Recent Posts
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
- Domain universe grows despite .com drag
Alibaba hit with ICANN breach notice
One of the companies in the Alibaba Group, China’s biggest registrar and one of the largest technology companies in the world, has been handed a breach notice, containing a long list of complaints including abuse failures and non-payment of fees, by ICANN Compliance.
Alibaba.com Singapore E-Commerce, one of Alibaba’s four accredited registrars, failed to respond to abuse reports and failed to respond to ICANN’s requests for information about its failure to respond to abuse reports, the notice claims.
The breach notice will likely to be the last to be sent out for claims under the current version of the Registrar Accreditation Agreement. In two days, April 5, stricter domain takedown rules approved earlier this year will become effective on all registrars.
The abuse claims seem to cover four domains in .com and .vip that look like typos that could have been used in phishing attacks.
ICANN Compliance says that Alibaba also hasn’t published the names of its officers or its redemption fees, as the RAA also requires. It says the registrar also owes it an unspecified amount of past-due fees.
The chronologies reported in the notice claim Alibaba has been giving Compliance the run-around, failing to respond to calls and emails, since early November.
All four registrars in the Alibaba Group have the same published email and phone details, but it’s not clear whether the same ones are listed in ICANN’s internal directory.
Alibaba.com Singapore is one of four accredited registrars owned by Alibaba, the Chinese e-commerce giant. The parent is not short of a bob or two, reporting revenue equivalent to $126 billion last year. It can afford to pay its ICANN fees.
Of the three Alibaba registrars that have domains the “Singapore” one is the smallest, with about 660,000 domains under management. The other two have 3.2 million and 2.6 million domains to their accreditations.
The company has been told it has until April 17 to come back into compliance or risk getting terminated.
UK gov takes its lead from ICANN on DNS abuse
The UK government has set out how it intends to regulate UK-related top-level domain registries, and it’s taken its lead mostly from existing ICANN policies.
The Department for Science, Innovation and Technology said last year that it was to activate the parts of the Digital Economy Act of 2010 that allow it to seize control of TLDs such as .uk, .london, .scot, .wales and .cymru, should those registries fail to tackle abuse in future.
It ran a public consultation that attracted a few dozen responses, but has seemingly decided to stick to its original definitions of abuse and cybersquatting, which were cooked up with .uk registry Nominet and others and closely align to industry norms.
DSIT plans to define abuse in the same five categories as ICANN does — phishing, pharming, botnets, malware and vector spam (spam that is used to serve up the first four types of attack) — in its response to the consultation, published yesterday (pdf).
But it’s stronger on child sexual abuse material than ICANN. While registries and registrars have developed a “Framework to Address Abuse” that says they “should” take down domains publishing CSAM, ICANN itself has no contractual prohibitions on such content.
DSIT said it will require UK-related registries to have “adequate policies and procedures” to combat CSAM in their zones. The definition of CSAM follows existing UK law in being broader than elsewhere in the world, including artworks such as cartoons and manga where no real children are harmed.
DSIT said it will define cybersquatting as “the pre-emptive, bad faith registration of trade marks as domain names by third parties who do not possess rights in such names”. The definition omits the “and is being used in bad faith” terminology used in ICANN’s UDRP. DSIT’s definition includes typosquatting.
In response to the new document, Nominet tweeted:
The response highlights that Government recognises the work registries already do to support law enforcement agencies prevent the registration of domains to carry out illegal activity and "expect the existing voluntary arrangements to be used as the first port of call".
— Nominet (@Nominet) February 23, 2024
DSIT said it will draft its regulations “over the coming months”.
Registries and registrars vote ‘Yes’ to new DNS abuse rules
ICANN’s contracted registries and registrars have voted to accept new rules requiring them to take action on DNS abuse.
The new rules come after a vote lasting a few months with some quite high thresholds for success.
The current Registrar Accreditation Agreement merely requires registrars to “take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse”, which is pretty vague and barely enforceable.
The amendments, which still need to be rubber-stamped by the ICANN board, make it much clearer what registrars are expected to do in which circumstances. A new paragraph is added that reads:
3.18.2 When Registrar has actionable evidence that a Registered Name sponsored by Registrar is being used for DNS Abuse, Registrar must promptly take the appropriate mitigation action(s) that are reasonably necessary to stop, or otherwise disrupt, the Registered Name from being used for DNS Abuse. Action(s) may vary depending on the circumstances, taking into account the cause and severity of the harm from the DNS Abuse and the possibility of associated collateral damage.
For registries, the new text for the base gTLD Registry Agreement is similar, but with a little more wiggle-room:
Where a Registry Operator reasonably determines, based on actionable evidence, that a registered domain name in the TLD is being used for DNS Abuse, Registry Operator must promptly take the appropriate mitigation action(s) that are reasonably necessary to contribute to stopping, or otherwise disrupting, the domain name from being used for DNS Abuse. Such action(s) shall, at a minimum, include: (i)the referral of the domains being used for the DNS Abuse, along with relevant evidence, to the sponsoring registrar; or (ii) the taking of direct action, by the Registry Operator, where the Registry Operator deems appropriate. Action(s) may vary depending on the circumstances of each case, taking into account the severity of the harm from the DNS Abuse and the possibility of associated collateral damage.
In both cases, DNS abuse is defined by the now industry standard line: “malware, botnets, phishing, pharming, and spam (when spam serves as a delivery mechanism for the other forms of DNS Abuse listed in this Section)”.
There are a few other quality of life updates, such as the requirement for registrars to acknowledge receipt of abuse reports and to have their abuse reporting mechanism “conspicuously and readily accessible from” their home pages.
ICANN needed registrars representing over 90% of registered gTLD domains (adjusted slightly to make GoDaddy’s voice less powerful). That threshold was passed last week, with 94% of domains voting in favor of the amendments.
For registries, ICANN required a simple majority of registries (counted by contract rather than company) and for all registries voting in favor to have been responsible for two thirds of all registry fees paid last year.
Judging by the financial thresholds, .com and .net, which are not on the base RA, were not involved.
ICANN rejects a whole bunch of new gTLD policy stuff
ICANN has delivered some bad news for dot-brands, applicants from poorer countries, and others, at the weekend rejecting several items of new gTLD policy advice that the community spent years cooking up.
The board of directors on Sunday approved a scorecard of determinations, including the rejection (or non-adoption) of seven GNSO recommendations that it deems “would not be in the best interests of the ICANN community or ICANN”.
In reality, it’s the latter that seems to have been foremost in the board’s mind; most of the rejections appear to be geared toward reducing ICANN Org’s legal or financial exposure.
Notably, dot-brands are denied some of the relief from cumbersome or expensive requirements that the GNSO had wanted rid of.
The board rejected a recommendation that would exempt them from the Continued Operations Instrument — a financial bond used to pay an Emergency Back-End Registry Operator should the applicant go out of business.
“[T]he Board is concerned that an exemption from an COI for Spec 9 applications would have financial impact on ICANN since there would be no fund to draw from if such a registry went into EBERO,” the board wrote.
It also rejected a request to exempt dot-brands from rules requiring them to contractually ban and monitor abuse in their TLDs. The GNSO had argued that single-registrant TLDs do not suffer abuse, but the board said this could lead to abuse from compromised domains going unaddressed.
“The Board concludes that Recommendation 9.2, if implemented, could lead to DNS abuse for second-level registrations in a single-registrant TLD going unaddressed, unobserved, and unmitigated,” it said.
Applicants hoping to benefit from the Applicant Support Program — which in 2012 offered heavily discounted application fees to poorer applicants — also got some bad news.
The GNSO wants the support to extend to other costs such as application-writing services and lawyers, which naturally enough put the frighteners on the board, which noted “such expansion of support could raise the possibility of inappropriate use of resources (e.g. inflated expenses, private benefit concerns, and other legal or regulatory concerns)”.
The board also rejected a couple of recommendations that could be seen as weakening its role as ultimate authority over all things gTLD.
It rejected a proposal to remove the controversial covenant not to sue (CNTS) from the application process unless other recommendations related to appeals processes are implemented.
ICANN said that because it has not yet approved these other recommendations, it has rejected this recommendation.
The board also rejected a recommendation that would have limited its ability to reject a gTLD application to only when permitted to do so by the rules set out in the Applicant Guidebook.
The idea was to prevent applications being arbitrarily rejected, but the board said this “may unduly limit ICANN’s discretion to reject an application in yet-to-be-identified future circumstance(s)”.
The rejections invoke part of the ICANN bylaws that now requires the GNSO Council to convene and either affirm or amend its recommendations before discussing them with the board. Presumably this could happen at ICANN 78 next month.
The bylaws process essentially gives the board the ultimately authority to throw out the GNSO recommendations if it can muster up a two-thirds supermajority vote, something it rarely has a problem achieving.
Government to regulate UK-related domain names
The UK government is to trigger a law that would allow it to take control of .uk, .wales, .cymru, .scot and .london if their registries get thoroughly abused and they fail to do anything about it.
The Department for Science, Innovation and Technology said today it is to activate (or “commence”) the parts of the Digital Economy Act of 2010 that give it the power to appoint a new manager for any “UK-related” TLDs.
DSIT would only be able to exercise these powers if the registry in question had let DNS abuse or cybersquatting run amok and failed to follow government orders to fix it. I don’t believe any of the affected registries are currently in such a state.
The government has now launched a consultation, running until the end of August, to get industry and public feedback on its definitions of abuse and what it called “unfair domain use”, meaning cybersquatting.
Nominet, which runs .uk, .wales and .cymru, said in a statement:
The proposed prescribed requirements are consistent with Nominet’s current voluntary procedures, which Government has made clear it believes Nominet operates in a perfectly satisfactory manner. As the Government has had a reserve power to “step in” ever since the DEA was introduced, the purpose of the new provisions is to give Government a formal mechanism to do so, should it ever be required. Our understanding is that Government is enacting these provisions now to ensure the UK meets international best practice on governance of country code top-level domains in line with key global trading partners and future global trading commitments.
Based on my first read, I expect registries and registrars will think it looks generally pretty palatable. It seems DSIT has followed ICANN and the industry’s lead in terms of what qualifies as abuse, and Nominet said in a statement tonight that all three affected registries have been meeting with DSIT to craft the consultation.
Domain investors may take issue with the precise wording of the cybersquatting definition, however.
The definitions of abuse cover the industry standard five bases: malware, phishing, botnets, pharming and spam (insofar as it facilitates any of the other four) and cybersquatting is defined thus:
the pre-emptive, bad faith registration of trade marks as domain names by third parties who do not possess rights in such names. This includes ‘typosquatting’, when an end user takes advantage of common misspellings made by Internet users who are looking for a particular site or a particular provider of goods or services, in order to obtain some benefit.
Domainers will notice the document talks about “bad faith registration”, whereas UDRP talks about bad faith “registration and use”, which is sometimes an important edge-case distinction in cybersquatting disputes. Nominet’s DRS uses bad faith registration “or” use.
Where the consultation gets vague, and the potential for debate arises, is when it talks in general, high-level terms about how dispute resolution procedures should be designed.
Failure to deal with child sexual abuse material, as defined in the Convention on the Rights of the Child, in an affected TLD could also result in the government appointing a new registry.
The four gTLDs affected by the legislation all are considered geographic under ICANN rules and had to secure local government support when they applied for their strings. ICANN has a contractual right to terminate them if that government says so.
After the consultation is complete, DSIT intends to make its definitions law through secondary legislation.
This post was updated shortly after publication to add Nominet comments.
Identity Digital sees abuse up a bit in Q3
Identity Digital has published its second quarterly abuse review, showing abuse reports up slightly overall.
The report, which covers the third quarter 2022, also shows that the registry only released the private Whois information for a single domain during the period.
ID said it closed 3,225 abuse cases in Q3, up from 3,007 in Q2, covering 4,615 domains, up from 3,816. The vast majority — almost 93% — related to phishing. That’s in line with the previous quarter.
In about 1,500 cases, the domains in question where suspended by the registry or registrar in the first 24 hours, the report says. In 630 cases, the registry took action after the registrar failed to act within 72 hours.
The company received five complaints about child sexual abuse material from the Internet Watch Foundation during the period, up a couple on Q2, but all were remediated by the registrars in question.
It received four takedown notices from the Motion Picture Association under the registry’s Trusted Notifier Program, all of which resulted in suspended domains.
There were requests for private Whois information for 20 domains, three of which were intellectual property related, but only one resulted in disclosure. In 12 cases ID took the decision not to disclose.
The company has over 260 gTLDs in its stable and over 5.5 million registered domains.
The full slide deck can be viewed here (pdf).
Abuse crackdown likely in next gTLD registrar contract
ICANN and its accredited registries and registrars have formally kicked off contract renegotiations designed to better tackle DNS abuse.
The aim is to create a “baseline obligation” for contracted parties to “take reasonable and appropriate action to mitigate or disrupt malicious registrations engaged in DNS Abuse”, according to recent correspondence.
This may close the loophole in the contracts identified this year that hinder ICANN Compliance’s ability to take action against registrars that turn a blind eye to abuse.
The current contracts require registrars to “take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse”, which lacks clarity because there’s no agreement on what an appropriate response is.
The registries and registrars stakeholder groups (RySG and RrSG) note that there won’t be an expansion of the term “DNS abuse” to expand into web site content, nor will the talks cover Whois policy.
As is the norm for contract negotiations, they’ll be bilateral between ICANN and a select group of representative contracted parties, and conducted in private.
Talks are expected to take three to six months and the resulting amendments to the Registrar Accreditation Agreement and base Registry Agreement will be published for 30 days of public comment.
It’s been almost 10 years since the RAA was last updated.
Identity Digital publishes treasure trove of abuse data
Identity Digital, the old Donuts, has started publishing quarterly reports containing a wealth of data on reported abuse and the actions it takes in response.
The data for the second quarter, released (pdf) at the weekend, shows that the registry receives thousands of reports and suspends hundreds of domains for DNS abuse, but the number of domains it takes down for copyright infringement is quite small.
ID said that it received 3,007 reports covering 3,816 unique domains in the quarter, almost 93% of which related to phishing. The company said the complaints amounted to 0.024% of its total registered domains.
Most cases were resolved by third parties such as the registrar, hosting provider, or registrant, but ID said it suspended (put on “protective hold”) 746 domains during the period. In only 11% of cases was no action taken.
The company’s hitherto opaque “Trusted Notifier” program, which allows the Motion Picture Association and Recording Industry Association of America to request takedowns of prolific piracy sites resulted in six domain suspensions, all as a result of MPA requests.
The Internet Watch Foundation, which has similar privileges, resulted in 26 domains being reported for child sexual abuse material. Three of these were suspended, and the remainder were “remediated” by the associated registrar, according to ID.
The report also breaks down how many requests for private Whois data the company received, and how it processed them. Again, the numbers are quite low. Of requests for data on 44 domains, 18 were tossed for incompleteness, 23 were refused, and only three resulted in data being handed over.
Perhaps surprisingly, only two of the requests related to intellectual property. The biggest category was people trying to buy the domain in question.
This is a pretty cool level of transparency from ID and it’ll be interesting to see if its rivals follow suit.
DNSAI to name most-abused registries, registrars
The DNS Abuse Institute is to start publishing monthly reports that name the registries and TLDs with the highest level of abuse.
The organization’s Intelligence service is expected to land in September, a little later than was previously expected, according to a blog post from director of policy and programs Rowena Schoo.
DNSAI has partnered with Kor Labs, a project out of the Grenoble Institute of Technology, to supply the data, which will cover phishing and malware domains and differentiate between malicious registrations and compromised sites.
The Institute doesn’t consider spam DNS abuse unless it is used as a delivery mechanism for other types of abuse, in line with ICANN’s definition.
The decision to actually name (and in some cases, we should assume, shame) registries and registrars is an unusual one. Other, similar efforts tend to keep the data anonymous.
“We want to understand abuse persistence and whether it has been appropriately mitigated by registrars,” Schoo wrote.
DNSAI is a project primarily backed by .org manager Public Interest Registry.
DNS Abuse Institute names free tool NetBeacon, promises launch soon
NetBeacon has been picked as the name for the DNS Abuse Institute’s forthcoming free abuse-reporting tool.
The tool is expected to launch in early June, after software was donated by CleanDNS accelerated the development cycle, according to Institute director Graeme Bunton.
The system was previously using the working title CART, for Centralized Abuse Reporting Tool, as I blogged in February.
CleanDNS CEO Jeff Bedser is also on the board of Public Interest Registry, which funds DNSAI. Bunton wrote that PIR approved the use of the CleanDNS software under its conflict of interest policy, with Bedser recusing himself.
NetBeacon is expected to provide a way for authenticated abuse reporters to file complaints in a normalized fashion, potentially streamlining the workflow of registrars that subsequently have to deal with them.
Bunton has said that the service will be free at both ends, funded by non-for-profit PIR.
Recent Comments