Latest news of the domain name industry

Recent Posts

LogicBoxes customers get registry pre-pay “wallet”

Kevin Murphy, January 14, 2014, Domain Registrars

LogicBoxes has launched a new “wallet” service for its registrar clients, designed to make it easier for them to manage payments to the rapidly growing number of TLD registries.

The new Registry Wallet product — bundled in at no extra charge for existing customers — is a way for registrars to consolidate the process of managing pre-paid registry accounts.

Instead of managing accounts with dozens of registries for potentially hundreds of new gTLDs, LogicBoxes customers will be able to use the Wallet as a buffer and single management interface.

Many existing registries require registrars to fund an account in advance that gradually gets chipped away as more domains are sold to registrants. During quiet periods, the money sits dormant.

While some new gTLD registries are planning to allow credit card or post-payment options, others are sticking to the old ways and the legacy TLDs show no sign of changing, according to LogicBoxes senior marketing associate Vivek Desai.

“This service also aims at simplifying the invoicing and reconciliation process,” he said. “Imagine registrars having to reconcile statements and invoices with 30 or 40 or even more providers. Having one place to manage everything, will make things simpler.”

The company said it uses “pattern recognition algorithms” to predict usage, with manual oversight. It also features “threshold reminders, emergency credits and deactivation protection”, LogicBoxes said.

Cops can’t block domain transfers without court order, NAF rules

Kevin Murphy, January 12, 2014, Domain Registrars

Law enforcement and IP owners were dealt a setback last week when the National Arbitration Forum ruled that they cannot block domain transfers unless they have a court order.

The ruling could make it more difficult for registrars to acquiesce to requests from police trying to shut down piracy sites, as they might technically be in breach of their ICANN contracts.

NAF panelist Bruce Meyerson made the call in a Transfer Dispute Resolution Policy ruling after a complaint filed by EasyDNS against Directi (PublicDomainRegistry.com).

You’re probably asking right about now: “The what policy?”

I had to look it up, too.

TDRP, it turns out, has been part of the ICANN rulebook since the Inter-Registrar Transfer Policy was adopted in 2004.

It’s designed for disputes where one registrar refuses to transfer a domain to another. As part of the IRTP, it’s a binding part of the Registrar Accreditation Agreement.

It seems to have been rarely used in full over the last decade, possibly because the first point of complaint is the registry for the TLD in question, with only appeals going to a professional arbitrator.

Only NAF and the Asian Domain Name Dispute Resolution Centre are approved to handle such cases, and their respective records show that only one TDRP appeal has previously filed, and that was in 2013.

In the latest case, Directi had refused to allow the transfer of three domains to EasyDNS after receiving a suspension request from the Intellectual Property Crime Unit of the City of London Police.

The IPCU had sent suspension requests, targeting music download sites “suspected” of criminal activity, to several registrars.

The three sites — maxalbums.com, emp3world.com, and full-albums.net — are all primarily concerned with hosting links to pirated music while trying to install as much adware as possible on visitors’ PCs.

The registrants of the names had tried to move from India-based Directi to Canada-based EasyDNS, but found the transfers denied by Directi.

EasyDNS, which I think it’s fair to say is becoming something of an activist when it come to this kind of thing, filed the TDRP first with Verisign then appealed its “No Decision” ruling to NAF.

NAF’s Meyerson delivered a blunt, if reluctant-sounding, win to EasyDNS:

Although there are compelling reasons why the request from a recognized law enforcement agency such as the City of London Police should be honored, the Transfer Policy is unambiguous in requiring a court order before a Registrar of Record may deny a request to transfer a domain name… The term “court order” is unambiguous and cannot be interpreted to be the equivalent of suspicion of wrong doing by a policy agency.

To permit a registrar of record to withhold the transfer of a domain based on the suspicion of a law enforcement agency, without the intervention of a judicial body, opens the possibility for abuse by agencies far less reputable than the City of London Police.

That’s a pretty unambiguous statement, as far as ICANN policy is concerned: no court order, no transfer block.

It’s probably not going to stop British cops trying to have domains suspended based on suspicion alone — the Metropolitan Police has a track record of getting Nominet to suspend thousands of .uk domains in this way — but it will give registrars an excuse to decline such requests when they receive them, if they want the hassle.

New gTLD launches: registrar coverage at less than 40% of the market

Kevin Murphy, January 7, 2014, Domain Registrars

Registrars representing less than 40% of the gTLD market are ready to offer new gTLDs during their launch phases, according to the latest stats from ICANN.

ICANN released yesterday a list (pdf) of the just 21 registrars that have signed the 2013 Registrar Accreditation Agreement and have been certified by IBM to use the Trademark Clearinghouse database.

Signing the 2013 RAA is a requirement for registrars that want to sell new gTLDs. Almost 150 registrars are currently on the new contract.

But being certified for the TMCH is also a requirement to sell names during the first 90 days of each new gTLD’s general availability, when the Trademark Claims service is running.

Together, the 21 registrars that have done both accounted for 59 million registered gTLD domain names (using August’s official numbers), which translated to 39.5% of the gTLD market.

It’s a high percentage due to the presence of Go Daddy, with its 48.2 million gTLD names. The only other top-10 registrar on the list is 1&1.

Twelve of the 21 registrars on the list had fewer than 40,000 names under management. A couple have fewer than 100.

Only one new gTLD, dotShabaka Registry’s شبكة., is currently in its Trademark Claims period.

The second batch, comprising Donuts’ first seven launches, isn’t due to hit until January 27, giving just a few weeks for the certified list to swell.

There’ll be 33 new gTLD in Claims by the end of February.

The rate at which new registrars are being certified by IBM is not especially encouraging either. Only four have been added in the last month.

Some registrars may of course choose to work via other registrars, as a reseller, rather than getting certified and doing the TMCH integration work themselves.

Latest Go Daddy phishing attack unrelated to 2013 RAA

Kevin Murphy, January 6, 2014, Domain Registrars

Fears that the 2013 Registrar Accreditation Agreement would lead to new phishing attacks appear to be unfounded, at least so far.

The 2013 RAA, which came into force at most of the big registrars on January 1, requires registrars to verify the registrant’s email address or phone number whenever a new name is registered.

It was long predicted that this new provision — demanded by law enforcement — would lead to phishers exploiting registrant confusion, obtaining login credentials, and stealing valuable domain names.

Over the weekend, it looked like this prediction had come true, with posts over at DNForum saying that a new Go Daddy scam was doing the rounds and reports that it was related to the 2013 RAA changes.

I disagree. Shane Cultra posted a screenshot of the latest scam on his blog, alongside a screenshot of Go Daddy’s actual verification email, and the two are completely dissimilar.

The big giveaways are the “Whois Data Reminder” banner and “Reminder to verify the accuracy of Whois data” subject line.

The new attack is not exploiting the new 2013 RAA Whois verification requirements, it’s exploiting the 10-year-old Whois Data Reminder Policy, which requires registrars annually to remind their customers to keep their contact details accurate.

In fact, the language of the new scam has been used in phishing attacks against registrants since at least 2010.

That’s not to say the attack is harmless, of course — the attacker is still going to steal the contents of your Go Daddy account if you fall for it.

We probably will see attacks specifically targeting confusion about the new address verification policy in future, but it seems to me that the confusion we’re seeing with the latest scam may be coincidental.

Go Daddy told DI yesterday that the scam site in question had already been shut down. It’s not clear if anyone fell for it while it was live.

1&1’s new gTLD ads banned for “misleading” viewers

Kevin Murphy, December 19, 2013, Domain Registrars

TV ads promoting 1&1’s new gTLD pre-registration services have been banned from the UK’s airwaves after being ruled “likely to mislead” by the Advertising Standards Authority.

The ads were part of probably the biggest new gTLD marketing outreach to date, a worldwide campaign I’ve heard is costing 1&1 up to $80 million. The UK ad stated:

Do you own a company? Or an online shop? Are you an estate agent? Or a car dealer? Are you from London? Or maybe Scotland? Are you looking for a great new web or e-mail address? Then choose from over 700 new domains. Pre-order yours for free, before someone else does, and link it to your website.

The ASA ruled that the ads would have led consumers to believe that they would definitely get the name they pre-registered as soon as it became available.

In fact, of course, allocation is dependent largely on registry policy, Sunrise registrations, name collisions blocking, and whatever other barriers ICANN can think up in the meantime.

The ASA said in its decision:

Whilst we considered consumers would understand the reference to ‘pre-order’ to mean that the domain names were not currently available, we considered they would understand the ad to mean that they could place an order with 1&1 Internet that would secure their chosen domain name when it became available. However, we understood that that was not the case and that upon receipt of a pre-order, 1&1 Internet would pass on the customer’s request to the relevant domain name registry, who would apply their own allocation process when the requested domain name became available. We therefore considered the presentation of the ad was likely to mislead.

The ad therefore “must not appear again in its current form”, the ASA ruled.