Latest news of the domain name industry

Recent Posts

ICANN cancels registrar audit as GDPR headaches loom

Kevin Murphy, April 30, 2018, Domain Registrars

ICANN has decided to call off a scheduled audit of its registrar base, to enable registrars to focus on sorting out compliance with the General Data Protection Regulation.

The biannual audit, carried out by ICANN Compliance, was due to start in May. As you likely know by now, May 25 is GDPR Day, when the EU’s privacy law comes into full effect.

In a letter (pdf) to registrars, senior VP of compliance Jamie Hedlund said: “The April 2018 registrar audit round is on hold.”

He added: “We are reviewing the schedule, resources and risks associated with holding a single, larger audit round in autumn of 2018, as well as considering alternative approaches.”

His letter came in response to a plea (pdf) from Registrar Stakeholder Group chair Graeme Bunton, who said an audit that clashed with GDPR deadline would be an “enormous undertaking” for affected registrars.

The audits, which have been running for a few years, randomly select a subset of registries and registrars to spot-check compliance with their Registrar Accreditation Agreements and Registry Agreements.

The program looks at 20-odd areas of compliance, one of which is Whois provision.

Drop-catcher drops almost all remaining registrars

Kevin Murphy, April 23, 2018, Domain Registrars

Drop-catch specialist Pheenix has terminated almost all of its remaining registrar accreditations, leaving it with just its core registrar.

By my count, 50 shell registrars have terminated their ICANN contracts over the last few days, all of them part of the Pheenix dropnet.

Only Pheenix.com remains accredited.

That’s one registrar, down from a peak of about 500 at the end of 2016.

Almost 450 were terminated in November.

With registrars equating to connection time with the .com registry, it looks like Pheenix’s ability to catch dropping names through its own accreditations has been severely diminished.

By my count, ICANN currently has 2,495 accredited registrars, having terminated 524 and accredited about 40 since last July, when it said it expected to lose a net 750 over the coming 12 months.

Fifty registrars is worth a minimum of $200,000 in fixed annual fees to ICANN.

101domain founder Wolfgang Reile dies at 67

Kevin Murphy, April 14, 2018, Domain Registrars

Wolfgang Reile, founder and former CEO of the registrar 101domain, has died, according to his former business partner and other sources.

He died unexpectedly at 67, April 6, according to Anthony Beltran, who took over the management of 101domain from Reile when Afilias acquired it back in 2015.

Born in Munich, Reile migrated to the US in the early 1990s and founded the registrar in 1999, Beltran said. He told DI:

He was a regular fixture in the ICANN scene, was a fun guy to be around, and was a natural storyteller (once you got used to the authentic German accent)

He was a friend and mentor to many, especially the staff at 101domain, and if you knew him and his straight-forward German fashion — was very opinionated, passionate, and yelling at you only meant he considered you a friend. He brought a passionate and dedicated energy that’s rare these days.

His international business background, including a spell at Disney in Asia, inspired 101domain’s strategy of providing access to the broadest possible range of ccTLDs and gTLDs, Beltran said.

The company currently has close to 140,000 gTLD domains under management and says it has tens of thousands of clients.

After the two men sold 101domain to Afilias, Reile stepped away from the industry to focus on family, travel and other businesses, Beltran said.

He is survived by his wife and three daughters. I gather his funeral will be held in San Diego, California, later today.

ICANN confirms GoDaddy Whois probe

ICANN is looking into claims that GoDaddy is in breach of its registrar accreditation contract.

The organization last week told IP lawyer Brian Winterfeldt that his complaint about the market-leading registrar throttling and censoring Whois queries over port 43 is being looked at by its compliance department.

The brief note (pdf) says that Compliance is “in receipt of the correspondence and will address it under its process”.

Winterfeldt is annoyed that GoDaddy has starting removing contact information from its port 43 Whois responses, in what the company says is an anti-spam measure.

It’s also started throttling port 43 queries, causing no end of problems at companies such as DomainTools.

Winterfeldt wrote last month “nothing in their contract permits GoDaddy to mask data elements, and evidence of illegality must be obtained before GoDaddy is permitted to throttle or deny port 43 Whois access to any particular IP address”.

It’s worth saying that ICANN is not giving any formal credibility to the complaint merely by looking into it.

But while it’s usual for ICANN to publish its responses to correspondence it has received and published, it’s rather less common for it to disclose the existence of a compliance investigation before it has progressed to a formal breach notice.

It could all turn out to be moot anyway, given the damage GDPR is likely to do to Whois across the industry in a matter of weeks.

Registrars will miss GDPR deadline by a mile

Kevin Murphy, March 28, 2018, Domain Registrars

Registries and registrars won’t be able to implement ICANN’s proposed overhaul of the Whois system in time for the EU’s General Data Protection Regulation coming into effect.

That’s according to an estimated timetable (pdf) sent by ICANN’s contracted parties to the organization this week.

While they feel confident that some elements of ICANN’s GDPR compliance plan could be in place before May 25 this year, when the law kicks in, they feel that other elements could take many months to design and roll out.

Depending on the detail of the finalized plan, we could be looking at the back end of 2019 before all the pieces have been put in place.

Crucially, the contracted parties warn that designing and rolling out a temporary method for granting Whois access to entities with legitimate interests in the data, such as police and trademark owners, could take a year.

And that’s just the stop-gap, Band-Aid hack that individual registries and registrars would put in place while waiting — “quarters (or possibly years), rather than months” — for a fully centralized ICANN accreditation solution to be put in place.

The outlook looks bleak for those hoping for uninterrupted Whois access, in other words.

But the timetable lists many other sources of potential delay too.

Even just replacing the registrant’s email address with a web form or anonymized forwarding address could take up to four months to put online, the contracted parties say.

Generally speaking, the more the post-GDPR Whois differs from the current model the longer the contracted parties believe it will take to roll out.

Likewise, the more granular the controls on the data, the longer the implementation window.

For example, if ICANN forces registrars to differentiate between legal and natural persons, or between European and non-European registrants, that’s going to add six months to the implementation time and cost a bomb, the letter says.

Anything that messes with EPP, the protocol underpinning all registry-registrar interactions, will add some serious time to the roll-out too, due to the implementation time and the contractual requirement for a 90-day notice period.

The heaviest workload highlighted in the letter is the proposed opt-in system for registrants (such as domain investors) who wish to waive their privacy rights in favor of making themselves more contactable.

The contracted parties reckon this would take nine months if it’s implemented only at the registrar, or up to 15 months if coordination between registries and registrars is required (and that timeline assumes no new EPP extensions are going to be needed).

It’s possible that the estimates in the letter could be exaggerated as part of the contracted parties’ efforts to pressure ICANN to adopt the kind of post-GDPR Whois they want to see.

But even if we assume that is the case, and even if ICANN were to finalize its compliance model tomorrow, there appears to be little chance that it will be fully implemented at all registrars and registries in time for May 25.

The letter notes that the timetable is an estimate and does not apply to all contracted parties.

As I blogged earlier today, ICANN CEO Goran Marby has this week reached out to data protection authorities across the EU for guidance, in a letter that also asks the DPAs for an enforcement moratorium while the industry and community gets its act together.

Late last year, ICANN also committed not to enforce the Whois elements of its contracts when technical breaches are actually related to GDPR compliance.