ICANN has sent a formal breach notice to top ten registrar NameCheap, saying the company failed to comply with a mandatory audit.
ICANN also claims in the notice (pdf) that the company has failed to keep its web site up to date with pricing information required by policies.
NameCheap, which says it has over three million domains under management, may be the largest registrar to get to the formal, published breach notice stage of the ICANN compliance process.
But it should be noted that while the company is accredited and must comply with its Registrar Accreditation Agreement, it does almost all of its business as an eNom reseller.
Just a handful of domain names are registered under NameCheap’s own IANA number.
101domain has offered a 50% discount to customers that were sold premium new gTLD domains for a vastly reduced price, and has tried to shift some of the blame to the registry, Google.
It indicates that the registrar is prepared to eat at least part of its pricing error on both first-year registrations and subsequent annual renewals.
101domain told customers:
- You now have until June 23, 2014 to make a decision whether to delete the name or pay for the premium name.
- If you want to keep the name(s), 101domain will offer you a 50% discount on the first year premium price and a 25% discount on premium annual renewals.
- If you give up your name(s), we will give you a credit on 101domain.com for any future purchases equal to 25% of the price of the premium name.
Previously, affected registrants had been told to pay up or have their domains deleted the following day.
As we reported last week, almost 50 domains in Google’s .みんな (“.everyone”) were sold for $12.99, despite some being earmarked by the registry as “premiums” with annual fees of up to $7,000.
In its letter to customers yesterday, 101domain characterized Google’s system for handling premiums as non-standard and difficult for registrars to work with.
Google’s list of premium names was circulated to registrars via an email, and the registry had no EPP commands for checking out whether a name was premium in real-time, the registrar says.
There was also no way for registrars to prevent the registration of premiums and no way to check with the registry for premium sales, it added.
It seems clear from the letter that the discounts now on offer mean that if registrants choose to keep their names they’ll be getting them at less than the registry fee — 101domain will eat the difference.
We contacted Google and requested them to work with us on the matter since we felt strongly that both sides were responsible to right the situation. Google offered no assistance other than extending the date to delete the names — telling us it was our problem.
Despite this seemingly generous response to domainer outrage, at the least one affected customer is not impressed.
In an email to DI last night the original registrant that first alerted us to the pricing problem described the latest 101domain offer as “lame”.
101domain has sent out almost 50 invoices, believed to total many thousands of dollars, to customers who had bought “premium” domain names for $12.99 well over a month ago.
One DI reader, who said he’d rather not be named, received a bill from the registrar today for $1587.01 for a .みんな domain name he hand-registered March 10 for the base fee of $12.99.
The email from 101domain stated that unless he pays the bill by 5pm PST tomorrow, his domain will be deleted:
It has come to our attention that the .みんな registry considers certain name(s) that you have registered with us as premium names and that there were some intermittent pricing errors on our website allowing you to purchase these name(s) at regular pricing. The cause of this error has been resolved and we sincerely apologize for the error.
In order to correct these pricing errors, the Registry has granted us the option to delete these names if we are unable to collect the premium pricing from our customers.
Due to a short deadline, payment must be received by Thursday, April 24, 2014, 5pm PST in order for deletion of the name not to occur. In the event that payment isn’t received by Thursday, April 24, 2014, 5pm PST the domain name(s) will be deleted, released back into the pool of available domain names, and any payments previously received for the domain names will be fully refunded to you.
The registrar offered a full refund of the $12.99 and a 20% discount coupon as compensation.
“I am not sure what’s the legal status of this,” the registrant told DI. “Also asking for this a more than a month later (purchased on 10th of March), besides being not cool, is just wrong.”
.みんな is one of Google’s new gTLDs. It’s Japanese for “everyone”.
101domain COO Anthony Beltran told DI that “fewer than 50″ names were affected by the pricing error, all of them in .みんな.
“Literally every registry is doing things differently, but we have committed to offering them as our customers overwhelmingly demand them,” he said. “Most of them understand, as early adopters, there will be occasional issues, and our disclaimers and T&Cs speak to this.”
He offered the following explanation for the error:
In order to offer pre-paid orders, 101domain’s practice is to put up pricing as soon as it is confirmed and as soon as we receive lists of premium names, reserved names, and name collisions from a registry. This is generally well before EPP is available so there is no live domain:check. Our search queries these lists internally to offer accurate pricing well before most other registrars do so that our clients are well ahead of the curve with plenty of time to research and submit orders. Mistakes do rarely occur; some premium lists are fluid, complications have been introduced with SEDO and AFTERNIC getting exclusive listings of premium names (while we have access through their distribution channels like SEDO MLS), or names are snapped up in Sunrise, EAP, or Landrush. We will typically notify clients prior to names becoming active of any changes in pricing or availability and promptly refund in full if requested. With this TLD, this did not happen properly unfortunately.
Nobody’s claiming Google did anything wrong.
I’m not sure what American or Californian consumer protection law says about this kind of thing, but it is a quite startling situation.
Are there any other fields of commerce where you can be billed a month later because a retailer got confused about its wholesale prices?
Endurance International, the domain name registrar that owns some of the world’s biggest web hosting brands, has been hit by a “network firmware” bug that took out one of its data centers.
It’s not currently clear how many many of the 10 million+ domains that EIG hosts were affected, but the outage seems to have lasted at least 17 hours and is only just being resolved right now.
Customers of EIG brands BlueHost and HostGator are among those known to be affected. HostGator alone hosts over 9 million domains, according to Wikipedia.
The outage, affecting a Provo, Utah data center, seems to have begun at 11am local time (7pm UTC) yesterday.
On the BlueHost Facebook page, the company wrote at about 8am UTC today:
Our NetOps team addressed the source of the problems affecting some customers: a bug in the firmware utilized in our vendor’s hardware. We worked very closely with this vendor and we have implemented a bug fix that is beginning to propagate across the network now. You may find some performance inconsistencies during this rollout, but they should resolve fairly quickly.
In more recent updates on Twitter and Facebook and forums, the companies said that some customers may still be affected by the bug, but that they’re quickly coming back online.
Endurance owns dozens of domains and hosting brands. In the registrar space, its best known and largest are probably FastDomain, Domain.com, Dotster and, following the recent acquisition, Directi.
Today’s downtime is the third significant outage in the last 12 months.
“Tens of thousands” of web sites are going dark due to ICANN’s new email verification requirements and registrars are demanding to know how this sacrifice is helping solve crimes.
These claims and demands were made in meetings between registrars and ICANN’s board and management at the ICANN 49 meeting in Singapore last week.
Go Daddy director of policy planning James Bladel and Tucows CEO Elliot Noss questioned the benefit of the 2013 Registrar Accreditation Agreement during a Tuesday session.
The 2013 RAA requires registrars to verify that registrants’ email addresses are accurate. If registrants do not respond to verification emails within 15 days, their domains are turned off.
There have been many news stories and blog posts recounting how legitimate webmasters found their sites gone dark due to an overlooked verification email.
Just looking at my Twitter stream for an “icann” search, I see several complaints about the process every week, made by registrants whose web sites and email accounts have disappeared.
Noss told the ICANN board that the requirement has created a “demonstrable burden” for registrants.
“If you cared to hear operationally you would hear about tens and hundreds of thousands of terrible stories that are happening to legitimate businesses and individuals,” he said.
Noss told DI today that Tucows is currently compiling some statistics to illustrate the scale of the problem, but it’s not yet clear what the company plans to do with the data.
At the Singapore meeting, he asked ICANN to go to the law enforcement agencies that demanded Whois verification in the first place to ask for data showing that the new rules are also doing some good.
“What crime has been forestalled?” he said. “What issues around fraud? We heard about pedophilia regularly from law enforcement. What has any of this done to create benefits in that direction?”
Registrars have a renewed concern about this now because there are moves afoot in other fora, such as the group working on new rules for privacy and proxy services, for even greater Whois verification.
Bladel pointed to an exchange at the ICANN meeting in Durban last July, during which ICANN CEO Fadi Chehade suggested that ICANN would not entertain requests for more Whois verification until law enforcement had demonstrated that the 2013 RAA requirements had had benefits.
The exact Chehade line, from the Durban public forum transcript, was:
law enforcement, before they ask for more, we put them on notice that they need to tell us what was the impact of what we did for them already, which had costs on the implementers.
Quoted back to himself, in Singapore Chehade told Bladel: “It will be done by London.”
Speaking at greater length, director Mike Silber said:
What I cannot do is force law enforcement to give us anything. But I think what we can do is press the point home with law enforcement that if they want more, and if they want greater compliance and if they want greater collaborations, it would be very useful to show the people going through the exercise what benefits law enforcement are receiving from it.
So will law enforcement agencies be able to come up with any hard data by London, just a few months from now?
It seems unlikely to me. The 2013 RAA requirements only came into force in January, so the impact on the overall cleanliness of the various Whois databases is likely to be slim so far.
I also wonder whether law enforcement agencies track the accuracy of Whois in any meaningfully quantitative way. Anecdotes and color may not cut the mustard.
But it does seem likely that the registrars are going to have data to back up their side of the argument — customer service logs, verification email response rates and so forth — by London.
They want the 2013 RAA Whois verification rules rethought and removed from the contract and the ICANN board so far seems fairly responsive to their concerns.
Law enforcement may be about to find itself on the back foot in this long-running debate.