Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
Thick .com Whois policy delayed
ICANN’s GNSO Council has deferred a decision on whether Verisign should have to thicken up the Whois database for .com and its other gTLDs.
A motion to begin an official Policy Development Process on thick Whois was kicked down the road by councilors this afternoon at the request of the Non-Commercial Users Constituency.
It will now be discussed at the Council’s face-to-face meeting in Costa Rica in March. But there were also calls from registries to delay a decision for up to a year, calling the PDP a “distraction”.
Verisign’s .com registry contract and the standard Registrar Accreditation Agreement are currently being renegotiated by ICANN, both of which could address Whois in some way.
Today, all contracted gTLD registries have to operate a thick Whois, except Verisign with its .com, .net, .jobs, etc, where the registrars manage the bulk of the Whois data.
Verisign: our DNS was not hacked
Verisign today reiterated that the recently revealed 2010 security breaches on its corporate network did not affect its production domain name system services.
In a statement, Verisign said:
After a thorough analysis of the attacks, Verisign stated in 2011, and reaffirms, that we do not believe that the operational integrity of the Domain Name System (DNS) was compromised.
We have a number of security mechanisms deployed in our network to ensure the integrity of the zone files we publish. In 2005, Verisign engineered real-time validation systems that were designed to detect and mitigate both internal and external attacks that might attempt to compromise the integrity of the DNS.
The statement followed several news reports that covered the hacks and speculated about the mayhem that could ensue if Verisign’s root or .com zone systems were ever breached.
The information the company has released so far suggests that the attacks were probably against back-office targets, such as user desktops, rather than its sensitive network operations centers.
.com passed 100 million mark in October
Verisign’s .com registry passed the 100 million domains under management milestone in October, the company’s monthly ICANN registry report revealed today.
The exact number of domains under management in .com on October 31 was 100,540,971, having increased by a net 690,243 registrations over the course of the month.
That’s a pretty big deal, but for some reason Verisign didn’t make any announcements about it at the time.
ICANN registry reports, which all contracted gTLDs must submit, are filed three months after the fact, for competitive reasons.
The number of domains in the .com zone file – which is what most people track to follow the fortunes of TLD operators — differs from the total number in the registry.
Domains which do not have name servers or are in special registry status codes such as Pending Delete do not show up in the zone file.
Today, RegistrarStats reports 100,052,046 domains in the .com zone, while HosterStats’ count yesterday was 100,045,666. The registry is likely to have about 1.5 million more, however.
Verisign to apply for a dozen new gTLDs
Verisign plans to apply to ICANN for about 12 new generic top-level domains, according to the executive in charge of registry services.
“We intend to do about 12. Most of those will be transliterations of .com,” senior vice president Pat Kane said on the company’s fourth-quarter earnings call yesterday.
This does not mark a significant change of strategy – the company has been open about its intention to apply for internationalized domain name variants of .com for over a year – but I believe it’s the first time it’s put a number on it.
It will be interesting to see which gTLDs – if any – Verisign will go for which are not .com IDNs.
My view is that it would make more sense for the company to apply for potentially high-volume .com competitors, such as .web or .blog. It has the capacity, the channel and the cash.
Smaller niche gTLDs may not be worth the distraction and risk, and would be better suited to dedicated registries that can concentrate on more focused marketing.
In any event, we’re going to see some major consolidation in the new gTLD space four or five years from now, and Verisign could well vacuum up cash-making registries at that time.
CEO Jim Bidzos also said on the call that Verisign has been retained to provide the registry for “several” dot-brand applications, but that it will not see any material revenue until 2013.
The major event for 2012, he noted, is the renewal of the .com Registry Agreement with ICANN, which expires at the end of November.
Verisign is already “engaging” with ICANN on this, Bidzos said.
This contract will be posted for public comment and sent to the US Department of Commerce for approval.
I’m expecting controversy, particularly if the contract continues to allow Verisign to increase prices.
It’s going to be harder for Verisign to argue that it needs the extra cash to invest in its infrastructure if it’s also leveraging that infrastructure to win lucrative dot-brand contracts.
Fight brewing over thick .com Whois
This year is likely to see a new fight over whether Verisign should be forced to create a “thick” Whois database for .com and its other generic top-level domains.
While Verisign has taken a deliberately ambivalent position on whether ICANN policy talks should kick off, the community is otherwise split on whether a mandatory thick Whois is a good idea.
Currently, only .com, .net, .name and .jobs – which are all managed on Verisign’s registry back-end – use a thin Whois model, in which domain name registrars store their customers’ data.
Other gTLDs all store registrant data centrally. Some “sponsored” gTLD registries have an even closer relationship with Whois data — ICM Registry for example verifies .xxx registrants’ identities.
But in a Preliminary Issue Report published in November, ICANN asked whether it should kick off a formal Policy Development Process that could make thick Whois a requirement in all gTLDs.
In comments filed with ICANN last week, Verisign said:
As the only existing registry services provider impacted by any future PDP on Thick Whois, Verisign will neither advocate for nor against the initiation of a PDP.
…
Verisign believes the current Whois model for .com, .net, .name and .jobs is effective and that the proper repository of registrant data is with registrars — the entities with direct connection to their customers. However, if the community, including our customers, determines through a PDP that “going thick” is now the best approach, we will respect and implement the policy decision.
Thick Whois services make it easier to find out who owns domain names. Currently, a Whois look-up for a .com domain can require multiple queries at different web sites.
While Whois aggregation services such as DomainTools can simplify searches today, they still face the risk of being blocked by dominant registrars.
The thin Whois model can also make domain transfers trickier, as we witnessed just last week when NameCheap ran into problems processing inbound transfers from Go Daddy.
ICANN’s Intellectual Property Constituency supports the transition to a thick Whois. It said in its comments:
Simplifying access to this information through thick Whois will help prevent abuses of intellectual property, and will protect the public in many ways, including by reducing the level of consumer confusion and consumer fraud in the Internet marketplace. Thick Whois enables quicker response and resolution when domain names are used for illegal, fraudulent or malicious purposes.
However, Verisign noted that a thicker Whois does not mean a more accurate Whois database – registrars will still be responsible for collecting and filing customer contact records.
There are also concerns that a thick Whois could have implications for registrant privacy. Wendy Seltzer of the Non-Commercial Users Constituency told ICANN:
Moving all data to the registry could facilitate invasion of privacy and decrease the jurisdictional control registrants have through their choice of registrar. Individual registrants in particular may be concerned that the aggregation of data in a thick WHOIS makes it more attractive to data miners and harder to confirm compliance with their local privacy laws.
This concern was echoed to an extent by Verisign, which noted that transitioning to a thick Whois would mean the transfer of large amounts of data between legal jurisdictions.
European registrars, for example, could face a problem under EU data protection laws if they transfer their customer data in bulk to US-based Verisign.
Verisign also noted that a transition to a thick Whois would dilute the longstanding notion that registrars “own” their customer relationships. It said in its comments:
As recently as the June 2011 ICANN meeting in Singapore, Verisign heard from several registrars that they are still not comfortable with Verisign holding their customers’ data. Other registrars have noted no concern with such a transition
ICANN staff will now incorporate these and other comments into its final Issue Report, which will then be sent to the GNSO Council to decide whether a PDP is required.
If the Council votes in favor of a PDP, it would be many months, if at all, before a policy binding on Verisign was created.
VeriSign yanks domain seizure power request
That was quick.
VeriSign has withdrawn its request for new powers to delete domain names being used for abusive purposes, just a few days after filing it with ICANN.
The company had proposed a policy that would give law enforcement the ability to seize .com and .net names apparently without a court order, and a new malware scanning service.
The former came in for immediate criticism from groups including the American Civil Liberties Union and the Electronic Frontier Foundation, while the latter appeared to have unnerved some registrars.
But now both proposals have been yanked from ICANN’s Registry Services Evaluation Process queue.
This is not without precedent. Last year, VeriSign filed for and then withdrew requests to auction off one-letter .net names and a “Domain Name Exchange” service that looked a bit like domain tasting.
Both came in for criticism, and have not reappeared.
Whether the latest abuse proposals will make a reappearance after VeriSign has had time to work out some of the more controversial kinks remains to be seen.
Should .com get a thick Whois?
The ICANN community has taken another baby step towards pushing VeriSign into implementing a “thick” Whois database for .com and .net domain names.
The GNSO Council yesterday voted to ask ICANN to prepare an Issue Report exploring whether to require “all incumbent gTLDs” to operate a thick Whois. Basically, that means VeriSign.
The .com and .net registries currently run on a “thin” model, whereby each accredited registrar manages their own Whois databases.
Most other gTLDs today run thick registries, as will all registries approved by ICANN under its forthcoming new gTLDs program.
The thinness of .com can cause problems during inter-registrar transfers, when gaining and losing registrars have no central authoritative database of registrant contact details to rely upon.
In fact, yesterday’s GNSO vote followed the recommendations of a working group that decided after much deliberation that a thick .com registry may help reduce bogus or contested transfers.
Trusting registrars to manage their own Whois is also a frequent source of frustration for law enforcement, trademark interests and anti-spam firms.
Failure to maintain a functional web-based or port 43 Whois interface is an often-cited problem when ICANN’s compliance department terminates rogue registrars.
Now that an Issue Report has been requested by the GNSO, the idea of a thick .com moves closer to a possible Policy Development Process, which in turn can create binding ICANN consensus policies.
There’s already a clause in VeriSign’s .com registry agreement that gives ICANN the right to demand that it creates a centralized Whois database.
Switching to a thick model would presumably not only transfer responsibility to VeriSign, but also cost and liability, which is presumably why the company seems to be resisting the move.
Don’t expect the changes to come any time soon.
Writing the Issue Report is not expected to be a priority for ICANN staff, due to their ongoing chronic resource problems, and any subsequent PDP could take years.
The alternative – for ICANN and VeriSign to come to a bilateral agreement when the .com contract comes up for renewal next year – seems unlikely given that ICANN did not make a similar requirement when .net was renegotiated earlier this year.
VeriSign to raise .com and .net prices again
VeriSign has announced price increases for .com and .net domain name registrations.
From January 15, 2012, .com registry prices will increase from $7.34 to $7.85 and .net fees will go up from $4.65 to $5.11.
That’s a 10% increase for .net and a 7% increase for .com, the maximum allowable under its registry agreements with ICANN.
As ever, registrants have six months to lock down their domains at current pricing by renewing for periods of up to 10 years.
The last time VeriSign raised prices, also by 7% and 10%, the higher prices became effective a year ago, July 2010.
VeriSign’s contract for .net was renewed last month after it was approved by the ICANN board of directors.
Its .com contract comes up for renewal next year.
Feds seize billion-dollar poker domains
Five domain names associated with online poker sites have been seized by the FBI as part of an investigation that has also seen 11 people indicted.
The principals of PokerStars, Absolute Poker and Full Tilt Poker, along with third-party “payment processors”, stand accused of engaging in a massive money laundering scheme in order to accept billions of dollars of payments from American gamblers in violation of US laws.
The charges carry possible maximum sentences of between five and 30 years in prison, along with substantial monetary fines. Two men have been arrested, a third is due to be arraigned, and the remainder are currently outside of the US, according to a press release (pdf).
The US Attorney for the Southern District of New York said five domain names have been seized by the FBI in connection with the prosecutions.
It’s not yet clear which domains have been seized.
From where I’m sitting in London, absolutepoker.com already shows an FBI warning banner, but pokerstars.com and fulltiltpoker.com both resolve normally. I may be receiving cached DNS data.
Blogger Elliot Silver, sitting behind a resolver on the other side of the pond, reports that ub.com is among the seized domains.
Unlike previous recent seizures, which were carried out by the US Immigration and Customs Enforcement agency, this time the FBI appears to be the responsible agency.
And this time, these aren’t two-bit file-sharing forums or Chinese knock-off merchandise sites, we’re talking about businesses that are perfectly legal in many jurisdictions, clearing billions in revenue.
But according to US Attorney’s charges, the companies carried out an elaborate plan to cover up the sources of their revenue through third parties and phoney bank accounts.
The companies are even alleged to have made multi-million dollar investments in failing banks in order to get them to turn a blind eye to the illicit gambling activities.
It appears that the FBI went straight to the .com registry, VeriSign, as some of the affected domains appear to be registered through UK-based corporate registrar Com Laude.
If you’re wondering whether this is yet another confirmation that all .com domains are subject to US jurisdiction, this is your takeaway sentence, from Manhattan US Attorney Preet Bharara:
Foreign firms that choose to operate in the United States are not free to flout the laws they don’t like simply because they can’t bear to be parted from their profits.
The suits seek $3 billion in allegedly ill-gotten gains to be returned.
Domain security arrives in .com
VeriSign announced late yesterday that it has fully implemented DNSSEC in .com, meaning pretty much anyone with a .com domain name can now implement it too.
DNSSEC is a domain-crypto protocol mashup that allows web surfers, say, to trust that when they visit wellsfargo.com they really are looking at the bank’s web site.
It uses validatable cryptographic signatures to prevent cache poisoning attacks such as the Kaminsky Bug, the potential internet-killer that caused panic briefly back in 2008.
With .com now supporting the technology, DNSSEC is now available in over half of the world’s domains, due to the size of the .com zone. But registrants have to decide to use it.
I chatted to Matt Larson, VeriSign’s VP of DNS research, and Sean Leach, VP of technology, this afternoon, and they said that .com’s signing could be the tipping point for adoption.
“I feel based on talking to people that everybody has been waiting for .com,” Larson said. “It could open the floodgates.”
What we’re looking at now is a period of gradual adoption. I expect a handful of major companies will announce they’ve signed their .coms, probably in the second half of the year.
Just like a TLD launch, DNSSEC will probably need a few anchor tenants to raise the profile of the technology. Paypal, for example, said it plans to use the technology at an ICANN workshop in San Francisco last month, but that it will take about six months to test.
“Most people have their most valuable domains in the .com space,” said Leach. “We need some of the big guys to be first movers.”
There’s also the issue of ISPs. Not many support DNSSEC today. The industry has been talking up Comcast’s aggressive deployment vision for over a year now, but few others have announced plans.
And of course application developer support is needed. Judging from comments made by Mozilla representatives in San Francisco, browser makers, for example, are not exactly champing at the bit to natively support the technology.
You can, however, currently download plugins for Firefox that validate DNSSEC claims, such as this one.
According to Leach, many enterprises are currently demanding DNSSEC support when they buy new technology products. This could light a fire under reluctant developers.
But DNSSEC deployment will still be slow going, so registries are doing what they can to make it less of a cost/hassle for users.
Accredited registrars can currently use VeriSign’s cloud-based signing service for free on a trial basis, for example. The service is designed to remove the complexity of managing keys from the equation.
I’m told “several” registrars have signed up, but the only one I’m currently aware of is Go Daddy.
VeriSign and other registries are also offering managed DNSSEC as part of their managed DNS resolution enterprise offerings.
Neither of the VeriSign VPs was prepared to speculate about how many .com domains will be signed a year from now.
I have the option to turn on DNSSEC as part of a Go Daddy hosting package. I probably will, but only in the interests of research. As a domain consumer, I have to say the benefits haven’t really been sold to me yet.
Recent Comments