Latest news of the domain name industry

Recent Posts

NYC picks Panama registrar for reserved names

The City of New York is working with Panama-based registrar CCI REG to reserve government-related domains in the new .nyc gTLD, despite imposing residency requirements on registrants.

CCI REG director Gerardo Aristizabal tells us it has already handled over 100 registrations during the “City Government-Affiliated Reserve List” phase of .nyc’s protracted launch schedule.

While it’s not technically an exclusive deal, the registrar does appear to be the registrar of choice for the City.

Aristizabal says that he’s in the process of setting up a New York-based registrar to handle .nyc-related business in future.

But today CCI REG is incorporated in Panama and is perhaps best-known to DI readers for being one of .CO Internet’s launch registrars. .CO is now of course owned by Neustar, .nyc’s back-end.

The registrar operated my.co, which focused on the Colombian market. for .co. For .nyc, it’s operating at hellodotnyc.com.

It amuses me that the City of New York, which is also the contracted registry for the gTLD, would choose to use an overseas registrar, given .nyc’s restricted policies.

To buy a .nyc name during general availability, currently slated for October, you’ll need a New York mailing address.

Domain “slammer” finally gets suspended by ICANN

The beneficiary of the long-running Domain Registry of America scam is finally at risk of losing its ICANN accreditation.

ICANN has suspended Brandon Gray Internet Services, which does business as NameJuice.com, due to the “deceptive” marketing practices carried out by its “resellers”.

The company won’t be able to register any gTLD names or receive transfers for 90 days.

If NameJuice hasn’t sorted out its act by October 17, it faces the risk of losing its accreditation permanently.

The company, you will recall, is the primary beneficiary of the “slamming” scam, which tricks customers of other registrars into transferring their names with confusing, invoice-style junk mail.

Slammers have been operating under various names including Domain Registry of America, Domain Registry of Europe and Domain Registry of Canada for close to 15 years.

I received one in 2011 from the “Domain Renewal Group”, which I blogged about here.

It was sued by Register.com in 2002 over the practice, was forced into a settlement with the US Federal Trade Commission in 2003, and has been involved in tangles with regulators all over the world for the last decade.

But it seems ICANN’s hands were tied until Brandon Gray signed the new 2013 Registrar Accreditation Agreement, which gives ICANN’s compliance department more power over resellers.

ICANN said:

Since at least 2009, ICANN has received numerous complaints from Registered Name Holders, registrars, and various ICANN Supporting Organizations and Advisory Committees regarding the business solicitation practices of Brandon Gray’s resellers. Such practices were not specifically prohibited under the 2001 and 2009 RAAs. Section 3.12 of the 2013 RAA, however, requires registrars to ensure its reseller’s actions comply with the RAA, as well as the Registrants’ Benefits and Responsibilities Specification, which protects Registered Name Holders from false or deceptive practices.

ICANN fingered “reseller” Registration Services Inc as the party behind DROA and the other slamming scams.

In order to cure the latest breach, NameJuice has until August 8 to provide a tonne of information about Registration Services, including its certificate of incorporation, samples of its mailshots, and details of how a sample of specific domains came to be transferred.

In order to avoid losing its accreditation by October 10, the company will also have to promise to force its reseller to stop its deceptive marketing and provide ICANN with samples of future mailings.

NameJuice has 13 tasks in total to comply with to avoid termination proceedings; it’s looking promising that ICANN will finally shut down this blight on the industry just a few months from now.

The irony is, of course, if NameJuice loses its accreditation, all of the names that were obtained under false pretenses will not revert naturally to their original registrar. Instead, if ICANN follows its standard practice, they’ll be transferred in bulk to a third registrar.

You can read the breach notice here and the suspension notice here.

Almost half of registrars “deficient” in compliance audit

Almost half of accredited domain name registrars were found “deficient” during a recent ICANN compliance survey.

Results of an audit published today show that 146 of 322 registrars (45%) picked at random for the September 2013 to May 2014 study had to carry out some form of remediation in order to comply with their contracts.

The report comes at the end of the second year of ICANN’s audit program, which aims to bring all accredited registrars and gTLD registries into compliance over three years.

The deficiencies noted at 146 registrars cover areas ranging from compliance with ICANN consensus policies to the availability of Whois services over the web and port 43.

In almost every instance the numbers were down on last year.

For example, ICANN documented 86 registrars who could not initially show compliance with requirements on the retention of registrant data, down from 105 a year ago.

Only 15 registrars of the 322 (4.6%) flunked the audit and will be re-tested. The others were all able to bring their systems into line with ICANN’s requirements during the course of the audit.

Three registrars were terminated as a result of deficiencies identified during this phase of the program.

The full report, along with the list of participating registrars, can be found here.

A million domains taken down by email checks

Over 800,000 domain names have been suspended since the beginning of the year as a result of Whois email verification rules in the new ICANN Registrar Accreditation Agreement.

That’s according to the Registrars Stakeholder Group, which collected suspension data from registrars representing about 75% of all registered gTLD domain names.

The actual number of suspended domains could be closer to a million.

The 2013 RAA requires registrars to verify the email addresses listed in their customers’ Whois records. If they don’t receive the verification, they have to suspend the domain.

The RrSG told the ICANN board in March that these checks were doing more harm than good and today Tucows CEO Elliot Noss presented, as promised, data to back up the claim.

“There have been over 800,000 domains suspended,” Noss said. “We have stories of healthcare sites that have gone down, community groups whose sites have gone down.”

“I think we can safely say millions of internet users,” he said. “Those are real people just trying to use the internet. They are our great unrepresented core constituency.” 

The RrSG wants to see contrasting data from law enforcement agencies and governments — which pushed hard for Whois verification — showing that the RAA requirement has had a demonstrable benefit.

Registrars asked at the Singapore meeting in March that law enforcement agencies (LEA) be put on notice that they can’t ask for more Whois controls until they’ve provided such data and ICANN CEO Fadi Chehade said “It shall be done by London.”

Noss implied that the majority of the 800,000 suspended names belong to innocent registrants, such as those who had simply changed email addresses since registering their names.

“What was a lovely political win that we said time and time again in discussion after discussion was impractical and would provide no benefit, has demonstrably has created harm,” Noss said.

He was received with cautious support by ICANN board members.

Chair Steve Crocker wonder aloud how many of the 800,000 suspended domains are owned by bad guys, and he noted that LEA don’t appear to gather data in the way that the registrars are demanding.

“We were subjected, all of us, to heavy-duty pressure from the law enforcement community over a long period of time. We finally said, ‘Okay, we hear you and we’ll help you get this stuff implemented,’”, he added. “That creates an obligation as far as I’m concerned on their part.”

“We’re in a — at least from a moral position — in a strong position to say, ‘You must help us understand this. Otherwise, you’re not doing your part of the job’”, he said.

Chehade also seemed to support the registrars’ position that LEA needs to justify its demands and offered to take their data and concerns to the LEA and the Governmental Advisory Committee.

“They put restrictions on us that are causing harm, according to these numbers,” he said. “Let’s take this back at them and say, hey, you ask for all these things, this is what happened.”

“If you can’t tell me what good this has done, be aware not to come back and ask for more,” he said. “I’m with you on this 100%. I’m saying let’s use the great findings you seem to have a found and well-package them in a case and I will be your advocate.”

Director Mike Silber also spoke in support of the RrSG’s position.

“My view is if what you are saying is correct, the LEA’s have blown their credibility,” he said. “They’re going to have to do a lot of work before we impose similar disproportional requirements on actors that are not proven to be bad actors.”

So what does this all mean for registrants?

I don’t think there’s any ongoing process right now to get the Whois verification requirements overturned — that would require a renegotiation of the RAA — but it does seem to mean demands from governments and police are going to have to be much more substantiated in future.

Noss attempted to link the problem to the recommendations of the Whois Expert Working Group (EWG), which propose a completely revamped, centralized Whois system with much more verification and not much to benefit registrants.

To paraphrase: if email verification causes so much harm, what harms could be caused by the EWG proposal?

The EWG was not stuffed with LEA or governments, however, so it couldn’t really be characterized as another set of unreasonable demands from the same entities.

Four reasons Google Domains isn’t a Go Daddy killer

Judging by DI’s traffic spike last night, there’s a lot of interest in Google Domains, Google’s forthcoming entry into the domain name registrar market.

And judging by some of the early commentary, it seems that many people are already assuming that the service will be an overnight success.

Some people already seem to be willing to write off market leader Go Daddy specifically, for some peculiar reason.

I’ve even heard speculation that Google timed its announcement to screw with Go Daddy’s imminent IPO, which strikes me as veering into conspiracy theory territory.

While I’ve no doubt Go Daddy and other mass-market retail registrars will be watching Google’s move with interest and concern — and there are some reasons to be worried — let’s not jump the gun here.

Let’s calm the hyperbole a little. Off the top of my head, here are a handful of reasons not to get excited just yet.

1. It could be a really shitty product

There seems to be an assumption in some quarters that whatever Google brings to market will be automatically incredible, but the company really doesn’t have the track record to support that assumption.

Sure, its search engine may be great and services such as Gmail and Adsense may be pretty good, but have you ever tried Blogger?

Do you actually use Google+, or do you only have an account because Google forced you?

The truth is that lots of Google products fail.

And we haven’t even seen Google Domains yet. Nobody has. Only Google employees and their buddies are going to get beta access, so it seems we’re going to be waiting a while before we can judge.

2. There’s no 24×7 support

Google Domains will launch with support via email and phone from 9am to 9pm US Eastern time, Monday to Friday.

Would you switch to a registrar that doesn’t have round-the-clock support seven days a week? As a small business owner who makes his living from his web site, I sure wouldn’t.

If Google Domains gains traction you can expect support hours to be expanded pretty quickly, but a lack of 24×7 support at launch will keep many customers away.

3. It’s not free

Some people seem to be obsessed with the notion that Google is going to give away free domains, and that kind of commentary is continuing even though we know Google Domains will charge $12 for a .com.

Its email service may come at no additional cost, but its email service is Gmail, and that’s already free. Google could hardly start charging an add-on fee for something that’s always been free.

Google Domains may offer free privacy too, but so do lots of other registrars.

In future, Google registry arm Charleston Road Registry may give away free names in some of its new gTLDs, but if it does so that price will have to be available to all registrars, not just Google Domains.

Google Domains isn’t free. It’s not even the cheapest registrar on the market.

4. Go Daddy is gigantic

According to its recent regulatory filings, Go Daddy has 57 million domains under management and 12 million customers.

How many of those do you think will make the switch to Google? How many will even know that such a switch is possible?

Switching registrars may be relatively straightforward if everything you own is parked, but it becomes more complex when you’re running your web site, email and so forth on your registrar’s platform.

These kinds of small business owners are the customers being targeted by Google and Go Daddy, and if they already have web sites they’re likely already experiencing registrar lock-in.

According to its announcement, Google is targeting greenfield opportunities — the 55% of small businesses it estimates don’t have an online presence today — rather than grabbing market share from rivals.

The “small businesses need to get online” story is common to every press release issued by every web host and domain registrar with a price promotion to plug.

When Google teamed up with Blacknight to give away domains for free — for FREE, so it is, so it is — to Irish small businesses, it managed to sign up 10,000 in one year.

How long do you think it will take Google to get to 57 million names under management?