Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
SpamHaus ranks most-botted TLDs and registrars
Namecheap and Uniregistry have emerged as two of the most-abused domain name companies, using statistics on botnet command and control centers released by SpamHaus this week.
SpamHaus data shows that over a quarter of all botnet C&Cs found during the year were using NameCheap as their registrar.
It also shows that almost 1% of domains registered in Uniregistry’s .click are used as C&Cs.
The spam-fighting outfit said it discovered “almost 50,000” domains in 2017 that were registered for the purpose of controlling botnets.
Comparable data for 2016 was not published a year ago, but if you go back a few years, SpamHaus reported that there were just 3,793 such domains in 2014.
Neither number includes compromised domains or free subdomains.
The TLD with the most botnet abuse was of course .com, with 14,218 domains used as C&C servers. It was followed by Directi’s .pw (8,587) and Afilias’ .info (3,707).
When taking into account the relative size of the TLDs, SpamHaus fingered Russian ccTLD .ru as the “most heavily abused” TLD, but its numbers don’t ring true to me.
With 1,370 botnet controllers and about five and a half million domains, .ru’s abused domains would be around 0.03%.
But if you look at .click, with 1,256 botnet C&Cs and 131,000 domains (as of September), that number is very close to 1%. When it comes to botnets, that’s a high number.
In fact, using SpamHaus numbers and September registry reports of total domains under management, it seems that .work, .space, .website, .top, .pro, .biz, .info, .xyz, .bid and .online all have higher levels of botnet abuse than .ru, though in absolute numbers some have fewer abused domains.
In terms of registrars, Namecheap was the runaway loser, with a whopping 11,878 domains used to control botnets. 
While SpamHaus acknowledges that the size of the registrar has a bearing on abuse levels, it’s worth noting that GoDaddy — by far the biggest registrar, but well-staffed with over-zealous abuse guys — does not even feature on the top 20 list here.
SpamHaus wrote:
While the total numbers of botnet domains at the registrar might appear large, the registrar does not necessarily support cybercriminals. Registrars simply can’t detect all fraudulent registrations or registrations of domains for criminal use before those domains go live. The “life span” of criminal domains on legitimate, well-run, registrars tends to be quite short.
However, other much smaller registrars that you might never have heard of (like Shinjiru or WebNic) appear on this same list. Several of these registrars have an extremely high proportion of cybercrime domains registered through them. Like ISPs with high numbers of botnet controllers, these registrars usually have no or limited abuse staff, poor abuse detection processes, and some either do not or cannot accept takedown requests except by a legal order from the local government or a local court.
The SpamHaus report, which you can read here, concludes with a call for registries and registrars to take more action to shut down repeat offenders, saying it is “embarrassing” that some registrars allow perpetrators to register domains for abuse over and over and over again.
ICANN urged to crack down on new gTLD abuse
Registries selling dirt-cheap new gTLD domains should be rewarded with lower ICANN fees when they get proactive about abuse, while registrars that turn a blind eye to spammers should be suspended, an ICANN working group will recommend.
In its second batch of findings, the Competition, Consumer Trust, and Consumer Choice Review Team (CCT) said that financial incentives and a new complaints procedure should be used to persuade registries and registrars to fight DNS abuse.
The CCT said it “proposes the development of incentives to reward best practices preventing technical DNS abuse and strengthening the consequences for culpable or complacent conduits of technical DNS abuse” in a paper published today.
The review, which drew on multiple sources of market and abuse data, original research, and analysis of third-party research, is probably the most comprehensive study into the impact of the new gTLD program to date.
It concluded that overall rates of DNS abuse did not increase as a result of the program, but that bad actors are increasingly migrating away from legacy gTLDs such as .com to 2012-round TLDs such as .top, .gdn and Famous Four Media’s stable.
Indeed, much of the paper appears to be a veiled critique of FFM’s practices.
The registrar AlpNames, known to be affiliated with FFM and responsible for most of its retail sales, is singled out as the currently accredited registrar particularly favored by abusers.
The CCT report notes that AlpNames regularly sells domains for under $1, or gives them away for free, and offered a tool allowing registrants to randomly generate up to 2,000 available domains in 27 different gTLDs, pretty much inviting abuse.
“Certain registries and registrars appear to either positively encourage or at the very least willfully ignore DNS abuse. Such behavior needs to be identified rapidly and action
must be taken by ICANN compliance as deemed necessary,” the paper says.
The review found that gTLDs with no registration restrictions and the lowest prices had the most abuse. Duh.
“Generally, the DNS Abuse Study indicates that the introduction of new gTLDs did not increase the total amount of abuse for all gTLDs,” its report says. “[F]actors such as registration restrictions, price, and registrar-specific practices seem more likely to affect abuse rates.”
Drawing on data provided by 11 domain block-lists (SURBL, SpamHaus, etc), the paper states that at least one TLD (FFM’s .science) had an abuse rate excess of 50%.
Using SpamHaus data, the paper identities FFM’s .science, .stream, .trade, .review, .download and .accountant as having over 10% abuse during the period of its study. Also on that list: Uniregistry’s low-price .click and the China-based .top and .gdn.
One thing they all have in common is that AlpNames is a leading registrar, usually accounting for at least a quarter of domains under management.
There’s no way AlpNames/FFM is not aware of the amount of bad actors in its customer base, the question is what can ICANN do about it?
The CCT team recommends that registries and registrars with over 10% of their names used for abusive purposes should be tasked by ICANN with proactively cleaning up their zones. Those that fail to do so should be subject to a new Domain Abuse Dispute Resolution Process, it said.
These companies should have their contracts suspended when they’re “associated with unabated, abnormal and extremely high rates of technical abuse”, the report recommends.
There’s a big boilerplate specifying, tellingly, that registry operators that control registrars are affected by this recommendation too.
It should be noted that there was not a full consensus of support for the idea of a DADRP. Half a dozen working group members filed minority statements opposing it.
It’s not all stick in the report, however. There’s some carrot, too.
The CCT report recommends financial incentives such as fee reductions for registries that have “proactive anti-abuse measures” in place.
It noted that there is precedent for ICANN doing this kind of thing when it implemented an anti-tasting policy that seriously restricted registrars’ ability to get registry refunds.
The CCT Review Team was formed to figure out what impacts the 2012 new gTLD round had on the domain name market.
The completion of its work is one of several gating factors to the next new gTLD application round under ICANN’s new bylaws and the old Affirmation of Commitments with the US government.
It published initial recommendations earlier this year. This new set of recommendations is now open for public comment until January 8.
SpamHaus now publishing better TLD abuse data
SpamHaus has updated its “10 Most Abused Top Level Domains” list to provide a much more useful insight into abuse levels.
Rather than simply showing unexplained percentages of “badness” in each TLD, the spam-fighting organization’s daily report now exposes the hard numbers, in domain terms, underneath.
For example, on today’s list Famous Four Media’s .download is the most-abused TLD with 82% bad domains.
That percentage is based on SpamHaus categorizing 11,431 domains as abusive of the 13,945 .download domains that crossed its systems.
But the gTLD has 67,500 domains in its zone file, so the actual percentage of abusive domains could be as low as about 17%, much lower than SpamHaus’s 82%.
Whether you think the 82% metric is fair will depend on whether you think SpamHaus’s sample — about 20% of the full .download zone — is representative.
Some of the other TLDs on its list have even smaller sample sizes.
Minds + Machines’ .work is ranked #2 on the SpamHaus list with 73.3% badness, based on a SpamHaus-seen sample of 6,297 domains, something like 7% of the full .work zone.
Registries criticized SpamHaus for publishing misleading data when this list was first published in March, and I agreed with them.
Now that the group is publishing empirical data alongside its percentages, the conversation can now shift to something along the lines of:
“Is it okay that at least 17% of .download domains are abusive?”
To which the answer I believe is a clear: “Hell, no.”
The SpamHaus daily report can be found here.
IWF finds child abuse imagery on new gTLD domains
The Internet Watch Foundation said it found child abuse imagery on new gTLD domain names for the first time in 2015.
The UK-based organization, tasked with identifying and blocking child abuse imagery online, today released its 2015 annual report.
The report says that it found 68,092 unique URLs with this illegal content in the year, spread over 1,991 domains. It says:
Five top level domains (.com .net .ru .org .se) accounted for 91 per cent of all webpages identified as containing child sexual abuse images and videos.
However, it also says that child abuse was found on new gTLDs for the first time.
While the report doesn’t make much of this trend, it should be worrying.
The IWF said it took action on 436 new gTLD domains in 2015, many of which “appeared to have been registered specifically for that purpose”.
While new gTLD names appear to be responsible for a very small percentage of flagged URLs, they seem to be 21% of the total number of domains on which child abuse imagery was found.
This discrepancy may be explained by the fact that 78% of the total abuse URLs were found on free-to-use image hosting sites, probably concentrated in .com.
The IWF added that 138 of the new gTLD domains hosted “disguised” abuse sites. These are sites where illegal content is only shown when visitors arrive from a specific referrer link.
The IWF offers a “Domain Alerts” service to its members, which allows registries and registrars to quickly take down domains confirmed as containing illegal material.
Judging by its member list, not many domain name companies are members.
Members include Go Daddy, ICM Registry, .London Domains, Rightside, Afilias and Nominet.
Schilling, Famous Four rubbish Spamhaus “worst TLD” league
Uniregistry and Famous Four Media have trashed claims by Spamhaus that their gTLDs are are much as 75% spam.
FFM says it is “appalled” by the “wholly inaccurate” claims, while Uniregistry boss Frank Schilling said Spamhaus has “totally jumped the shark here.”
In a statement to DI today, FFM chief legal officer Oliver Smith said the spam-fighting organization’s recently launched World’s Worst TLDs list is “reckless”, adding that the numbers are:
not only wholly inaccurate, but are misleading and, potentially, injurious to the reputation of Famous Four Media and those TLDs it manages. It is particularly worrisome that Spamhaus’s “findings” seem to have been taken as gospel within certain corners of the industry, despite not being proffered with any analytical methodology in support of the same.
The Spamhaus report, which is updated daily, presents the 10 TLDs that are more spam than not.
The rank is based on a percentage of domains seen by Spamhaus that Spamhaus considers to be “bad” — that is, are advertised in spam or carry malware.
Today, Uniregistry’s .diet tops the chart with “74.4% bad domains”, but the scores and ranks can and do shift significantly day by day.
Spamhaus describes its methodology like this:
This list shows the ratio of domains seen by the systems at Spamhaus versus the domains our systems profile as spamming or being used for botnet or malware abuse. This is also not a list that retains a long history, it is a one-month “snapshot” of our current view.
The words “seen by the systems at Spamhaus” are important. If a domain name never crosses Spamhaus’s systems, it isn’t counted as good or bad. The organization is not running the whole zone file against its block-list to check what the empirical numbers are.
In important ways, the Spamhaus report is similar to the discredited Blue Coat report into “shady” TLDs last September, which was challenged by myself and others.
However, in a blog post, Spamhaus said it believes its numbers are reflective of the TLDs as a whole:
In the last 18-years, Spamhaus has built its data gathering systems to have a view of most of the world’s domain traffic. We feel the numbers shown on this list are representative of the actual full totals.
I disagree.
In the case of .diet, for example, if 74% of the full 19,000-domain zone was being used in spam, that would equate to 14,000 “bad” domains.
But the .diet zone is dominated by domains owned by North Sound Names, the Frank Schilling vehicle through which Uniregistry markets its premium names.
NSN snapped up well over 13,000 .diet names at launch, and Schilling said today that NSN owns north of 70% of the .diet zone.
That would mean either Uniregistry is a spammer, or Spamhaus has no visibility into the NSN portfolio and its numbers are way the hell off.
“Spamhaus’ assertion that 74% of the registrations in the .diet space are spam is a numerical impossibility,” Schilling said. “They totally jumped the shark here.”
NSN’s domains don’t send mail, he said.
He added that diet-related products are quite likely to appear in spam, which may help account for Spamhaus’s systems identifying .diet emails as spam. He said:
Spamhaus is a high-minded organization and we applaud their efforts but this report is so factually inaccurate it casts into doubt the validity of everything they release. Spamhaus should be smarter than this and at a minimum consult with registries (our door is open) to gain a better understanding of the subject matter they wrongly profess to be expert in.
Similarly, FFM’s .review gTLD was briefly ranked last week as the “worst” gTLD at 75.1% badness. With 66,000 domains, that would mean almost 50,000 names are spammy.
Yet it appears that roughly 25,000 .review domains are long-tail geo names related to the hotels industry, registered by a Gibraltar company called A Domains Limited, which appears to be run by AlpNames, the registry with close ties to FFM itself.
Again, if Spamhaus’s numbers are accurate, that implies the registrar and/or registry are spamming links to content-free placeholder web sites.
FFM’s Smith says the registry has been using Spamhaus data as part of its internal Registry Abuse Monitoring tool, and that its own findings show significantly less spam. Referring to .review’s 75% score, he said:
This simply does not accord with FFM’s own research, which relies heavily on data made available by Spamhaus. The reality is that, in reviewing registration data for the period 8 February to 8 March 2016, only 4.8% of registered domains have been blacklisted by Spamhaus – further, it is questionable as whether every single such listing is wholly merited. When reviewing equivalent data for the period of 1 January to 8 March 2016 across ALL FFM managed TLDs this rate averages out to a mere 3.2%.
I actually conducted my own research into the claims.
Between March 8 and March 15, I ran the whole .review zone file through the Spamhaus DBL and found 6.9% of the names were flagged as spam.
My methodology did not take account of the fact that Spamhaus retires domains from its DBL after they stop appearing in spam, so it doesn’t present a perfect apples-to-apples comparison with Spamhaus, which bases its scoring on 30 days of data.
All told, it seems Spamhaus is painting a much bleaker picture of the amount of abuse in new gTLDs than is perhaps warranted.
During ICANN meetings last week and in recent blog comments, current and former executives of rival registries seemed happy to characterize new gTLD spam as a Famous Four problem rather than an industry problem.
That, despite the fact that Uniregistry, Minds + Machines and GMO also feature prominently on Spamhaus’s list.
I would say it’s more of a low prices problem.
It’s certainly true that FFM and AlpNames are attracting spammers by selling domains for $0.25 wholesale or free at retail, and that their reputations will suffer as a result.
We saw it with Afilias and .info in the early part of the last decade, we’ve see it with .tk this decade, and we’re seeing it again now.
ICANN: we won’t force registrars to suspend domains
In one of the ongoing battles between registrars and the intellectual property lobby, ICANN’s compliance department seems to have sided with the registrars, for now.
Registrars will not be forced to suspend domain names when people complain about abusive or illegal behavior on the associated web sites, according to chief contract compliance office Allen Grogan.
The decision will please registrars but will come as a blow to the likes of music and movie studios and those who fight to shut down dodgy internet pharmacies.
Grogan yesterday published his interpretation of the 2013 Registrar Accreditation Agreement, specifically the section (3.18) that obliges registrars to “investigate and respond appropriately” abuse reports.
The IP crowd take this to mean that if they submit an abuse report claiming, for example, that a web site sells medicines across borders without an appropriate license, the registrar should check out the site then turn off the domain.
Registrars, on the other hand, claim they’re in no position to make a judgment call about the legality of a site unless presented with a proper court order.
Grogan appears to have taken this view also, though he indicated that his work is not yet done. He wrote:
Sometimes a complaining party takes the position that that there is only one appropriate response to a report of abuse or illegal activity, namely to suspend or terminate the domain name registration. In the same circumstances, a registrar may take the position that it is not qualified to make a determination regarding whether the activity in question is illegal and that the registrar is unwilling to suspend or terminate the domain name registration absent an order from a court of competent jurisdiction. I am continuing to work toward finding ways to bridge these gaps.
It’s a testament to how little agreement there is on this issue that, when we asked Grogan back in June how long it would take to provide clarity, he estimated it would take “a few weeks”. Yet it’s still not fully resolved.
His blog post last night contains a seven-point checklist that abuse reporters must conform to in order to give registrars enough detail to with with.
They must, for example, be specific about who they are, where the allegedly abusive content can be found, whose rights are being infringed, and which laws are being broken in which jurisdiction.
It also contains a six-point checklist for how registrars must respond.
Registrars are only obliged to investigate the URL in question (unless they fear exposure to malware or child abuse material), inform the registrant about the complaint, and inform the reporter what, if anything, they’ve done to remediate the situation.
There’s no obligation to suspend domains, and registrars seem to have great leeway in how they treat the report.
In short, Grogan has interpreted RAA 3.18 in a way that does not seem to place any substantial additional burden on registrars.
He’s convening a roundtable discussion for the forthcoming ICANN meeting in Dublin with a view to getting registrars to agree to some non-binding “voluntary self-regulatory” best practices.
Afilias wins $10m judgment in Architelos “trade secrets” case
Afilias has won a $10 million verdict against domain security startup Architelos, over claims its flagship NameSentry abuse monitoring service was created using stolen trade secrets.
A jury in Virginia today handed Afilias $5 million for “misappropriation of trade secrets”, $2.5 million for “conversion” and another $2.5 million for “civil conspiracy”.
The jury found (pdf) in favor of Architelos on claims of business conspiracy and tortious interference with contractual relations, however.
Ten million dollars is a hell of a lot of cash for Architelos, which reportedly said in court that it has only made $300,000 from NameSentry.
If that’s true, I seriously doubt the four-year-old, three-person company has even made $10 million in revenue to date, never mind having enough cash in the bank to cover the judgment.
“We’re disappointed in the jury’s verdict and we plan to address it in some post-trial motions,” CEO Alexa Raad told DI.
The lawsuit was filed in January, but it has not been widely reported on and I only found out about its existence today.
The original complaint (pdf) alleged that three Architelos employees/contractors, including CTO Michael Young, were previously employees or contractors of Afilias and worked on the company’s own abuse tools.
It claimed that these employees took trade secrets with them when they joined Architelos, and used them to build NameSentry, which enables TLD registries to monitor and remediate abuse in their zones.
Architelos denied the claims, saying in its March answer (pdf) that Afilias was simply trying to disrupt its business by casting doubt over the ownership of its IP.
That doubt has certainly been cast, though the jury verdict says nothing about transferring Architelos’ patents to Afilias.
The $5 million portion of the verdict deals with Afilias’ claim that Architelos misappropriated trade secrets — ie that Young and others took work they did for Afilias and used it to build a product that could compete with something Afilias had been building.
The other two counts that went against Architelos basically cover the same actions by Architelos employees.
The company may be able to get the amount of the judgment lowered in post-trial, or even get the jury verdict overturned, so it’s not necessarily curtains yet. But Architelos certainly has a mountain to climb.
Two legit registrars held to account for lack of abuse tracking
ICANN Compliance’s campaign against registrars that fail to respond to abuse reports continued last week, with two registrars hit with breach notices.
The registrars in question are Above.com and Astutium, neither of which one would instinctively bundle in to the “rogue registrar” category.
Both companies have been told they’ve breached section 3.18.1 of their Registrar Accreditation Agreement, which says: “Registrar shall take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.”
Specifics were not given, but it seems that people filed abuse reports with the registrars then complained to ICANN when they did not get the response they wanted. ICANN then was unable to get the registrars to show evidence that they had responded.
Both companies have until February 12 to come back into compliance or risk losing their accreditations.
Domain investor-focused Above.com had over 150,000 gTLD domains on its books at the last official count. UK-based Astutium has fewer than 5,000 (though it says the current number, presumably including ccTLD names, is 53,350).
It’s becoming increasingly clear that registrars under the 2013 RAA are going to be held to account by ICANN to the somewhat vague requirements of 3.18.1, and that logging communications with abuse reports is now a must.
IP Mirror rapped for failing to deal with abuse
Here’s something you don’t see every day: a corporate brand management registrar getting smacked by an ICANN breach notice.
Singapore-based registrar IP Mirror has been sent a warning by ICANN Compliance about a failure to respond to abuse complaints filed by law enforcement, which appears to be another first.
Under the 2013 Registrar Accreditation Agreement, registrars are obliged to have a 24/7 abuse hotline to field complaints from “law enforcement, consumer protection, quasi-governmental or other similar authorities” designated by the governments of places where they have a physical office.
According to its web site, IP Mirror has offices in Singapore, Australia, Canada, Hong Kong, Indonesia, Japan, Malaysia, South Korea, Taiwan and the UK, but ICANN’s breach notice does not specify which authority filed the complaint or which domains were allegedly abusive.
Registrars have to respond to such complaints within 24 hours, the RAA says.
The ICANN notice (pdf) takes the company to task for alleged breaches of other related parts of the RAA, such as failure to retain records about complaints and to publish an abuse contact on its web site.
The company has been given until December 5 to come back into compliance or risk losing its accreditation.
IP Mirror isn’t massive in terms of gTLD names. According to the latest registry reports it has somewhere in the region of 30,000 gTLD domains under management.
But it is almost 15 years old and establishment enough that it has been known to sponsor the occasional ICANN meeting. It’s not your typical Compliance target.
Pirate Bay a victim as Go Daddy suspends hundreds of new gTLD domains
New gTLDs may have only been in general availability for a few weeks, but there’s already evidence of substantial abuse.
Go Daddy has suspended at least 305 new gTLD domain names, putting them on its spam-and-abuse.com name servers, standard Go Daddy practice for domains suspected of abuse.
Over 250 of these were put on the naughty step in the last 24 hours.
The suspended names include, notably, thepiratebay.guru, which matches the name of controversial torrent site frequented by people who like downloading copyrighted material for free.
The Pirate Bay has been switching TLDs like crazy recently, as one ccTLD after another shuts down its latest attempt to find a reliable home.
The .guru domain is registered under Go Daddy’s Domains By Proxy privacy service, so it’s not clear if it actually belongs to The Pirate Bay or to an opportunistic third party.
Other suspended names include premium-looking names such as electric.guru, sexualhealth.guru, as well as obvious cybersquatted names such as verizon.guru (not registered to Verizon).
But the majority of the suspended names seem to belong to a single registrant in Washington state, all in .guru and largely “pigeon shit” names such as bestdrinksites.guru and bestfashionsites.guru.
While 305 seems like a large number (albeit only 0.2% of the current new gTLD names sold), it appears that so far a single individual is responsible for most of the “abuse” in new gTLDs.
Recent Comments