Latest news of the domain name industry

Recent Posts

Concern over mystery TMCH outage

Kevin Murphy, May 20, 2015, Domain Tech

The Trademark Clearinghouse is investigating the causes and impact of an outage that is believed to have hit its primary database for 10 hours last Friday.

Some in the intellectual property community are concerned that the downtime may have allowed people to register domain names without receiving Trademark Claims notices.

The downtime was confirmed as unscheduled by the TMCH on a mailing list, but requests for more information sent its way today were deflected to ICANN.

An ICANN spokesperson said that the outage is being analyzed right now, which will take a couple of days.

The problem affected the IBM-administered Trademark Database, which registrars query to determine whether they need to serve up a Claims notice when a customer tries to register a domain that matches a trademark.

I gather that registries are supposed to reject registration attempts if they cannot get a definitive answer from the TMDB, but some are concerned that that may not have been the case during the downtime.

Over 145,000 Claims notices have been sent to trademark owners since the TMCH came online over a year ago.

(UPDATE: This story was edited May 21 to clarify that it is the TMCH conducting the investigation, rather than ICANN.)

Site names and shames shoddy TLD support

Kevin Murphy, April 20, 2015, Domain Tech

A self-professed geek from Australia is running a campaign to raise awareness of new gTLDs by naming and shaming big companies that don’t provide comprehensive TLD support on their web sites.

SupportTheNew.domains, run by university coder Stuart Ryan, has been around since last June and currently indexes support problems at dozens of web sites.

The likes of Facebook, Amazon, Adobe and Apple are among those whose sites are said to offer incomplete support for new gTLDs.

It’s the first attempt I’m aware of to list “universal acceptance” failures in any kind of structured way.

Ryan says on the site that he set up the campaign after running into problems signing up for services using his new .email email address.

The site relies on submissions from users and seems to be updated whenever named companies respond to support tickets.

Universal acceptance is a hot topic in the new gTLD space, with ICANN recently creating a steering group to promote blanket TLD support across the internet.

Often, sites rely on outdated lists of TLDs or regular expressions that think TLDs are limited to three characters when they attempt to verify domains in email addresses or URLs.

Google eliminating domains from search results

Kevin Murphy, April 17, 2015, Domain Tech

Google has made another move to make domain names less relevant to internet users.

The company will no longer display URLs in search results pages for any web site that adopts a certain technical standard.

Instead, the name of the web site will be given. So instead of a DI post showing up with “domainincite.com” in results, it would be “Domain Incite”.

Google explained the change in a blog post incorrectly titled “Better presentation of URLs in search results”.

Webmasters wishing to present a company name or brand instead of a domain name need to publish metadata on their home pages. It’s just a few lines of code.

Google will make a determination whether to make the change based on whether the name meets these criteria:

Be reasonbly [sic] similar to your domain name

Be a natural name used to refer to the site, such as “Google,” rather than “Google, Inc.”

Be unique to your siteā€”not used by some other site

Not be a misleading description of your site

Code samples and the rules are published here.

It strikes me that Google, by demanding naming uniqueness, is opening itself up for a world of hurt.

Could there be a landrush among non-unique brands? How will disputes be handled?

Right now the change has been made only to mobile search results and only in the US, but Google hinted that it could roll out elsewhere too.

More security issues prang ICANN site

Kevin Murphy, March 3, 2015, Domain Tech

ICANN has revealed details of a security problem on its web site that could have allowed new gTLD registries to view data belonging to their competitors.

The bug affected its Global Domains Division customer relationship management portal, which registries use to communicate with ICANN on issues related to delegation and launch.

ICANN took GDD down for three days, from when it was reported February 27 until last night, while it closed the hole.

The vulnerability would have enabled authenticated users to see information from other users’ accounts.

ICANN tells me the issue was caused because it had misconfigured some third-party software — I’m guessing the Salesforce.com platform upon which GDD runs.

A spokesperson said that the bug was reported by a user.

No third parties would have been able to exploit it, but ICANN has been coy about whether any it believes any registries used the bug to access their competitors’ accounts.

ICANN has ‘fessed up to about half a dozen crippling security problems in its systems since the launch of the new gTLD program.

Just in the last year, several systems have seen downtime due to vulnerabilities or attacks.

A similar kind of privilege escalation bug took down the Centralized Zone Data Service last April.

The RADAR service for registrars was offline for two weeks after being hacked last May.

A phishing attack against ICANN staff in December enabled hackers to view information not normally available to the public.

Why you can’t register emojis in gTLDs

Kevin Murphy, February 25, 2015, Domain Tech

The popular “emoji” smiley faces are banned as gTLD domain names for technical reasons, according to ICANN.

Emojis are a form of emoticon that originated on Japanese mobile networks but are now used by 12-year-old girls worldwide due to their support on Android and iPhone operating systems.

CokeIt emerged last week that Coca-Cola has registered a bunch of smiley-face domain names under .ws, the Samoan ccTLD, for use in an billboard advertising campaign in Puerto Rico.

.ws was selected because it’s one of only a few TLDs that allow emojis to be registered. Coke is spinning its choice of TLD as an abbreviation for “We Smile”.

This got me thinking: would emojis be something new gTLD registries could start to offer in order to differentiate themselves?

Coke’s emoji domains, it turns out, are just a form of internationalized domain name, like Chinese or Arabic or Greek.

Emoji symbols are in the Unicode standard and could therefore be converted to the ASCII-based, DNS-compatible Punycode under the hood in web browsers and other software.

One of Coke’s (smiley-face).ws domain names is represented as xn--h28h.ws in the DNS.

Unfortunately for gTLD registries, ICANN told DI last night that emojis are not permitted in gTLDs.

“Emoticons cannot be used as IDNs as these code points are DISALLOWED under IDNA2008 protocol,” ICANN said in a statement.

IDNA2008 is the latest version of the IETF standard used to define what Unicode characters can and cannot appear in IDNs.

RFC 5892 specifies what can be included in an IDNA2008 domain name, eliminating thousands of letters and symbols that were permissible under the old IDNA2003 standard.

These characters were ostensibly banned due to the possibility of IDN homograph attacks — when bad guys set up spoof web sites on IDNs that look almost indistinguishable from a domain used by, for example, a bank or e-commerce site.

But Unicode, citing Google data, reckons symbols could only ever be responsible for 0.000016% of such attacks. Most homograph attacks are much simpler, relying on for example the visual similarity of I and l.

Regardless, because IDNA2008 only allows Unicode characters that are actually used in spoken human languages, and because gTLD registries are contractually obliged to adhere to the IDNA2008 technical standards, emojis are not permitted in gTLDs.

All new gTLDs have to provide ICANN with a list of the Unicode code points they plan to support as IDNs when they undergo pre-delegation testing. Asking to support characters incompatible with IDNA2008 would result in a failed test, ICANN tells us.

ICANN does not regulate ccTLDs, of course, so the .ws registry is free to offer whatever domains it wants.

However, ICANN said that emoji domains are only currently supported by software that has not implemented the newer IDN protocol:

Emoticon domains only work in software that has not implemented the latest IDNA standard. Only the older, deprecated version of the IDNA standard allowed emoticons, more or less by accident. Over time, these domains will increasingly not work correctly as software vendors update their implementations.

So Coke, while winning brownie points for novelty, may have registered a bunch of damp squibs.

ICANN also told us that, regardless of what the technical standards say, you’d never be able to apply for an emoticon as a gTLD due to the “letters only” principle, which already bans numbers in top-level strings.