Latest news of the domain name industry

Recent Posts

Sixty gTLD registries not monitoring security threats

Kevin Murphy, September 18, 2019, Domain Registries

Roughly 5% of gTLD registry operators have been doing no abuse monitoring, despite contractual requirements to do so, a recent ICANN audit has found.

ICANN checked with 1,207 registries — basically all gTLDs — between November 2018 and June, and found about 60 of them “were not performing any security threat monitoring, despite having domains registered in their gTLDs”.

A further 180 (15%) were not doing security checks, but had no registered domains, usually because they were unused dot-brands. ICANN told these companies that they had to do the checks anyway, to remain in compliance.

In all cases, ICANN said, the registries remediated their oversights during the audit to bring their gTLDs back into compliance.

ICANN does not name the non-compliant registries in the summary of the audit’s results, published yesterday (pdf).

Registries under the 2012 new gTLD base registry agreement all have to agree to this:

Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request.

It’s possible to keep tabs on abuse by monitoring domain blocklists such as SpamHaus, SURBL and PhishTank. Some such lists are freely available, others carry hefty licensing fees.

ICANN itself monitors these lists through its Domain Abuse Activity Reporting project, so it’s able to work out the differences between the levels of abuse registries report and what the empirical data suggests.

Registries typically either use these lists via in-house tools or license products provided by vendors such as Neustar, RegistryOffice, Knipp, CSC, DOTZON, Afnic, AusCERT, Shadowserver, Telefonica, Secure Domain Foundation and Netcraft, ICANN said.

Perhaps unsurprisingly, there’s a bit of disagreement between ICANN and some registries about how the somewhat vague obligations quote above are be interpreted.

ICANN thinks registries should have to provide information about specific domains that were identified as abusive and what remediation actions were taken, but some registries think they only have to provide aggregate statistical data (which would be my read of the language).

The contracts also don’t specify how frequently registries much carry out security reviews.

Of the 80% (965) of registries already in compliance, 80% (772) were doing daily abuse monitoring. Others were doing it weekly, monthly, or even quarterly, ICANN found, all of which appear to be in line with contractual requirements.

2 Comments Tagged: , , , , ,

ICANN must do more to fight internet security threats [Guest Post]

ICANN and its contracted parties need to do more to tackle security threats, write Dave Piscitello and Lyman Chapin of Interisle Consulting.

The ICANN Registry and Registrar constituencies insist that ICANN’s role with respect to DNS abuse is limited by its Mission “to ensure the stable and secure operation of the internet’s unique identifier systems”, therefore limiting ICANN’s remit to abuse of the identifier systems themselves, and specifically excluding from the remit any harms that arise from the content to which the identifiers point.

In their view, if the harm arises not from the identifier, but from the thing identified, it is outside of ICANN’s remit.

This convenient formulation relieves ICANN and its constituencies of responsibility for the way in which identifiers are used to inflict harm on internet users. However convenient it may be, it is fundamentally wrong.

ICANN’s obligation to operate “for the benefit of the Internet community as a whole” (see Bylaws, “Commitments”) demands that its remit extend broadly to how a domain name (or other Internet identifier) is misused to point to or lure a user or application to content that is harmful, or to host content that is harmful.

Harmful content itself is not ICANN’s concern; the way in which internet identifiers are used to weaponize harmful content most certainly is.

Rather than confront these obligations, however, ICANN is conducting a distracting debate about the kinds of events that should be described as “DNS abuse”. This is tedious and pointless; the persistent overloading of the term “abuse” has rendered it meaningless, ensuring that any attempt to reach consensus on a definition will fail.

ICANN should stop using the term “DNS abuse” and instead use the term “security threat”.

The ICANN Domain Abuse Activity Reporting project and the Governmental Advisory Committee (GAC) use this term, which is also a term of reference for new TLD program obligations (Spec 11) and related reporting activities. It is also widely used in the operational and cybersecurity communities.

Most importantly, the GAC and the DAAR project currently identify and seek to measure an initial set of security threats that are a subset of a larger set of threats that are recognized as criminal acts in jurisdictions in which a majority of domain names are registered.

ICANN should acknowledge the GAC’s reassertion in its Hyderabad Communique that the set of security threats identified in its Beijing correspondence to the ICANN Board were not an exhaustive list but merely examples. The GAC smartly recognized that the threat landscape is constantly evolving.

ICANN should not attempt to artificially narrow the scope of the term “security threat” by crafting its own definition.

It should instead make use of an existing internationally recognized criminal justice treaty. The Council of Europe’s Convention on Cybercrime is a criminal justice treaty that ICANN could use as a reference for identifying security threats that the Treaty recognizes as criminal acts.

The Convention is recognized by countries in which a sufficiently large percentage domain names are registered that it can serve the community and Internet users more effectively and fairly than any definition that ICANN might concoct.

ICANN should also acknowledge that the set of threats that fall within its remit must include all security events (“realized security threats”) in which a domain name is used during the execution of an attack for purposes of deception, for infringement on copyrights, for attacks that threaten democracies, or for operation of criminal infrastructures that are operated for the purpose of launching attacks or facilitating criminal (often felony) acts.

What is that remit?

ICANN policy and contracts must ensure that contracted parties (registrars and registries) collaborate with public and private sector authorities to disrupt or mitigate:

  • illegal interception or computer-related forgery,
  • attacks against computer systems or devices,
  • illegal access, data interference, or system interference,
  • infringement of intellectual property and related rights,
  • violation of laws to ensure fair and free elections or undermine democracies, and
  • child abuse and human trafficking.

We note that the Convention on Cybercrime identifies or provides Guidance Notes for these most prevalently executed attacks or criminal acts:

  • Spam,
  • Fraud. The forms of fraud that use domain names in criminal messaging include, business email compromise, advance fee fraud, phishing or other identity thefts.
  • Botnet operation,
  • DDoS Attacks: in particular, redirection and amplification attacks that exploit the DNS
  • Identity theft and phishing in relation to fraud,
  • Attacks against critical infrastructures,
  • Malware,
  • Terrorism, and,
  • Election interference.

In all these cases, the misuse of internet identifiers to pursue the attack or criminal activity is squarely within ICANN’s remit.

Registries or registrars should be contractually obliged to take actions that are necessary to mitigate these misuses, including suspension of name resolution, termination of domain name registrations, “unfiltered and unmasked” reporting of security threat activity for both registries and registrars, and publication or disclosure of information that is relevant to mitigating misuses or disrupting cyberattacks.

No one is asking ICANN to be the Internet Police.

The “ask” is to create policy and contractual obligations to ensure that registries and registrars collaborate in a timely and uniform manner. Simply put, the “ask” is to oblige all of the parties to play on the same team and to adhere to the same rules.

This is unachievable in the current self-regulating environment, in which a relatively small number of outlier registries and registrars are the persistent loci of extraordinary percentages of domain names associated with cyberattacks or cybercrimes and the current contracts offer no provisions to suspend or terminate their operations.

This is a guest editorial written by Dave Piscitello and Lyman Chapin, of security consultancy Interisle Consulting Group. Interisle has been an occasional ICANN security contractor, and Piscitello until last year was employed as vice president of security and ICT coordination on ICANN staff. The views expressed in this piece do not necessary reflect DI’s own.

3 Comments Tagged: , , , , ,

Bumper batch of dot-brands off themselves for Friday 13th

Kevin Murphy, September 12, 2019, Domain Registries

It’s Friday 13th tomorrow, and to celebrate the occasion no fewer than 13 dot-brands have opted to take the easy way out and self-terminate.

ICANN has published a bumper list of contracted brand registries that have informed the organization that they no longer wish to run their gTLDs.

Adding themselves to the dot-brand deadpool are: .ladbrokes, .warman, .cartier, .piaget, .chrysler, .dodge, .mopar, .srt, .uconnect, .movistar, .telefonica, .liason and .lancome.

That brings the total of self-terminated new gTLDs to date to 66.

The imminent demise of .cartier and .piaget is perhaps notable, as it means luxury goods maker Richemont has now abandoned ALL of the nine dot-brands it originally applied for.

Richemont, an enthusiastic early adopter of the new gTLD concept, applied for 14 strings in total back in 2012.

The only ones it has left are generics — .watches along with the the Chinese translation .手表 and the Chinese for “jewelry”, .珠宝, none of which have been launched and in all likelihood are being held defensively.

It’s the same story with L’oreal, the cosmetics company. It also applied for 14 gTLDs, mostly brands, but abandoned all but .lancome prior to contracting.

With .lancome on its way out, L’oreal only owns the generics .skin, .hair, .makeup and .beauty, at least one of which is actually being used.

Also of note is the fact the car company Chrysler is dumping five of its six gTLDs — .chrysler, .dodge, .mopar, .srt and .uconnect — leaving only .jeep (unused) still under contract.

Clearly, Chrysler is not as keen on dot-brands as some of its European competitors, which have been among the most prolific users.

Telefonica’s abandonment of .movistar and .telefonica also means it’s out of the gTLD game completely now, although its Brazilian subsidiary still owns (and uses) .vivo.

Betting company Ladbrokes only ever owned .ladbrokes, though it did unsuccessfully apply for .bet also.

Rounding off the list is .warman, a brand of — and I’m really not making this up — industrial slurry pumps. The pumps are made by a company called Weir, which uses global.weir as its primary web site. So that’s nice.

As far as I can tell, none of the gTLDs that are being killed off had ever been used, though each registry will have paid ICANN six-figure fees since they originally contracted.

6 Comments Tagged: , , , , , , , , , , , , , , , , , ,

.org price cap complaints more like “spam” says Ombudsman

Kevin Murphy, September 11, 2019, Domain Policy

ICANN’s Ombudsman has sided with with ICANN in the fight over the lifting of price caps on .org domains, saying many of the thousands of comments objecting to the move were “more akin to spam”.

Herb Waye was weighing in on two Requests for Reconsideration, filed by NameCheap and the Electronic Frontier Foundation in July and August after ICANN and Public Interest Registry signed their controversial new registry agreement.

NameCheap wants ICANN to reverse its decision to allow PIR to raise .org prices by however much it chooses, while the EFF complained primarily about the fact that the Uniform Rapid Suspension anti-cybersquatting measure now appears in the contract.

In both cases, the requestors fumed that ICANN seemed to “ignore” the more than 3,200 comments that were filed in objection back in April, with NameCheap calling the public comment process a “sham”.

But Waye pointed to the fact that many of these comments were filed by people using a semi-automated web form hosted by the pro-domainer Internet Commerce Association.

As far as comments go for ICANN, 3200+ appears to be quite a sizeable number. But, seeing as how the public comments can be filled out and submitted electronically, it is not unexpected that many of the comments are, in actuality, more akin to spam.

With this eyebrow-raising comparison fresh in my mind, I had to giggle when, a few pages later, Waye writes (emphasis in original):

I am charged with being the eyes and ears of the Community. I must look at the matter through the lens of what the Requestor is asking and calling out. The Ombuds is charged with being the watchful eyes of the ICANN Community. The Ombuds is also charged with being the alert “ears” of the Community — with listening — with making individuals, whether Requestors or complainants or those just dropping by for an informal chat, feel heard.

Waye goes on to state that the ICANN board of directors was kept well-briefed on the status of the contract negotiations and that it had been provided with ICANN staff’s summary of the public comments.

He says that allowing ICANN’s CEO to execute the contract without a formal board vote did not go against ICANN rules (which Waye says he has “an admittedly layman’s understanding” of) because contractual matters are always delegated to senior staff.

In short, he sees no reason for ICANN to accept either Request for Reconsideration.

The Ombudsman is not the decision-maker here — the two RfRs will be thrown out considered by ICANN’s Board Accountability Mechanisms Committee at its next meeting, before going to the full board.

But I think we’ve got a pretty good indication here of which way the wind is blowing.

You can access the RfR materials and Waye’s responses here.

6 Comments Tagged: , , , , , , , , , , ,

Botterman is new ICANN chair

Kevin Murphy, September 10, 2019, Domain Policy

ICANN has announced that Maarten Botterman has been selected as its new chair.

He, along with newly selected vice chair León Felipe Sánchez Ambia, will take their seats after a formal board vote to come at the end of ICANN’s annual general meeting in Montreal next month.

Botterman replaces Cherine Chalaby, who has been in the role for two years. Chalaby is term-limited, having joined the board nine years ago, and will leave ICANN after Montreal.

Chris Disspain and Ron da Silva also stood for the chair, Chalaby said in a blog post last night. Becky Burr stood unsuccessfully for vice chair.

Disspain, currently vice chair, has stepped aside immediately to be replaced for the next month by Botterman. Disspain’s nine years come to an end next year.

Botterman is Dutch, based in Rotterdam, where he works as an “independent strategic advisor” at his own company, GNKS Consult.

He’s also on the board of the non-profit NLnet Foundation, which funds internet research, and is a former chair of Public Interest Registry, which runs .org.

He’s got a background in the Dutch government and the European Commission.

He was put on the board by the Nominating Committee three years ago and renewed for another three years last month. Theoretically, he could stay as ICANN’s chair for the next six years.

1 Comment Tagged: ,

Another victory for Amazon as ICANN rejects Colombian appeal

Kevin Murphy, September 9, 2019, Domain Registries

Amazon’s application for .amazon has moved another step closer to reality, after ICANN yesterday voted to reject an appeal from the Colombian government.

The ICANN board of directors voted unanimously, with two conflict-related abstentions, to adopt the recommendation of its Board Accountability Mechanisms Committee, which apparently states that ICANN did nothing wrong when it decided back in May to move .amazon towards delegation.

Neither the board resolution nor the BAMC recommendation has been published yet, but the audio recording of the board’s brief vote on Colombia’s Request for Reconsideration yesterday can be found here.

As you will recall, Colombia and the seven other governmental members of the Amazon Cooperation Treaty Organization have been trying to stymie Amazon’s application for .amazon on what you might call cultural appropriation grounds.

ACTO governments think they have the better right to the string, and they’ve been trying to get veto power over .amazon’s registry policies, something Amazon has been strongly resisting.

Amazon has instead offered a set of contractual Public Interest Commitments, such as giving ACTO the ability to block culturally sensitive strings, in the hope of calming the governments’ concerns.

These PICs, along with Amazon’s request for Spec 13 dot-brand status, will likely be published for 30 days of public comment this week, Global Domains Division head Cyrus Namazi told the board.

Expect fireworks.

After comments are closed, ICANN will then make any tweaks to the PICs that are necessary, before moving forward to contract-signing with Amazon, Namazi .said.

Comment Tagged: , , , , , , , ,

Kafka turns in grave as ICANN crowbars “useless” Greek TLD into the root

Kevin Murphy, September 9, 2019, Domain Policy

ICANN has finally approved a version of .eu in Greek script, but it’s already been criticized as “useless”.

Yesterday, ICANN’s board of directors rubber-stamped .ευ, the second internationalized domain name version of the European Union’s .eu, which will be represented in the DNS as .xn--qxa6a.

There’s a lot of history behind .ευ, much of it maddeningly illustrative of ICANN’s Kafkaesque obsession with procedure.

The first amusing thing to point out is that .ευ is technically being approved under ICANN’s IDN ccTLD Fast Track Process, a mere NINE YEARS after EURid first submitted its application.

The “Fast Track” has been used so far to approve 61 IDN ccTLDs. Often, the requested string is merely the name of the country in question, written in one of the local scripts, and the TLD is approved fairly quickly.

But in some cases, especially where the desired string is a two-character code, a string review will find the possibility of confusion with another TLD. This runs the risk of broadening the scope of domain homograph attacks sometimes used in phishing.

That’s what happened to .ευ, along with Bulgaria’s Cyrillic .бг and Greece’s own .ελ, which were rejected on string confusion grounds back in 2010 and 2011.

Under pressure from the Governmental Advisory Committee, ICANN then implemented an Extended Process Similarity Review Panel, essentially an appeals process designed to give unsuccessful Fast Track applicants a second bite at the apple.

That process led to Bulgaria being told that .бг was not too similar to Brazil’s .br, and Greece being told that .ελ did not look too much like .EA, a non-existent ccTLD that may or may not be delegated in future, after all.

But the EU’s .ευ failed at the same time, in 2014. The appeals review panel found that the string was confusable with upper-case .EY and .EV.

Again, these are not ccTLDs, just strings of two characters that have the potential to become ccTLDs in future should a new country or territory emerge and be assigned those codes by the International Standards Organization, a low-probability event.

I reported at the time that .ευ was probably as good as dead. It seemed pretty clear based on the rules at the time that if a string was confusable in uppercase OR lowercase, it would be rejected.

But I was quickly informed by ICANN that I was incorrect, and that ICANN top brass needed to discuss the results.

That seems to have led to ICANN tweaking the rules yet again in order to crowbar .ευ into the root.

In 2015, the board of directors reached out to the GAC, the ccNSO and the Security and Stability Advisory Committee for advice.

They dutifully returned two years later with proposed changes (pdf) that seemed tailor-made for the European Union’s predicament.

A requested IDN ccTLD that caused confusion with other strings in only uppercase, but not lowercase (just like .ευ!!!) could still get delegated, provided it had a comprehensive risk mitigation strategy in place, they recommended.

The recommendation was quickly approved by ICANN, which then sent its implementation guidelines (again, tailor-made for EURid (pdf)) back to the ccNSO/SSAC.

It was not until February this year that the ccNSO/SSAC group got back to ICANN (pdf) to approve of its implementation plan and to say that it has already tested it against EURid’s proposed risk-mitigation plan (pdf).

Basically, the process in 2009 didn’t produce the desired result, so ICANN changed the process. It didn’t produced the desired result again in 2014, so the process was changed again.

But at least Greek-speaking EU citizens are finally going to get a meaningful ccTLD that allows them to express their EUishness in their native script, right?

WRONG!

I recently read with interest and surprise a blog post by domainer-blogger Konstantinos Zournas, in which he referred to .ευ as the “worst domain extension ever”.

Zournas, who is Greek, opened my eyes to the fact that “.ευ” is meaningless in his native tongue. It’s just two Greek letters that visually resemble “EU” in Latin script. It’s confusing by design, but with .eu, a ccTLD that EURid already manages.

While not for a moment doubting Zournas’ familiarity with his own language, I had to confirm this on the EU’s Greek-language web site.

He’s right, the Greek for “European Union” is “Ευρωπαϊκής Ένωσης”, so the sensible two-letter IDN ccTLD would be .ΕΈ (those are Greek characters that look a bit like Latin E).

That would have almost certainly failed the ICANN string similarity process, however, as .ee/EE is the current, extant ccTLD for Estonia.

In short (too late), it seems to have taken ICANN the best part of a decade, and Jesus H Christ knows how many person-hours, to hack its own procedures multiple times in order to force through an application for a TLD that doesn’t mean anything, can’t be confused with anything that currently exists on the internet, and probably won’t be widely used anyway.

Gratz to all involved!

5 Comments Tagged: , , , , , , , , , ,

Sorry, you still can’t sue ICANN, two-faced .africa bidder told

Kevin Murphy, September 9, 2019, Domain Policy

Failed .africa gTLD applicant DotConnectAfrica appears to have lost its lawsuit against ICANN.

A California judge has said he will throw out the portions of DCA’s suit that had not already been thrown out two years ago, on the grounds that DCA was talking out of both sides of its mouth.

DCA applied for .africa in 2012 but lost out to rival applicant ZA Central Registry because ZACR had the backing of African governments and DCA did not.

It filed an Independent Review Process complaint against ICANN in 2013 and won in 2015, with the IRP panel finding that ICANN broke its own bylaws by paying undue deference to Governmental Advisory Committee advice.

It also emerged that ICANN had ghost-written letter of government support on behalf of the African Union, which looked very dodgy.

DCA then sued ICANN in 2016 on 11 counts ranging from fraud to breach of contract to negligence.

The Los Angeles Superior Court decided in 2017 that five of those charges were covered by the “covenant not to sue”, a broad waiver that all new gTLD applicants had to sign up to.

But the remaining six, relating to ICANN’s alleged fraud, were allowed to go ahead.

ICANN relied in its defense on a principle called “judicial estoppel”, where a judge is allowed to throw out a plaintiff’s arguments if it can be shown that it had previously relied on diametrically opposed arguments to win an earlier case.

The judge has now found that estoppel applies here, because DCA fought and won the IRP in part by repeatedly claiming that it was not allowed to sue in a proper court.

It had made this argument on at least seven occasions during the IRP, Judge Robert Broadbelt found. He wrote in his August 22 ruling (pdf):

DCA’s successfully taking the first position in the IRP proceeding and gaining significant advantages in that proceeding as a result thereof, and then taking the second position that its totally inconsistent in this lawsuit, presents egregious circumstances that would result in a miscarriage of justice if the court does not apply the doctrine of judicial estoppel to bar DCA from taking the second position in this lawsuit. The court therefore exercises its discretion to find in favor of ICANN, and against DCA, on ICANN’s affirmative defense of judicial estoppel and to bar DCA from bringing or maintaining its claims against ICANN alleged in the [First Amended Complaint] in this lawsuit.

In other words, ICANN’s won.

The case is not yet over, however. DCA still has an opportunity to object to the ruling, and there’s a hearing scheduled for December.

Comment Tagged: , , , , , , ,

Why you should never let a pizza joint apply for your billion-dollar dot-brand

Kevin Murphy, September 9, 2019, Domain Registries

A multi-billion dollar telecoms company has lost its two dot-brand gTLDs after apparently hiring a failed pizza restaurant to manage them.

For reals.

Several times a year, my friends at other domain news blogs will post cautionary tales about companies losing their domains after falling out with the consultant or developer who originally registered the names on their behalf.

I believe this story is the first example of the same thing happening at the top level, with two valuable dot-brand gTLDs.

It concerns the Saudi Arabian telco Etihad Etisalat, which does business as Mobily. It’s publicly traded, with millions of subscribers and 2018 revenue of the equivalent of $3.14 billion.

The two gTLDs we’re concerned with are .mobily and موبايلي. (.xn--mgbb9fbpob), the Arabic version of the brand.

Back in 2012, a Bahrain company called GreenTech Consultancy Company applied for both of these TLDs. The applications made it explicit that they were to be single-registrant dot-brands to be used by Mobily.

Quite what the relationship between Mobily and GreenTech was — if there even was one — isn’t particularly clear.

GreenTech’s shareholders were Anwar Ahmed and Asma Malik, two Pakistani nationals living in Bahrain, according to Bahrain business records.

Its web site is an laughable mess of broken English, shameful grammar, irrelevant and impenetrable technobabble (much of which appears verbatim on several other South Asian tech companies’ web sites), and a suggestion that the company is primarily in the business of selling satellite modems.

The site just stinks of bogosity. It looks like a dirt-cheap developer threw the site together during his lunch break for beer money.

Bahrain company records show that GreenTech shared a registration with a company called Greentech Pizzeria Restaurant. Same two directors, same address, same company number.

The consultancy company was formed in February 2012 — during the ICANN application window — and the pizza joint opened a bit over a year later.

Why a multi-billion dollar telecommunications company would entrust its brands to these guys, if that is in fact what happened, is a bit of a mystery.

From information that has recently emerged, which I’ll get to shortly, it appears that the true applicant was a Los Angeles-based gTLD consultancy called WiseDots, which in 2011 was co-founded by recently departed ICANN CFO Kevin Wilson and Herman Collins.

WiseDots employees Collins, Wael Nasr and Alan Bair were all at some point listed as primary or secondary contacts for the two applications, as was domain lawyer Mike Rodenbaugh of Rodenbaugh Law.

Wilson left WiseDots in May 2012 and rejoined three years later as CEO after a stint at Donuts. He’s currently listed as the Admin contact for both Mobily gTLDs in the IANA records.

It appears that Mobily signed a letter of intent with WiseDots on April 9, 2012, just three days before the ICANN application window closed, and that was later formalized into a contract in 2014, six months before GreenTech signed its contracts with ICANN.

Both applications made it through ICANN’s evaluation process with apparently no trouble — there were no objections on trademark or any other grounds — and the Registry Agreements were signed in December 2014.

It’s worth noting that neither contract contains Specification 13, which is required for a registry to operate as a dot-brand. If you want to run a dot-brand, you have to show ICANN that you own a trademark matching the string you’ve applied for.

GreenTech did actually submit requests for Spec 13 approval (pdf) — a week after the contracts were already signed — but at a later date both were either withdrawn or rejected by ICANN for reasons unknown.

Both requests include what appear to be scans of Saudi trademark certificates, but they’re both in Arabic and I’ve no idea who they’re assigned to. Presumably, Mobily, which may explain why GreenTech couldn’t get its Spec 13.

After the contracts were signed, it took exactly one full year — the maximum delay permitted by ICANN — before they were delegated and entered the DNS root.

A year after that, in December 2016, ICANN whacked GreenTech with a breach-of-contract notice (pdf), after the company apparently failed to pay its ICANN fees.

The fees had been “past due” for at least six months. It seems quite possible GreenTech had never paid its fees after delegation.

The breach was later escalated to termination, and the two parties entered mediation.

According to Nasr, in a letter to ICANN, Mobily had promised to pay the ICANN fees, but had reneged on its promise, causing the breach.

The issue was resolved, with GreenTech apparently agreeing to some “confidential” terms with ICANN, in November 2017.

It has now transpired, from Nasr’s letter and attached confidential joint-venture agreement, that GreenTech, WiseDots, Collins, Ahmad, Nasr and yet another consultant — an Egyptian named Ahmed El Oteify, apparently with Varkon Group — made a pact in August 2016 whereby the two gTLDs would be transferred into the control of a new jointly owned Bahrain company to be called MobileDots WLL, which in turn would be owned by a new jointly owned Delaware company called MobileDots LLC.

The TLD contracts would then be transferred to Mobily, according to Nasr.

“GreenTech and the two Mobiledots companies were intended to be intermediate conduits for the future transfer of the two Mobily licenses to Mobily as their eventual Registered Operator,” he wrote.

“At no point in time was GreenTech ever contemplated as the true operator of the ‘Mobily’ gTLD licenses. Indeed, GreenTech ran a defunct pizza restaurant, and was long ago de-registered by the Bahraini government for its numerous payments and filing defaults,” he wrote.

The Delaware company was created, but there does not appear to be an official record of the Bahrain company being formed.

According to Nasr, after Mobily stopped paying its ICANN dues the joint venture partners fell out with each other over how to finance the registries. This led to GreenTech asking ICANN to terminate its contracts, which I blogged about in May.

As is customary when a brand registry self-terminates, ICANN made a preliminary decision not to transfer the GreenTech contracts to a third party and opened it up to public comments.

Nasr’s letter is the first example of anyone ever actually using that public comment opportunity.

He argued that because of the JV agreement, ICANN should instead transfer .mobily and the Arabic version to MobileDots.

ICANN declined, saying “it is not within the remit of ICANN org to transfer the TLDs to a specific successor Registry Operator (such as Mobiledots L.L.C., as Mr. Nasr requests) through this termination process”.

As a further twist in the tale, on August 23 this year, just four days before the contract terminations were due to become effective, GreenTech withdrew its requests for reasons unknown.

But it seems ICANN has had enough.

Last Thursday, it told GreenTech (Wilson and Ahmed) that it is terminating its registry contracts anyway, “invoking certain provisions set forth in the previously agreed-upon confidential terms between ICANN org and GreenTech”.

Its termination notices do not reveal what these “confidential terms” are.

But, given that GreenTech stopped existing as a legal entity in February (according to Bahrain company records) it appears it would have been on fairly solid grounds to terminate anyway.

ICANN’s decision is not open for comment this time around, and IANA has been asked to delete both TLDs from the root as soon as possible.

The upshot of all this is that a massive Saudi telco has lost both of the dot-brands it may or may not have wanted, and a whole mess of gTLD consultants appear to be out of pocket.

And the moral of this story?

Damned if I know. Something to do with pizzas, probably.

9 Comments Tagged: , , , , , , , ,

More than 1,000 new gTLDs a year? Sure!

Kevin Murphy, September 5, 2019, Domain Tech

There’s no particular reason ICANN shouldn’t be able to add more than 1,000 new gTLDs to the DNS every year, according to security experts.

The Security and Stability Advisory Committee has informed ICANN (pdf) that the cap, which was in place for the 2012 application round, “has no relevance for the security of the root zone”.

Back then, ICANN had picked the 1,000-a-year upper limit for delegations more or less out of thin air, as a straw man for SSAC, the root server operators, and those who were opposed to new gTLDs in general to shake their sticks at. It was concluded that 1,000 should present no issues.

As it turned out, it took two and a half years for ICANN to add the first 1,000 new gTLDs, largely due to the manual elements of the application process.

SSAC is now reiterating its previous advice that monitoring the rate of change at the root is more important than how many TLDs are added, and that there needs to be a way to slam the brakes on delegations if things go titsup.

The committee is also far more concerned that some of the 2012 new gTLDs are being quite badly abused by spammers and the like, and that ICANN is not doing enough to address this problem.

Comment Tagged: , , , ,