Latest news of the domain name industry

Recent Posts

.feedback gTLD in breach of contract after big brand “fraud” claims

Kevin Murphy, March 17, 2017, Domain Registries

ICANN has slapped .feedback operator Top Level Spectrum with a contract breach notice after a huge complaint about alleged fraud filed by a gang of big brands.

The company becomes the third new gTLD to be hit by a breach notice, and the first to receive one as a result of losing a Public Interest Commitments Dispute Resolution Process case.

While TLS dodged the “fraud” charges on a technicality, the breach is arguably the most serious found by ICANN in a new gTLD registry to date.

The three-person PICDRP panel found TLS was in violation of the following commitment from its registry agreement:

Registry Operator will operate the TLD in a transparent manner consistent with general principles of openness and non-discrimination by establishing, publishing and adhering to clear registration policies.

But TLS dodged the more serious charges of “fraudulent” behavior, which it denied, largely on the technicality that its PICs only require it to bar its registrants from such behavior.

There’s nothing in the PICs preventing the registry from behaving fraudulently, so the PICDRP panel declined to rule on those allegations, saying only that they “may be actionable in another forum”.

The complainants, which filed their 1,800-page complaint in October, were MarkMonitor and a bunch of its clients, including Adobe, American Apparel, Best Buy, Facebook, Levi and Verizon.

They’d claimed among other things that 70% of .feedback domains were trademarked names actually registered by the registry, and that TLS had stuffed each site with reviews either paid for or scraped from services such as Yelp!.

They claimed that Free.Feedback, a free domains service hosted by an affiliated entity, had been set up to auto-populate Whois records with the names of brand owners (or whoever owned the matching .com domain) even when the registrant was not the brand owner.

This resulted in brand owners receiving “phishing” emails related to domains they’d never registered, the complainants stated.

TLS denied all all the allegations of fraud, but the PICDRP panel wound up not ruling on many of them anyway, stating:

the Panel finds that Respondent’s Registry Operator Agreement contains no covenant by the Respondent to not engage in fraudulent and deceptive practices.

The only violations it found related to the transparency of .feedback’s launch policies.

The panel found that TLS had not given 90 days notice of policy changes and had not made its unusual pricing model (which included an extra fee for domains that did not resolve to live sites) transparent.

The registry had a number of unusual launch programs, which I outlined in December 2015 but which were apparently not adequately communicated to registrars and registrants.

The panel also found that Free.Feedback had failed to verify the email addresses of registrants and had failed to make it easy for trademark owners to cancel domains registered in their names without their consent.

Finally, it also found that TLS had registered a bunch of trademark-match domain names to itself during the .feedback sunrise period:

self-allocating or reserving domains that correspond to the trademark owners’ marks during the Sunrise period constitutes a failure by the Respondent to adhere to Clause 6 of its Registration and Launch policies, versions 1 and 2. According to the policies, Sunrise period is exclusively reserved for trademark owners

TLS, in its defense, denied that it had self-allocated these names and told the panel it had “accidentally” released them into the zone file temporarily.

As a result of the PIC breaches found by the panel, ICANN Compliance has issued a breach notice (pdf) against the company.

To cure the breach, and avoid having its Registry Agreement taken away, TLD has to, by April 15:

Provide ICANN with corrective and preventative action(s), including implementation dates and milestones, to ensure that Top Level Spectrum will operate the TLD feedback in a transparent manner consistent with general principles of openness and nondiscrimination by establishing, publishing and adhering to clear registration policies;

That seems to me like it’s probably vague enough to go either way, but I’d be surprised if TLS doesn’t manage to comply.

ICANN slaps first deadbeat dot-brand with breach notice

The world’s third-largest mobile phone company, worth some $14 billion a year, is the first new gTLD registry operator to refuse to pay ICANN fees.

That’s according to ICANN’s compliance department, which last night slapped Bharti Airtel with the new gTLD program’s first public contract breach notices.

The notices, which apply to .bharti and .airtel, claim that the Indian company has been ignoring demands to pay past due fees since February.

The ICANN quarterly fee for registries is $6,250. Given .airtel and .bharti were delegated 11 months ago, the company, which has assets of $33 billion, can’t owe any more than $37,500.

Bharti Airtel is, according to Wikipedia, the third largest mobile network operator in the world and the largest in India, with 325 million subscribers.

Yet ICANN also claims it has had terrible difficulty getting in touch with staff there, saying:

ICANN notes that Bharti Airtel exhibits a pattern of non-response to ICANN Contractual Compliance matters and, when responses are provided to ICANN, they are often untimely and incomplete.

The compliance notices show that ICANN has also communicated with Verisign, the registry back-end operator for both gTLDs, to try to get the matters resolved.

According to ICANN, the registry is also in breach of terms that require it to publish links to its Whois service, abuse contacts and DNSSEC practice statements on its web site.

The sites nic.airtel and nic.bharti don’t resolve (for me at least) with or without a www., but the Whois services at whois.nic.airtel and whois.nic.bharti appear to work.

These are the first two registries of any flavor emerging from the 2012 application round to receive public breach notices. Only one pre-2012 gTLD, .jobs, has the same honor.

ICANN has given Bharti Airtel 30 days from yesterday to come back into compliance or risk losing its Registry Agreements.

Given that both gTLDS are almost a year old and the nic. sites still don’t resolve, one wonders if the company will bother.

Two legit registrars held to account for lack of abuse tracking

Kevin Murphy, January 26, 2015, Domain Registrars

ICANN Compliance’s campaign against registrars that fail to respond to abuse reports continued last week, with two registrars hit with breach notices.

The registrars in question are Above.com and Astutium, neither of which one would instinctively bundle in to the “rogue registrar” category.

Both companies have been told they’ve breached section 3.18.1 of their Registrar Accreditation Agreement, which says: “Registrar shall take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.”

Specifics were not given, but it seems that people filed abuse reports with the registrars then complained to ICANN when they did not get the response they wanted. ICANN then was unable to get the registrars to show evidence that they had responded.

Both companies have until February 12 to come back into compliance or risk losing their accreditations.

Domain investor-focused Above.com had over 150,000 gTLD domains on its books at the last official count. UK-based Astutium has fewer than 5,000 (though it says the current number, presumably including ccTLD names, is 53,350).

It’s becoming increasingly clear that registrars under the 2013 RAA are going to be held to account by ICANN to the somewhat vague requirements of 3.18.1, and that logging communications with abuse reports is now a must.

ICANN drops .jobs shut-down threat

Kevin Murphy, December 14, 2012, Domain Registries

ICANN has withdrawn its breach notice against .jobs registry Employ Media, opening the floodgates for third-party job listings services in the gTLD.

In a letter sent to the company earlier this week, ICANN seems to imply that it was wrong when it threatened in February 2011 to shut down .jobs for breaking the terms of its registry agreement:

ICANN has concluded that Employ Media is not currently in breach, but is instead in good standing under the Registry Agreement, with respect to the issues raised in the 27 February 2011 Notice of Breach letter.

ICANN will not seek to impose restrictions on new or existing policy initiatives within .JOBS as long as such conduct is consistent with the .JOBS Charter and the terms of the Registry Agreement.

The surprising move presumably means that Employ Media will be dropping its Independent Review Panel proceeding against ICANN, which was due to start in-person hearings next month.

The original breach notice alleged that the registry had gone too far when it sold thousands of generic domain names to the DirectEmployers Association to use for jobs listings sites.

This .Jobs Universe project saw DirectEmployers launch sites such as newyork.jobs and nursing.jobs.

The project was criticized harshly by the .JOBS Charter Compliance Coalition, an ad hoc group of jobs sites including Monster.com, which lobbied ICANN to enforce the .jobs contract.

The .jobs gTLD was originally supposed to be for companies to advertise only their own job openings.

The reasoning behind ICANN’s change of heart now is a little fuzzy.

Ostensibly, it’s because it received a letter December 3 from the Society for Human Resources Management, Employ Media’s policy-setting “sponsoring organization”.

The letter states that all of DirectEmployers’ domain names are perfectly okay registrations — “being used consistently with the terms of the .JOBS Charter” — and have been since the .Jobs Universe project started.

The domain names were all registered by DirectEmployers executive William Warren, who is a SHRM member as required by .jobs policy, the letter states.

Nothing seems to have changed here — it’s been Employ Media and SHRM’s position all along that the registrations were legit.

So did ICANN merely sense defeat in the IRP case and get cold feet?

Read the letters here.