Latest news of the domain name industry

Recent Posts

Dot-brand gTLD guilty of domain name hijacking

Kevin Murphy, May 6, 2015, Domain Policy

Fashion retailer Mango, which owns its own dot-brand gTLD, has been found guilty of Reverse Domain Name Hijacking after allegedly doctoring evidence in a .uk cybersquatting case.

The company, which runs .mango, lost a Nominet Dispute Resolution Service complaint against New Zealand-based domain investor Garth Piesse over mango.co.uk and mango.uk.

It’s only the sixth RDNH finding in 13 years of DRS history.

Mango tried to buy the domain using a pseudonym and, when Piesse asked for “six figures”, filed the DRS instead.

Piesse claimed in what appears to have been a well-argued defense that the person attempting to buy the domain on Mango’s behalf did not identify Mango as the would-be buyer.

Further, he claimed that Mango deliberately tried to hide this fact from the DRS panel by scrubbing its negotiator’s email address from evidence it submitted.

While DRS panelist Tim Brown did not agree that this omission alone was enough to find RNDH, he agreed that Mango did not have “entirely clean hands”. He ruled:

The sequence of events in the present case appears to show that the Complainant attempted to buy from the Respondent. When these negotiations failed the Complainant started proceedings under the DRS. As I have noted, the Complainant has relied on bare assertion and has provided a paucity of evidence to support its arguments.

Even a cursory reading of the Policy, Procedure and extensive guidance on Nominet’s website would quickly show that a matter concerning a clearly generic, dictionary term would require a higher standard of argument and evidence than is perhaps common. That the Complainant has failed to come anywhere close to providing sufficient argument or evidence is, in my view, strongly indicative that the Complainant pursued this dispute in frustration at the Respondent’s unwillingness to sell for a price it was willing to pay, rather than because of the merits of its position in terms of the Policy’s requirements.

I conclude that the Complainant brought a speculative complaint in bad faith in an attempt to deprive the Respondent of the Domain Names. I therefore determine that the Complainant has engaged in Reverse Domain Name Hijacking.

Spain-based Mango has owned its trademarks for well over a decade, and Piesse only got his hands on the domains in question in 2013 and 2014.

Piesse, who owns about 18,000 domains, was able to show that Mango the brand is unheard of in New Zealand and that he has a track record of buying fruit-based .uk domain names.

Whois privacy reforms incoming

Kevin Murphy, May 6, 2015, Domain Policy

Whois privacy services will become regulated by ICANN under proposals published today, but there’s a big disagreement about whether all companies should be allowed to use them.

A working group has released the first draft of its recommendations covering privacy and proxy services, which mask the identity and contact details of domain registrants.

The report says that P/P services should be accredited by ICANN much like registrars are today.

Registrars should be obliged to disclose which such services they operate or are affilated with, presumably at the risk of their Registrar Accreditation Agreement if they do not comply, the report recommends.

A highlight of the paper is a set of proposed rules governing the release of private Whois data when it is requested by intellectual property interests.

Under the proposed rules, privacy services would not be allowed to reject such requests purely because the alleged infringement deals with the content of a web site rather than just the domain.

So the identity of a private registrant of a non-infringing domain would be vulnerable to disclosure if, for example, the domain hosted bootleg content.

Registrars would be able to charge IP owners a nominal “cost recovery” fee in order to process requests and would be able to ignore spammy automated requests that did not appear to have been manually vetted.

There’d be a new arbitration process that would kick in to resolve disputes between IP interests and P/P service providers.

The 98 pages of recommendations (pdf) were drafted by the Generic Names Supporting Organization’s Privacy & Proxy Services Accreditation Issues Working Group (PPSAI) and opened for public comment today.

There are a lot of gaps in the report. Work, it seems, still needs to be done.

For example, it acknowledges that the working group didn’t reach any conclusions about what should happen when law enforcement agencies ask for private data.

The group was dominated by registrars and IP interests. There was only one LEA representative and only one governmental representative, and they participated in a very small number of teleconferences.

There was also a sharp division on the issue of who should be able to use privacy services, with two dissenting opinions attached to the report.

One faction, led by MarkMonitor and including Facebook, Domain Tools and fake pharmacy watchdog LegitScript, said that any company that engages in e-commerce transactions should be ineligible for privacy, saying: “Transparent information helps prevent malicious activity”.

Another group, comprising a handful of non-commercial stakeholders, said that no kind of activity should prevent you from registering a domain privately, pointing to the example of persecuted political groups using web sites to raise funds.

There was a general consensus, however, than merely being a commercial entity should not alone exclude you from using a P/P service.

Currently, registrar signatories to the 2013 RAA are bound by a temporary P/P policy that is set to expire January 2017 or whenever the P/P accreditation process starts.

There are a lot of recommendations in the report, and I’ve only touched on a handful here. The public comment period closes July 7.

Cybersquatter jailed for seven years after prison break

Kevin Murphy, April 20, 2015, Domain Policy

Fraudster Neil Moore, who escaped from prison by cybersquatting, has reportedly been handed a seven-year sentence by a British court.

As we reported last month, Moore escaped from Wandsworth prison merely by sending an email ordering his release from an hmcts-gsi-gov.org.uk email address.

He’d registered the name, a typo of the genuine hmcts.gsi.gov.uk used by the UK court service, on a smuggled smartphone.

He was being held on remand for an unrelated fraud at the time.

Today’s sentencing follows Moore pleading guilty to eight counts of fraud (it doesn’t seem those were related to cybersquatting) and one count of wrongful escape from custody.

Australia considers dumping the .com.

Kevin Murphy, April 20, 2015, Domain Policy

Australian domain overseer auDA is thinking about allowing people to register .au domains directly at the second level for the first time.

The organization has opened up a consultation that would allow registrations such as example.au, rather than just the current system of example.com.au, example.org.au and so on.

The move follows the successful recent releases of 2LDs in the UK (.uk) and New Zealand (.nz) ccTLDs and can be seen as a bid to remain competitive in the face of the new gTLD program’s huge expansion of TLD choice.

A consultation paper (pdf) published today reads:

It is suggested that unprecedented competition from new gTLDs requires .au to be more responsive to global market forces. For .au to remain a strong and highly-regarded TLD we need not only to rely on its distinctive Australian identity and good reputation, but continue to innovate in order to counter the likely impact of hundreds of new gTLDs flooding the market. Whilst .au is currently very popular with Australian users, there is potential for new gTLDs to erode the brand equity in .au.

Currently, .au has over a dozen different second-level options, but about 85% of registrations are in .com.au. The TLD has just shy of three million names today.

Complicating matters slightly, the different 2LDs have different registration policies, so auDA would need to figure out a way to harmonize them for direct registrations.

auDA speculates that direct registrations may increase the adoption of .au domain names by individuals not currently able to obtain .com.au names but unaware of the individual-focused .id.au (it exists, apparently), thereby growing the .au name space.

It also worries that many second-level direct registrations may turn out to be defensives, registered by the registrants of the matching .com.au names.

The consultation is open for comments until June 1.

Does Chehade agree with Donuts on .doctor?

Kevin Murphy, March 24, 2015, Domain Policy

Should governments have the right to force business-limiting restrictions on new gTLD operators, even though they don’t have the same rules in their own ccTLDs?

ICANN CEO Fadi Chehade evidently believes the answer to that question is “No”, but it’s what ICANN is controversially imposing on Donuts and two other .doctor applicants anyway.

Donuts recently filed a Request for Reconsideration appeal with ICANN over its decision to make the .doctor gTLD restricted to medical professionals only.

It was an unprecedented “Public Interest Commitment” demanded by ICANN staff in order to keep the Governmental Advisory Committee happy.

The GAC has been asking for almost two years for so-called “Category 1″ gTLD strings — which could be seen to represent highly regulated sectors such as law or medicine — to see a commensurate amount of regulation from ICANN.

Governments wanted, for example, registrants to show professional credentials before being able to register a name.

In the vast majority of instances, ICANN creatively reinterpreted this advice to require registrants to merely assert that they possess such credentials.

These rules were put in registries’ contracts via PICs.

But for some reason in February the organization told Donuts that .doctor domains must be “ascribed exclusively to legitimate medical practitioners.”

According to Donuts, this came out of the blue, is completely unnecessary, an example of ICANN staff making up policy on the spot.

Donuts wants to be able to to sell .doctor names to doctors of any discipline, not just medical doctors. It also wants people to be able to use the names creatively, such as “computer.doctor” or “skateboard.doctor”.

What makes ICANN’s decision especially confusing is that CEO Fadi Chehade had the previous day passionately leaped to the defense of new gTLD registries in their fight against unnecessary GAC-imposed red tape.

The following video, in which Chehade uses .dentist as an example of a string that should not be subject to even more oversight, was taken February 11 at a Q&A with the Domain Name Assocation.

The New gTLD Program Committee meeting that authorized ICANN staff to add the new PIC took place February 12, the very next day. Chehade did not attend.

It’s quite remarkable how in line with registries Chehade seems to be.

It cuts to the heart of what many believe is wrong with the GAC — that governments demand of ICANN policies that they haven’t even bothered to implement in their own countries, just because it’s much easier to lean on ICANN than to pass regulations at home.

Here’s the entire text of his answer. He’s describing conversations he’d had with GAC members earlier in the week.

They’re saying stop all the Category 1 TLDs. Stop them. Freeze them!

And we said: Why do we need to freeze them? What’s the issue?

They said: It’s going to harm consumers.

How will it harm consumers? We started having a debate.

It turns out that they’re worried that if somebody got fadi.casino or fadi.dentist, to pick one of Statton’s [Statton Hammock, VP at Rightside, who was present], that this person is not a dentist and will pluck your ear instead of your teeth. How do you make sure they’re a dentist?

So I asked the European Commission: How do you make sure dentist.eu is a dentist?

They said: We don’t. They just get it.

I said: Okay, so why do these guys [new gTLD registries] have to do anything different?

And they said: The new gTLD program should be better or a model…

I said: Come on guys, do not apply rules that you’re not using today to these new folks simply because it’s easy, because you can come and raise flags here at ICANN. Let’s be fair. How do you do it at EU?

“Well, if somebody reports that fadi.dentist.eu is not a dentist, we remove them.”

Statton said: We do the same thing. It’s in our PICs. If fadi.dentist is not, and somebody reports them…

They said: But we can’t call compliance.

You can call compliance. Anyone can call compliance. Call us and we’ll follow up. With Statton, with the registrar.

What we have here is Chehade making a passionate case for the domain name industry’s right to sell medical-themed domain names without undue regulation — using many of the same arguments that Donuts is using in its Reconsideration appeal — then failing to show up for a board meeting the next day when that specific issue was addressed.

It’s impossible to know whether the NGPC would have reached a different decision had Chehade been at the February 12 meeting, because no formal vote was taken.

Rather, the committee merely passed along its “sense” that ICANN staff should carrying on what it was doing with regards implementing GAC advice on Category 1 strings.

While Chehade is but one voice on the NGPC, as CEO he is in charge of the ICANN staff, so one would imagine the decision to add the unprecedented new PIC to the .doctor contract falls into his area of responsibility.

That makes it all the more baffling that Donuts, and the other .doctor new gTLD applicants, are faced with this unique demand to restrict their registrant base to one subset of potential customers.