Recent Posts
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
- Domain universe grows despite .com drag
- Did somebody spend a million bucks on a Google domain hack?
ICANN backtracks on executive pay transparency
ICANN has not disclosed the results of a recent board vote to award the CEO his bonus, apparently reversing an earlier move to make that kind of information public.
The board voted last week to give Göran Marby his “at risk” compensation for the second half of the org’s fiscal 2021.
It’s not clear from the resolution whether he’s getting his full 30% or just a portion thereof.
It’s also not clear whether the vote was unanimous or not.
As I noted in February, ICANN disclosed that three directors voted against a resolution to give Marby a pay rise, which put him well over the million-dollars-a-year mark.
I wondered aloud back then whether the unprecedented decision to publish the vote on a matter of executive compensation was an accident, or a move towards increased transparency by the org, which I would have applauded.
The resolution from last week contains no such information, suggesting February may have been a publication accident after all.
The minutes from the February meeting have yet to be published, four months after the fact.
US Feds seize 33 Iranian news site domains
The US government said it has seized control of 33 domain names previously belonging to an Iranian TV news station that the US considers linked to terrorism.
The Department of Justice said the domains had been registered by the Iranian Islamic Radio and Television Union, which it said is controlled by Islamic Revolutionary Guard Corps Quds Force, designated as a terrorist organization.
Among the domains is presstv.com, used by Press TV, an Iranian state-owned station that broadcasts news in English and French.
The DoJ said the sites were “disguised as news organizations or media outlets” and “targeted the United States with disinformation campaigns and malign influence operations”.
All of the seized names reportedly use .com, .net and .tv domains, which are all operated by Verisign.
The DoJ obtained a court order to grab the names.
As an overseas registrar was used to register the names, it appears the court order instructed Verisign, based in the US, to hand them over.
The domains now direct to a US government placeholder informing visitors of the seizure. Some of the affected web sites have reportedly started using new domains.
Under US law, “Specially Designated Nationals” listed by the Office of Foreign Assets Control are forbidden from obtaining services from US companies without a special license.
The DoJ said it has seized an additional three domains owned by Kata’ib Hizballah (Kataib Hezbollah), an Iraqi militia backed by Iran.
Domain firms plan “Trusted Notifier” takedown rules
Domain name registries and registrars are working on a joint framework that could speed up the process of taking down domain names being used for behavior such as movie piracy.
Discussed last week at the ICANN 71 public meeting, the Framework on Trusted Notifiers is a joint effort of the Registrar Stakeholder Group and Registries Stakeholder Group — together the Contracted Parties House — and is in the early stages of discussion.
Trusted Notifiers are third parties who often need domain names taken down due to activity such as copyright infringement or the sale of counterfeit pharmaceuticals, and are considered trustworthy enough not to overreach and spam the CPH with spurious, cumbersome, overly vague complaints.
It’s not a new concept. Registries in the gTLD space, such as Donuts and Radix, have had relationships with the Motion Picture Association for over five years.
ccTLD operator Nominet has a similar relationship with UK regulators, acting on behalf of Big Copyright and Big Pharma, taking down thousands of .uk domains every year.
The joint RrSG-RySG effort doesn’t appear to have any published draft framework yet, and the discussions appear to be being held privately, but members said last week that it is expected to describe a set of “common expectations or common understandings”, establishing what a Trusted Notifier is and what kind of cooperation they can expect from domain firms.
It’s one of several things the industry is working on to address complaints about so-called “DNS Abuse”, which could lead to government regulations or further delays to the new gTLD program.
It obviously veers into content policing, which ICANN has disavowed. But it’s not an ICANN policy effort. Whatever framework emerges, it’s expected to be non-contractual and voluntary.
Trusted Notifier relationships would be bilateral, between registry and notifier, with no ICANN oversight.
Such deals are not without controversy, however. Notably, free speech advocates at the Electronic Frontier Foundation have been complaining about Trusted Notifier for years, calling it “content policing by the back door” and most recently using it as an argument against Ethos Capital’s acquisition of Donuts.
There’s really only one question about the return to face-to-face ICANN meetings
The struggles of remote working during unsociable hours and the possibility of a return to partially in-person meetings for Seattle in October were the subject of lots of well-deserved debate at the virtual ICANN 71 public meeting last week, but in reality I think there’s only one question that matters.
The question is posed by Americans to everyone else, and it goes like this: “You guys cool if we go ahead without you?”
Sure, lots of interesting and important questions were raised last week, particularly during the hour-long final session.
If ICANN decides to require proof of vaccination to attend in person, will it accept all brands of vaccine, or will it do a Bruce Springsteen and exclude those who have received the AstraZeneca jab, which is not currently approved in the US?
Is it a problem for overseas travelers that the number of vaccinated Americans currently appears to be plateauing, as ludicrous political divisions see primarily “red state” folks refuse to take their medicine?
What about attendees working for companies that have eliminated their travel budget for the rest of the year?
What if there’s a new flavor of Covid, worse than the current delta variant, in play in October? What if travel corridors into the US are still closed when ICANN 72 comes around? What if attendees have to self-isolate for weeks in expensive hotels upon their return to their home countries? Has ICANN done any research into this?
These are some of the questions that have been raised, and while they’re all very interesting I can’t help but feel that they’re completely irrelevant in the context of an ICANN meeting.
ICANN doesn’t know what the pandemic state of play internationally is going to be four months from now. Nobody does. Not the epidemiologists, not the healthcare leaders, not the governments.
ICANN isn’t a government. It isn’t the United Nations. It’s a technical and policy coordination body that sometimes appears to have a sense of its own importance as inflated as its budget. Its powers to assure an internationally diverse community can gather in literally the same room in October are close to non-existent.
But it’s a pretty safe bet that domestic travel in the US will still be permitted in October (did it ever even really stop?) and therefore it’s a pretty safe bet that community members based in America will be able to bump elbows in Seattle.
The only question remaining therefore is: how much of the rest of the world is ICANN willing to risk excluding to make that happen?
It’s a question its board of directors will answer in July. I don’t envy them the responsibility.
Registries unveil plan to tackle botnet abuse with mass takedowns
Domain name registries have thrown a bone to critics who say they’re not doing enough to tackle DNS abuse by revealing a framework for rapidly taking down domains associated with large-scale botnets.
In a nutshell, the new Framework on Domain Generating Algorithms (DGAs) Associated with Malware and Botnets (pdf) would enable registries to preemptively register potentially abusive names without paying ICANN fees.
It is hoped that the framework will give law enforcement an easier time in tackling botnets, and perhaps cool down some of the heat the domain name industry is taking over the DNS abuse problem.
Botnets, you’ll recall, are large networks of compromised computers that can be deployed to, for example, carry out damaging distributed denial of service attacks.
The endpoint malware on botted machines is often controlled by regularly pinging a predetermined domain name to ask for instructions.
Rather than a single domain name, which would be easy to block, the malware often use algorithms, seeded with the current time or date, to create apparently random, gobbledygook names.
Botnet controllers need only run the same algorithm at home to determine the appropriate domain to register at any given time.
Other times, lists of thousands of domains are generated in advance and hard-coded into the malware.
Either way, DGAs can give law enforcement a way to effectively shut down a botnet by having all the potential command and control domains blocked or registered, but only with the cooperation of the registries.
A notable example of such cooperation was during the Conficker crisis over a decade ago, which ultimately saw a broad coalition of LE, registries and security companies come together to reverse engineer and preemptively block the huge numbers of domains the malware was expected to generate.
The new framework, which was created by ICANN’s Registries Stakeholder Group in cooperation with the Governmental Advisory Committee, essentially formalizes and expedites that kind of countermeasure.
It’s not official ICANN consensus policy, nor is it binding on all registries. It’s purely voluntary.
It appears primarily concerned with reducing the administrative and financial burden on registries that choose to participate.
It asks law enforcement to submit takedown requests as part of “a well thought-out, comprehensive abuse disruption strategy” that gives registries sufficient time to implement them.
It further asks (and provides a template letter) that ICANN waives the fees it collects when registries register botnet domains, which with some DGAs could amount to many tens or hundreds of thousands of dollars.
It also lists several reasons why registries might refuse to comply with LE without a court order — such as when the names are already registered and need to be seized, or when they’ve been identified as potentially high-value domains.
For registries, offering up the framework appears to be low-hanging fruit in their ongoing conflict with governments, cops and security researchers that argue the industry should do more to tackle abuse.
What it doesn’t do is expand the current industry definition of “abuse”, which is currently limited to botnets, phishing, pharming and malware distribution. Spam can also be considered DNS abuse when it is used to perpetrate any of the other four malfeasances.
But that definition is also voluntary, and only a few dozen registries and registrars have signed up to it. ICANN contracts are pretty much toothless when it comes to abuse.
The fight about DNS abuse is pretty amorphous, and overlaps with intellectual property interests’ demand for more access to private Whois data and the issue of when to start the next new gTLD application round.
Next new gTLD round should be less English, says ICANN boss
The next round of new gTLDs should be less focused on the English-speaking world, ICANN CEO Göran Marby said yesterday.
Talking to ICANN’s Governmental Advisory Committee in a bilateral session at ICANN 71 yesterday, Marby said he believed the 2012 round — the last time anyone was able to apply for a new gTLD — was too English-centric.
We have so few identifiers on the internet, [which] I think is a problem. Most of them are in relation to the English language or translations of English words…
I think and I truly believe that the next round should be giving the ability for people to have identifiers on the internet that’s actually in correlation with their own local contexts, their own scripts, their own keyboards, their own narratives, so they can create their pwn communities on the internet…
We have to rethink a lot of things we have done previously, because last time we did a round it was very much about the English language and I don’t think that’s fair for the rest of the world.
He pointed out the need for universal acceptance — the technical and educational challenge of making sure all software and online services support non-Latin internationalized domain names.
While it’s true that the 2012 round of applications turned out very much English-heavy, it was not by design.
Broadening the gTLD space out to non-Latin scripts and non-English languages was one of the benefits frequently cited (often, I thought, to guilt-trip the naysayers) before opponents of new gTLDs — including governments — in the run-up to the 2012 round.
ICANN was tasked in 2011/12 with reaching out to potential applications in under-served areas of the world, but it’s generally considered to have done a pretty shoddy job of it.
In the 2012 round, 116 of the 1,930 total applications were for IDNs, and 97 of those at some point made it into the DNS root. There have been a further 61 IDN ccTLDs that came in through the IDN ccTLD Fast Track process.
IDN applicants were given special privileges in the 2012 round, such as prioritization in the lottery that selected the processing order for applications. The first delegated new gTLD was in Arabic.
The IDN gTLDs have had a mixed performance volume-wise, with the top 10 strings, which are mostly Chinese, having between 14,500 and 164,000 domains under management.
Only one has passed the 50,000-domain threshold where it has to start paying ICANN transaction fees.
The numbers are not thoroughly terrible by new gTLD standards, but they don’t make the case for huge demand, either.
Cade and Dammak win ICANN awards
Marilyn Cade and Rafik Dammak have been named joint winners of this year’s ICANN Community Excellence Award, formerly the Ethos Award.
The award acknowledges those community members deemed to have embodied ICANN’s values and devoted a lot of time to community work.
As I previously blogged, policy consultant Cade, who died last year to a wide outpouring of tributes, was pretty much a shoo-in.
“This award is not intended to be a memorial. Instead, it is a well-deserved recognition of Marilyn’s contributions and commitment to ICANN and our multistakeholder community,” the awards selection committee noted.
Dammak has for over a decade contributed “countless volunteer hours” on various ICANN policy working groups, mainly in the GNSO, the committee noted. His impartiality was called out by the selection committee for praise.
He last year stepped in to fill a leadership vacuum in the working group devoted to reviewing Whois privacy policy.
ICANNers itching to get back to face-to-face shindigs
A majority of ICANN community members want a return to in-person meetings as soon as possible, and overwhelmingly don’t care how many pandemic-related restrictions are put in place to get it done.
That’s according to the results of an online survey ICANN carried out, which ultimately had 665 responses, or 514 if you exclude responses from ICANN staff.
The survey found that over half of all respondents were keen to fling open the doors for ICANN 72 in Seattle this October, even if it meant reduced attendance and global diversity due to pandemic restrictions on travel.
There was even greater acceptance of — and indeed demand for — health measures such as social distancing, face masks, proof of vaccination, and on-site testing.
None of these proposed measures attracted less than 72% support, and no more than 11% of respondents objected to any individual measure.
While the majority of the respondents were from North America or Europe — which I think it’s fair to say are broadly considered to be well-vaccinated and in the closing days of their pandemic restrictions — ICANN has helpfully broken down some of the responses by geography.
Perhaps unsurprisingly, North Americans and Europeans were far more likely to approve of vaccination-related attendance rules, at 73% and 66% respectively. But a majority of those from Latin America, Asia and Africa were also tolerant of such restrictions.
North Americans were also much less likely to fear travel restrictions — ICANN 72 will be held on home turf, after all.
While the survey results show a clear inclination for reopening in-person meetings, with an online component for those unable to make it, the decision will be made by the ICANN board of directors next month.
The full survey results can be viewed here (pdf).
How awful would ICANN 72 have to be for you to stay at home?
ICANN is seriously considering holding its ICANN 72 public meeting with a face-to-face component in Seattle this October. But it wants to know what would make you stay at home.
The org is surveying community members to see how they would respond to stuff like temperature checks, rapid testing, compulsory mask wearing, , vaccine certificates, physical distancing and even physical tracking.
Do community members want this stuff to make them feel safe? Or would it make them steer clear of the meeting for the sheer annoyance and intrusion? Is the community made up of bleeding-heart liberal wokesters, or hardline dunderhead deniers?
And if it turned out that the meeting would be predominately populated with vaxxed-up North Americans and Western Europeans, with few attendees from less well-off parts of the world, would that make you stay away in solidarity?
These are among the questions asked in the 10-page survey, sent out in advance of this week’s ICANN 71 public meeting, which had been due to take place in The Hague but instead will be ICANN’s fifth consecutive online-only gathering.
There’s going to be a live discussion about the possibility of a return to hybrid in-person meetings on Thursday.
The ICANN board is due to make a call on the location of 72 at some point in July.
And it’s not just a decision about health and global representation.
While the survey does not cover this, ICANN meetings are not cheap, and to set the ball rolling now with poor visibility into the pandemic situation a few months in advance would incur costs that could not be recouped.
More non-rules proposed for Whois privacy
An ICANN working group has come up with some extra policy proposals for how registries and registrars handle Whois records, but they’re going to be entirely optional.
The ongoing Expedited Policy Development Process team has come up with a document answering two questions: whether registrars should differentiate between people and companies, and whether there should be a system of uniform, anonymized email addresses published in Whois records.
The answer to both questions is a firm “Maybe”.
The EPDP working group seems to have been split along the usual party lines when it comes to both, and has recommended that contracted parties should get to choose whether they adopt either practice.
Under privacy laws, chiefly GDPR, protections only extend to data on natural persons — people — and not to legal persons such as companies, non-profits and other amorphous entities.
Legally, registries and registrars are not obliged to fully redact the Whois records of domains belonging to companies, but many do anyway because it’s easier than putting systems in place to differentiate the two types of registrant.
There’s also the issue that, even if the owner of the domain is a company, the contact information may belong to a named, identifiable person who is protected by GDPR. So ICANN’s contracted parties may reduce their potential liability by redacting everything, no matter what type of entity the domain belongs to.
The EPDP’s has decided to stick to the status quo it agreed to in an earlier round of policy talks: “Registrars and Registry Operators are permitted to differentiate between registrations of legal and natural persons, but are not obligated to do so”.
Contracted parties will get the option to ask their registrants if they’re a natural person (yes/no/not saying) and capture that data, but they’ll have to redact the answer from public Whois output.
They’d have to “clearly communicate” to their customers the fact that their data will be treated differently depending on the choice they make.
On the second question, related to whether a system standardized, published, anonymized email addresses is feasible or desirable, the EPDP is also avoiding any radical changes:
The EPDP Team recognizes that it may be technically feasible to have a registrant-based email contact or a registration-based email contact. Certain stakeholders see risks and other concerns that prevent the EPDP Team from making a recommendation to require Contracted Parties to make a registrant-based or registration-based email address publicly available at this point in time.
Again, the working group is giving registries and registrars the option to implement such systems or not.
The benefit (or drawback, depending on your perspective) of giving each registrant a single anonymous email address that is published in all their Whois records is that it makes it rather easy to reverse-engineer that registrant’s entire portfolio.
If you’re a political insider running a whistle-blower blog, a bar owner who also moderates a forum for closeted gays in a repressive regime, or a domain name news blogger running a furry porn site on the side, you might not want your whole collection of domains to be easily doxxed.
But if you’re a trademark lawyer chasing cybersquatters or a security researcher tracking spammers, being able to take action against a ne’er-do-well’s entire portfolio at once could be hugely useful.
So the EPDP working group proposes to leave it up to individual registries and registrars to decide whether to implement such a system, basically telling these companies to talk to their lawyers.
The EPDP Team recommends that Contracted Parties who choose to publish a registrant- or registration-based email address in the publicly accessible RDDS should ensure appropriate safeguards for the data subject in line with relevant guidance on anonymization techniques provided by their data protection authorities and the appended legal guidance in this recommendation
An appendix to the recommendations, compiled by the law firm Bird & Bird, says there’s “a high likelihood that the publication or automated disclosure of such email addresses would be considered to be the processing of personal data”.
The EPDP recommendations are now open for public comment until July 19, and could become binding if they make it through the rest of the ICANN policy development system.
Recent Comments