Latest news of the domain name industry

Recent Posts

ICANN switches off .mobi land-rush flipper

ICANN has terminated a domain name registrar that seems to have been made its business flipping land-rush domains, especially in .mobi.

Mobiline, doing business as DomainBonus.com, is an Israeli outfit that received its registrar accreditations about five years ago.

While it seems to have registered a very small number of domains, domainbonus.com did provide DNS for a few thousand dictionary .mobi domains, registered during the September 2006 land-rush.

A lot of these domains appeared to have been originally registered in the name of Mobiline’s owner, Alex Tesler.

Many have been since been flipped and archives of the DomainBonus front page show the firm was mainly preoccupied with aftermarket sales rather than fresh registrations.

ICANN has revoked its accreditation (pdf) for failure to pay its dues and escrow Whois data with Iron Mountain, as all registrars must.

ICANN is also switching off Western United Domains, a Spanish outfit that appears to have no web presence whatsoever, for the same reasons.

Registrars responsible for proxy cybersquatters

Domain name registrars can be liable when their customers break the law, if those customers use a privacy service, according to new ICANN guidance.

The ICANN advisory clarifies the most recent Registrar Accreditation Agreement, and seems primarily pertinent to UDRP cases where the registrar refuses to cooperate with the arbitrator’s request for proper Whois records.

The advisory says:

a Registered Name Holder licensing the use of a domain is liable for harm caused by the wrongful use of the domain unless the Registered Name Holder promptly identifies the licensee to a party providing the Registered Name Holder with reasonable evidence of actionable harm

In other words, if a domain gets hit with a UDRP claim or trademark infringement lawsuit, as far as the RAA is concerned the proxy service is the legal registrant unless the registrar quickly hands over its customer’s details.

Law enforcement and intellectual property interests have been complaining about registrars refusing to do so for years, most recently in comments on ICANN’s Whois accuracy study.

ICANN offers a definition of the word “promptly” as “within five business days” and “reasonable evidence” as trademark ownership and evidence of infringement.

I don’t think this ICANN guidance will have much of an impact on privacy services offered by the big registrars, which generally seem quite happy to hand over customer identities on demand.

Instead, this looks like it could be the start of a broader ICANN crackdown on certain non-US registrars offering “bulletproof” registrations to cybersquatters and other ne’er-do-wells.

I wouldn’t be surprised to find the number of ICANN de-accreditations citing refusal to cooperate with UDRP claims increasing in future.

The new ICANN document is a draft, and you can comment on it here.

AOL loses ICANN accreditation

AOL, one of the first five companies to become an ICANN-accredited registrar, appears to have let its accreditation expire.

The former internet giant is no longer listed on ICANN’s Internic registrar page, and DotAndCo.net’s data shows it lost its .com, .net and .org accreditations on April 27.

It’s hardly surprising. AOL’s profits are falling and it has been reorganizing itself ever since Time Warner returned it to life as an independent company last year.

It’s noteworthy because AOL was one of the first five registrars to challenge Network Solutions’ monopoly, when ICANN introduced competition to the domain name market in 1999.

In April 1999, the company participated in ICANN’s limited registrar “test-bed” experiment, alongside CORE, France Telecom, Melbourne IT and Register.com.

But domain names were never a big deal at the company.

AOL peaked at about 150,000 domains a few years ago and tailed off to a little more than a dozen at the end of 2009. Apparently, the company has decided to let its accreditation simply expire.

China connection to Go Daddy WordPress attacks

Go Daddy’s hosting customers are under attack again, and this time it looks like it’s more serious.

Reports are surfacing that WordPress sites hosted at Go Daddy, and possibly also Joomla and plain PHP pages there, are being hacked to add drive-by malware downloads to them.

Go Daddy has acknowledged the attacks, blaming outdated WordPress installations and weak FTP passwords, and has put up a page with instructions for cleaning the infection.

Last week, I was told that the first round of attacks was very limited. Today, the attackers seem to have stepped it up a notch.

As a result, Go Daddy could find itself in a similar situation to Network Solutions, which had a couple of thousand customer sites hacked a few weeks back.

The attacks appear to be linked to a well-known crime gang with a Chinese connection.

According to Sucuri, when a Go Daddy-hosted WordPress page is hacked, JavaScript is injected that attempts to redirect surfers to a drive-by attack from the domain kdjkfjskdfjlskdjf.com (don’t go there).

This domain was registered with BizCN.com, an ICANN-accredited Chinese registrar, but its name servers appear to have been created purely for the attack.

The registrant’s email address is hilarykneber@yahoo.com. This connects the attack to the “Kneber” botnet, a successful criminal enterprise that has been operating since at least December 2009.

A Netwitness study revealed the network comprised at least 74,000 hacked computers, and that the bulk of Kneber’s command and control infrastructure is based in China.

Since Kneber is known to be operated by a financially motivated gang, and it’s by no means certain that they’re Chinese, it’s probably inaccurate to suggest there’s something political going on.

However, I will note that Go Daddy was quite vocal about its withdrawal from the .cn Chinese domain name registration market.

Network Solutions, while it was quieter, also stopped selling .cn domains around the same time as the Chinese government started enforcing strict registrant ID rules last December.

Twenty registrars canned in 2009

Kevin Murphy, April 30, 2010, Domain Registrars

ICANN shut down 20 domain name registrars in 2009, and is on course to do the same this year, according to numbers released today.

That’s up from seven de-accreditations in 2008, and twice as many as the previous record year, 2003.

ICANN can withdraw accreditation from a registrar, stopping its ability to register domains, if the registrar fails to escrow Whois information or pay its ICANN dues.

It looks like 2010 could well see a similar level of de-accreditations.

Five registrars were shuttered in the first quarter, and ICANN has sent warnings to five more this month.