Latest news of the domain name industry

Recent Posts

Uniregistry changes emails after “renewal scam” complaints

Kevin Murphy, February 2, 2018, Domain Registrars

Uniregistry has modified its marketing emails after customers complained they looked like fake renewal “scams”.

One customer contacted DI last week to say they were “horrified” to receive pitches for cheap SSL certificates that “read like some of the worst domain expiration scams of the past”.

The company recently started reselling Comodo’s SSL certs as part of its plan to broaden its customer base beyond its roots in the domain investor community.

But the way these certs were marketed left more than one customer with concerns. One email, which I’ve lightly redacted, read as follows:


FINAL NOTICE – Your SSL certificate for your domain has expired. Take action and renew your certificate today through Uniregistry.

If your SSL certificate expires your website will display a warning informing customers the site is not secure.

We’ve teamed up with Comodo CA to offer our valued customers discounts up to 78% off when they renew their SSL certificate through us.

Visit to take advantage of this offer and renew your certificate before it expires.

Domains at Risk :

Average validation time is less than an hour could take longer. Don’t let your certificate expire and put your business at risk. We are here to help, contact one of our SSL Specialist for more information or if you need additional support.

Thank you for choosing Uniregistry and Comodo CA

The reader said that while they have some domains with Uniregistry, their SSL certs had been bought elsewhere.

They added that the certs had not “expired” as the email claimed and said that they were not due to expire for months.

In addition, the email is quite clearly asking the customer to “renew” their cert via Uniregistry and Comodo, which should not be possible if the current cert was bought from a different Certificate Authority. It’s actually a solicitation to buy a new cert.

The scare-tactics wording is reminiscent of the old “slamming” scams carried out by Brandon Gray Internet Services, going under the moniker Domain Registry Of America and similar, until ICANN terminated its contract in 2014.

These “fake renewal” scams were delivered in the form of final-demand invoices, but were in fact solicitations to transfer domains, at a huge premium, from their current registrar to the scammer’s registrar.

A major difference between the DROA scam and Uniregistry’s marketing is that Uniregistry only contacted its existing customers. It was not spamming SSL owners at random.

Uniregistry told DI that the emails in question were part of an “A/B test” — when a company tests two emails to different sets of customers to see which one gets the best response rate — that were sent to “small number” of its customers.

Chief operating officer Kanchan Mhatre said in an email:

The initial content sent came from a previous campaign and it’s fair to say that it needed modifying to more accurately reflect what we were trying to convey. Based on the feedback received from you and other customers, we have modified the messaging and we are currently reviewing cert expiry date validation to ensure that we communicate with our customers in a timely manner.

2 Comments Tagged: , , , ,

CPE probe: “whitewash” or “fig leaf”?

Kevin Murphy, January 31, 2018, Domain Policy

A few weeks ago, when I was reporting the conclusions of a probe into ICANN’s new gTLD program, I wrote a prediction on a piece of paper and placed it into a sealed envelope.*

I wrote: “They’re gonna call this a whitewash.”

And I was correct! Ta-dah! I’m here all week.

The lawyer for applicants for .music and .gay gTLDs has written to ICANN to complain that a purportedly independent review of the Community Evaluation Process was riddled with errors and oversights and should not be trusted.

In a letter on behalf of dotgay LLC, Arif Ali calls the report a “whitewash”. In a letter on behalf of DotMusic, he calls it a “fig leaf”.

Both companies think that the CPE probe was designed to give ICANN cover to proceed with auctions for five outstanding gTLD contention sets, rather than to get to the bottom of perceived inconsistencies in the process.

Both of Ali’s clients applied for their respective gTLDs as “community” applicants, trying to avoid auctions by using the Community Priority Evaluation process.

During their CPEs, both carried out by the Economist Intelligence Unit, neither applicant scored highly enough to win the exclusive right to .gay or .music, meaning the next stage was to auction the strings off to the highest bidder.

After repeated complaints from applicants and an Independent Review Process finding that ICANN lacked transparency and that staff may have had inappropriate influence over the EIU, ICANN hired FTI Consulting to look into the whole CPE process.

FTI’s report was finally delivered late last year, clearing ICANN on all counts of impropriety and finding that the EIU’s evaluations had been consistent across each of the applications it looked at.

The remaining gTLDs affected by this are .music, .gay, .hotel, .cpa, and .merck.

ICANN’s board of directors is due to meet to discuss next steps this weekend, but Ali says that it should “critically evaluate the [FTI] Report and not accept its wholesale conclusions”. He wrote, on behalf of DotMusic:

The report reveals that FTI’s investigation was cursory at best; its narrow mandate and evaluation methodology were designed to do little more than vindicate ICANN’s administration of the CPE process.

It is evident that FTI engaged in a seemingly advocacy-driven investigation to reach conclusions that would absolve ICANN of the demonstrated and demonstrable problems that afflicted the CPE process.

Among the applicants’ list of complaints: their claim that FTI did not interview affected applicants or take their submissions seriously, and the fact that ICANN was less than transparent about who was conducting the probe and what its remit was.

The same letter quotes ICANN chair Cherine Chalaby, then vice-chair, saying in a January 2017 webinar that he had observed inconsistencies in how the CPEs were carried out; inconsistencies FTI has since found did not occur.

That should be enough to provoke discussion when the board meets to discuss this and other issues in Los Angeles on Saturday.

* I didn’t actually do this of course, I just thought about it, but you get my point.

Comment Tagged: , , , , , , , , ,

US and EU call for Whois to stay alive

Kevin Murphy, January 31, 2018, Domain Policy

Government officials from both sides of the Atlantic have this week called on ICANN to preserve Whois as it currently is, in the face of incoming EU privacy law, at least for a select few users.

The European Commission wrote to ICANN to ask for a “pragmatic and workable solution” to the apparent conflict between the General Data Protection Regulation and the desire of some folks to continue to access Whois as usual.

Three commissioners said in a letter (pdf) that special consideration should be given to “public interests” including “ensuring cybersecurity and the stability of the internet, preventing and fighting crime, protecting intellectual property and copyright, or enforcing consumer protection measures”.

David Redl, the new head of the US National Telecommunications and Information Administration, echoed these concerns in a speech at the State of the Net conference in Washington DC on Monday.

Redl said that the “preservation of the Whois service” is one of NTIA’s top two priorities at the moment. The other priority is pressing for US interests in the International Telecommunications Union, he said.

Calling Whois “a cornerstone of trust and accountability for the Internet”, Redl said the service “can, and should, retain its essential character while complying with national privacy laws, including the GDPR.”

“It is in the interests of all Internet stakeholders that it does,” he said. “And for anyone here in the US who may be persuaded by arguments calling for drastic change, please know that the US government expects this information to continue to be made easily available through the Whois service.”

He directly referred to the ability of regular internet users to access Whois for consumer protection purposes in his speech.

The European Commission appears to be looking at a more restrictive approach, but it did offer some concrete suggestions as to how GDPR compliance might be achieved.

For example, the commissioners’ letter appears to give tacit approval to the idea of “gated” access to Whois, but called for access by law enforcement to be streamlined and centralized.

It also suggests throttling as a mechanism to reduce abuse of Whois data, and makes it clear that registrants should always be clearly informed how their personal data will be used.

The deadline for GDPR compliance is May this year. That’s when the ability of EU countries to start to levy fines against non-compliant companies, which could run into millions of euros, kicks in.

While ICANN has been criticized by registries and registrars for moving too slowly to give them clarity on how to be GDPR-compliant while also sticking to the Whois provisions of their contracts, its pace has been picking up recently.

Two weeks ago it called for comments on three possible Whois models that could be used from May.

That comment period ended on Monday, and ICANN is expected to publish the model upon which further discussions will be based today.

Comment Tagged: , , , , , , , ,

Is the Trump administration really trying to reverse the IANA transition?

Kevin Murphy, January 29, 2018, Domain Policy

Questions have been raised about the US government’s commitment to an independent ICANN, following the release of letters sent by two top Trump appointees.

In the letters, new NTIA head David Redl and Secretary of Commerce Wilbur Ross expressed an interest in looking at ways to “unwind” the IANA transition, which in 2016 severed the formal ties between ICANN and the US in DNS root zone management.

Responding to questions from senators during his lengthy confirmation process, now National Telecommunications and Information Administration assistant secretary Redl wrote:

I am not aware of any specific proposals to reverse the IANA transition, but I am interested in exploring ways to achieve this goal. To that end, if I am confirmed I will recommend to Secretary Ross that we begin the process by convening a panel of experts to investigate options for unwinding the transition.

The letters were first obtained by Politico under the Freedom of Information Act. We’re publishing them here (pdf).

They were sent last August, when Redl’s confirmation to the NTIA role was being held up by Senator Ted Cruz, who vehemently opposed the transition because he said he thought it would give more power over online speech to the likes of Russia and China.

He was confirmed in November.

The question is whether Redl was serious about unwinding the transition, or whether he was just bullshitting Cruz in order to remove a roadblock to his confirmation.

Technically, he only promised to “recommend” convening a panel of experts to his boss, Ross.

NTIA declined to comment last week when DI asked whether the department still supports the IANA transition, whether any efforts are underway to unwind it, and whether the panel of experts has already been convened.

Redl’s statements on ICANN since his confirmation have been more or less consistent with his Obama-era predecessor, Larry Strickling, in terms of expressing support for multi-stakeholder models, but with perhaps some causes for concern.

During his first public speech, delivered at the CES show in Las Vegas earlier this month, Redl expressed support for multi-stakeholder internet governance amid pushes for more multi-lateral control within venues such as the International Telecommunications Union.

However, he added:

I’ll also focus on being a strong advocate for U.S. interests within ICANN. We need to ensure transparency and accountability in ICANN’s work. And in light of the implementation of the European General Data Privacy Regulation, or GDPR, we need to preserve lawful access to WHOIS data, which is a vital tool for the public.

In the coming weeks, I’ll be seeking out the views of stakeholders to understand how else NTIA can best serve American interests in these global Internet fora.

Could this be an allusion to the “panel of experts”? It’s unclear at this stage.

One of Redl’s first moves as NTIA chief was to slam ICANN for its lack of accountability concerning the shutdown of a review working group, but that was hardly a controversial point of view.

And in a letter to Senator Brian Schatz, the Democrat ranking member of the Senate Commerce Subcommittee on Communications, Technology, Innovation, and the Internet, sent earlier this month, Redl expressed support for the multi-stakeholder model and wrote:

NTIA will be a strong advocate for US interests with the Governmental Advisory Committee of the Internet Cooperation [sic] for Assigned Names and Numbers (ICANN) in the existing post-transition IANA phase. NTIA will also monitor the [IANA operator] Public Technical Identifiers (PTI) and take action as necessary to ensure the security and stability of the DNS root.

That certainly suggests NTIA is happy to work in the new paradigm, while the promise to “take action as necessary” against PTI may raise eyebrows.

While a lot of this may seem ambiguous, my hunch is that there’s not really much appetite to reverse the IANA transition. Apart from appeasing Cruz’s demons, what could possibly be gained?

Ross, quizzed by Cruz at his own confirmation hearing a year ago, seemed reluctant to commit to such a move.

1 Comment Tagged: , , , , , ,

MMX profitable as acquisition talks drag on

Kevin Murphy, January 29, 2018, Domain Registries

New gTLD registry Minds + Machines became profitable as an operating company for the first time in 2017, the company announced on Friday.

MMX saw billings of $10 million in the second half of the year, compared to $5.6 million in the first half, as domains under management grew 67% to 1.32 million.

Billings is a measure of sales, rather than the more formal measure of revenue for accounting purposes.

Renewals accounted for $5.6 million of billings in the year, which “for the first-time has exceeded fixed operating costs which have been reduced to below $5.5 million for 2017”.

The company’s bottom line will also boosted by $2.1 million due to MMX losing the .inc and .llc new gTLD auctions.

MMX also provided an update on its “strategic review”, a code word for the “acquisition by or sale/merger of the Company” that it announced last May.

The company said “the longevity of the discussions has been at times frustrating” but that it hopes to have something to announce by the time it reports its formal 2017 results in April.

MMX had originally hoped to have concluded these talks before last September.

3 Comments Tagged: , , ,