Latest news of the domain name industry

Recent Posts

ICANN terminates deadbeat registrar

Kevin Murphy, October 27, 2014, Domain Registrars

ICANN has started termination proceedings on Domain Services Rotterdam, a Dutch registrar, for failure to pay accreditation fees.

The company owes ICANN $5,118.83 in dues but has failed to pay up despite breach notices dating back to May, according to an ICANN termination notice (pdf)

Domain Services does not have any gTLD domains under management, so no registrants will be affected by the termination, which is due to kick in November 21.

The registrar was accredited in March this year.

Korean registrar suspended

Kevin Murphy, September 26, 2014, Domain Registrars

ICANN has suspended the accreditation of Korean registrar Dotname Korea over failures to comply with Whois accuracy rules.

The company was told this week that it will lose the ability to sell names for three months.

“No new registrations or inbound transfers will be accepted from 7 October 2014 through 5 January 2015,” ICANN compliance chief Maguy Serad told the company (pdf).

The suspension follows breach notices earlier in the year pertaining to Dotname’s failure to show that it was responding adequately to Whois inaccuracy complaints.

Other breaches of the Whois-related parts of the 2013 Registrar Accreditation Agreement were also alleged.

The company has until December 16 to show compliance of face the possibility of termination.

US-based Moniker gets Euro data retention waiver

Kevin Murphy, September 11, 2014, Domain Registrars

ICANN has approved Moniker’s request for a partial waiver of the Registrar Accreditation Agreement based on European privacy law, despite the fact that the registrar is based in the US.

The data retention waiver for Moniker was one of a few granted to members of the KeyDrive group of registrars that were approved by ICANN yesterday.

KeyDrive is based in Luxembourg, but the waiver request was granted because complying with the 2013 RAA could violate German privacy law and Moniker’s data is stored in Germany.

ICANN said:

Registrar’s technical backend services provider as well as data storage and collection occur on servers hosted and operated in Germany, and is subject to German law. Accordingly, ICANN has determined that it is appropriate to grant Registrar a data retention waiver

Group members Key-Systems AG (a German company) Key-Systems LLC (an American company) also received waivers yesterday.

InternetX, part of Germany-based United Internet, and http.net Internet also had their requests approved.

The waiver process was introduced because the 2013 RAA requires registrars to store customer data long after their domains expire, which registrars’ lawyers say forces them to break local laws.

An EU directive implemented in many European countries says that companies cannot store personal data for longer than it is needed for the purpose for which is was collected.

Russian hackers breaking in to NameCheap accounts

Kevin Murphy, September 2, 2014, Domain Registrars

If you have an account at NameCheap, now might be a good time to think about changing your password.

According to the registrar, hackers based in Russia are using a haul of a reported 4.5 billion username/password combinations to attempt to break into its customers’ accounts.

Some attempts have been successful, NameCheap warned.

The attackers are using credentials stolen from third-party sources in a large-scale, automated attempt to log in to user accounts, disguised as regular users, the company said in a blog post.

NameCheap said:

The vast majority of these login attempts have been unsuccessful as the data is incorrect or old and passwords have been changed. As a precaution, we are aggressively blocking the IP addresses that appear to be logging in with the stolen password data. We are also logging these IP addresses and will be exporting blocking rules across our network to completely eliminate access to any Namecheap system or service, as well as making this data available to law enforcement.

While the vast majority of these logins are unsuccessful, some have been successful. To combat this, we’ve temporarily secured the Namecheap accounts that have been affected and are currently contacting customers involved requesting they improve the security for these accounts.

Affected users have been emailed, the company said.

NameCheap suspects the attack is linked to a reported cache of 1.2 billion unique username/password combinations amassed by a hacker group from databases vulnerable to SQL injection.

The registrar pointed out that its own systems haven’t been hacked. Customers should only be vulnerable if they use the same username and password at NameCheap as they use on other sites.

ICANN terminates billion-dollar gTLD applicant over unpaid $3,000 bill

Kevin Murphy, August 27, 2014, Domain Registrars

Telefonica Brasil, part of the massive Telefonica group of telecoms companies, has lost its registrar accreditation after failing to pay its ICANN fees.

The company, which had revenue last year of $14.6 billion, is facing termination of its Registrar Accreditation Agreement over the pitiful sum of $3,082.12.

It’s also embarrassing because Telefonica is applying for the new gTLD .vivo, its consumer brand in Brasil, which will require it to sign a Registry Agreement with ICANN.

I don’t think the loss of the RAA affects the company’s ability to get its gTLD contracted and delegated.

According to ICANN (pdf), Telefonica also failed to comply with the Registrar Information Specification, a pretty basic rule in the 2013 Registrar Accreditation Agreement requiring registrars to provide their address and names of officers and any parent companies.

The company has no gTLD names under management, so registrants will not be affected by the termination, which will take effect September 25.

ICANN sent its initial breach notice in July, but Telefonica did not comply before the August deadline. It also received a breach notice over an unpaid $10,000 bill a year ago.