Latest news of the domain name industry

Recent Posts

Drop-catcher drops almost all remaining registrars

Kevin Murphy, April 23, 2018, Domain Registrars

Drop-catch specialist Pheenix has terminated almost all of its remaining registrar accreditations, leaving it with just its core registrar.

By my count, 50 shell registrars have terminated their ICANN contracts over the last few days, all of them part of the Pheenix dropnet.

Only Pheenix.com remains accredited.

That’s one registrar, down from a peak of about 500 at the end of 2016.

Almost 450 were terminated in November.

With registrars equating to connection time with the .com registry, it looks like Pheenix’s ability to catch dropping names through its own accreditations has been severely diminished.

By my count, ICANN currently has 2,495 accredited registrars, having terminated 524 and accredited about 40 since last July, when it said it expected to lose a net 750 over the coming 12 months.

Fifty registrars is worth a minimum of $200,000 in fixed annual fees to ICANN.

101domain founder Wolfgang Reile dies at 67

Kevin Murphy, April 14, 2018, Domain Registrars

Wolfgang Reile, founder and former CEO of the registrar 101domain, has died, according to his former business partner and other sources.

He died unexpectedly at 67, April 6, according to Anthony Beltran, who took over the management of 101domain from Reile when Afilias acquired it back in 2015.

Born in Munich, Reile migrated to the US in the early 1990s and founded the registrar in 1999, Beltran said. He told DI:

He was a regular fixture in the ICANN scene, was a fun guy to be around, and was a natural storyteller (once you got used to the authentic German accent)

He was a friend and mentor to many, especially the staff at 101domain, and if you knew him and his straight-forward German fashion — was very opinionated, passionate, and yelling at you only meant he considered you a friend. He brought a passionate and dedicated energy that’s rare these days.

His international business background, including a spell at Disney in Asia, inspired 101domain’s strategy of providing access to the broadest possible range of ccTLDs and gTLDs, Beltran said.

The company currently has close to 140,000 gTLD domains under management and says it has tens of thousands of clients.

After the two men sold 101domain to Afilias, Reile stepped away from the industry to focus on family, travel and other businesses, Beltran said.

He is survived by his wife and three daughters. I gather his funeral will be held in San Diego, California, later today.

ICANN confirms GoDaddy Whois probe

ICANN is looking into claims that GoDaddy is in breach of its registrar accreditation contract.

The organization last week told IP lawyer Brian Winterfeldt that his complaint about the market-leading registrar throttling and censoring Whois queries over port 43 is being looked at by its compliance department.

The brief note (pdf) says that Compliance is “in receipt of the correspondence and will address it under its process”.

Winterfeldt is annoyed that GoDaddy has starting removing contact information from its port 43 Whois responses, in what the company says is an anti-spam measure.

It’s also started throttling port 43 queries, causing no end of problems at companies such as DomainTools.

Winterfeldt wrote last month “nothing in their contract permits GoDaddy to mask data elements, and evidence of illegality must be obtained before GoDaddy is permitted to throttle or deny port 43 Whois access to any particular IP address”.

It’s worth saying that ICANN is not giving any formal credibility to the complaint merely by looking into it.

But while it’s usual for ICANN to publish its responses to correspondence it has received and published, it’s rather less common for it to disclose the existence of a compliance investigation before it has progressed to a formal breach notice.

It could all turn out to be moot anyway, given the damage GDPR is likely to do to Whois across the industry in a matter of weeks.

Registrars will miss GDPR deadline by a mile

Kevin Murphy, March 28, 2018, Domain Registrars

Registries and registrars won’t be able to implement ICANN’s proposed overhaul of the Whois system in time for the EU’s General Data Protection Regulation coming into effect.

That’s according to an estimated timetable (pdf) sent by ICANN’s contracted parties to the organization this week.

While they feel confident that some elements of ICANN’s GDPR compliance plan could be in place before May 25 this year, when the law kicks in, they feel that other elements could take many months to design and roll out.

Depending on the detail of the finalized plan, we could be looking at the back end of 2019 before all the pieces have been put in place.

Crucially, the contracted parties warn that designing and rolling out a temporary method for granting Whois access to entities with legitimate interests in the data, such as police and trademark owners, could take a year.

And that’s just the stop-gap, Band-Aid hack that individual registries and registrars would put in place while waiting — “quarters (or possibly years), rather than months” — for a fully centralized ICANN accreditation solution to be put in place.

The outlook looks bleak for those hoping for uninterrupted Whois access, in other words.

But the timetable lists many other sources of potential delay too.

Even just replacing the registrant’s email address with a web form or anonymized forwarding address could take up to four months to put online, the contracted parties say.

Generally speaking, the more the post-GDPR Whois differs from the current model the longer the contracted parties believe it will take to roll out.

Likewise, the more granular the controls on the data, the longer the implementation window.

For example, if ICANN forces registrars to differentiate between legal and natural persons, or between European and non-European registrants, that’s going to add six months to the implementation time and cost a bomb, the letter says.

Anything that messes with EPP, the protocol underpinning all registry-registrar interactions, will add some serious time to the roll-out too, due to the implementation time and the contractual requirement for a 90-day notice period.

The heaviest workload highlighted in the letter is the proposed opt-in system for registrants (such as domain investors) who wish to waive their privacy rights in favor of making themselves more contactable.

The contracted parties reckon this would take nine months if it’s implemented only at the registrar, or up to 15 months if coordination between registries and registrars is required (and that timeline assumes no new EPP extensions are going to be needed).

It’s possible that the estimates in the letter could be exaggerated as part of the contracted parties’ efforts to pressure ICANN to adopt the kind of post-GDPR Whois they want to see.

But even if we assume that is the case, and even if ICANN were to finalize its compliance model tomorrow, there appears to be little chance that it will be fully implemented at all registrars and registries in time for May 25.

The letter notes that the timetable is an estimate and does not apply to all contracted parties.

As I blogged earlier today, ICANN CEO Goran Marby has this week reached out to data protection authorities across the EU for guidance, in a letter that also asks the DPAs for an enforcement moratorium while the industry and community gets its act together.

Late last year, ICANN also committed not to enforce the Whois elements of its contracts when technical breaches are actually related to GDPR compliance.

Privacy could be a million-dollar business for ICANN

Kevin Murphy, March 22, 2018, Domain Registrars

ICANN has set out the fees it plans to charge to officially accredit Whois proxy and privacy services, in the face of resistance from some registrars.

VP of finance Becky Nash told registrars during a session at ICANN 61 last week that they can expect to pay $3,500 for their initial accreditation and $4,000 per year thereafter.

Those are exactly the same fees as ICANN charges under its regular registrar accreditation program.

Registrars that also offer privacy should expect to see their annual ICANN flat fees double, in other words. Per-domain transaction fees would be unaffected.

The up-front application fee would be reduced $2,000 when the privacy service is to be offered by an accredited registrar, but it would stay at $3,500 if the company offering service is merely “affiliated” with the registrar.

Nash said all the fees have been calculated on a per-accreditation basis, independent of the volume of applications ICANN receives.

Director of registrar services Jennifer Gore said that while ICANN has not baked an estimate of the number of accredited providers into its calculations, registrars have previously estimated the number at between 200 and 250 companies.

That would put the upper end of annual accreditation fees at $1 million, with $875,000 up-front for initial applications.

Volker Greimann, general counsel of the registrar Key-Systems, pointed out during the session that many registrars give away privacy services for free or at cost.

“This just adds cost to an already expensive service that does not really make money for a lot of providers,” he said.

He suggested that the prices could lead to unexpected negative consequences.

“Pricing this in this region will just lead to a lot of unaccredited providers that will switch names every couple months, an underground that we don’t really want,” he said. “We want to have as many people on board as possible and the way to do that is to keep costs low.”

“Pricing them out of the market is not the way to attract providers to join this scheme,” he said.

Nash responded that registrars are forbidden under the incoming privacy/proxy policy from accepting registrations from unaccredited services.

She added that the fees have been calculated on a “cost-recovery” basis. Costs include the initial background checks, outreach, contract admin, compliance, billing and so on.

But some registrars expressed skepticism that the proposed fees could be justified, given that ICANN does not plan to staff up to administer the program.

Another big question is whether proxy/privacy services are going to continue to have value after May this year, when the European Union’s General Data Protection Regulation kicks in.

The current ICANN plan for GDPR compliance would see individual registrants have all of their private information removed from the public Whois.

It’s not currently clear how many people and what kinds of people will continue to have access to unmasked Whois, so there are likely still plenty of cases where individuals might feel they need an extra layer of protection — if they live in a dictatorship and are engaged in rebellious political speech, for example.

There could also be cases where companies wish to mask their details ahead of, say, a product launch.

And, let’s face it, bad actors will continue to want to use privacy services on domains they intend to misuse.

The proxy/privacy policy came up through the formal GNSO Policy Development Process and was approved two years ago. It’s currently in the implementation phase.

According to a presentation from the ICANN 61 session, ICANN hopes to put the final implementation plan out for public comment by the end of the month.