Up to 9.8 million new gTLD domain names are to get a get-out-of-jail card, with the publication yesterday of ICANN’s plan to mitigate the risk of damaging name collisions.
As a loyal DI reader, the details of the plan will not come as a great surprise. It was developed by JAS Global Advisors and previewed in a guest post by CEO Jeff Schmidt in January
Name collisions are scenarios where a TLD delegated by ICANN to the public DNS matches a TLD that one or more organizations already uses on their internal networks.
Verisign, in what many view as protectionist propaganda, has been arguing that name collisions could cause widespread technical and economic damage and even a risk to life.
Things might stop working and secret data might leak out of corporate networks, Verisign warns.
JAS’ proposed solution, which ICANN has opened for public comment, is quite clever, I think.
Called “controlled interruption”, it will see new gTLD registries being asked to wildcard their entire second level of their TLDs to point to the IP address 127.0.53.53.
If there’s a name collision on example.corp the company using that TLD on its network will notice unusual behavior and will have an opportunity to fix the problem.
Importantly, no data apart from the DNS look-up will leak out of their networks — the 127/8 IP address block is reserved by various standards for local uses only.
The registry will essentially bounce the DNS request back to the network making the request. If that behavior causes problems, the network administrator will presumably check her logs, notice the odd IP address, and Google it for further information.
Today, she’ll find a Slashdot article about the name collisions plan, which should put the admin on the road to figuring out the problem and fixing her network. In future, maybe ICANN will rank for the term.
Registries would be able to choose whether to wildcard their whole TLD or to only point to 127.0.53.53 those second-level names currently on their collisions block lists.
In either case, the redirection would only last for the first 120 days after delegation.
That’s the same duration as the quiet period ICANN already imposes on new delegations, during which only “nic.” may resolve.
After the 120 days are up, the name collisions issue would be considered permanently closed for that TLD.
If this goes ahead, the plan will allow registries to unblock as many as 9.8 million domain names representing 6.8 million unique second-level labels, according to DI PRO collisions database.
It could also put an end to the argument about whether name collisions really were a significant problem (160,000 new gTLD names are already live and we haven’t heard any reports of collisions yet).
Pointing to the fact that new TLDs, some of which showed evidence of collisions, were getting delegated rather regularly before the current new gTLD round, JAS said in its report:
We do not find that the addition of new Top Level Domains (TLDs) fundamentally or significantly increases or changes the risks associated with DNS namespace collisions. The modalities, risks, and etiologies of the inevitable DNS namespace collisions in new TLD namespaces will resemble the collisions that already occur routinely in the other parts of the DNS.
Collisions in all TLDs and at all levels within the global Internet DNS namespace have the ability to expose potentially serious security and availability problems and deserve serious attention.
JAS calls its plan “a conservative buffer between potential legacy usage of a TLD and the new usage”.
As wildcarding is currently prohibited by ICANN’s standard Registry Agreement (ironically, to prevent a repeat of Verisign’s Site Finder) an amendment is going to be needed, as the JAS plan acknowledges.
The drawback of the plan is that if an organization is relying on a colliding internal TLD, whatever systems use that TLD could break under the plan. The 127/8 redirection is a way to help them resolve the breakage, not always to prevent it happening at all.
For new gTLD registries it’s pretty good news, however. There are many thousands of potentially valuable premium names blocked under the current regime that would be made available for sale.
If you’re an applicant for .mail, however, it’s a different story. The JAS report says .mail should be reserved forever, putting it in the same category as .home and .corp:
the use of .corp and .home for internal namespaces/networks is so overwhelming that the inertia created by such a large “installed base” and prevalent use is not likely reversible. We also note that RFC 6762 suggests that .corp and .home are safe for use on internal networks.
Like .corp and .home, the TLD .mail also exhibits prevalent, widespread use at a level materially greater than all other applied-for TLDs. Our research found that .mail has been hardcoded into a number of installations, provided in a number of example configuration scripts/defaults, and has a large global “installed base” that is likely to have significant inertia comparable to .corp and .home. As such, we believe .mail’s prevalent internal use is also likely irreversible and recommend reservation similar to .corp and .home.
In other words, .mail is dead and the five remaining applicants for the string are probably going to be forced to withdraw through no fault of their own. Should these companies get a full refund from ICANN?
Will .sexy and .tattoo trip on the starting blocks today due to registrars’ fears about competition and Whois privacy?
Uniregistry went into general availability at 1600 UTC today with the two new gTLDs — its first to market — but it did so without the support of some of the biggest registrars.
Go Daddy — alone responsible for almost half of all new domain registrations — Network Solutions, Register.com and 1&1 are among those that are refusing to carry the new TLDs.
The reason, according to multiple sources, is that Uniregistry’s Registry-Registrar Agreement contains two major provisions that would dilute registrars’ “ownership” of their customer base.
First, Uniregistry wants to know the real identities of all of the registrants in its TLDs, even those who register names using Whois privacy services.
That’s not completely unprecedented; ICM Registry asks the same of .xxx registrars in order to authenticate registrants’ identities.
Second, Uniregistry wants to be able to email or otherwise contact those registrants to tell them about registry services it plans to launch in future. The Uniregistry RRA says:
Uniregistry may from time to time contact the Registered Name Holder directly with information about the Registered Name and related or future registry services.
We gather that registrars are worried that Uniregistry — which will shortly launch its own in-house registrar under ICANN’s new liberal rules on vertical integration — may try to poach their customers.
The difference between ICM and Uniregistry is that ICM does not own its own registrar.
The Uniregistry RRA seems to take account of this worry, however, saying:
Except for circumstances related to a termination under Section 6.7 below, Uniregistry shall never use Personal Data of a Registered Name Holder, acquired under this Agreement, (a) to contact the Registered Name Holder with a communication intended or designed to induce the Registered Name Holder to change Registrars or (b) for the purpose of offering or selling non-registry services to the Registered Name Holder.
Some registrars evidently do not trust this promise, or are concerned that Uniregistry may figure out a way around it, and have voted with their storefronts by refusing to carry these first two gTLDs.
Ownership of the customer relationship is a pretty big deal for registrars, especially when domain names are often a low-margin entry product used to up-sell more lucrative services.
What if a future Uniregistry “registry service” competes with something these registrars already offer? You can see why they’re worried.
A lot of registrars have asserted that with the new influx of TLDs, registrars have more negotiating power over registries than they ever did in a world of 18 gTLDs.
Uniregistry CEO Frank Schilling is basically testing out this proposition on his own multi-million-dollar investment.
But will the absence of these registrars — Go Daddy in particular — hurt the launch numbers for .sexy and .tattoo?
I think there could be some impact, but it might be tempered by the fact that a large number of early registrations are likely to come from domainers, and domainers know that Go Daddy is not the only place to buy domains.
Schilling tweeted at about 1605 UTC today that .sexy was over 1,800 registrations.
Longer term, who knows? This is uncharted territory. Right now Uniregistry seems to be banking on the 40-odd registrars — some of them quite large — that have signed up, along with its own marketing efforts, to make up any shortfall an absence of Go Daddy may cause.
Tomorrow, I’d be surprised if NameCheap, which is the distant number two registrar in new gTLDs right now (judging by name server counts) is not the leader in .sexy and .tattoo names.
It seems the new gTLD .voting will not be restricted to Germans after all.
We reported earlier today that .voting registry Valuetainment had submitted a registration policy that required all registrants to have a presence in Germany.
The language used in the policy was identical, we later discovered, to that found in the equivalent policy for .ruhr, a German geographic gTLD operated by a different registry.
But Thomas Rickert of the German law firm Schollmeyer & Rickert, which has both .voting and .ruhr registries as clients, just called to let us know that the policy as submitted to ICANN was a mistake.
It seems there will be no local presence requirement for .voting after all.
Valuetainment will be submitting a revised policy to ICANN without the error. The German-language version of the policy does not contain the error, Rickert said.
Rickert said he’d like it to be known that the registry was blameless in this instance.
New gTLDs may have only been in general availability for a few weeks, but there’s already evidence of substantial abuse.
Go Daddy has suspended at least 305 new gTLD domain names, putting them on its spam-and-abuse.com name servers, standard Go Daddy practice for domains suspected of abuse.
Over 250 of these were put on the naughty step in the last 24 hours.
The suspended names include, notably, thepiratebay.guru, which matches the name of controversial torrent site frequented by people who like downloading copyrighted material for free.
The Pirate Bay has been switching TLDs like crazy recently, as one ccTLD after another shuts down its latest attempt to find a reliable home.
The .guru domain is registered under Go Daddy’s Domains By Proxy privacy service, so it’s not clear if it actually belongs to The Pirate Bay or to an opportunistic third party.
Other suspended names include premium-looking names such as electric.guru, sexualhealth.guru, as well as obvious cybersquatted names such as verizon.guru (not registered to Verizon).
But the majority of the suspended names seem to belong to a single registrant in Washington state, all in .guru and largely “pigeon shit” names such as bestdrinksites.guru and bestfashionsites.guru.
While 305 seems like a large number (albeit only 0.2% of the current new gTLD names sold), it appears that so far a single individual is responsible for most of the “abuse” in new gTLDs.
Two more new gTLDs — .wedding and .green — have been auctioned off, with proceeds amounting to millions of dollars.
Top Level Domain Holdings said in a press release that it won .wedding and lost .green, which cost it a net $2.23 million.
That’s the amount it paid for .wedding, minus its share of the .green winning bid and its ICANN refund for withdrawing its .green application.
I don’t think we can infer the exact sale price of .wedding from that, other than to say that it was definitely over $2.2 million.
TLDH did not say who won the .green auction. The only other remaining applicants, after Dot Green’s withdrawal last year, were Rightside and Afilias. Neither has withdrawn their applications yet.
In the .wedding auction, conducted by Applicant Auction, it beat rival portfolio applicants Donuts and What Box?