Latest news of the domain name industry

Recent Posts

Phishing still on the decline, despite Whois privacy

Kevin Murphy, March 5, 2019, Domain Policy

The number of detected phishing attacks almost halved last year, despite the fact that new Whois privacy rules have made it cheaper for attackers to hide their identities.

There were 138,328 attacks in the fourth quarter of 2018, according to the Anti-Phishing Working Group, down from 151,014 in Q3, 233,040 in Q2, and 263,538 in Q1.

That’s a huge decline from the start of the year, which does not seem to have been slowed up by the introduction in May of the General Data Protection Regulation and ICANN’s Temp Spec, which together force the redaction of most personal data from public Whois records.

The findings could be used by privacy advocates to demonstrate that Whois redaction has not lead to an increase in cybercrime, as their opponents had predicted.

But the data may be slightly misleading.

APWG notes that it can only count the attacks it can find, and that phishers are becoming increasingly sophisticated in how they attempt to avoid detection. The group said in a press release:

There is growing concern that the decline may be due to under-detection. The detection and documentation of some phishing URLs has been complicated by phishers obfuscating phishing URLs with techniques such as Web-spider deflection schemes – and by employing multiple redirects in spam-based phishing campaigns, which take users (and automated detectors) from an email lure through multiple URLs on multiple domains before depositing the potential victim at the actual phishing site.

It also speculates that criminals once involved in phishing may have moved on to “more specialized and lucrative forms of e-crime”.

The Q4 report (pdf) also breaks down phishing attacks by TLD, though comparisons here are difficult because APWG doesn’t always release this data.

The group found .com to still have the most phishing domains — 2,098 of the 4,485 unique domains used in attacks, or about 47%. According to Verisign’s own data, .com only has 40% market share of total registered domains.

But new, 2012-round gTLDs had phishing levels below their market share — 4.95% of phishing on a 6.83% share. This is actually up compared to the 3% recorded by APWG in Q3 2017, the most recent available data I could find.

Only two of the top 20 most-abused TLDs were new gTLDs — .xyz and .online, which had just 70 attack domains between them. That’s good news for .xyz, which in its early days saw 10 times as much phishing abuse.

After .com, the most-abused TLD was .pw, the ccTLD for Palau run by Radix as an unrestricted pseudo-gTLD. It had 374 attack domains in Q4, APWG said.

Other ccTLDs with relatively high numbers included several African zones run as freebies by Freenom, as well as the United Kingdom’s .uk and Brazil’s .br.

Phishing is only one form of cybercrime, of course, and ICANN’s own data shows that when you take into account spam, new gTLDs are actually hugely over-represented.

According to ICANN’s inaugural Domain Abuse Activity Reporting report (pdf), which covers January, over half of cybercrime domains are in the new gTLDs.

That’s almost entirely due to spam. One in 10 of the threats ICANN analyzed were spam, as identified by the likes of SpamHaus and SURBL. DAAR does not include ccTLD data.

The takeaway here appears to be that spammers love new gTLDs, but phishers are far less keen.

ICANN did not break down which gTLDs were the biggest offenders, but it did say that 52% of threats found in new gTLDs were found in just 10 new gTLDs.

This reluctance to name and shame the worst offenders prompted one APWG director, former ICANN senior security technologist Dave Piscitello, to harshly criticize his former employer in a personal blog post last month.

Court rules generic dictionary domains CAN be trademarked

Kevin Murphy, February 11, 2019, Domain Policy

A US appeals court has ruled that generic, dictionary domain names can be trademarked.

The hotel-booking web site Booking.com was told last week that it is in fact eligible to have “Booking.com” registered as a trademark, over the objections of the US Patent and Trademark Office.

The ruling could have a chilling effect on domain name choices in the hotel-booking market.

USPTO had denied the company’s trademark application in 2012 because “Booking.com” was considered too generic.

Under US trademark law, you can’t register a trademark if it merely generically describes the product or service you offer rather than its source.

You couldn’t register “Beer” as a brand of beer, for example, though you might be able to register “Beer” as a brand of shoes.

Booking.com sued to have the USPTO ruling overturned in 2016, and in 2017 a district court judge ruled that “although ‘booking’ was a generic term for the services identified, BOOKING.COM as a whole was nevertheless a descriptive mark”.

USPTO appealed, saying that “Booking.com” is too generic to be trademarked, but last week it lost.

In a 2-1 majority decision, the appeals court ruled:

We hold that the district court, in weighing the evidence before it, did not err in finding that the USPTO failed to satisfy its burden of proving that the relevant public understood BOOKING.COM, taken as a whole, to refer to general online hotel reservation services rather than Booking.com the company… we reject the USPTO’s contention that adding the
top-level domain (a “TLD”) .com to a generic second-level domain (an “SLD”) like booking can never yield a non-generic mark.

Key evidence was a survey Booking.com had submitted that indicated that almost three quarters of consumers understood “Booking.com” to be a brand name, rather than a generic term to describe hotel-booking web sites.

Here are some other extracts of the appeals court majority’s thinking, as they relate to domain names:

Merely appending .com to an SLD does not render the resulting domain name non-generic because the inquiry is whether the public primarily understands the term as a whole to refer to the source or the proffered service.

We… conclude that when “.com” is combined with an SLD, even a generic SLD, the resulting composite may be non-generic where evidence demonstrates that the mark’s primary significance to the public as a whole is the source, not the product

because trademarks only protect the relevant service — here, the district court granted protection as to hotel reservation services but not travel agency services — protection over BOOKING.COM would not necessarily preclude another company from using, for example, carbooking.com or flightbooking.com

In sum, adding “.com” to an SLD can result in a non-generic, descriptive mark upon a showing of primary significance to the relevant public. This is one such case.

The ruling does not appear to protect all uses of a generic dictionary word combined with a TLD, but rather only “rare circumstances” where there’s evidence of a secondary, non-generic meaning.

One judge on the case, James Wynn, was not convinced by the majority’s thinking. He warned that the ruling goes against years of legal precedent and could enable Booking.com to subject competitors to expensive litigation.

In his dissenting opinion, he wrote:

BOOKING.COM is a run-of-the-mill combination of a generic term with a Top Level Domain that creates a composite mark concerning the subject or business encompassed by the generic term—precisely the type of mark that the courts in Hotels.com, Reed Elsevier Properties, 1800Mattress.com, and Advertise.com found did not amount to the “rare circumstance” that warranted affording the domain name trademark protection.

Presumptively allowing protection of domain names composed of a generic Secondary Level Domain and Top Level Domain conflicts with the law’s longstanding refusal to permit registration of generic terms as trademark

Wynn added that he was “not convinced” that Booking.com’s competitors that use the word “booking” in their domains will be protected by the “fair use” defense, and that the existence of such a defense will not prevent Booking.com from suing them out of business regardless.

Put simply, putative competitors may — and likely will — choose not to operate under domain names that include the word “booking” — even if that term best describes the service they offer — because they do not want to incur the expense and risk of defending an infringement action.

The full ruling can be read here (pdf).

No .web until 2021 after Afilias files ICANN appeal

Kevin Murphy, December 6, 2018, Domain Registries

Afilias has taken ICANN to arbitration to prevent .web being delegated to Verisign.

The company, which came second in the $135 million auction that Verisign won in 2016, filed Independent Review Process documents in late November.

The upshot of the filing is that .web, considered by many the best potential competitor for .com — Afilias describes it as “crown jewels of the New gTLD Program” — is very probably not going to hit the market for at least a couple more years.

Afilias says in in its filing that:

ICANN is enabling VeriSign to acquire the .WEB gTLD, the next closest competitor to VeriSign’s monopoly, and in so doing has eviscerated one of the central pillars of the New gTLD Program: to introduce and promote competition in the Internet namespace in order to break VeriSign’s monopoly

Its beef is that Verisign acquired the rights to .web by hiding behind a third-party proxy, Nu Dot Co, the shell corporation linked to the co-founders of .CO Internet that appears to have been set up in 2012 purely to make money by losing new gTLD auctions.

Afilias says NDC broke the rules of the new gTLD program by failing to notify ICANN that it had made an agreement with Verisign to sign over its rights to .web in advance of the auction.

The company says that NDC’s “obligation to immediately assign .WEB to VeriSign fundamentally changed the nature of NDC’s application” and that ICANN and the other .web applicants should have been told.

NDC’s application had stated that .web was going to compete with .com, and Verisign’s acquisition of the contract would make that claim false, Afilias says.

This means ICANN broke its bylaws commitment to apply its policies, “neutrally, objectively, and fairly”, Afilias claims.

Allowing Verisign to acquire its most significant potential competitor also breaks ICANN’s commitment to introduce competition to the gTLD market, the company reckons.

It will be up to a three-person panel of retired judges to decide whether these claims holds water.

The IRP filing was not unexpected. I noted that it seemed likely after a court threw out a Donuts lawsuit against ICANN which attempted to overturn the auction result for pretty much the same reasons.

The judge in that case ruled that new gTLD applicants’ covenant not to sue ICANN was valid, largely because alternatives such as IRP are available.

ICANN has a recent track record of performing poorly under IRP scrutiny, but this case is by no means a slam-dunk for Afilias.

ICANN could argue that the .web case was not unique, for starters.

The .blog contention set was won by an affiliate of WordPress maker Automattic under almost identical circumstances earlier in 2016, with Colombian-linked applicant Primer Nivel paying $19 million at private auction, secretly bankrolled by WordPress.

Nobody complained about that outcome, probably because it was a private auction so all the other .blog applicants got an even split of the winning bid.

Afilias wants the .web IRP panel to declare NDC’s bid invalid and award .web to Afilias at its final bid price.

For those champing at the bit to register .web domains, and there are some, the filing means they’ve likely got another couple years to wait.

I’ve never known an IRP to take under a year to complete, from filing to final declaration. We’re likely looking at something closer to 18 months.

Even after the declaration, we’d be looking at more months for ICANN’s board to figure out how to implement the decision, and more months still for the implementation itself.

Barring further appeals, I’d say it’s very unlikely .web will start being sold until 2021 at the very earliest, assuming the winning registry is actually motivated to bring it to market as quickly as possible.

The IRP is no skin off Verisign’s nose, of course. Its acquisition of .web was, in my opinion, more about restricting competition than expanding its revenue streams, so a delay simply plays into its hands.

ICANN urged to reject .com price increases

Kevin Murphy, November 21, 2018, Domain Registries

The Internet Commerce Association has asked ICANN to refuse to allow Verisign to raise its wholesale prices for .com domain names.

The domainer trade group wrote to ICANN last week to point out that just because the Trump administration has dropped the US government objection to controlled price increases, that doesn’t necessarily mean ICANN has to agree.

Verisign’s deal with the National Telecommunications and Information Administration “does not of course, compel ICANN to agree to any such increases. Any such decision regarding .com pricing
remains with ICANN” ICA general counsel Zak Muscovitch wrote.

The deal allows Verisign to increase the price of .com registrations, renewals and transfers by 7% per year in four of the next six years, leading to a compound 30% increase by the time it concludes.

The arguments put forth Muscovitch’s letter are pretty much the same as the arguments ICA made when it was lobbying NTIA to maintain the price freeze.

Namely: Verisign already makes a tonne of money from .com, it has a captive audience, it cannot claim credit for .com’s success, and .com is not constrained by competition.

“As NTIA makes clear, it is up to Verisign to request a fee increase and ICANN that may agree or disagree. ICANN should not agree. Indeed, it would be a dereliction of ICANN’s responsibilities to the ICANN community if Verisign were permitted to raise its fees when it is already very well paid for the services which it provides,” Muscovitch’s letter (pdf) concludes.

For many years ICANN has been reluctant to get involved in price regulation. It remains to be seen whether it will make an exception for .com.

Hebrew .com off to a slow start

Kevin Murphy, November 21, 2018, Domain Registries

The Hebrew transliteration of .com has only sold a couple hundred domains since it went into general availability.

Verisign took the new gTLD קום. (Hebrew is a right-to-left script, so the dot comes after the string) to market November 5, when it had about 3,200 domains in its zone file. It now stands around the 3,400 mark.

The pre-GA domains are a combination of a few hundred sunrise regs and a few thousand exact-match .coms that were grandfathered in during a special registration period.

It’s not a stellar performance out of the gates, but Hebrew is not a widely-spoken language and most of its speakers are also very familiar with the Latin script.

There are between seven and nine million Hebrew speakers in the world, according to Wikipedia. It doesn’t make the top 100 languages in the world.

The ccTLD for Israel, where most of these speakers live, reports that it currently has 246,795 .il domains under management. That’s a middling amount when compared to similarly sized countries such as Serbia (about 100,000 names) and Switzerland (over 2 million).

Verisign’s original application for this transliteration had to be corrected, from קום. to קוֹם. If you can tell the difference, you have better eyesight than me.

In the root, the gTLD is Punycoded as .xn--9dbq2a.