Latest news of the domain name industry

Recent Posts

How NetSol opts you in to cybersquatted .xyz names

Kevin Murphy, June 8, 2014, 22:04:38 (UTC), Domain Registrars

Clear-cut cases of cybersquatting seem to be among those .xyz domain names that Network Solutions has registered to its customers without their explicit request.

Some of the domains I’ve found registered in .xyz, via NetSol to the registrants of the matching .com or .net names, include, and

Domains including other brands, such as Rolex, Disney, iPhone, Amazon and Pepsi can also be found registered to third parties, via NetSol, in .xyz’s zone today.

They’re all registered via NetSol’s Whois privacy service, which lists the registrant’s “real” name in the Whois record, but substitutes mailing address, email and phone number with NetSol-operated proxies.

I think the chance of these names being paid for by the registrant is slim. It seems probable that many (if not all) of the squatty-looking names were registered via NetSol’s promotional program for .xyz.

As previously reported, NetSol has been giving away domain names in .xyz to owners of the matching .com names. Tens of thousands of .xyz names seem to have been registered this way in the last week.

The “registrants” did not have to explicitly accept the offer. Instead, NetSol gave them the option to “opt-out” of having the name registered on their behalf and placed into their accounts.

The effect of this has been to propel .xyz into the leading spot in the new gTLD league table. It had 82,236 names in today’s zone file. a clear 15,000 names ahead of second-place .club.

But it’s not clear how much, if any, support NetSol has received from the registry, CEO Daniel Negari told Rick Schwartz, in a coy interview last week:

The Registry Operator is unable to “give away” free domain names. I never even saw the email that the registrar sent to its customers until I discovered it on the blogs.

The opt-out giveaway has also prompted speculation about NetSol’s right to register domains without the explicit consent of the registrant, both under the law and under ICANN contract.

Under the Registrar Accreditation Agreement, in order to register a domain name, registrars “shall require” the registrant “to enter into an electronic or paper registration agreement”.

That agreement requires the registrant to agree to, among many other things, the transfer or suspension of their domains if (for example) they lose a UDRP or URS case.

But that doesn’t seem to be happening with the opt-out names,

Barry Shein, president of The World, had registered on his behalf by NetSol on Saturday. He already owns, also registered with NetSol.

NetSol’s email informing him of the registration, which Shein forwarded to DI, reads as follows:

Dear Valued Network Solutions Customer,

Congratulations, your complimentary SHEIN.XYZ domain has arrived!

Your new .XYZ domain is now available in your Network Solutions account and ready to use. To go along with your new .XYZ domain, you have also received complimentary access to Professional Email and Private Registration for your .XYZ domain.

If you choose not to use this domain no action is needed and you will not be charged any fees in the future. Should you decide to keep the domain after your complementary first year, simply renew it like any other domain in your account.

We appreciate your business and look forward to serving you again.


Network Solutions Customer Support

Importantly, a footnote goes on to describe how NetSol will take a refusal to opt out as “continued acceptance” of its registration agreement:

Please note that your use of this .XYZ domain name and/or your refusal to decline the domain shall indicate acceptance of the domain into your account, your continued acceptance of our Service Agreement located online at, and its application to the domain.

So, if you’re a NetSol customer who was picked to receive a free .xyz name but for whatever reason you don’t read every marketing email your registrar sends you (who does?) you’ve agreed to the registration agreement without your knowledge or explicit consent, at least according to NetSol.

I am not a lawyer, but I’ve studied enough law to know that this is a dubious way to make a contract. Lawyers I’ve shown this disclaimer to have laughed out loud.

Of course, because each registrant already owns a matching .com, they’ve already accepted NetSol’s registration agreement and terms of service at least once before.

This may allow NetSol to argue that the initial acceptance of the contract also applies to the new .xyz domains.

But there are differences between .com and .xyz.

Chiefly, as a new gTLD, .xyz registrants are subject to policies that do not apply to .com, such as the Uniform Rapid Suspension policy.

URS differs from UDRP in that there’s a “loser pays” model that applies to complaints involving over 15 domains.

So these .xyz registrants have been opted into a policy that could leave them out of pocket, without their explicit consent.

Of course, we’re talking about people who seem to be infringing famous trademarks in their existing .com names, so who gives a damn, right?

But it does raise some interesting questions.

Who’s the registrant here? Is it the person who owns the .com, or is it NetSol? NetSol is the proxy service, but the .com registrant’s name is listed in the Whois.

Who’s liable for cybersquatting here? Who would Twitter file a UDRP or URS against over Who would it sue, if it decided to opt for the courts instead?

Tagged: , , , , , ,

Comments (33)

  1. Kassey says:

    Excellent work, Kevin!!!

  2. Acro says:

    WHOIS privacy does not change the Registrant of these XYZ domains. They are all matched to existing domains in user accounts. In the event of a URS or UDRP, the WHOIS privacy would be removed, revealing the full info of the registrant, who in this case, never actually registered the XYZ domain.

    Every single registration of a domain is a single instance of acceptance of the terms and conditions of the registrar and registry. In other words, these robo-registrations are null and void as they were never initiated by humans. The opt out requirement is a silly but intentional plan to pump the XYZ registrations. We can safely assume that all of 69.355 NetSol registrations of XYZ are bogus.

    Whoever had this ‘brilliant’ idea at NetSol needs to be fired asap.

  3. Ms Domainer says:


    I can’t believe that Net Sol’s lawyers would even sign off on such a deal that would leave the company in such a vulnerable legal position.

    Negari’s insistence that this is a Net Sol initiative does not smell right.

    When following the money, one always has to ask: “Who benefits the most from the action?”

    The answer would have to be Negari and .xyz

    SOMEONE is paying for those free .xyz’s because ICANN must have its cut, and I doubt very much if Net Sol is paying those fees.

    My guess would be a shell/shill company.


  4. Kevin, Danel Negari’s statement looks to this PR practitioner to be an old and sometimes successful technique. In the careful wording, “The Registry Operator is unable to “give away” free domain names. I never even saw the email that the registrar sent to its customers until I discovered it on the blogs.” all Mr Negari is saying is that he didn’t sight the EDM email before it was sent. He has yet to address the core of the matter: did he or his personnel have knowledge of the scheme prior to its execution by NetSol.

    Ample time and opportunity has been given for Mr Negari to clarify his and his company’s role.

    The hardworking and ethical registry operators of the new gTLD program are having oxygen sucked out of our momentum while this affair continues. Not a single registry operator I’ve spoken with over recent days doesn’t wish for a fast and full conclusion of this matter, so that our hard-won progress isn’t further compromised by the unanswered questions which call our industry into question by partners and investors.

    For the good our our industry’s shared objectives, I hope Mr Negari will wrap this matter up in a way satisfactory to we thousands of informed fellow-travellers.

    • Kevin Murphy says:

      Negari is definitely losing the PR war on this, due to his (and NetSol’s) refusal or inability to go on the record with a full and transparent explanation of what’s going on.

      He probably has his reasons.

      He’s not helping his image in the domainer community by uploading videos of himself skateboarding in his office, literally blowing his own horn in some kind of road-trip Winnebago excursion, behaving like a generic tech-bubble CEO hipster and generally making out like .xyz is in huge demand by actual human beings.

      But personally, based on what I’ve heard in private conversations with various parties, I currently believe that this giveaway is pretty much an exclusively NetSol promotion, with little registry involvement. I may be proved wrong, but that’s my current belief.

  5. blehblehbleh says:

    There’s nothing nefarious here, this was all about spreading peace, harmony and earthly togetherness. Everyone sing Kumbaya!

    • Ms Domainer says:


      You mean tacking on cybersquat domains on registrants as “spreading peace, harmony [sic] and earthly togetherness”?

      Gee, your definitions of those words are different that what I learned growing up.


  6. Ms Domainer says:


    It would be interesting to find out if any other registries made “sweetheart deals” with Net Sol.

    I would guess that if .xyz was the only registry involved, then an exchange of money had to be involved — from a shill company belonging to .xyz to Net Sol.

    Nothing else makes sense.


  7. I’m my opinion, NS potentially becomes a partner in cyber squatting and is vulnerable. Someone in NS is not thinking of the broader consequences of this decision.

  8. William says:

    Daniel says he was not involved in the net sol giveaway and no one can prove otherwise even though the logic of such a promotion is not clear.

    At the end of the day, the question is whether or not end users will see xyz as a desirable extension and why. What are the merits of .xyz. That’s a better topic of discussion in my opinion.

    • Elena says:


      “Daniel says he was not involved in the net sol giveaway and no one can prove otherwise even though the logic of such a promotion is not clear. ”


      Daniel NEVER said he was not involved in the netsol giveaway. All he said was that he doesn’t know the details of all marketing campaigns.

      That means nothing and it surely doesn’t mean Daniel wasn’t involved in the netsol giveway.

      The ONLY question I would like to have answered is if netsol was contacted by XYZ, prior to the General availabilty and was offered a lucrative deal in return for a guarantee there would be lots of .XYZ registrations.

  9. Drewbert says:

    If a lucky recipient of a free .xyz domain dies of embarrassment, can the estate sue Netsol?

  10. Bernd Lessing says:

    I wonder who Daniel thinks he is fooling. Any domainer worth his money will have long read the news here and in other industry blogs. Same goes for registrars who won’t even waste a minute thinking about pushing .xyz based on dubious numbers.

    And finally this is the good news: Registrations for .xyz (aside from the bogus NetSol stuff) are slow – VERY slow. Whatever stunt Danil is pulling, the market will put .xyz were it belongs.

    Daniel, you are a joke. And a lame one at that.

  11. Thanks Kevin for this investigative reporting. Can you imagine if this was a sensitive string?

    This type of “marketing” to maximize profits or domain registrations is dangerous and has unintended consequences. Not to sound like a broken record but we did highlight in our Community Objections for .music that if there is no name selection policy or adequate enhanced safeguards there would be a high likelihood of harm. Imagine if this “marketing” approach was applied to .music since most artist names are generic.

    Bottom line the domain industry is very “smart” at finding loopholes to monetize at the expense of others because ICANN really holds no-one accountable. This is the same ICANN which has allowed well-known “monetizers” of music piracy such as Google (supplier of ad networks to pirate sites) and Amazon (advertiser on pirate sites) to apply for .music.

    The .XYZ story lays to rest the disingenuous argument by many”open” portfolio applicants that generic domains should be open because it is all about global access and openness even if they are sensitive strings.

    Think about this for a second: none of the .music applicants has a name selection policy except our initiative. In other words, anyone can register any name they want, even if it somebody else’s. No naming conditions would make this type of .XYZ opt-out marketing campaigns possible and create harm. Furthermore none of the .music applicants has a Content/Use policy which states that only music is allowed except our community initiative. The avoidance of abuse and cybersquatting is another reason we decided to include the eligibility policy to verify members belonging to a legitimate music entities abiding to the Mission of protecting intellectual property.

    I do not understand with the domain community’s infatuation about registration numbers. This metric has no bearing because the numbers are not weighted. How about the metric such as price, engagement, traffic and adoption? A great example of success is .EDU with under 19k registrations and it is restricted. Why not have more of those safe, trusted TLDs? That said, the domain registration number game is relevant to ICANN though because $0.18 is paid to them for each registration, so if you take the economic approach then ICANN should not “like” restricted TLDs because they “earn” less from them. A conflict perhaps? 🙂

    Bottom line, I believe this potential cybersquatting issue that Kevin has illustrated has consequences since it seems that ICANN does not have the capacity to control hundreds of new gTLDs at the same times i.e registries, registrars and registrants.

    P.S However I do suggest we wait for some concrete evidence before criticizing Daniel Negari. We really do not know with certainty the details on how the .XYZ “opt-out” Network Solutions promotion transpired. The only thing we know are the results which do have unintended consequences for many new TLDs.

    • John Berryhill says:

      “I do not understand with the domain community’s infatuation about registration numbers.”

      Me neither. The outrage seems to be premised on the notion that “total registration number” is proportional to “value of any one domain in TLD”, and that therefore domain speculators are being cheated by the numbers not reflecting voluntary domain registrations (as opposed to the numbers reflecting what the domain speculator herd has valued for other reasons).

      In other words, the anger stems from an axiomatic belief that domain names are primarily speculative instruments which, itself, is a viewpoint that annoys to no end a great deal of other people. From the broader perspective which holds domain speculation to be atrocious behavior in the first instance, then I’m sure that someone is having a laugh at the spectacle of “parasitic” domain registrants being upset at the feeling they have been wrongly induced to register domain names in this TLD.

      I haven’t actually seen anyone come forward and say “because of these registration numbers, I went out and got a thousand of these things and now I feel cheated” which, in terms of “why are domainers upset”, sort of brings us back to square one. Given the speed with which the NSI promotion was figured out, then did anyone actually register domain names based on these numbers?

      I have no idea how many registrations there may be in the .coop TLD, but regardless of it being a chartered TLD, I personally think that the folks who have have themselves the one name in that entire TLD which is simply an awesome domain name. If it was the ONLY name registered in .coop, it would still be a great name. I agree with Page Howe’s observation that the equation of “number of names registered in TLD” with “value of any particular name in TLD” is a lazy metric adopted by people who can’t decide for themselves whether a name is worth anything or not.

      Be that as it may, the metric of “names registered in TLD” has been beatified by some as bearing an implicit promise of value, and the anger comes from the feeling that this promise, which nobody ever made, has been broken.

      I believe that whether any of the new TLDs are “worth” a plugged nickel to anyone is a question that won’t be answered for a number of years. I simply did not understand why there needed to be more than a decade to get to “If you want to try to run one, go ahead and try”.

      One would expect that a registry operator might be informed of any number of marketing promotions that registrars may have in mind. One would also expect that the registry operator, due to the fact that it deals with multiple registrars, is not in a position to discuss that kind of commercial information the registry might have about the various registrars. We can probably waterboard Mr. Negari all day long to force out of him what he knows, but it is unlikely he is at liberty to discuss what NSI may have told him anyway. We do know for certain that it is the registrar’s obligation to comply with all relevant requirements for registering domain names to registrants, and it is likely that NSI may have an interesting theory about how their user agreement refers to components of “packages” of service offerings and that .xyz was added to a “package” to which their customer may be considered to have already agreed. The NSI service agreement is a thing of wonder and, ultimately, it is an argument to be had between ICANN and NSI.

      In any event, I find this part of your comment interesting:

      “Not to sound like a broken record…”

      Have you asked anyone under, say, age 30 what that expression means?

      Go ahead and try it. You’ll get a broad range of interesting answers.

      It’s sort of like old folks who still refer to Network Solutions as “NSI”. Heh.

      • Very well said John.

        I believe many are too quick to attack Daniel Negari and make prognostications on how exactly the .XYZ promotion with Network Solutions transpired. Bottom line is we do not know exactly. I agree with you that the argument should be between ICANN and Network Solutions.

        Other registrars did not do a similar promotion so blaming Daniel Negari makes no sense to me unless there was an registrar equal treatment violation. I have not heard any registrar complaining though so it seems that the registry did not violate any rule.

        However, the old=school “broken record” inside of me says: we need certain rules for certain sensitive strings to prevent such abuse possibility.

        Kevin is on to something with the cybersquatting angle. This is a clear case why certain restricted TLDs with “naming conditions” are pivotal and essential especially when you match a branded “generic” artist name with a popular category (such as music).

        What if the registrant for Eagles.COM (who is not the music band Eagles) was an Network Solutions customer and was given a free Eagles.XYZ domain? Sounds good so far right? Well what if we applied that same promotion to an “open” .MUSIC? The unsuspecting registrant all of a sudden is given for free if they do not opt-out. Unfortunately that registrant just squatted on the “Eagles” brand name without their intent.

        This is why naming conditions are critically important for some strings. We are the only .music applicant with a naming condition policy which says your domain must be your name, DBA or acronym so such abuse that was mentioned would be prevented. While Kevin pointed out the cybersquatting that could happen to the left of the dot under a non-niche TLD string such as .XYZ, I also must point out there could be cybersquatting claims arising from generic word domains to the left of the dot if they are matched with a niche category to the right of the dot (e.g The registrant would have no problem getting a “free” Universal.Adapters domain as a promotion but if the TLD string was different – Universal.Pictures – then it would pose cybersquatting concerns). Open access strings with no restrictions for niche TLDs also pose trademark concerns.

        • John Berryhill says:

          “We are the only .music applicant with a naming condition policy…”

          …and the only one which sounds like a broken record!

  12. Acro says:

    Kevin, looks like this entire analysis has been replicated verbatim at!/how-netsol-opts-you-in-to-cybersquatted-xyz-names/

    Added a ! to avoid linking to those rippers.

    • Kevin Murphy says:

      Plagiarism sites like that come and go. There’s no money in it. I try not to let it bother me.

      • John Berryhill says:

        It’s okay.

        I looked at the terms of use of their website and it clearly states, “By using the name ‘Kevin’ you agree to allow us to copy your content.”

        Someone in Network Solutions’ legal department is moonlighting.

  13. Trademark lover says:

    I assume that those freebie names netsol are handing out are not subject to claims. After all, they _are_ supposed to be presenting the claims notice to registrants <- how does one do that in an opt-out email?

    • Kevin Murphy says:

      Trademark Claims only covers exact-match domains. None of the “cybersquatting” domains I found are exact matches to trademarks.

    • John Berryhill says:

      By not assigning xyz names subject to a TMCH notice.

      • Trademark lover says:

        I was being cheeky. hence my first sentence. You avoid claims names by either doing a check at the registry (en masse one presumes) or checking the DNL directly (which only registries have access to, in theory).

        So you need to check that first, send an email (with opt out), wait for suitable opt-out time to elapse (or not) then register said name, checking that claims have not been added in the intervening period.

        So the xyz registry definitely knows what is going on. There’d be thousands of checks in their logs. That doesnt mean they were complicit in the spam registration program, but they can’t claim ignorance either.

  14. janedoe says:

    The real question is what happens when those .XYZ domains come up for renewal…will the customer be automatically charged for it (legal issue) or will they recieve a bill expecting them to pay (scam/spam)

    Netsol are scum and opening themselves up for legal action which could well affect everyone who uses them.

    And my opiniin of .XYZ has gone into the crapper as well due to these shenanigans.

    • Kevin Murphy says:

      “Scum” seems like a strong word for a company that is basically just giving away free stuff to its customers.

      They’ve also made it pretty clear that there won’t be an auto-rebill on these names.

  15. Hi Kevin:

    You should ask their Attorney Brian for an opinion, as he’s their chosen Sage, based on a relationship beginning publicly in SEPTEMBER 19, 2008 as per


    Credit where due!

    Brian writes well & provide’s very helpful information, sufficient to become the cornerstone of a Pro Se’s primary studies & knowledge, leading to a forthcoming Rule 20 initiative.

    Back to the original thrust of this article …

    Network Solutions were giving away “Free” .BIZ TLD’s to bolster numbers; and I know this, being the recipient of one issued last September.

    Cheers, Graham.

    W’s: Quotes & Paraphrases:

    “Here in the United States, the process is very straightforward. Trademarks are geographic in their scope and you file under being “use-based” which is for trademarks used in interstate commence OR file with “intent-to-use” which allows time for market research, product development and regulatory clearance. The latter gives you in many instances three years to file evidence of use of the mark.”

    “Going international is a whole different ballgame. In many places, it is the same as the United States where they look for use of the mark and may provide common law protection.”

    “report infringement of it to your lawyers, don’t permit modification of the mark”

    I read … “Modification” … as in Dilutive & False Designation ccTLDs, inside the .COM TLD.

  16. old geezer says:

    What’s so bad about xyz domains? I think they’re great,
    but being manipulated into one… NOT cool

Add Your Comment