Latest news of the domain name industry

Recent Posts

Emoji domains get a 😟 after broad study

Kevin Murphy, October 28, 2019, Domain Tech

Domain names containing emojis are a security risk and not recommended, according to a pretty comprehensive review by an ICANN study group.

The Country-Code Names Supporting Organization has delivered the results of its 12-person, 18-month Emoji Study Group, which was tasked with looking into the problems emoji domains can cause, review current policy, and talk to ccTLD registries that currently permit emoji domains.

The ESG didn’t have a lot of power, and its recommendations are basically an exercise in can-kicking, but it’s easily the most comprehensive overview of the issues surrounding emoji domains that I’ve ever come across.

It’s 30 pages long, and you can read it here (pdf).

Emojis are currently banned in gTLDs, where ICANN has to approve new Unicode tables before they can be used by registries at the second level, under its internationalized domain name policy, IDNA 2008.

But ccTLDs, which are not contracted with ICANN, have a lot more flexibility. There are 15 ccTLDs — almost all representing small islands or low-penetration African nations — that currently permit emoji domains, the ESG found.

That’s about 6% of Latin-script ccTLDs out there today. These TLDs are .az, .cf, .fm, .je, .ga, .ge, .gg, .gq, .ml, .st, .to, .tk, .uz, .vu, and .ws.

Five of them, including .tk, are run by notorious freebie registry Freenom, but perhaps the best-known is .ws, where major brands such as Budweiser and Coca-Cola have run marketing campaigns in the past.

The main problem with emojis is the potential for confusing similarity, and the ESG report does a pretty good job of enumerating the ways confusability can arise. Take its comparison of multiple applications’ version of the exact same “grinning face” emoji, for example:

Emoji comparison

If you saw a domain containing one of those in marketing on one platform, would you be able to confidently navigate to the site on another? I doubt I would.

There’s also variations in how registrars handle emojis on their storefronts, the report found. On some you can search with an emoji, on others you’ll need to type out the xn-- prefixed Punycode translation longhand.

In terms of recommendations, the ESG basically just asked ICANN to keep an eye on the situation, to come to a better definition of what an emoji actually is, and to reach out for information to the ccTLDs accepting emojis, which apparently haven’t been keen on opening up so far.

Despite the lack of closure, it’s a pretty good read if you’re interested in this kind of thing.

Brexit hell: .eu suspension plan put on hold

Kevin Murphy, October 23, 2019, Domain Registries

EURid’s policy to boot out Brits next week has been put on hold due to the current impasse in Brexit talks.

UK citizens had been told they would lose their .eu domains November 1, the first day the country was scheduled to no longer be a member of the European Union.

But the October 31 exit date appears increasingly unlikely, with the divorce plan agreed to by the EU and UK Prime Minister Boris Johnson still in UK parliamentary limbo.

So EURid posted today:

Following the recent developments in the UK withdrawal scenario, the entire plan outlined below is on hold. We will keep you informed as soon as we receive further instructions from the European Commission.

Under the suspended plan, EURid would have emailed all of its UK and Gibraltar-based registrants tomorrow to inform them that their domains were in jeopardy.

It would have closed down new registrations to Brits on November 1 and given existing registrants a two-month grace period to come into compliance — by transferring their names to addresses in eligible nations — before suspending the names.

A year later, the names would be deleted and returned to the available pool.

EURid said it will provide further guidance when it gets word from the European Commission.

Now you don’t have to live in the EU to register a .eu domain, but there’s a catch

Kevin Murphy, October 21, 2019, Domain Registries

Residents of countries outside the European Union are now able to register .eu domain names.

A new rule that kicked in at the weekend broadened eligibility from only residents of the EU and European Economic Area. Now, residency is irrelevant.

The catch is that you have to still have to be an EU citizen to qualify.

EURid, the .eu registry, said the change opens up the ccTLD to “millions of Europeans living around the world”.

In practice, it could open up the space to basically anyone.

While residency can fairly easily be checked by looking at the mailing address in a Whois record, demonstrating citizenship is a different kettle of fish.

There’s no indication that EURid is asking registrars to collect passport numbers at the point of sale, so it appears to be a post-registration enforcement regime.

.eu is also still open to non-EU citizens who live in the EU or EEA.

.eu had 3.6 million names under management at the last count, having declined by about 200,000 since the Brexit vote three years ago.

Let’s see if the new, liberalized regime has any impact.

Argentina will use a lottery to decide 2LD landrush

Kevin Murphy, September 18, 2019, Domain Registries

Argentina has become the latest country to allow its ccTLD registrants to register domains at the second level.

NIC Argentina announced last week that in addition to third-level domains such as example.com.ar and example.net.ar, you’ll be able to buy example.ar too.

While it’s following in the footsteps of the likes of .uk and .nz (and soon .au), Argentina is taking a slightly different approach to grandfathering and conflicts.

First, the priority registration period is pretty short, at least compared to the five years .uk registrants got.

If you already own a .ar 3LD, you only have until November 9 to get your application in for the matching 2LD.

In the event that more than one application is received from eligible registrants, the winner won’t be decided by auction, but by lottery.

The City of Buenos Aires Lottery will conduct the raffle, randomly assigning priority numbers to applicants to determine who gets first dibs on their domain of choice.

It’s the first time I’ve seen a domain contest settled by lottery since the process ICANN used to assign priorities to new gTLD applicants back in 2012.

From November 25 until January 23, the .ar process will enter a landrush phase, during which anyone can apply for any available 2LD they want by paying a non-refundable application fee.

The fee is ARS 200, the Argentine peso equivalent of $3.50, so the registry can hardly be accused of greed.

Again, competing bids will be settled by the same lottery process, with the winner having to pay the standard ARS 340 registration fee (the equivalent of $6) to claim their domain.

After February 23, it’s open season, with every domain in general availability.

.ar currently has just shy of half a million domains under management, and hasn’t seen any significant growth in a couple of years.

It will be interesting to see how popular the 2LD offer is, and what impact it has on domain growth in the industry overall.

Argentina allows .ar registrations from non-residents, but it does not appear to be a simple process.

Kafka turns in grave as ICANN crowbars “useless” Greek TLD into the root

Kevin Murphy, September 9, 2019, Domain Policy

ICANN has finally approved a version of .eu in Greek script, but it’s already been criticized as “useless”.

Yesterday, ICANN’s board of directors rubber-stamped .ευ, the second internationalized domain name version of the European Union’s .eu, which will be represented in the DNS as .xn--qxa6a.

There’s a lot of history behind .ευ, much of it maddeningly illustrative of ICANN’s Kafkaesque obsession with procedure.

The first amusing thing to point out is that .ευ is technically being approved under ICANN’s IDN ccTLD Fast Track Process, a mere NINE YEARS after EURid first submitted its application.

The “Fast Track” has been used so far to approve 61 IDN ccTLDs. Often, the requested string is merely the name of the country in question, written in one of the local scripts, and the TLD is approved fairly quickly.

But in some cases, especially where the desired string is a two-character code, a string review will find the possibility of confusion with another TLD. This runs the risk of broadening the scope of domain homograph attacks sometimes used in phishing.

That’s what happened to .ευ, along with Bulgaria’s Cyrillic .бг and Greece’s own .ελ, which were rejected on string confusion grounds back in 2010 and 2011.

Under pressure from the Governmental Advisory Committee, ICANN then implemented an Extended Process Similarity Review Panel, essentially an appeals process designed to give unsuccessful Fast Track applicants a second bite at the apple.

That process led to Bulgaria being told that .бг was not too similar to Brazil’s .br, and Greece being told that .ελ did not look too much like .EA, a non-existent ccTLD that may or may not be delegated in future, after all.

But the EU’s .ευ failed at the same time, in 2014. The appeals review panel found that the string was confusable with upper-case .EY and .EV.

Again, these are not ccTLDs, just strings of two characters that have the potential to become ccTLDs in future should a new country or territory emerge and be assigned those codes by the International Standards Organization, a low-probability event.

I reported at the time that .ευ was probably as good as dead. It seemed pretty clear based on the rules at the time that if a string was confusable in uppercase OR lowercase, it would be rejected.

But I was quickly informed by ICANN that I was incorrect, and that ICANN top brass needed to discuss the results.

That seems to have led to ICANN tweaking the rules yet again in order to crowbar .ευ into the root.

In 2015, the board of directors reached out to the GAC, the ccNSO and the Security and Stability Advisory Committee for advice.

They dutifully returned two years later with proposed changes (pdf) that seemed tailor-made for the European Union’s predicament.

A requested IDN ccTLD that caused confusion with other strings in only uppercase, but not lowercase (just like .ευ!!!) could still get delegated, provided it had a comprehensive risk mitigation strategy in place, they recommended.

The recommendation was quickly approved by ICANN, which then sent its implementation guidelines (again, tailor-made for EURid (pdf)) back to the ccNSO/SSAC.

It was not until February this year that the ccNSO/SSAC group got back to ICANN (pdf) to approve of its implementation plan and to say that it has already tested it against EURid’s proposed risk-mitigation plan (pdf).

Basically, the process in 2009 didn’t produce the desired result, so ICANN changed the process. It didn’t produced the desired result again in 2014, so the process was changed again.

But at least Greek-speaking EU citizens are finally going to get a meaningful ccTLD that allows them to express their EUishness in their native script, right?

WRONG!

I recently read with interest and surprise a blog post by domainer-blogger Konstantinos Zournas, in which he referred to .ευ as the “worst domain extension ever”.

Zournas, who is Greek, opened my eyes to the fact that “.ευ” is meaningless in his native tongue. It’s just two Greek letters that visually resemble “EU” in Latin script. It’s confusing by design, but with .eu, a ccTLD that EURid already manages.

While not for a moment doubting Zournas’ familiarity with his own language, I had to confirm this on the EU’s Greek-language web site.

He’s right, the Greek for “European Union” is “Ευρωπαϊκής Ένωσης”, so the sensible two-letter IDN ccTLD would be .ΕΈ (those are Greek characters that look a bit like Latin E).

That would have almost certainly failed the ICANN string similarity process, however, as .ee/EE is the current, extant ccTLD for Estonia.

In short (too late), it seems to have taken ICANN the best part of a decade, and Jesus H Christ knows how many person-hours, to hack its own procedures multiple times in order to force through an application for a TLD that doesn’t mean anything, can’t be confused with anything that currently exists on the internet, and probably won’t be widely used anyway.

Gratz to all involved!

Second-level .au names delayed

Kevin Murphy, August 21, 2019, Domain Registries

If you’re champing at the bit to grab yourself some second-level .au domain names, you’re going to have to wait a little longer.

Australian ccTLD manager auDA said today that it is delaying the controversial release by three months, to give it more time to carry out public outreach.

In a statement, interim chair Suzanne Ewart said that “it is critically important that the changes are widely understood, backed by an education program and supported by robust business processes throughout industry.”

The original plan had been to been to make 2LDs available in a staggered manner starting at some point in the fourth quarter. The delay will push the release into 2020.

The proposed launch has been controversial among the domain investment part of the auDA membership, which largely believes that it could lead to confusion with the existing three-level structure of the .au space.

Now auDA loses its CEO too

The CEO of Australian ccTLD registry auDA has quit, just weeks after the organization’s chair resigned.

Cameron Boardman submitted his resignation yesterday, according to a statement.

Former chair Chris Leptos also quit last month, reportedly after a disagreement with Boardman.

Boardman said he wants “to seek new challenges”.

His functions will be carried out by other members of the executive team while a replacement is sought by the board.

Boardman joined as CEO in March 2016, after 16-year veteran Chris Disspain was fired.

For much his tenure, auDA has been beset by controversy, with fights between the board and members leading to government review, several board resignations, police investigation, and a seemingly endless series of tit-for-tat allegations.

Boardman was among four auDA directors who survived a no-confidence vote brought by domain investors last year.

Neustar to keep .us for another decade

Neustar has secured a renewal of its contract to run the United States’ ccTLD until up to 2029.

The company and the National Telecommunications and Information Administration announced the new contract last week.

The initial term of the deal runs until August 2021, but there are four two-year renewal options after that.

Neustar has been running .us since 2001. It doesn’t pay NTIA for the privilege, nor does the NTIA pay Neustar.

There are currently around two million registered .us domain names. The TLD appears to be still growing, but not especially fast.

Zimbabwe wants to rebuild its domain market from scratch

Zimbabwe has put out a call for feedback on plans to modernize its almost non-existent domain name industry.

The local ccTLD manager, Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ), has issued a consultation document discussing plans to essentially architect the .zw market from scratch.

.zw currently has no automated registration process, no Whois, no formal registry-registrar framework, no DNSSEC, no IPv6, and no governing policies.

POTRAZ is proposing to adopt “best practices” from fellow ccTLDs in Africa and elsewhere, by appointing a new registry operator that will work with a registrar channel under policies created by POTRAZ, as sponsoring organization, itself.

It looks rather like the contract to run the ccTLD could soon be up for grabs.

But first, POTRAZ wants to know how much involvement the Zimbabwean government should have in the operations of the TLD, presenting four options ranging from full governmental control to industry self-regulation.

Currently, POTRAZ, a government regulator, has handed off registry operations for .zw to state-owned telecoms company TelOne.

It has a three-level structure, with TelOne looking after .org.zw, the Zimbabwe Internet Service Providers Association looking after .co.zw and the University of Harare managing .ac.zw.

Interestingly, POTRAZ has not yet decided whether .zw domains should be free or paid for, and whether annual renewals should be required.

The consultation is open until August 9.

Zimbabwe has a population of about 16 million and, according to Internet World Stats, 6.8 million internet users.

Luxembourg tops 100,000 .lu domains

Luxembourgish ccTLD .lu has grown to more than 100,000 domain names for the first time.

ccTLD operator Restena said last week that the domain crossed the threshold June 21. At the end of the month, it had 100,056 domains under management.

While it’s certainly not a lot for a ccTLD, it is when compared to the size of the country it represents.

Luxembourg has a population of under 600,000, so in theory 1 in 6 Luxembourgish people own a .lu domain.

That’s close to the ratio as you’d see in the UK, with its 66 million inhabitants and 12 million .uk domains, though it trails Germany’s 1:5 and the Netherlands’ 1:3.

The per capita numbers are probably not all that useful, however. Restena said that 75% of its domains are in corporate hands.

Many companies are “based” in Luxembourg for tax reasons, which may have some impact on reg numbers.

Restena said that about 3,000 names of the 100,000 are “reserved” and not actively used.

The growth of .lu has not been particularly fast. My records show it has only grown by about 3,000 names over the last year.