Latest news of the domain name industry

Recent Posts

ICANN chief to address hackers at Black Hat

Kevin Murphy, July 27, 2010, Domain Tech

Globe-trotting ICANN president Rod Beckstrom is heading to Vegas this week, to participate in a panel discussion on DNS security at the Black Hat conference at Caesar’s Palace.

He’ll be joined by Dan Kaminsky, discoverer of the notorious DNS vulnerability that bears his name, and is expected to sing the praises of the new DNSSEC security standard.

Also on tomorrow’s panel, entitled “Systemic DNS Vulnerabilities and Risk Management” are DNS inventor Paul Mockapetris, VeriSign CTO Ken Silva and NERC CSO Mark Weatherford.

ICANN and VeriSign recently signed the DNS root using DNSSEC standard. The challenge they face now is persuading everybody else in the world to jump on the bandwagon.

It’s likely to be slow going. DNSSEC has more than its fair share of skeptics, and even fierce proponents of the standard sometimes acknowledge that there’s not a heck of a lot in the way of a first mover advantage.

I’ll be interested to see if the subject of a DNS-CERT – a body to coordinate DNS security efforts – is raised either during the panel or the subsequent press conference.

From a policy point of view, DNSSEC is pretty much a done deal, whereas a DNS-CERT is still very much a matter for debate within the ICANN community.

I believe this is the first time ICANN has talked publicly at Black Hat. Beckstrom himself has taken the stage under his previous roles in government, but not as ICANN’s top dog.

Despite its name, Black Hat is a pretty corporate event nowadays. In my experience, the proper black/gray hats show up (or swap their lime green corporate polo shirts for Metallica T-shirts) at the weekend for Def Con, which is usually held at a cheaper venue around the corner.

1 Comment Tagged: , , , , , ,

Yes, .co domains are subject to the UDRP

I’ve been getting a fair bit of search traffic over the last few days from people evidently wondering whether .co domain names are subject to the same UDRP rules as .com, so I thought I’d answer the question directly.

Yes, they are.

For avoidance of doubt, I’ve just talked to .CO Internet’s director of marketing, Lori Anne Wardi, who had just talked to the registry’s policy people.

She told me that .co domains are subject to the exact same ICANN UDRP as .com.

If you’re a .co registrant, you’re bound to the policy the same as you are in .com. If you’re a trademark holder, you file a complaint in the same way.

The only difference at the moment is that .CO Internet has contracted with only one UDRP provider, WIPO, but Wardi said that more providers may be signed up in future.

1 Comment Tagged: , , , , , ,

Using Go Daddy equals “bad faith” registration

Registered a domain name with Go Daddy recently? Unless you’ve updated your name server settings, you’ve automatically committed a “bad faith” registration.

At least, that’s the conclusion I’m drawing from a couple of recent clueless UDRP decisions.

The most recent example is the case of Churchill Insurance, which just won churchillimports.com, following a proceeding with the National Arbitration Forum.

The registrant claimed he planned to use the domain, which he registered just six months ago, to sell cigars. Seems reasonable. Other sites sell cigars using the name “Churchill”.

But the NAF panelist, Flip Petillion, wasn’t buying it:

Respondent uses the churchillimports.com domain name to resolve to a directory website that displays links to third-party websites, some of which provide insurance products and services that compete with Complainant’s business.

it is shown on a balance of probability that Respondent uses the disputed domain name to operate a directory website and, thus, profits from this use through the receipt of “click-through” fees. Accordingly, the Panel finds that this use constitutes bad faith registration and use pursuant to Policy

as the disputed domain name was registered after the registration of Complainant’s established trademark rights and given the fact that Respondent’s website employs insurance themed links that resolve to websites of Complainant’s competitors, Respondent could not have registered and used the disputed domain name without actual or constructive knowledge of Complainant and its rights in the CHURCHILL mark.

What Petillion clearly failed to realize – or decided to conveniently ignore – is that everything he ascribes to the registrant was actually caused by default Go Daddy behavior.

Churchill sells car insurance in the UK. The registrant is an American, from Georgia. There’s a very slim chance he’d ever heard of the company before they slapped him with the UDRP.

But Petillion decided that the fact that insurance-themed links were present on the site shows that the registrant must have known about the company. Like he put the links there himself.

He concludes the registrant had “bad faith” because Go Daddy’s parking algorithm (I believe it’s operated by Google) knows to show insurance-related ads when people search for “churchill”.

In addition, churchillimports.com is the default parking page that Go Daddy throws up whenever a domain name is newly registered.

The registrant didn’t need to do anything other than register the name and, according to this bogus ruling, he’s automatically committed a bad faith registration.

Where does NAF find these people?

I’m sure I’m not the first to notice this kind of behavior, and I’m sure Go Daddy’s not the only registrar this affects.

4 Comments Tagged: , , , , , ,

Stalemate reached on new TLD ownership rules

Kevin Murphy, July 26, 2010, Domain Policy

An ICANN working group tasked with deciding whether domain name registrars should be able to apply to run new top-level domains has failed to reach a consensus.

For the last several months, the Vertical Integration working group has been debating, in essence, the competitive ground rules of the new TLD market, addressing questions such as:

  • Should existing ICANN registrars be allowed to run new TLD registries?
  • Should new TLD registries be allowed to own and control ICANN registrars?
  • Should new TLD registries be allowed to sell domains directly to end users?
  • What if an approved registry can’t find a decent registrar willing to sell domains in its TLD?
  • Should “.brand” TLDs be forced to sell via ICANN accredited registrars?
  • Should “registry service providers” be subject to the same restrictions as “registries”?
  • Where’s the harm in allowing cross-ownership and vertical integration?

It’s an extraordinarily complex set of questions, so it’s perhaps not surprising that the working group, which comprised a whopping 75 people, has managed to reach agreement on very few answers.

Its initial report, described as a “snapshot” and subject to change, states:

It is impossible to know or completely understand all potential business models that may be represented by new gTLD applicants. That fact has been an obstacle to finding consensus on policy that defines clear, bright line rules for allowing vertical integration and a compliance framework to support it

Having lurked on the WG’s interactions for a few months, I should note that this is possibly the understatement of the year. However, the WG does draw four conclusions.

1. Certain new gTLDs likely to be applied for in the first round will be unnecessarily impacted by restrictions on cross-ownership or control between registrar and registry.

I believe the WG is referring here primarily to, for example, certain “cultural” TLDs that expect to operate in linguistic niches not currently catered for by registrars.

The operators of the .zulu and .kurd TLDs would certainly find themselves without a paddle if the rules obliged them to find an ICANN-accredited registrar that supports either of their languages.

There are other would-be registries, such as .music, that call themselves “community” TLDs and want to be able to sell directly to users, but my feeling is that many in the WG are less sympathetic to those causes.

2. The need for a process that would allow applicants to request exceptions and be considered on a case-by-case basis. The reasons for exceptions, and the conditions under which exceptions would be allowed, vary widely in the group.

There’s not a great deal to add to that: the WG spent much of the last couple of weeks arguing about “exceptions” (that they could not agree on) to a baseline rule (that they could not define).

3. The concept of Single Registrant Single User should be explored further.

An “SRSU” is a subset of what a lot of us have been calling a “.brand”. The proposed .canon TLD, under which Canon alone owns .canon domains, would likely fall into this category.

The WG’s report suggests that SRSU namespaces, should they be permitted, should not be subject to the same restrictions as a more open and generic TLD that sells to the average man on the street.

The alternative would be pretty crazy – imagine Canon owning the registry but being forced to pay Go Daddy or eNom every time it wanted to add a record to its own database.

I do not believe that a hypothetical .facebook, in which Facebook is the registry and its users are the registrants, falls into the SRSU category. Which is also pretty nuts, if you’re Facebook, forced to hand your brand over to the world’s domain name registrars.

4. The need for enhanced compliance efforts and the need for a detailed compliance plan in relation to the new gTLD program in general.

One principle that has come through quite clearly whilst lurking on the WG mailing list is that the degree of distrust between participants in this industry is matched only by the lack of confidence in ICANN’s ability to police bad actors effectively.

Domain name companies are masters of the loophole, and ICANN’s enforcement mechanisms have historically been slow enough that yesterday’s scandal often becomes today’s standard practice.

This sums it up pretty well:

Some members feel that loosening vertical integration/ownership controls may let the proverbial “genie out of the bottle that can’t be put back” should competitive harms result in the marketplace. Others believe that adopting restrictions on vertical integration or cross ownership is the wrong approach altogether, and that the focus should be on protecting against harms, and providing sanctions where harms take place.

The WG currently has six policy proposals on the table, which vary from the “no VI allowed” of the current Draft Applicant Guidebook to “some VI allowed” to “full VI allowed”.

There was a poll of WG members a few weeks back, to see which proposal had most support. It was inconclusive, but it left three proposals clearly in the lead.

The so-called Free Trade proposal, which advocates no limits on cross ownership, was originally authored by Sivasubramanian Muthusamy of ISOC India Chennai.

The proposal as it currently stands puts the focus on ICANN troubleshooting undesirable activities through compliance programs rather than ownership restrictions.

Opposed, a proposal known as RACK+, offered up primarily by Afilias, some of its partners, and Go Daddy, favours a much more restrictive policy that is more aligned with business models established under the last ten years of gTLDs dominated by .com.

RACK+ would impose a 15% ownership limit between registries, registrars and registry service operators, ostensibly in order to prevent registrars abusing privileged registry data.

But under RACK+, all TLDs, including .brands and obscure community TLDs, would be obliged to accept registrations only through ICANN registrars, on a non-discriminatory basis.

This would probably render the .brand TLD market stillborn, if adopted by ICANN, I reckon.

A third proposal, called JN2+, originally authored by representatives of NeuStar and Domain Dimensions, occupies a spot somewhere in the middle ground.

It also proposes 15% ownership caps between registrars, registries and registry service providers, but it contains explicit carve-outs for SRSU-style .brands and “community” TLDs.

Because I’m a wimp, and I have no desire to be drawn into the kinds of arguments I’ve been reading and listening to recently, I’m going to quote Milton Mueller here, saying JN2 “had the highest acceptability ranking of all the proposals” when the WG was polled.

(Sorry.)

I find it rather surprising that the WG seems to be calling for more policy work to be done on ICANN’s compliance programs before the issue of vertical integration can be fully resolved.

If anything, this seems to me to be yet another way to risk adding more delay to the new TLD program.

There’s a public comment period now open, here. And here’s the report itself (pdf)

4 Comments Tagged: , , , , , , , , ,

Isn’t it about time for ICANN Las Vegas?

Kevin Murphy, July 23, 2010, Domain Policy

ICANN is now almost 12 years old, it’s held almost 40 public meetings in diverse cities all over the planet, and it’s never been to Vegas. Not once.

That’s got to change.

The organization is currently looking for a North American city in which to hold its fortieth public meeting, slated for next March. It’s the perfect opportunity for a company to put in a Las Vegas bid.

It’s about time ICANN headed to The Strip. It’s got to be the only industry organization in the world to never convene there. If the International Beverage Dispensing Equipment Association gets to have a Vegas convention, why can’t we?

Vegas is the conference center of North America, if not the world. There’s literally dozens of venues capable of handling a thousand or less beardy domain types, all within walking distance of each other.

If the conference facility prices are anything like the hotel room prices, ICANN and its sponsor should be able to find a real bargain.

For overseas visitors on a budget, flights to and hotels in Vegas can be very reasonable – rooms are generally subsidized by the money lost in the casinos downstairs.

The ICANN Fellowship Program would be massively oversubscribed. Live in the developing world? Fancy a free trip to Vegas? ICANN will be fighting off applicants with the proverbial stick.

But who would sponsor such a meeting?

Let me think… we’d be looking for a domain name company with deep pockets, something to sell, and no particular queasiness about sponsoring a Sin City event.

Can you think of anyone like that?

By March 2011, ICM Registry will very likely be in the pre-launch stages of the .xxx TLD.

The company will be looking for registrar partners, trying to assure IP interests that it’s not going to screw them, preparing for its sunrise and landrush periods… perfect timing.

Plus, we could have strippers at the Gala Event.

The stars are aligning on Las Vegas for ICANN 40.

ICANN, ICM – let’s make this happen.

Comment Tagged: , , ,