacuum. The .BUILD Registry has maintained a state of coordinated institutional silence, characterized by a complete refusal to engage, willful ignorance of documented evidence, and a zero-response policy that has now persisted for over 359 days. This established pattern of bad-faith non-engagement was conclusively demonstrated by the Registry’s total silence following my final 48-hour deadline of September 26, 2025, confirming a systematic effort to evade all responsibility for the unauthorized removal of my domain.

Conclusion: Unresolved Questions and Outstanding Issues — Namecheap, Enom, and the Silent .BUILD Registry

• Namecheap has repeatedly attributed the domain’s removal to Enom and the .BUILD Registry. Ultimately, they referred all further communication to their legal department, which then denied any involvement. When asked to clarify their position, no further responses were received.

• Enom issued a single reply, stating that the removal action was carried out directly by the .BUILD Registry.

• The .BUILD Registry has remained entirely silent throughout, despite being copied in all related communications.

From my perspective, the combined responses — Namecheap’s limited updates, one reply from Enom, and no direct reply from the Registry — have left me without a clear resolution or accountability as I understand it.

ICANN Contractual Compliance: 329 Days and Still Counting with No Resolution

Case #01448650 | Domain: malaysia.build | Timeline: July 11 – Jun 6, 2026

ICANN Contractual Compliance was responsible for investigating the unauthorized deletion of malaysia.build on December 5, 2023—despite 10 years of lawful ownership, active auto-renewal, and paid status through April 2024. Instead of fair investigation, Compliance delivered 329 days of templated evasions, contradictory statements, ignored deadlines, and blame-shifting to the Registry’s “error” while denying authority to act. Compliance issues a document riddled with contradictions, wrong audit dates, and errors response came only after public pressure (namepros.com) and GAC complaint. 

The institutional failure extends beyond the Registry to ICANN itself. My formal complaint with ICANN’s Contractual Compliance department (opened July 11, 2025) has remained in a state of deliberate, unresolved limbo for 329 days. The department appears unable to deliver a resolution yet equally unwilling to formally close the case without one, resulting in a permanent strategic stall. This deadlock is not accidental but is structurally guaranteed by a procedural ‘Catch-22’ within ICANN’s own accountability framework, as explicitly confirmed by the ICANN Ombudsman’s office on October 28, 2025: ‘I cannot open a case until you have received a conclusion or decision from Contractual Compliance.‘ This policy creates a perfect impasse: an unresolved Compliance ticket can never be reviewed for fairness or undue delay, providing institutional cover for indefinite inaction.

CRITICAL TIMELINE (SEE COMPLETE EMAIL TRAIL)

Date	Event	ICANN Response
Jul 11, 2025	Case opened	Auto-reply
Jul 23	First deadline	Rejected submission
Aug 1	Second deadline	More format demands
Aug 13	Who Ordered the Deletion?	ICANN has no contractual authority to instruct a registry operator to release a reserved name.
Aug 20	Third deadline	Template response
Sep 17	Fourth deadline	“Under review”
Sep 22	My 7-day deadline	IGNORED
Oct 1	Escalation to Ombudsman	—
Oct 3	Ombudsman: “Compliance working on detailed response”	—
Oct 14	Ombudsman acknowledges escalation, “waiting for Compliance”	Continued silence → Violation of Ombudsman SLA (3–5 working days)
Oct 19	100-day status update to Ombudsman	No response (violates Ombuds 3-5 day SLA)
Oct 28	Formal request for Ombudsman investigation into 110-day delay	—
Oct 29	15 direct questions + 1 Nov deadline to Ombudsman	—
Nov 3	Ombudsman: “May or may not respond before 4 Nov”	—
Nov 5, 00:54	Public campaign + GAC complaint	—
Nov 5, 10:10	First “assumedly detailed” reply	9 hours after campaign
Nov 5, 10:10	Compliance: “No indication registrar or registry failed to comply”	9 hours after campaign
Nov 6	Registrant’s 24-hour final deadline to all parties passes	COMPLETE SILENCE from all entities
Jun 6, 2026	329+ days since case opened	Still no resolution

329 days. 5 ignored deadlines. Ombudsman blocked by procedural catch-22. Response only after external pressure. Final deadline met with total institutional silence.

CONTRADICTIONS THAT DESTROY ICANN’S CREDIBILITY

Contradiction #1: Who Ordered the Deletion?

• Aug 13, 2025, 2:59 PM: “ICANN has no contractual authority to instruct a registry operator to release a reserved name.”
• Dec 1, 2023 (Registry to eNom): “We have been requested by ICANN to remove/block the domain malaysia.build.”
• Nov 5, 2025, 10:10 AM: ICANN claims no contradiction—they “presented findings” but didn’t “instruct.”

Analysis: Semantic evasion. When ICANN notifies a Registry of noncompliance requiring remediation, the functional result is indistinguishable from an instruction. The Registry’s own words: “requested by ICANN.”

Contradiction #2: August or October Audit?

• Sep 10, 2025, 12:03 PM: “The October 2023 Audit round was launched…”
• Nov 5, 2025, 10:10 AM: “In August 2023, the 2023 Audit round was launched…” Links to “August 2023 audit” report.

Analysis: Two-month discrepancy in the audit date supposedly justifying deletion. ICANN demands precision from registrants but cannot keep its own audit timeline straight.

Contradiction #3: Impossible Timeline

• ICANN’s claim: August 2023 audit detected violation
• Deletion date: December 5, 2023
• Gap:3+ months

Analysis: Audits are completed and remediated within weeks, not months. This timeline makes no sense—unless the audit explanation is retroactive justification.

Contradiction #4: Selective Enforcement

• Nov 5, 2025, 10:10 AM:“All requirements are reviewed and enforced equally across all audited parties.” “ICANN has not received a complaint regarding peru.travel or greece.travel, nor had it otherwise detected the release of these domain names.”
• Evidence:
  • peru.travel: Registered 2006, still active (19+ years)
  • greece.travel: Registered 2012, still active (13+ years)
  • malaysia.build: Registered 2014, deleted 2023 (9+ years)

Analysis: If twice-yearly audits systematically review Spec 5 compliance since 2012, how did audits miss these violations for 11-19 years? Enforcement is reactive (complaint-driven), not proactive (audit-driven) as claimed.

PROCEDURAL CATCH-22s

Catch-22 #1: Evidence Requirements Designed to Fail

• Jul 25, 2025, 4:40 PM: Compliance rejected my comprehensive evidence portal for “incorrect format.”
• Aug 13, 2025, 2:59 PM: Required me to prove RAA violations, then stated no RAA sections applied to my case.

Result: Evidence submission made futile by predefined scope excluding all my claims.

Catch-22 #2: No Appeal Mechanism

• Nov 5, 2025, 10:10 AM:“There is no appeal mechanism for registrants related to Specification 5 under the RA.”

Analysis:

• Registry makes “mistake” in 2014
• Registrant relies in good faith for 10 years
• All parties profit (Namecheap, Enom, .build Registry, ICANN)
• 2023: “Error corrected” by silent deletion
• Registrant bears 100% of losses
• No remedy available

This is not accountability. This is institutional protection at registrant expense.

Catch-22 #3: Registrant Notification Impossibility

• Nov 5, 2025, 10:10 AM: “ICANN does not have information about individual registrants, nor does it have the authority to contact registrants directly.”

Analysis: System designed so errors are corrected silently at registrant expense. No due process possible because “we don’t have your information”—but you had it for 10 years of renewals.

Catch-22 #4: The Ombudsman’s Hands Are Tied

• Oct 28, 2025, Ombudsman: “I cannot open a case until you have received a conclusion or decision from Contractual Compliance.”

Analysis: This creates an impossible loop. Compliance’s indefinite delay is the complaint, but the Ombudsman cannot investigate delay until Compliance concludes the very process they are delaying. This procedural barrier nullifies the Ombudsman’s function as a safeguard against institutional inaction.

CATCH-22 #5: SPECIFICATION 5 – WHY IT’S NOT A VALID DEFENSE

The Impossible Logic:
IF Spec 5 truly prohibited malaysia.build in 2014:

• Registry systems should have blocked it at registration
• Acceptance + 10 renewals over 3,287 days = system failure
• Mistake was institutional, not registrant-caused

Malaysia Oversight is Implausible:

• A sovereign G20 partner nation and an ASEAN founding member
• MH370 tragedy: March 8, 2014 (weeks before my April 29 registration)
• 1MDB scandal: Ongoing 2015-2023 international coverage
• Simple Google search of “ISO 3166” yields Malaysia instantly

How could Registry “miss” Malaysia as a country name for 3,287 days?

Legal Principle: Estoppel (Detrimental Reliance)
When an authority enables reliance for many years, it cannot revoke without:

• Due process (notice, hearing)
• Compensation for reliance damages
• Good faith dealings

Real-world analogy:

• Landlord accepts rent for 10 years knowing you have a pet
• Year 10: “Lease always prohibited pets—evicted immediately, no refund”
• Court response: You accepted rent knowing the situation. You waived enforcement. Tenant owed remedy.

CRITICAL QUESTIONS REMAINING UNANSWERED

Raised Sep 10, 2025 | Ignored Nov 5, 2025 | Still unanswered Jun 6, 2026:

1. Audit Documentation: Provide the specific audit report section referencing malaysia.build, detection date, and Registry notification date.
2. ICANN-Registry Communications: Exact text of ICANN’s communication to .build Registry regarding malaysia.build that Registry interpreted as “requested by ICANN.”
3. EPP Transaction Logs: EPP deletion command, authorization chain, system logs proving Dec 5, 2023 deletion date.
4. GAC Consultation Evidence: Proof Registry consulted Malaysia’s GAC representative before 2014 allocation or 2023 deletion (Registry admitted no approval; ICANN silent).
5. 61-Day Disclosure Delay: Why was “October 2023 Audit” mentioned for first time on Sep 10—61 days after case opened on Jul 11?
6. Enforcement Inconsistency: Why did 11-19 years of audits not detect preu.travel / greece.travel if audits systematically review Spec 5?
7. Due Process Absence: Why does domain expiration get 5-day notice (ERRP) but Spec 5 “mistake correction” gets zero notice?
8. Remedy Framework: What compensation exists when Registry error + ICANN oversight failure harm good-faith registrant?

THE ADMISSION THAT DESTROYS THEIR DEFENSE

Nov 5, 2025, 10:10 AM:
“The Registry Operator did not seek approval for the release of this second-level domain name; instead, it released the name by mistake.”

This confirms:

• Violation was institutional (Registry error), not registrant misconduct
• All harm stems from third-party failure, not my actions
• ICANN punishes the victim rather than fixing the system

When a bank makes an accounting error, it doesn’t seize customer assets. When government errs, it doesn’t punish citizens. Why does ICANN’s framework allow this?

THE LOGICAL IMPOSSIBILITY THAT VOIDS ICANN’S ARGUMENT

ICANN Compliance’s Position is Logically Impossible:

You state:

“There is no indication that a registry operator or a registrar failed to comply with an ICANN policy and agreement.”

Yet you simultaneously assert:

“The Registry Operator… stated that the release had been made in error which it subsequently corrected.”

“malaysia.build was deleted and reserved to correct the mistake by the Registry Operator…”

“…deletion and reservation of the protected name that had been erroneously released.”

Analysis: A registry error in releasing and maintaining a reserved name for nearly a decade constitutes a clear failure to comply with Specification 5. You cannot claim there was “no failure to comply” while basing your entire case on the need to “correct” a “mistake.” This logical impossibility voids your argument’s foundation.

WHAT ICANN ADMITS BUT WON’T FIX

Nov 5, 2025, 10:10 AM—ICANN admits:

✅ Registry made an “error” in 2014
✅ Domain was “erroneously released”
✅ No appeal mechanism exists
✅ ICANN has no authority to provide remedy
✅ “No indication that a registry operator or a registrar failed to comply”
✅ Registrants bear 100% of losses from Registry/ICANN failures

This is not a governance framework. This is institutional immunity.

COMPLETE INSTITUTIONAL COLLAPSE CONFIRMED

The 24-hour accountability deadline (November 6, 2025) was the final test for ICANN’s multi-stakeholder system. The result was coordinated, institutional silence from every responsible party:

• ICANN Contractual Compliance
• ICANN Ombudsman
• ICANN Board of Directors
• .BUILD Registry
• Enom
• Namecheap

This collective failure to respond confirms the complete collapse of ICANN’s accountability framework. The system is designed to create the appearance of accountability while being structurally incapable of delivering it. The silence from all parties speaks louder than any response could. It confirms that ICANN’s accountability mechanisms exist only on paper, not in practice.

CONCLUSION: 329-DAY FAILURE, ZERO ACCOUNTABILITY

What ICANN provided in 329 days:

• ❌ No audit documentation
• ❌ No ICANN-Registry communications
• ❌ No EPP transaction logs
• ❌ No GAC consultation evidence
• ❌ No explanation for contradictory statements
• ❌ No remedy framework
• ✅ Only: Generic policy citations + “we have no authority” + “no violation found”

What triggered ICANN’s first assumedly detailed response:

• ❌ Not 119 days of internal process
• ❌ Not 5 ignored deadlines
• ❌ Not 34 days of Ombudsman involvement (blocked by Catch-22)
• ✅ 9 hours after public campaign + GAC complaint

What followed the final accountability deadline:

• ❌ No oversight from the Board
• ❌ No intervention from the Ombudsman
• ❌ No clarification from Compliance
• ✅ COMPLETE INSTITUTIONAL SILENCE from all parties

This proves ICANN responds to external pressure, not internal accountability. The accountability framework is a facade that collapses under scrutiny, protecting the institution at the complete expense of the registrant.

Complete documentation: https://loss.co/icann-contractual-compliance-complete-email-trail/

Date of Analysis: Jun 6, 2026
Days Since Case Opened: 329
Substantive Answers Received: 0
Questions Remaining Unanswered: 8
Contradictions Documented: 4
Procedural Catch-22s: 4
Institutional Silence: Complete

ICANN OMBUDSMAN: 247-DAY PROCEDURAL DEADLOCK DOCUMENTED

Case #01448650 | Domain: malaysia.build | Ombudsman Timeline: October 1 – Jun 6, 2026

The ICANN Ombudsman’s office was escalated to as a last-resort, independent accountability mechanism to break a 119-day deadlock with ICANN Contractual Compliance. Instead of providing oversight, the Ombudsman created two critical procedural catch-22s that prevented investigation and prescribed further delay as the cure. The office adopted a passive stance, violated its own service standards, and failed to act, confirming that ICANN’s internal accountability is structurally incapable of functioning without external pressure.

CRITICAL TIMELINE: THE OMBUDSMAN’S FAILURE TO ACT (SEE COMPLETE EMAIL TRAIL)

Date	Event	Ombudsman Response
Oct 1, 2025	Formal escalation to Ombudsman after 82 days of Compliance delay.	Acknowledgement.
Oct 3, 2025	“Detailed Response” Promise	“Compliance working on detailed response.” (Passive update)
Oct 14, 2025	Follow-up on status.	“Waiting for Compliance.” (Admits passivity)
Oct 28, 2025	Registrant follows up on missed deadline.	“I cannot open a case until you have received a conclusion or decision from Contractual Compliance… I may or may not be able to respond before your 4 November deadline.” (Catch-22 #1)
Oct 29, 2025	15 direct questions + 1 Nov deadline sent to Ombudsman.	IGNORED
Nov 1, 17:00 MYT	Ombudsman’s deadline for a response passes.	SILENCE (SLA Violation)
Nov 4, 24:00 MYT	Final absolute deadline passes.	SILENCE
Nov 5, 10:10 MYT	ICANN Compliance issues detailed response 9 hours after public campaign & GAC complaint.	Ombudsman’s involvement had zero effect.
Nov 7, 2025	Ombudsman responds to 119-day delay complaint by requesting an intake form, triggering a new 88-120 day SLA timeline.	Catch-22 #2: Prescribing delay as the cure for delay.
Nov 18, 2025	49 days since Ombudsman escalation.	Case remains in procedural deadlock; no independent action taken.
Nov 18, 2025 at 11:58 PM MYT	“…Complaint of unfairness against ICANN Contractual Compliance…”	The delay itself is the unfairness. Why still ask?
Nov 22, 2025	“I acknowledge receipt of your email and I will respond in due course.”	Template response.
Dec 9, 2025	“Out of Scope” finding double confirms Systemic Collapse.	Ombudsman Decision.
Dec 15, 2025	Deflection disguised as helpfulness.	Catch-22 #23.

247 days of Ombudsman involvement . 2 ignored deadlines . Zero accountability achieved . Multiple breaches of the its own 3-5 Day SLA . “Out of Scope” finding double confirms Systemic Collapse

THE CORE CATCH-22s: WHY THE OMBUDSMAN WAS POWERLESS

Catch-22 #1: The “No Conclusion” Blockade

• Ombudsman’s Stated Rule (Oct 28): “I cannot open a case until you have received a conclusion or decision from Contractual Compliance.”
• The Impossible Situation: The registrant’s complaint was that Compliance was refusing to conclude. The Ombudsman’s rule made it impossible to investigate the failure to conclude because the pre-condition for investigation was a conclusion.

Catch-22 #2: The “SLA” Delay Weaponized

• The Ombudsman’s “Solution” (Nov 6):In response to a 119-day delay complaint, the office prescribed its own lengthy Service Level Agreement (SLA) timeline:
  • 3–5 days to acknowledge (after 119 days had already passed)
  • 25 days to “agree scope” (on a case with a fully documented, 4-month history)
  • 60–90 days to evaluate
  • Total Potential Delay:Up to 120 additional
• The Translation: The office responded to a complaint about institutional delay by instituting a formal, multi-month delay of its own. Delay was prescribed as the cure for delay. This is the weaponization of process to avoid substance.

KEY FAILURES OF THE OMBUDSMAN’S OFFICE

Failure #1: Procedural Impotence
The Ombudsman’s strict adherence to a rule that requires a “conclusion” from Compliance meant it had no mechanism to address a “failure to conclude.” This is a critical design flaw that protects ICANN’s departments from internal oversight.

Failure #2: Prescribing Delay as a Cure
By responding to a core complaint of 119-day delay with a proposal for another 120 days of “process,” the Ombudsman demonstrated it is part of the system of institutional avoidance, not a remedy against it.

Failure #3: Passivity and Lack of Proactive Intervention
Instead of challenging Compliance’s 119-day delay, the Ombudsman merely “waited for Compliance.” This passive role transformed the office from an independent investigator into a passive messenger, reliant on the very department it was meant to oversee.

Failure #4: Violation of Service Standards
The Ombudsman’s office has a published Service Level Agreement (SLA) promising a response within 3-5 working days. This standard was violated on multiple occasions, particularly after the October 29 and November 6 deadlines, further eroding trust in the mechanism.

Failure #5: Inability to Function as a True “Appeal”
The registrant’s experience demonstrates that the Ombudsman does not function as an independent appellate body. It is a secondary, non-binding channel that is itself dependent on the cooperation of the primary department. When Compliance chose not to cooperate, the Ombudsman had no leverage.

CRITICAL QUESTIONS FOR THE OMBUDSMAN (UNANSWERED AS OF Jun 6, 2026)

1. The Catch-22 Justification: Why does the rule “cannot open a case until Compliance concludes” not constitute a structural failure that prevents the Ombudsman from fulfilling its core mandate to address administrative delays?
2. The SLA as a Delay Tactic: How does proposing a 120-day timeline in response to a 119-day delay complaint align with the Ombudsman’s mandate to ensure fairness and prevent procedural abuse?
3. SLA Violation: Why was the Ombudsman’s 3-5 day response SLA violated multiple times during this escalation?
4. Proactive Mandate: Does the Ombudsman believe its role is limited to passive mediation, or does it have a mandate to proactively investigate and challenge unjustifiable administrative delays within ICANN?
5. Evidence of Intervention: What specific actions, beyond forwarding emails, did the Ombudsman take between October 1 and November 4 to compel a response from Compliance?
6. Assessment of “Conclusion”: Now that Compliance has issued a response (under external pressure), does the Ombudsman consider the case “concluded” for the purpose of opening an investigation into the 119-day delay and the substantive contradictions in the response?

The following ten direct questions were put to the Ombudsman on 7 November 2025 and remain unanswered:

1. Why did eNom state they received “an order from ICANN” to delete my domain, while ICANN Compliance claims they have “no authority” to order deletions? Which institution is lying?
2. Why does ICANN Compliance provide contradictory audit dates (October 2023 vs. August 2023), and how does a deletion on 5 December 2023 logically occur 3+ months after the alleged August audit identified the issue?
3. Why does Specification 5 create an impossible Catch-22 where geographic names require government authorization, but “malaysia”—unambiguously a country name—was released and maintained for a decade without it?
4. How is the “oversight” of “malaysia” as a country name even remotely plausible for 3,287 days, given it is a G20 nation that was at the center of global news cycles (MH370, 1MDB) during the entire period of my registration?
5. Why has there been coordinated silence from all parties (ICANN, eNom, Namecheap, .build Registry), with substantive replies appearing only after a public accountability campaign was launched?
6. Why has your office missed every single deadline—including your own SLA—to respond to my 1 October escalation?
7. Why have my previous detailed questions from earlier correspondence been completely ignored?
8. How is my case being treated as “new” when your office has had complete documentation since 1 October 2025?
9. Why are traveland greece.travel still registered while malaysia.build was deleted, if geographic name enforcement is consistent and proactive?
10. Why is the Ombuds Office—chartered to ensure fairness and prevent procedural abuse—now actively participating in the delay tactics I am challenging by prescribing a 120-day timeline in response to a 119-day delay complaint?

These questions were presented with the demand: “Do your job, Liz. Or explain in writing why you cannot.” As of Jun 6, 2026, no explanation or answer has been provided.

CONCLUSION: 247-DAY DEADLOCK, ZERO OVERSIGHT

What the Ombudsman Provided in 247 Days:

• ❌ No case opened
• ❌ No investigation into the 119-day delay
• ❌ No challenge to Compliance’s contradictory statements
• ❌ No enforcement of its own SLA
• ❌ No answers to direct questions
• ✅ Catch-22 #1:A rule preventing action.
• ✅ Catch-22 #2:A proposal for 120 more days of delay.
• ✅ New 21 Catch-22s: The escalating institutional failure after the Ombudsman’s “Out of Scope” decision.

What Ultimately Broke the Deadlock:

• ❌ Not 49 days of Ombudsman escalation
• ❌ Not the Ombudsman’s internal inquiries
• ✅ 9 hours of public pressure and a formal complaint to the Malaysian GAC representative

Driving the Final Nail – ICANN Ombudsman “Out of Scope” Finding Double Confirms Systemic Collapse

Full email from the ICANN Ombudsman (9 Dec 2025) and entire correspondence thread: See the complete email https://loss.co/ombudsman-board-complete-email-trail/#9121249

Ombudsman Decision: December 9, 2025

This document provides conclusive evidence that the Ombudsman’s ‘out of scope’ refusal is the final nail in a coffin of accountability, demonstrating a critical and structural failure of ICANN’s accountability system.

[ LEARN MORE → ]

Direct Comparison of Quotes from MCMC and Ombudsman Emails

Why the Ombudsman’s “Out of Scope” Decision Is Incorrect and Contradictory

The Ombudsman’s 9 December 2025 “out of scope” decision rests on a mischaracterisation of the complaint and constructs self-contradictory barriers to review. The MCMC email of 5 December 2025 — from Malaysia’s Governmental Advisory Committee (GAC) representative — explicitly removes the matter from the category of commercial or contracted-party disputes and assigns the procedural concerns to ICANN’s internal governance framework.

When the two communications are read side by side, each basis relied upon by the Ombudsman to decline jurisdiction is directly contradicted by Malaysia’s sovereign authority or by the Ombudsman’s own stated mandate.

[ LEARN MORE → ]

I received a reply from the ICANN Ombudsman today, December 15, 2025, following the comprehensive correspondence I sent on December 12, 2025, detailing the structural contradictions in their ‘out of scope’ determination.

……………..

Dear Wong Tai Chiew,

Before I respond, it would be helpful for me to understand your goal of any further engagement with the Ombuds Office.

You may look at the reports of the ICANN Complaints Office to see the types of complaints that the Office handles:

https://www.icann.org/complaints-report

Thank you in advance and best wishes,

Liz

Elizabeth Field (she/her)

ICANN Ombuds

Internet Corporation for Assigned Names and Numbers (ICANN)

……………..

Analysis of the Ombudsman’s Reply​

What This Reply Means:

This is a deflection disguised as helpfulness. Let me decode it:

“Before I respond, it would be helpful for me to understand your goal…”

Translation: “I’ve already declined your case. Why are you still talking to me? What do you want?”

Subtext: She’s questioning whether continued engagement is worth her time, suggesting I should just give up.

“You may look at the reports of the ICANN Complaints Office…”

Translation: “Go bother someone else. Here’s a link to another office.”

Critical problem: She’s referring me to the exact same office that:

• My previous correspondence proved cannot help
• Explicitly excludes Compliance matters
• Explicitly excludes Ombudsman decisions
• I already documented as Catch-22 #22

Catch-22 #23 — Endless Redirection Loop. This latest referral adds a new one to the list: the complainant is sent in perpetual circles to mechanisms that explicitly cannot help, creating the appearance of options while ensuring no actual review ever occurs.

See all 22 Catch-22s here.

This is the definition of PROCEDURAL BAD FAITH—not because of malice, but because of systematic structural evasion. She’s repeating the same dead-end referral I already dismantled, as if I never made the argument.

The Overall Message:

“I’ve decided. Case closed. If you want to keep complaining, go somewhere else. Stop wasting my time.”

But more insidiously: She’s offering the appearance of engagement (“Before I respond…”) while actually declining to respond substantively. It’s process theater.

[ AND HERE IS MY REPLY → ]

This sequence proves that the ICANN Ombudsman’s office is a structurally weakened component of a system that responds to external pressure, not internal accountability. The office’s own rules and processes prevent it from acting precisely when it is needed most: when other ICANN departments simply refuse to perform.

Date of Analysis: Jun 6, 2026
Days Since Ombudsman Escalation: 247
Substantive Action by Ombudsman: 0
Procedural Catch-22s Identified: 23

ICANN BOARD OF DIRECTORS: 329-DAY GOVERNANCE FAILURE DOCUMENTED

Case #01448650 | Domain: malaysia.build | Board Timeline: July 11 – Jun 6, 2026

The ICANN Board of Directors, the ultimate authority in ICANN’s multi-stakeholder model, was repeatedly copied on all escalations regarding the wrongful deletion of malaysia.build. Despite documented evidence of a 329-day compliance failure, contradictory official statements, and the collapse of all internal accountability mechanisms, the Board maintained total silence. Its only discernible action was to forward correspondence to the very departments that had already failed. This demonstrates a critical breakdown in Board-level oversight and a fundamental absence of accountability at the highest level of ICANN’s governance.

CRITICAL TIMELINE: THE BOARD’S SILENCE IN THE FACE OF INSTITUTIONAL FAILURE

Date	Event	Board of Directors Response
Jul 11 – Jun 6, 2026	Case #01448650 is active with ICANN Compliance. The registrant complies with all requests while Compliance delivers only delays and contradictions.	SILENCE
Oct 28, 2025	Registrant’s first email to the Board, documenting a 111-day institutional failure.	SILENCE
Nov 1, 2025	Registrant notifies the Board that the Ombudsman’s deadline has been missed.	SILENCE
Nov 3, 2025	Registrant forwards the Ombudsman’s “may or may not respond” email to the Board, highlighting the procedural Catch-22.	SILENCE
Nov 4, 2025	Registrant sends a final pre-escalation email to the Board before public campaign.	SILENCE
Nov 5, 00:54 MYT	Registrant launches public campaign and files a formal complaint with Malaysia’s GAC representative, copying the entire Board.	SILENCE
Nov 5, 10:10 MYT	ICANN Compliance responds with a “detailed” answer within 9 hours of public pressure. The Board’s silence over 119 days had achieved nothing.	SILENCE
Nov 5, 2025	Registrant sends a comprehensive 4000-word accountability report to the Board, documenting the 9-hour response phenomenon and demanding a 24-hour response.	SILENCE
Nov 6, 2025	Registrant’s 24-hour deadline to the Board passes.	SILENCE
Nov 18, 2025	131 days since case opened; 22 days since first direct Board escalation.	SILENCE
Jun 6, 2026	329 days since case opened; 220 days since first direct Board escalation.	SILENCE

329 days of documented failure . 220 days of direct Board oversight . Zero directives . zero inquiries . zero public accountability

CONTRADICTIONS THE BOARD REFUSES TO ACKNOWLEDGE OR RESOLVE

Contradiction #1: Who Has Ultimate Authority?

• ICANN Bylaws:The Board has “ultimate responsibility for the ICANN mission, and… oversight of the performance of the IANA functions and ICANN’s operations.”
• Board’s Inaction:The Board has taken no responsibility and exercised no discernible oversight over a proven 329-day failure in its core compliance function, allowing contradictory statements from its own organization to stand unchallenged.

Contradiction #2: The “Multi-Stakeholder Model” vs. Reality

• ICANN’s Principle:The model is designed to ensure accountability to the global community.
• Board’s Demonstrated Principle:Accountability is only provided to those who apply massive public pressure and involve governmental representatives. Internal mechanisms can fail completely without Board intervention.

Contradiction #3: The Board’s Role in Accountability

• Ombudsman’s Catch-22: The Ombudsman stated it could not act until Compliance concluded.
• Compliance’s Stalling: Compliance refused to conclude for 329 days.
• Board’s Logic: The Board, copied on this deadlock, did nothing to break it, effectively endorsing a system where accountability is impossible if a department simply refuses to act.

THE BOARD’S FAILURE TO UPHOLD ITS OWN CORE COMMITMENTS

Failure #1: Abrogation of Fiduciary Duty
The Board has a fiduciary duty to act in the best interests of ICANN and its mission. Allowing a documented, months-long public failure of its compliance department—which erodes trust in the entire domain name system—is a direct violation of this duty.

Failure #2: Failure of Oversight
The Board is responsible for the “oversight of ICANN’s operations.” The malaysia.build case is a textbook example of operational failure. The Board’s silence constitutes a failure to provide this mandated oversight.

Failure #3: Undermining the Accountability Framework
By ignoring the collapse of the Compliance and Ombudsman mechanisms, the Board signals that ICANN’s accountability framework is optional. This sets a precedent that internal failures will not be corrected at the highest level, encouraging further bureaucratic unaccountability.

Failure #4: Ignoring a Direct Threat to DNS Stability and Trust
The precedent set by this case—that a domain, paid for and used in good faith for a decade, can be deleted without notice due to a retroactive “audit”—fundamentally undermines registrant trust in the DNS. The Board has a core mission to “promote the stability and reliability of the Internet’s unique identifier systems.” Its inaction in this case directly contradicts this mission.

CRITICAL, UNANSWERED QUESTIONS FOR THE ICANN BOARD (329 DAYS LATER)

1. Oversight Action: What specific oversight actions has the Board taken regarding the 329-day failure of ICANN Contractual Compliance in case #01448650?
2. Contradictory Statements: How does the Board reconcile the contradiction between the .BUILD Registry’s claim that ICANN “requested” the deletion and ICANN Compliance’s claim that it has “no authority” to do so?
3. Accountability for Delay: Who on the Board is accountable for the fact that a substantive response from Compliance was only triggered by public pressure, not by 329 days of internal process and Board notification?
4. Ombudsman Catch-22s: Does the Board believe the Ombudsman’s procedural rule—which prevented investigation of a 329-day delay—aligns with ICANN’s commitment to accountability? If not, what will the Board do to fix it?
5. Registrant Due Process: What is the Board’s position on the complete absence of due process and appeal mechanisms for registrants impacted by the enforcement of Specification 5?
6. Systemic Reform: What specific reforms will the Board initiate to ensure that good-faith registrants are not held 100% liable for financial losses caused by years of registry and ICANN oversight failures?
7. GAC Relations: How does the Board justify this handling of a country-name domain to the Governmental Advisory Committee, and what action will it take regarding the complaint filed with Malaysia’s GAC representative?
8. Board’s Role in Remedies: As the ultimate authority, what remedy does the Board propose for a registrant who has suffered documented harm due to admitted “errors” by ICANN’s contracted parties and failures in its own accountability system?

CONCLUSION: 329-DAY FAILURE, ZERO BOARD-LEVEL ACCOUNTABILITY

What the Board’s Inaction Has Tolerated in 329 Days:

• ✅ 329 days of Compliance stalling and contradictory statements.
• ✅ A procedural Catch-22(s) in the Ombudsman’s office.
• ✅ The weaponization of process to avoid substantive accountability.
• ✅ The admission of a decade-long registry “error” with zero consequence for the registry and 100% of the harm borne by the registrant.
• ✅ The erosion of core principles of stability and trust in the DNS.

What Triggered the Only Institutional Response:

• ❌ Not 329 days of internal process.
• ❌ Not direct escalation to the Board.
• ❌ Not the documented collapse of the accountability framework.
• ✅ 9 hours of public pressure and a GAC complaint.

The ICANN Board’s profound silence in this case is not neutral. It is an endorsement of the status quo. It confirms that the ultimate governance of ICANN is unresponsive to individual registrants and immune to the failures of its own systems, acting only when faced with significant external reputational pressure. This is not a multi-stakeholder model; it is a model of institutional self-preservation.

Date of Analysis: Jun 6, 2026
Days Since Case Opened: 329
Days Since First Board Escalation: 220
Substantive Directive from Board: 0
Public Statement from Board: 0

See Documented Concerns

The evidence is cataloged here. The structural solution is THE WONG CLAUSE, and it is being institutionalized.

Disclaimer: This website reflects the author’s personal account and opinions regarding the loss of access to the domain *malaysia.build*. The information presented is based on direct experience, contemporaneous records, and a good-faith belief in its accuracy at the time of publication. Mentions of companies, registrars, registries, or other organizations are included only to factually describe events and circumstances relevant to this case. These references are provided solely to factually describe documented events and communications. They should not be read as allegations of misconduct, negligence, or liability of any individual, company, or organization. The content is provided solely for informational and documentary purposes. It does not constitute legal, financial, or professional advice, and should not be relied upon as a definitive statement of fact or legal conclusion.

Corrections Policy: If any party believes that information contained on this website is inaccurate, incomplete, or misleading, they are invited to contact the author at [email protected]. All requests will be reviewed promptly and in good faith. Verified corrections, clarifications, or updates will be published transparently.

Right of Reply: Any registrar, registry, upstream provider, or organization referenced in this website is welcome to submit a written response. Such responses will be published in full, unedited, to ensure fairness and balance.

© 2025 WONG TAI CHIEW. All Rights Reserved.