Latest news of the domain name industry

Recent Posts

ICANN: we won’t force registrars to suspend domains

Kevin Murphy, October 2, 2015, Domain Registrars

In one of the ongoing battles between registrars and the intellectual property lobby, ICANN’s compliance department seems to have sided with the registrars, for now.

Registrars will not be forced to suspend domain names when people complain about abusive or illegal behavior on the associated web sites, according to chief contract compliance office Allen Grogan.

The decision will please registrars but will come as a blow to the likes of music and movie studios and those who fight to shut down dodgy internet pharmacies.

Grogan yesterday published his interpretation of the 2013 Registrar Accreditation Agreement, specifically the section (3.18) that obliges registrars to “investigate and respond appropriately” abuse reports.

The IP crowd take this to mean that if they submit an abuse report claiming, for example, that a web site sells medicines across borders without an appropriate license, the registrar should check out the site then turn off the domain.

Registrars, on the other hand, claim they’re in no position to make a judgment call about the legality of a site unless presented with a proper court order.

Grogan appears to have taken this view also, though he indicated that his work is not yet done. He wrote:

Sometimes a complaining party takes the position that that there is only one appropriate response to a report of abuse or illegal activity, namely to suspend or terminate the domain name registration. In the same circumstances, a registrar may take the position that it is not qualified to make a determination regarding whether the activity in question is illegal and that the registrar is unwilling to suspend or terminate the domain name registration absent an order from a court of competent jurisdiction. I am continuing to work toward finding ways to bridge these gaps.

It’s a testament to how little agreement there is on this issue that, when we asked Grogan back in June how long it would take to provide clarity, he estimated it would take “a few weeks”. Yet it’s still not fully resolved.

His blog post last night contains a seven-point checklist that abuse reporters must conform to in order to give registrars enough detail to with with.

They must, for example, be specific about who they are, where the allegedly abusive content can be found, whose rights are being infringed, and which laws are being broken in which jurisdiction.

It also contains a six-point checklist for how registrars must respond.

Registrars are only obliged to investigate the URL in question (unless they fear exposure to malware or child abuse material), inform the registrant about the complaint, and inform the reporter what, if anything, they’ve done to remediate the situation.

There’s no obligation to suspend domains, and registrars seem to have great leeway in how they treat the report.

In short, Grogan has interpreted RAA 3.18 in a way that does not seem to place any substantial additional burden on registrars.

He’s convening a roundtable discussion for the forthcoming ICANN meeting in Dublin with a view to getting registrars to agree to some non-binding “voluntary self-regulatory” best practices.

Afilias wins $10m judgment in Architelos “trade secrets” case

Kevin Murphy, August 25, 2015, Domain Services

Afilias has won a $10 million verdict against domain security startup Architelos, over claims its flagship NameSentry abuse monitoring service was created using stolen trade secrets.

A jury in Virginia today handed Afilias $5 million for “misappropriation of trade secrets”, $2.5 million for “conversion” and another $2.5 million for “civil conspiracy”.

The jury found (pdf) in favor of Architelos on claims of business conspiracy and tortious interference with contractual relations, however.

Ten million dollars is a hell of a lot of cash for Architelos, which reportedly said in court that it has only made $300,000 from NameSentry.

If that’s true, I seriously doubt the four-year-old, three-person company has even made $10 million in revenue to date, never mind having enough cash in the bank to cover the judgment.

“We’re disappointed in the jury’s verdict and we plan to address it in some post-trial motions,” CEO Alexa Raad told DI.

The lawsuit was filed in January, but it has not been widely reported on and I only found out about its existence today.

The original complaint (pdf) alleged that three Architelos employees/contractors, including CTO Michael Young, were previously employees or contractors of Afilias and worked on the company’s own abuse tools.

It claimed that these employees took trade secrets with them when they joined Architelos, and used them to build NameSentry, which enables TLD registries to monitor and remediate abuse in their zones.

Architelos denied the claims, saying in its March answer (pdf) that Afilias was simply trying to disrupt its business by casting doubt over the ownership of its IP.

That doubt has certainly been cast, though the jury verdict says nothing about transferring Architelos’ patents to Afilias.

The $5 million portion of the verdict deals with Afilias’ claim that Architelos misappropriated trade secrets — ie that Young and others took work they did for Afilias and used it to build a product that could compete with something Afilias had been building.

The other two counts that went against Architelos basically cover the same actions by Architelos employees.

The company may be able to get the amount of the judgment lowered in post-trial, or even get the jury verdict overturned, so it’s not necessarily curtains yet. But Architelos certainly has a mountain to climb.

Two legit registrars held to account for lack of abuse tracking

Kevin Murphy, January 26, 2015, Domain Registrars

ICANN Compliance’s campaign against registrars that fail to respond to abuse reports continued last week, with two registrars hit with breach notices.

The registrars in question are Above.com and Astutium, neither of which one would instinctively bundle in to the “rogue registrar” category.

Both companies have been told they’ve breached section 3.18.1 of their Registrar Accreditation Agreement, which says: “Registrar shall take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.”

Specifics were not given, but it seems that people filed abuse reports with the registrars then complained to ICANN when they did not get the response they wanted. ICANN then was unable to get the registrars to show evidence that they had responded.

Both companies have until February 12 to come back into compliance or risk losing their accreditations.

Domain investor-focused Above.com had over 150,000 gTLD domains on its books at the last official count. UK-based Astutium has fewer than 5,000 (though it says the current number, presumably including ccTLD names, is 53,350).

It’s becoming increasingly clear that registrars under the 2013 RAA are going to be held to account by ICANN to the somewhat vague requirements of 3.18.1, and that logging communications with abuse reports is now a must.

IP Mirror rapped for failing to deal with abuse

Kevin Murphy, November 17, 2014, Domain Registrars

Here’s something you don’t see every day: a corporate brand management registrar getting smacked by an ICANN breach notice.

Singapore-based registrar IP Mirror has been sent a warning by ICANN Compliance about a failure to respond to abuse complaints filed by law enforcement, which appears to be another first.

Under the 2013 Registrar Accreditation Agreement, registrars are obliged to have a 24/7 abuse hotline to field complaints from “law enforcement, consumer protection, quasi-governmental or other similar authorities” designated by the governments of places where they have a physical office.

According to its web site, IP Mirror has offices in Singapore, Australia, Canada, Hong Kong, Indonesia, Japan, Malaysia, South Korea, Taiwan and the UK, but ICANN’s breach notice does not specify which authority filed the complaint or which domains were allegedly abusive.

Registrars have to respond to such complaints within 24 hours, the RAA says.

The ICANN notice (pdf) takes the company to task for alleged breaches of other related parts of the RAA, such as failure to retain records about complaints and to publish an abuse contact on its web site.

The company has been given until December 5 to come back into compliance or risk losing its accreditation.

IP Mirror isn’t massive in terms of gTLD names. According to the latest registry reports it has somewhere in the region of 30,000 gTLD domains under management.

But it is almost 15 years old and establishment enough that it has been known to sponsor the occasional ICANN meeting. It’s not your typical Compliance target.

Pirate Bay a victim as Go Daddy suspends hundreds of new gTLD domains

Kevin Murphy, February 25, 2014, Domain Registrars

New gTLDs may have only been in general availability for a few weeks, but there’s already evidence of substantial abuse.

Go Daddy has suspended at least 305 new gTLD domain names, putting them on its spam-and-abuse.com name servers, standard Go Daddy practice for domains suspected of abuse.

Over 250 of these were put on the naughty step in the last 24 hours.

The suspended names include, notably, thepiratebay.guru, which matches the name of controversial torrent site frequented by people who like downloading copyrighted material for free.

The Pirate Bay has been switching TLDs like crazy recently, as one ccTLD after another shuts down its latest attempt to find a reliable home.

The .guru domain is registered under Go Daddy’s Domains By Proxy privacy service, so it’s not clear if it actually belongs to The Pirate Bay or to an opportunistic third party.

Other suspended names include premium-looking names such as electric.guru, sexualhealth.guru, as well as obvious cybersquatted names such as verizon.guru (not registered to Verizon).

But the majority of the suspended names seem to belong to a single registrant in Washington state, all in .guru and largely “pigeon shit” names such as bestdrinksites.guru and bestfashionsites.guru.

While 305 seems like a large number (albeit only 0.2% of the current new gTLD names sold), it appears that so far a single individual is responsible for most of the “abuse” in new gTLDs.