Latest news of the domain name industry

Recent Posts

Domainers get love, but no refunds for .co cybersquatters

Kevin Murphy, August 10, 2010, Domain Registries

.CO Internet has ramped up its anti-cybersquatter messaging, promising no refunds for trademark-infringing .co registrants, no matter how much they paid for their domains.

An “Open Letter to .co Domain Registrants”, published by the company yesterday, also contains a shout-out to domainers, which I think may be a first from a domain registry.

The letter points out, as I have previously, that .co is subject to the UDRP on the same terms as other TLDs including .com.

The outcome of a UDRP proceeding is binding, and no refunds will be given under any circumstances — regardless of how much money you may have paid to secure the domain; whether the domain was acquired directly via a domain registrar or through a domain auction venue; and whether you were unaware that you had infringed on someone else’s rights.

There’s similar text on the front page of COauctions.com, where the registry is currently auctioning off contested landrush applications.

Is this just a matter of legal ass-covering? Or are there some gray-area domains in the landrush auction?

Despite all the promotional work the registry performed in the run-up to general availability, there are still plenty of people who seemed to believe .co represented new, lawless territory.

The letter ends with the statement that “.CO Internet is committed to protecting the rights of brand owners, domain investors, and end users.”

Domainers getting some love in the same breath as brand owners is not something you hear every day, particularly from registries.

7 Comments Tagged: , , , , ,

.CO landrush auctions kick off today

Kevin Murphy, August 10, 2010, Domain Registries

.CO Internet has today started auctioning off domain names that had multiple applicants during the .co landrush earlier this summer.

According to the company, over 2,500 names will be auctioned over the next four weeks. The top three most-contested names were Slots.co, Insure.co and Denver.co.

Other notable .CO domain names up for auction include Mexi.co, America.co, Betting.co, Vitamins.co, UsedCars.co, Happy.co, Ebook.co and Jackpot.co.

Registrants who applied for one of the contested domains need to sign up at www.COauctions.co.

There have been almost 410,000 .co registrations since the Colombian country-code domain was opened up to international registrants last month.

So far, the biggest seller has been o.co, sold to Overstock for $350,000.

Given that slots.com sold for $5.5 million, it seems likely that slots.co could fetch something in five figures or beyond.

6 Comments Tagged: , , ,

McAfee calls for ICANN spam crackdown

Kevin Murphy, August 10, 2010, Domain Tech

The security company McAfee has claimed that ICANN needs to try harder in the fight against spam by cracking down on rogue registrars.

In a report released today, the company makes the bold assertion that ICANN “holds the trump card to the spam problem” and that it should step up its compliance efforts.

Although ICANN cannot stop spam itself and does not link spammers to the Internet, it does accredit the registrars that sell the domains that cybercriminals use to fill our inboxes with advertisements and malware

McAfee notes that ICANN has previously de-accredited spammer-friendly registrars such as the notorious EstDomains, but that it needs to do more.

ICANN needs to continue this trend against registrars that knowingly provide domain services to cybercriminals. The organization also needs to harden its policies that define under what circumstances an accreditation can be revoked, so that it can take quicker action against rogue registrars.

The claims come in a report entitled “Security Takes The Offensive”, available here.

The report does not lay all the blame for spam at ICANN’s door, of course. The author also goes after ISPs and the SMTP protocol itself.

The report does not point out that there are 250-odd TLDs over which ICANN has no registrar accreditation powers whatsoever.

Despite my best efforts with Google, I’ve been unable to find a single instance of McAfee publicly participating in ICANN policy-making, so I have to wonder how serious it is.

At least guys like KnuJon are not afraid to show up at meetings and stir things up a bit.

1 Comment Tagged: , , ,

Domain name hijacker gets jail time

Kevin Murphy, August 10, 2010, Domain Registrars

A man who hijacked Comcast’s domain name, causing hours of outages for the ISP’s customers, has been sentenced to four months in jail.

James Black, who went by the handle “Defiant”, will also have to serve 150 hours of community service, three years of supervised release, and pay Comcast $128,557 in restitution.

Assistant United States Attorney Kathryn Warma told the court:

Mr. Black and his Kryogenicks crew created risks to all of these millions of e-mail customers for the simple sake of boosting their own childish egos.

The attack took place over two years ago. Kryogenicks reportedly used a combination of social engineering and technical tricks to take over Comcast’s account at Network Solutions.

During the period of the hijacking, comcast.net redirected to the hacker’s page of choice. All Comcast webmail was unavailable for at least five hours.

Comment Tagged: , , , ,

DNS Made Easy whacked with 50Gbps attack

Kevin Murphy, August 9, 2010, Domain Services

The managed DNS service provider DNS Made Easy was knocked offline for 90 minutes on Saturday by a distributed denial of service attack estimated at 50Gbps.

This could be the largest DDoS attack ever. The largest I’ve previous heard reported was 49Gbps.

The company, which promises 100% uptime, tweeted that the attack lasted eight hours, but only saw one and a half hours of downtime.

Here are some tweets from the company, starting on Saturday afternoon:

Out of China. Over 20 Gbps…. Don’t really know how big actually. But it’s big. We know it’s over 20 Gbps

Update…. Over 50 Gbps… we think. Since core Tier1 routers are being flooded in multiple cities…..

Trying to organize emergency meeting with all Tier1 providers. We probably have over 50 senior network admins looking into this.

This is flooding the provider’s backbones. By far the largest attack we have had to fight in history.

And, post-attack:

The good: Not everyone was down, not all locations were down at once. The bad: There were temporary regional outages.

Almost back to normal in all locations. Full explanation, details, and SLA credits will be given to all users as soon as possible.

We did not see a 6.5 hour long outage. That would be ultra-long. DDOS attack was 8 hours. Less than 1.5 hours of actual downtime.

It will prove costly. The company’s service level agreement promises to credit all accounts for 500% of any downtime its customers experience.

Quite often in these cases the target of the attack is a single domain. Twitter and Facebook have both suffered performance problems in the past after attackers went after a single user for political reasons.

For a DNS provider, any single domain they host could be such a target. I’d be interested to know if that was the case in this incident.

2 Comments Tagged: , , ,