Latest news of the domain name industry

Recent Posts

ICANN flips off governments over Whois privacy

Kevin Murphy, May 8, 2018, Domain Policy

ICANN has formally extended its middle finger to its Governmental Advisory Committee for only the third time, telling the GAC that it cannot comply with its advice on Whois privacy.

It’s triggered a clause in its bylaws used to force both parties to the table for urgent talks, first used when ICANN clashed with the GAC on approving .xxx back in 2010.

The ICANN board of directors has decided that it cannot accept nine of the 10 bulleted items of formal advice on compliance with the General Data Protection Regulation that the GAC provided after its meetings in Puerto Rico in March.

Among that advice is a direction that public Whois records should continue to contain the email address of the registrant after GDPR goes into effect May 25, and that parties with a “legitimate purpose” in Whois data should continue to get access.

Of the 10 pieces of advice, ICANN proposes kicking eight of them down the road to be dealt with at a later date.

It’s given the GAC a face-saving way to back away from these items by clarifying that they refer not to the “interim” Whois model likely to come into effect at the GDPR deadline, but to the “ultimate” model that could come into effect a year later after the ICANN community’s got its shit together.

Attempting to retcon GAC advice is not unusual when ICANN disagrees with its governments, but this time at least it’s being up-front about it.

ICANN chair Cherine Chalaby told GAC chair Manal Ismail:

Reaching a common understanding of the GAC’s advice in relation to the Interim Model (May 25) versus the Ultimate Model would greatly assist the Board’s deliberations on the GAC’s advice.

Of the remaining two items of advice, ICANN agrees with one and proposes immediate talks on the other.

One item, concerning the deployment of a Temporary Policy to enforce a uniform Whois on an emergency basis, ICANN says it can accept immediately. Indeed, the Temporary Policy route we first reported on a month ago now appears to be a done deal.

ICANN has asked the GAC for a teleconference this week to discuss the remaining item, which is:

Ensure continued access to the WHOIS, including non-public data, for users with a legitimate purpose, until the time when the interim WHOIS model is fully operational, on a mandatory basis for all contracted parties;

Basically, the GAC is trying to prevent the juicier bits of Whois from going dark for everyone, including the likes of law enforcement and trademark lawyers, two weeks from now.

The problem here is that while ICANN has tacit agreement from European data protection authorities that a tiered-access, accreditation-based model is probably a good idea, no such system currently exists and until very recently it’s not been something in which ICANN has invested a lot of focus.

A hundred or so members of the ICANN community, led by IP lawyers who won’t take no for an answer, are currently working off-the-books on an interim accreditation model that could feasibly be used, but it is still subject to substantial debate.

In any event, it would be basically impossible for any agreed-upon accreditation solution to be implemented across the industry before May 25.

So ICANN has invoked its bylaws fuck-you powers for only the third time in its history.

The first time was when the GAC opposed .xxx for reasons lost in the mists of time back in 2010. The second was in 2014 when the GAC overstepped its powers and told ICANN to ignore the rest of the community on the issue of Red Cross related domains.

The board resolved at a meeting last Thursday:

the Board has determined that it may take an action that is not consistent or may not be consistent with the GAC’s advice in the San Juan Communiqué concerning the GDPR and ICANN’s proposed Interim GDPR Compliance Model, and hereby initiates the required Board-GAC Bylaws Consultation Process required in such an event. The Board will provide written notice to the GAC to initiate the process as required by the Bylaws Consultation Process.

Chalaby asked Ismail (pdf) for a call this week. I don’t know if that call has yet taken place, but given the short notice I expect it has not.

For the record, here’s the GAC’s GDPR advice from its Puerto Rico communique (pdf).

the GAC advises the ICANN Board to instruct the ICANN Organization to:

i. Ensure that the proposed interim model maintains current WHOIS requirements to the fullest extent possible;

ii. Provide a detailed rationale for the choices made in the interim model, explaining their necessity and proportionality in relation to the legitimate purposes identified;

iii. In particular, reconsider the proposal to hide the registrant email address as this may not be proportionate in view of the significant negative impact on law enforcement, cybersecurity and rights protection;

iv. Distinguish between legal and natural persons, allowing for public access to WHOIS data of legal entities, which are not in the remit of the GDPR;

v. Ensure continued access to the WHOIS, including non-public data, for users with a legitimate purpose, until the time when the interim WHOIS model is fully operational, on a mandatory basis for all contracted parties;

vi. Ensure that limitations in terms of query volume envisaged under an accreditation program balance realistic investigatory crossreferencing needs; and

vii. Ensure confidentiality of WHOIS queries by law enforcement agencies.

b. the GAC advises the ICANN Board to instruct the ICANN Organization to:

i. Complete the interim model as swiftly as possible, taking into account the advice above. Once the model is finalized, the GAC will complement ICANN’s outreach to the Article 29 Working Party, inviting them to provide their views;

ii. Consider the use of Temporary Policies and/or Special Amendments to ICANN’s standard Registry and Registrar contracts to mandate implementation of an interim model and a temporary access mechanism; and

iii. Assist in informing other national governments not represented in the GAC of the opportunity for individual governments, if they wish to do so, to provide information to ICANN on governmental users to ensure continued access to WHOIS.

.xxx has its ICANN fees slashed and adopts URS

Kevin Murphy, February 8, 2017, Domain Registries

ICM Registry is to see its .xxx ICANN registry fees hugely reduced in contractual amendments approved by ICANN last week.

The changes also mean that .xxx will now become subject to the Uniform Rapid Suspension anti-cybersquatting mechanism, despite it being a pre-2012 gTLD.

.xxx becomes the latest pre-2012 gTLD to move to a contract more closely aligned with the standard Registry Agreement from the new gTLD program.

Under the complex new deal, its per-transaction fee could be reduced from $2 to $0.25 by mid-2018.

Its quarterly fixed fee will go up from $2,500 to $6,250.

ICM has also agreed to take on many aspects of the standard new gTLD Registry Agreement, the most controversial of which is the URS.

The domainer group the Internet Commerce Association was fiercely critical of this addition to the contract, as it has been when URS was brought to .jobs, .travel, .cat, .pro and .mobi.

ICA is largely concerned that URS will also be pushed upon Verisign’s .net, which is up for contract renewal this year, and eventually .com.

ICA worried ICANN will force URS on .net

Kevin Murphy, January 5, 2017, Domain Registries

The Internet Commerce Association has called for a “moratorium” on the Uniform Rapid Suspension policy being added to legacy gTLD contracts, months before Verisign’s .net contract is up for renewal.

In a blog post, ICA counsel Phil Corwin accused ICANN staff of making policy by the back door by compelling pre-2012 registries to adopt URS, despite a lack of ICANN community consensus policy.

In the last few years the registries for .jobs, .travel, .cat, .pro, .xxx and most recently .mobi have agreed to adopt many aspects of the 2012 Registry Agreement, which includes the URS, often in exchange for lower ICANN fees.

Corwin wrote:

the real test of [ICANN’s Global Domains Division’s] illicit strategy of incremental de facto policymaking will come later this year, when the .Net RA comes up for renewal. We have no idea whether Verisign will be seeking any substantial revisions to that RA that would provide GDD staff with substantial leverage to impose URS, nor do we know whether Verisign would be amenable to that tradeoff.

The .net RA is due to expire July 1 this year.

Verisign pays ICANN $0.75 for each .net domain registration, renewal and transfer. If that were to be reduced to the 2012 standard of $0.25, it would save Verisign at least $7.5 million a year.

The URS provides brand owners with a way to suspend trademark-infringing domains in clear-cut cases. It’s based on UDRP but is faster and cheaper and does not allow the brand owner to seize ownership of the domains.

ICA represents large domain speculators, most of which have their investments tied up in .com and .net domains. It’s complained about the addition of URS to other gTLDs but the complaints have largely fallen on deaf ears.

ICANN has said that it does not force URS on anyone, but that it takes the base new gTLD program RA as its starting point for bilateral negotiations with registries whose contracts are up for renewal.

URS comes to .mobi as ICANN offers Afilias lower fees

Kevin Murphy, December 27, 2016, Domain Registries

Afilias’ .mobi is to become the latest of the pre-2012 gTLDs to agree to adopt the Uniform Rapid Suspension policy in exchange for lower ICANN fees.

Its Registry Agreement is up for renewal, and Afilias and ICANN have come to similar terms to .jobs, .travel, .cat, .pro and .xxx.

Afilias has agreed to take on many of the provisions of the standard new gTLD RA that originally did not apply to gTLDs approved in the 2000 and 2003 rounds, including the URS.

In exchange, its fixed registry fees will go down from $50,000 a year to $25,000 a year and the original price-linked variable fee of $0.15 to $0.75 per transaction will be replaced with the industry standard $0.25.

It’s peanuts really, given that .mobi still has about 690,000 domains, but Afilias is getting other concessions too.

Notably, the ludicrous mirage that .mobi was a “Sponsored” gTLD serving a specific restricted community (users of mobile telephones, really) rather than an obvious gaming of the 2003-round application rules, looks like it’s set to evaporate.

Appendix S to the current RA is not being carried over, ICANN said, so .mobi will not become a “Community” gTLD, with all the attendant restrictions that would have entailed.

Instead, Afilias has simply agreed to the absolute basic set of Public Interest Commitments that apply to all 2012 new gTLDs. Text that would have committed the registry to abide by the promises made in its gTLD application have been removed.

But the change likely to get the most hackles up is the inclusion of URS in the proposed new contract.

URS is an anti-cybserquatting measure that enables trademark owners to shut down infringing domains, without taking ownership, more quickly and cheaply than the UDRP.

It’s obligatory for all 2012-round gTLDs, and five of the pre-2012 registries have also agreed to adopt it during their contract renewal talks with ICANN.

Most recently, ICM Registry agreed to URS in exchange for much deeper cuts in its ICANN fees in .xxx.

In recent days, ICANN published its report into the public comments on the .xxx renewal, summarizing some predictably irate feedback.

Domainer group the Internet Commerce Association, which is concerned that URS will one day be forced upon .com and .net, had a .xxx comment that seems particularly pertinent to the .mobi news:

Given the history of flimsy and self-serving justifications by [Global Domains Division] staff and the ICANN Board for similar actions taken in 2015, we are under no illusion that this comment letter will likely be successful in effecting removal of the URS and other new gTLD RA provisions from the revised .XXX RA. Nonetheless, we strenuously object to this GDD action that intrudes upon and debases ICANN’s legitimate policymaking process, and urge the GDD and Board to reconsider their positions, and to ensure that GDD staff ceases and desists from taking similar action in the context of future RA renewals and revisions until the RPM Review WG renders the community’s judgment as to whether the URS and other new gTLD RPMs should become Consensus Policy and such recommendation is reviewed by GNSO Council and the ICANN Board.

The Intellectual Property Constituency of the GNSO, conversely, broadly welcomed the addition of more rights protection mechanisms to .xxx.

The Non-Commercial Stakeholder Group, meanwhile, expressed concern that whenever ICANN negotiates a non-consensus policy into a contract it negates and discourages all the work done by the volunteer community.

You can read the summary of the .xxx comments, along with ICANN staff’s reasons for ignoring them, here (pdf).

The .mobi proposed amendments are also now open for public comment.

Any lawyers wishing to rack up a few billable hours railing against a fait accompli can do so here.

.xxx to get lower ICANN fees, accept the URS

Kevin Murphy, October 14, 2016, Domain Registries

ICM Registry has negotiated lower ICANN transaction fees as part of a broad amendment to its Registry Agreement that also includes new trademark protection measures.

The company’s uniquely high $2 per-transaction fee could be reduced to the industry standard $0.25 by mid-2018.

As part of the renegotiated contract, ICM has also agreed to impose the Uniform Rapid Suspension policy on its registrants.

URS is the faster, cheaper version of UDRP that allows trademark owners to have domain names suspended in more clear-cut cases of cybersquatting.

The $2 fee was demanded by ICANN when ICM first signed its RA in 2011.

At the time, ICANN said the higher fee, which had doubled from a 2010 draft of the contract, was to “account for anticipated risks and compliance activities”.

The organization seemed to have bought into the fears that .xxx would lead to widespread misuse — something that has noticeably failed to materialize — and was expecting higher legal costs as a result.

The companion TLDs .adult, .porn and .sex, all also managed by ICM, only pay $0.25 per transaction.

The overall effects on registrants, ICANN and ICM will likely be relatively trivial.

With .xxx holding at roughly 170,000 domains and a minimal amount of inter-registrar transfer activity, ICM seems to be paying ICANN under $400,000 a year in transaction fees at the moment.

Its registry fee is usually $62, though a substantial number of domains have been sold at lower promotional pricing, so the cost to registrants is not likely to change a great deal.

The reduction to $0.25 would have to be carried out in stages, with the earliest coming this quarter, and be reliant on ICM keeping a clean sheet with regards contract compliance.

Under the deal, ICM has agreed to adopt many of the provisions of the standard Registry Agreement for 2012-round gTLDs.

One of those is the URS, which may cause consternation among domainers fearful that the rights protection mechanism may one day also find its way into the .com registry contract.

ICM has also agreed to implement its existing policies on, for example, child abuse material prevention, into the contract as Public Interest Commitments.

The RA amendment is currently open for public comment at ICANN.

Cruz-Duffy bill would put brakes on IANA transition

Kevin Murphy, June 9, 2016, Domain Policy

America’s continuing unique oversight role in the DNS root management system, fuck yeah!

That’s basically the takeaway from a new bit of proposed US legislation, put forward by Sen. Ted Cruz and Rep. Sean Duffy in both houses of Congress yesterday.

The two Republican Congressmen have proposed the inappropriately named Protecting Internet Freedom Act, which is specifically designed to scupper the IANA transition at the eleventh hour.

PIFA would prevent the National Telecommunications and Information Administration from backing away from its role in the DNS root management triumvirate.

It’s supported, ironically, by a bunch of small-government right-wing think tanks and lobby groups.

If the bill is enacted, NTIA would need a further act of Congress in order to cancel or allow to expire its current IANA functions contract with ICANN

The bill (pdf) reads:

The Assistant Secretary of Commerce for Communications and Information may not allow the responsibility of the National Telecommunications and Information Administration with respect to the Internet domain name system functions, including responsibility with respect to the authoritative root zone file and the performance of the Internet Assigned Numbers Authority functions, to terminate, lapse, expire, be cancelled, or otherwise cease to be in effect unless a Federal statute enacted after the date of enactment of this Act expressly grants the Assistant Secretary such authority.

The bill also seeks to ensure that the US government has “sole ownership” of the .gov and .mil TLDs “in perpetuity”.

These ownership rights are not and have never been in question; the inclusion of this language in the bill looks like a cheap attempt to stir up Congresspeople’s basest jingoistic tendencies.

A Cruz press release said the IANA transition “will allow over 160 foreign governments to have increased influence over the management and operation of the Internet.”

Duffy added:

President Obama wants to hand over the keys to the Internet to countries like China and Russia. This is reckless and absurd. The governments of these countries do not value free speech. In fact, they censor the Internet and routinely repress and punish political dissidents. They cannot be trusted with something as fundamental to free speech as a free and open Internet.

It’s unfiltered scaremongering.

No country — not China, Russia, the US nor any other government — gets increased powers under the IANA transition proposal, which was painstakingly crafted by, and is now supported by, pretty much all community stakeholders over two years.

In fact, governmental power is significantly curtailed under the proposal.

Post-transition, the Governmental Advisory Committee’s current voting practice, which essentially requires unanimity, would be enshrined in ICANN’s bylaws.

If the GAC came to ICANN with advice that did not have consensus — that is, some governments formally objected to it — ICANN would be able to reject it much more easily than it can today.

The one area where the GAC does get a new role is in the so-called “Empowered Community”, a new concept that will enter the ICANN bylaws post-transition.

The Empowered Community would be a non-profit legal entity formed by the ICANN community in the exceptional event that the ICANN board goes rogue and starts doing really egregious stuff that nobody wants — for example, introducing Draconian policy regulating freedom of speech.

The EC would have the power to kick out the ICANN board members of its choice, reject the ICANN budget, throw out proposed bylaws amendments and so on. As far as ICANN is concerned, the EC would be God.

Its members, or “Decisional Participants” would be the GNSO, the ccNSO, the ALAC, the ASO and the GAC.

The fact that the GAC has a seat at the EC table is the straw that Cruz, Duffy and co grasp at when they talk about governments getting increased power in a post-transition ICANN.

But the GAC’s voice is equal to those of the other four participants, and the GAC is not allowed a vote on matters stemming from ICANN’s implementation of consensus GAC advice.

In other words, the only way Cruz’s boogeymen governments would ever get to push through a censorship policy would be if that policy was also supported by all the other governments or by the majority of the diverse, multi-stakeholder ICANN community.

The arguments of Cruz and Duffy are red herrings, in other words.

Not only that, but the US record on attempted censorship of the DNS root is hardly exemplary.

While it’s generally been quietly hands-off for the majority of the time ICANN has had its hand on the rudder, there was a notable exception.

The Bush-era NTIA, following a letter-writing campaign by the religious right — Bible-thumping Cruz’s base — exerted pressure on ICANN to reject the proposed porn-only .xxx gTLD.

So who’s the real threat here, Red China or Ted Cruz, the man who tried to ban the sale of dildos in Texas?

The Protecting Internet Freedom Act is obviously still just a bill, but Republicans still control both houses of Congress so it’s not impossible that the tens of thousands of hours the ICANN community has put into the IANA transition could be sacrificed on the altar of embarrassing the President, who is probably Kenyan anyway.

Priced to sell: $46m of two-letter .xxx names

Kevin Murphy, January 7, 2016, Domain Registries

ICM Registry has added over 1,200 two-character .xxx names to its catalog of priced premiums.

With prices ranging from $100,000 to $37,500, the newly offered domains carry a total ticket price of over $46 million.

The only six-figure name on the list is vr.xxx. ICM said in a press release today it has already sold vr.porn and vr.sex for $100,000 apiece.

There are seven names with adult connotations (such as 69.xxx and bj.xxx) priced at $75,000, eight more at $50,000 and two at $40,000.

The rest of the list of 1,227 names are being offered at $37,500, which is roughly 10 times the prices on the equivalent .porn, .sex and .adult domains.

While ICM noted the interest in domain investing from China recently, it does not appear to have valued its numeric-only domains (such as 88.xxx) any more highly than less attractive-looking combinations (such as 0o.xxx).

Judging by the list published on ICM’s web site, it has already sold well over 300 two-character domains in its newest three gTLDs.

Had those sold at the buy-now prices it would have raised over $1.1 million in revenue.

But ICM since September has been offering an option to register premium names for premium annual fees that are lower than the one-off price. A $37,500 domain costs $3,000 a year to register, under this model.

The total value of ICM’s premium list, including all the longer domains, is roughly $115 million.

Third ICM windfall due as .sex hits sunrise

Kevin Murphy, September 2, 2015, Domain Registries

If we’ve learned one thing about new gTLD sunrise periods, it’s that adult-oriented TLDs sell quite well.

ICM Registry started its third such period yesterday, as .sex went into its “TMCH Sunrise” phase.

Until October 1, any company with a trademark in the Trademark Clearinghouse will be able to buy a matching .sex domain on a first-come, first-served basis.

From October 5 to October 30, anyone with a .xxx domain name or current .xxx “Sunrise B” block will be able to buy the matching .sex during the Domain Matching phase.

Anyone who buys a .xxx before October 1 will be able to participate in this second sunrise.

ICM reported in May that .porn received 3,995 sunrise registrations while .adult sold 3,902 — both via a combination of TMCH Sunrise sales and blocks.

At ICM’s prices, that’s enough to comfortably cover its ICANN application fees.

Every other new gTLD with the exception of .sucks has sold fewer than 1,000 sunrise names.

General availability for .sex starts November 4.

IDN .com hits the root

Eleven variants of .com and .net in non-Latin scripts joined the internet today.

Verisign’s whole portfolio of internationalized domain name new gTLDs were added to the DNS root at some point in the last 24 hours, and the company is planning to start launching them before the end of the year.

But the company has been forced to backtrack on its plans to guarantee grandfathering to thousands of existing [idn].com domains in the new domains, thereby guaranteeing a backlash from IDN domainers.

The eleven gTLDs are: .कॉम, .ком, .点看, .คอม, .नेट, .닷컴, .大拿, .닷넷, .コム, .كوم and .קוֹם. Scripts include Arabic, Cyrillic and Hebrew.

Verisign signed registry agreements with ICANN back in January, but has been trying to negotiate a way to allow it to give the owners of [idn].com domains first rights to the matching domain in the “.com” in the appropriate script.

The company laid out its plans in 2013. The idea was to reduce the risk of confusion and minimize the need for defensive registrations.

So what happened? Trademark lawyers.

Verisign CEO Jim Bidzos told financial analysts last week that due to conversations with the “community” (read: the intellectual property lobby) and ICANN, it won’t be able grandfather all existing [idn].com registrants.

All of the new IDN gTLDs will be subject to a standard ICANN Sunrise period, which means trademarks owners will have first dibs on every string.

If you own водка.com, and somebody else owns a trademark on “водка”, the trademark owner will get the first chance to buy водка.ком.

According to SeekingAlpha’s transcript, Bidzos said:

Based primarily on feedback from domain name community stakeholders, we have revised our IDN launch strategy. We will offer these new IDN top-level domains as standalone domain names, subject to normal introductory availability and rights protection mechanisms, available to all new gTLDs. This revised approach will not require ICANN approval and is designed to provide end users and businesses with the greatest flexibility and, for registrars, a simple and straightforward framework to serve the market.

Finally, we believe this approach should provide the best opportunity for increased universal acceptance of IDNs. We expect to begin a phased rollout of the IDNs towards the end of this year, and we’ll provide more information on our launch plans when appropriate.

Senior VP Pat Kane added on the call that the grandfathering provisions, which would have required ICANN approval, have been “taken out”.

The question now is whether Verisign will introduce a post-sunrise mechanism to give rights to [idn].com.

That would not be unprecedented. ICM Registry ran into similar problems getting its grandfathering program for .porn approved by ICANN. It wound up offering a limited, secondary sunrise period for existing .xxx registrants instead.

Whois privacy supporters to top 20,000

Over 20,000 people have put their names to statements slamming proposals that would ban some commercial web sites from using Whois privacy on their domains.

ICANN’s public comment period on a working group’s Whois privacy reform proposals closes today after two months, with roughly 11,000 individual comments — the vast majority against changes that would weaken privacy rights — already filed.

Separately, Michele Neylon of Blacknight Solutions, which hosts SaveDomainPrivacy.org, tells DI that a petition signed by more than 9,000 people will be submitted to ICANN tonight.

If we count the signatories as commenters, that would make this the largest ICANN comment period to date, outstripping the 14,000 comments received when religious groups objected to the approval of .xxx in 2010.

SaveDomainPrivacy.org and RespectOurPrivacy.org, separate registrar-led initiatives, are responsible for the large majority of comments.

While registrars no doubt have business reasons for objecting to the muddling the Whois privacy market, their letter-writing outreach has been based on their claims that they could be forced to unmask the Whois of vulnerable home-business owners and such.

The Privacy & Proxy Services Accreditation Issues Working Group (PPSAI) report, published in May, sketches out a framework that could allow intellectual property owners to have privacy removed from domains they suspect of hosting infringing content.

A minority position appended to the report by MarkMonitor, Facebook, LegitScript and supported by members of the Intellectual Property and Business Constituencies, would put a blanket ban on using privacy on domains used to commercially transact.