Latest news of the domain name industry

Recent Posts

US Feds seize 33 Iranian news site domains

Kevin Murphy, June 23, 2021, Domain Policy

The US government said it has seized control of 33 domain names previously belonging to an Iranian TV news station that the US considers linked to terrorism.

The Department of Justice said the domains had been registered by the Iranian Islamic Radio and Television Union, which it said is controlled by Islamic Revolutionary Guard Corps Quds Force, designated as a terrorist organization.

Among the domains is presstv.com, used by Press TV, an Iranian state-owned station that broadcasts news in English and French.

The DoJ said the sites were “disguised as news organizations or media outlets” and “targeted the United States with disinformation campaigns and malign influence operations”.

All of the seized names reportedly use .com, .net and .tv domains, which are all operated by Verisign.

The DoJ obtained a court order to grab the names.

As an overseas registrar was used to register the names, it appears the court order instructed Verisign, based in the US, to hand them over.

The domains now direct to a US government placeholder informing visitors of the seizure. Some of the affected web sites have reportedly started using new domains.

Under US law, “Specially Designated Nationals” listed by the Office of Foreign Assets Control are forbidden from obtaining services from US companies without a special license.

The DoJ said it has seized an additional three domains owned by Kata’ib Hizballah (Kataib Hezbollah), an Iraqi militia backed by Iran.

1 Comment Tagged: , , , , ,

Domain firms plan “Trusted Notifier” takedown rules

Kevin Murphy, June 23, 2021, Domain Policy

Domain name registries and registrars are working on a joint framework that could speed up the process of taking down domain names being used for behavior such as movie piracy.

Discussed last week at the ICANN 71 public meeting, the Framework on Trusted Notifiers is a joint effort of the Registrar Stakeholder Group and Registries Stakeholder Group — together the Contracted Parties House — and is in the early stages of discussion.

Trusted Notifiers are third parties who often need domain names taken down due to activity such as copyright infringement or the sale of counterfeit pharmaceuticals, and are considered trustworthy enough not to overreach and spam the CPH with spurious, cumbersome, overly vague complaints.

It’s not a new concept. Registries in the gTLD space, such as Donuts and Radix, have had relationships with the Motion Picture Association for over five years.

ccTLD operator Nominet has a similar relationship with UK regulators, acting on behalf of Big Copyright and Big Pharma, taking down thousands of .uk domains every year.

The joint RrSG-RySG effort doesn’t appear to have any published draft framework yet, and the discussions appear to be being held privately, but members said last week that it is expected to describe a set of “common expectations or common understandings”, establishing what a Trusted Notifier is and what kind of cooperation they can expect from domain firms.

It’s one of several things the industry is working on to address complaints about so-called “DNS Abuse”, which could lead to government regulations or further delays to the new gTLD program.

It obviously veers into content policing, which ICANN has disavowed. But it’s not an ICANN policy effort. Whatever framework emerges, it’s expected to be non-contractual and voluntary.

Trusted Notifier relationships would be bilateral, between registry and notifier, with no ICANN oversight.

Such deals are not without controversy, however. Notably, free speech advocates at the Electronic Frontier Foundation have been complaining about Trusted Notifier for years, calling it “content policing by the back door” and most recently using it as an argument against Ethos Capital’s acquisition of Donuts.

Comment Tagged: , , , , , , , , ,

Did Harry and Meghan squat the Queen? [clickbait]

Kevin Murphy, June 23, 2021, Gossip

With tabloid rags everywhere continuing to clamor for any scrap of information that might drive a rift between the Duke and Duchess of Sussex and Queen Elizabeth II, perhaps it was inevitable that domain names would one day enter the fray.

And now they have, with the registrations of lilibetdiana.com and lilidiana.com making headlines this week.

Lilibet Diana Mountbatten-Windsor, Harry and Meghan’s second child and first daughter, was born at 1940 UTC on June 4.

“Diana” is of course a tribute to the Duke’s late mother, the Princess of Wales, while “Lilibet” is a reference to the Queen’s childhood nickname and the pet name by which her recently deceased husband, Phillip, addressed her.

The choice of name has been seen partly as an effort to renovate bridges that were charred when the Sussexes decoupled themselves from the taxpayer’s teat, abandoned royal duties, and buggered off to America to talk smack about their family on Oprah.

Reports quickly emerged that the choice of name might have been made without first seeking the Queen’s permission — reports that have been strenuously denied, backed by a threat of legal action.

But Whois records, as mostly useless as they are nowadays, have now stepped in to complicate matters.

According to Whois, lilibetdiana.com was registered just a few hours prior to the birth, June 4, presumably while the Duchess was in labor. But lilidiana.com was registered a few days earlier, on May 31. Both were registered via GoDaddy.

The Sussexes spokespeople tole The Telegraph that the names were merely two among many that were registered defensively in advance of the birth, before the couple had committed to a name:

Of course, as is often customary with public figures, a significant number of domains of any potential names that were considered were purchased by their team to protect against the exploitation of the name once it was later chosen and publicly shared.

Interestingly, lilibetdiana.uk and lilibetdiana.co.uk, which one might imagine would be on the defensive reg checklist, were only registered after the announcement of her birth on June 6, and via a different registrar, suggesting third-party ownership.

Three questions emerge from the Whois-related revelations:

First, do the records support the assertion by anonymous Palace sources that the Queen was not consulted in advance, or the contrary claim from the Sussexes?

Two, does anyone actually really care? I lost interest several paragraphs ago.

And C), am I really about to hit “Publish” on this article?

If you’re reading this, I guess I did. I’m sorry. I’m off to take a long, hot shower, to wash away the shame.

Comment Tagged:

There’s really only one question about the return to face-to-face ICANN meetings

Kevin Murphy, June 22, 2021, Domain Policy

The struggles of remote working during unsociable hours and the possibility of a return to partially in-person meetings for Seattle in October were the subject of lots of well-deserved debate at the virtual ICANN 71 public meeting last week, but in reality I think there’s only one question that matters.

The question is posed by Americans to everyone else, and it goes like this: “You guys cool if we go ahead without you?”

Sure, lots of interesting and important questions were raised last week, particularly during the hour-long final session.

If ICANN decides to require proof of vaccination to attend in person, will it accept all brands of vaccine, or will it do a Bruce Springsteen and exclude those who have received the AstraZeneca jab, which is not currently approved in the US?

Is it a problem for overseas travelers that the number of vaccinated Americans currently appears to be plateauing, as ludicrous political divisions see primarily “red state” folks refuse to take their medicine?

What about attendees working for companies that have eliminated their travel budget for the rest of the year?

What if there’s a new flavor of Covid, worse than the current delta variant, in play in October? What if travel corridors into the US are still closed when ICANN 72 comes around? What if attendees have to self-isolate for weeks in expensive hotels upon their return to their home countries? Has ICANN done any research into this?

These are some of the questions that have been raised, and while they’re all very interesting I can’t help but feel that they’re completely irrelevant in the context of an ICANN meeting.

ICANN doesn’t know what the pandemic state of play internationally is going to be four months from now. Nobody does. Not the epidemiologists, not the healthcare leaders, not the governments.

ICANN isn’t a government. It isn’t the United Nations. It’s a technical and policy coordination body that sometimes appears to have a sense of its own importance as inflated as its budget. Its powers to assure an internationally diverse community can gather in literally the same room in October are close to non-existent.

But it’s a pretty safe bet that domestic travel in the US will still be permitted in October (did it ever even really stop?) and therefore it’s a pretty safe bet that community members based in America will be able to bump elbows in Seattle.

The only question remaining therefore is: how much of the rest of the world is ICANN willing to risk excluding to make that happen?

It’s a question its board of directors will answer in July. I don’t envy them the responsibility.

9 Comments Tagged: , , , , , ,

Registries unveil plan to tackle botnet abuse with mass takedowns

Kevin Murphy, June 21, 2021, Domain Policy

Domain name registries have thrown a bone to critics who say they’re not doing enough to tackle DNS abuse by revealing a framework for rapidly taking down domains associated with large-scale botnets.

In a nutshell, the new Framework on Domain Generating Algorithms (DGAs) Associated with Malware and Botnets (pdf) would enable registries to preemptively register potentially abusive names without paying ICANN fees.

It is hoped that the framework will give law enforcement an easier time in tackling botnets, and perhaps cool down some of the heat the domain name industry is taking over the DNS abuse problem.

Botnets, you’ll recall, are large networks of compromised computers that can be deployed to, for example, carry out damaging distributed denial of service attacks.

The endpoint malware on botted machines is often controlled by regularly pinging a predetermined domain name to ask for instructions.

Rather than a single domain name, which would be easy to block, the malware often use algorithms, seeded with the current time or date, to create apparently random, gobbledygook names.

Botnet controllers need only run the same algorithm at home to determine the appropriate domain to register at any given time.

Other times, lists of thousands of domains are generated in advance and hard-coded into the malware.

Either way, DGAs can give law enforcement a way to effectively shut down a botnet by having all the potential command and control domains blocked or registered, but only with the cooperation of the registries.

A notable example of such cooperation was during the Conficker crisis over a decade ago, which ultimately saw a broad coalition of LE, registries and security companies come together to reverse engineer and preemptively block the huge numbers of domains the malware was expected to generate.

The new framework, which was created by ICANN’s Registries Stakeholder Group in cooperation with the Governmental Advisory Committee, essentially formalizes and expedites that kind of countermeasure.

It’s not official ICANN consensus policy, nor is it binding on all registries. It’s purely voluntary.

It appears primarily concerned with reducing the administrative and financial burden on registries that choose to participate.

It asks law enforcement to submit takedown requests as part of “a well thought-out, comprehensive abuse disruption strategy” that gives registries sufficient time to implement them.

It further asks (and provides a template letter) that ICANN waives the fees it collects when registries register botnet domains, which with some DGAs could amount to many tens or hundreds of thousands of dollars.

It also lists several reasons why registries might refuse to comply with LE without a court order — such as when the names are already registered and need to be seized, or when they’ve been identified as potentially high-value domains.

For registries, offering up the framework appears to be low-hanging fruit in their ongoing conflict with governments, cops and security researchers that argue the industry should do more to tackle abuse.

What it doesn’t do is expand the current industry definition of “abuse”, which is currently limited to botnets, phishing, pharming and malware distribution. Spam can also be considered DNS abuse when it is used to perpetrate any of the other four malfeasances.

But that definition is also voluntary, and only a few dozen registries and registrars have signed up to it. ICANN contracts are pretty much toothless when it comes to abuse.

The fight about DNS abuse is pretty amorphous, and overlaps with intellectual property interests’ demand for more access to private Whois data and the issue of when to start the next new gTLD application round.

1 Comment

Next new gTLD round should be less English, says ICANN boss

Kevin Murphy, June 16, 2021, Domain Policy

The next round of new gTLDs should be less focused on the English-speaking world, ICANN CEO Göran Marby said yesterday.

Talking to ICANN’s Governmental Advisory Committee in a bilateral session at ICANN 71 yesterday, Marby said he believed the 2012 round — the last time anyone was able to apply for a new gTLD — was too English-centric.

We have so few identifiers on the internet, [which] I think is a problem. Most of them are in relation to the English language or translations of English words…

I think and I truly believe that the next round should be giving the ability for people to have identifiers on the internet that’s actually in correlation with their own local contexts, their own scripts, their own keyboards, their own narratives, so they can create their pwn communities on the internet…

We have to rethink a lot of things we have done previously, because last time we did a round it was very much about the English language and I don’t think that’s fair for the rest of the world.

He pointed out the need for universal acceptance — the technical and educational challenge of making sure all software and online services support non-Latin internationalized domain names.

While it’s true that the 2012 round of applications turned out very much English-heavy, it was not by design.

Broadening the gTLD space out to non-Latin scripts and non-English languages was one of the benefits frequently cited (often, I thought, to guilt-trip the naysayers) before opponents of new gTLDs — including governments — in the run-up to the 2012 round.

ICANN was tasked in 2011/12 with reaching out to potential applications in under-served areas of the world, but it’s generally considered to have done a pretty shoddy job of it.

In the 2012 round, 116 of the 1,930 total applications were for IDNs, and 97 of those at some point made it into the DNS root. There have been a further 61 IDN ccTLDs that came in through the IDN ccTLD Fast Track process.

IDN applicants were given special privileges in the 2012 round, such as prioritization in the lottery that selected the processing order for applications. The first delegated new gTLD was in Arabic.

The IDN gTLDs have had a mixed performance volume-wise, with the top 10 strings, which are mostly Chinese, having between 14,500 and 164,000 domains under management.

Only one has passed the 50,000-domain threshold where it has to start paying ICANN transaction fees.

The numbers are not thoroughly terrible by new gTLD standards, but they don’t make the case for huge demand, either.

1 Comment Tagged: , , ,

Cade and Dammak win ICANN awards

Kevin Murphy, June 16, 2021, Domain Policy

Marilyn Cade and Rafik Dammak have been named joint winners of this year’s ICANN Community Excellence Award, formerly the Ethos Award.

The award acknowledges those community members deemed to have embodied ICANN’s values and devoted a lot of time to community work.

As I previously blogged, policy consultant Cade, who died last year to a wide outpouring of tributes, was pretty much a shoo-in.

“This award is not intended to be a memorial. Instead, it is a well-deserved recognition of Marilyn’s contributions and commitment to ICANN and our multistakeholder community,” the awards selection committee noted.

Dammak has for over a decade contributed “countless volunteer hours” on various ICANN policy working groups, mainly in the GNSO, the committee noted. His impartiality was called out by the selection committee for praise.

He last year stepped in to fill a leadership vacuum in the working group devoted to reviewing Whois privacy policy.

Comment Tagged:

In two weeks, Brits will lose their .eu domains forever

UK registrants of .eu domains have just two weeks left to bring their registrations into compliance or face losing their names forever.

EURid today sent out its final warning to its UK customers — update your records or have your domains placed into an unrecoverable “withdrawn” status, which means they’re removed from the zone file.

These domains have been in a “suspended” status since January, but still recoverable.

To come back into compliance, records will have to be updated to either a registrant based in the post-Brexit EU 27 member states, or an EU citizen based in the UK.

The deadline is June 30, with the withdrawal axe falling the following day.

Comment Tagged: , ,

ICANN waves off EFF concerns about the Ethos-Donuts deal

ICANN has dismissed concerns from the Electronic Frontier Foundation about the recent acquisition of Donuts by Ethos Capital.

Responding to a letter from EFF senior attorney Mitch Stoltz, ICANN chair Maarten Botterman said the deal had been thoroughly reviewed according to the necessary technical and financial stability standards.

In reviewing this transaction, the ICANN org team completed a thorough review and analysis of information provided by Ethos Capital and Donuts. Based on the review, the ICANN org team concluded that Donuts, as controlled by its proposed new owners would still meet or exceed the ICANN-adopted specifications or policies on registry operator criteria in effect, including with respect to financial resources, operational and technical capabilities, and overall compliance with ICANN’s contracts and Consensus Policies. Before its final decision on the matter, ICANN org provided multiple briefings to the Board. Following its final briefing and discussion with the Board, ICANN org approved the change of control in late March 2021.

The EFF had claimed that the anti-abuse parts of Donuts various registry agreements amounted to giving Donuts the right to “censor” domains, and it took issue with the Domain Protected Marks List domain blocking service.

Botterman noted that these predate the Ethos acquisition and were not reviewed.

Prior to the deal, which closed in March, Donuts was owned by another PE firm, Abry Partners. ICANN CEO Göran Marby had previously expressed puzzlement that the acquisition to lead to such concerns.

Comment Tagged: , , , ,

ICANNers itching to get back to face-to-face shindigs

Kevin Murphy, June 16, 2021, Domain Policy

A majority of ICANN community members want a return to in-person meetings as soon as possible, and overwhelmingly don’t care how many pandemic-related restrictions are put in place to get it done.

That’s according to the results of an online survey ICANN carried out, which ultimately had 665 responses, or 514 if you exclude responses from ICANN staff.

The survey found that over half of all respondents were keen to fling open the doors for ICANN 72 in Seattle this October, even if it meant reduced attendance and global diversity due to pandemic restrictions on travel.

There was even greater acceptance of — and indeed demand for — health measures such as social distancing, face masks, proof of vaccination, and on-site testing.

None of these proposed measures attracted less than 72% support, and no more than 11% of respondents objected to any individual measure.

While the majority of the respondents were from North America or Europe — which I think it’s fair to say are broadly considered to be well-vaccinated and in the closing days of their pandemic restrictions — ICANN has helpfully broken down some of the responses by geography.

Perhaps unsurprisingly, North Americans and Europeans were far more likely to approve of vaccination-related attendance rules, at 73% and 66% respectively. But a majority of those from Latin America, Asia and Africa were also tolerant of such restrictions.

North Americans were also much less likely to fear travel restrictions — ICANN 72 will be held on home turf, after all.

While the survey results show a clear inclination for reopening in-person meetings, with an online component for those unable to make it, the decision will be made by the ICANN board of directors next month.

The full survey results can be viewed here (pdf).

Comment Tagged: , , , , ,