Latest news of the domain name industry

Recent Posts

Domain hijack leads to registrar shutdown threat

Kevin Murphy, April 12, 2012, Domain Registrars

ICANN has threatened to terminate Chinese domain name registrar eName Technology after the domain 1111.com was allegedly hijacked.

According to ICANN’s notice of breach (pdf), eName has refused to hand over data documenting the transfer of 1111.com as required by the Registrar Accreditation Agreement.

ICANN claims that when it tried to get eName’s help investigating a hijacking complaint, the company did not return its calls or emails.

The registrar now has 15 days to provide the transfer records as called for by the Inter-Registrar Transfer Policy.

According to historical Whois records, 1111.com was transferred to eName between February 12 and 16 this year. After a complaint, ICANN started chasing eName for the data on February 28.

The domain appears to have been owned by at least four different parties and three different registrars – Network Solutions, then Joker, then eName – since the start of 2012.

It’s the second time that ICANN has sent a breach notice to a registrar over an alleged mishandling of a domain name hijacking, and the first time it’s actually named the domain in question.

In February, the organization threatened Turkish registrar Alantron with the suspension of its contract over the botched handling of pricewire.com.

Rogue registrar suspended over “stolen” domain

Kevin Murphy, February 20, 2012, Domain Registrars

ICANN has told Turkish domain name registrar Alantron that its accreditation will be suspended for a month due to its shoddy record-keeping.

The suspension, which will become effective March 8, follows an investigation into allegations of double-selling.

ICANN issued the suspension last Thursday after trying unsuccessfully for almost three months to get its hands on Alantron’s registration records.

The company now has until March 28 to sort out its compliance problems or face losing its accreditation entirely.

I understand the investigation was prompted by complaints filed by an American named Roger Rainwater over the potentially valuable domain name pricewire.com.

Pricewire.com spent a couple of years under Whois privacy but was grabbed last August by Turkish registrant Altan Tanriverdi, according to historical Whois records.

Rainwater, who says he had been monitoring it for three or four years, subsequently paid Tanriverdi an undisclosed sum for the domain, signing up for an Alantron account so it could be pushed.

Rainwater showed up in the Whois for pricewire.com on September 7 last year. But he says he was unable to change his name servers and 48 hours later the name disappeared from his account.

He says he was told by Alantron that it had put the domain in Tanriverdi’s account “by mistake” and that it was sold to SnapNames as part of a batch of dropping domains.

According to emails sent to Rainwater, seen by DI, Alantron said that pricewire.com was “registered via a partner company called Directi for a company called Snapnames”.

SnapNames had already auctioned the name – apparently there were more than 40 bidders – and the name has since been transferred to one Sammy Katz of Philadelphia.

However, given that Whois reliability is at question here, it’s not entirely clear who owns it. It’s currently parked at InternetTraffic.com.

Tanriverdi, who appears to be equally aggrieved, has published an extensive history of the dispute, along with screenshots, here (in Turkish).

In short: Alantron stands accused of double-selling pricewire.com.

ICANN’s compliance team has been unable to get its hands on the underlying transaction data despite repeated attempts because Alantron apparently doesn’t have it.

Its suspension notice alleges that Alantron was running two registration systems in parallel and that they weren’t talking to each other, resulting in the same name being sold to two parties.

Read ICANN’s suspension notice in PDF format here.

Registrar threatened with shutdown for failing to reveal registrant

Kevin Murphy, November 9, 2011, Domain Registrars

ICANN has told a Turkish domain name registrar that its accreditation will be terminated unless it fixes its apparently shoddy Whois services.

While Alantron has a track record of Whois failures and connections to abusive domains, ICANN’s threat appears to have been made in connection with a single domain name.

ICANN compliance director Stacey Burnette wrote to Alantron (pdf):

On 12 October 2011, ICANN requested that Alantron make registration records available to ICANN concerning a specific domain name, as ICANN received a complaint that there was no Whois output available for the domain name. Although numerous requests were made by ICANN to make the registration records available for inspection and copying, as of the date of this letter, Alantron has not made any arrangements to comply with ICANN’s request.

The letter also details Alantron’s alleged failures to make Whois available through Port 43 and its web interface going back to September 1.

ICANN has also threatened to suspend Alantron’s ability to create new registrations. Alantron received a similar de-accreditation warning for Whois failures in April 2010.

It does not say who made the complaint or which domain is in question, but the company has come under fire from security pros in the past for allowing its services to be abused to push fake pharmaceuticals.

Alantron, which has about 26,000 domains under management according to Webhosting.info, has until November 25 to rectify the problem.

Go Daddy’s 60-day domain lockdown loophole

Kevin Murphy, September 8, 2011, Domain Registrars

Perhaps the most common complaint of the many leveled at Go Daddy over the years is that it refuses to allow customers to transfer domains to another registrar for 60 days after an ownership change.

The latest person to fire this criticism at the company is tech blogger Scott Raymond, who published a lengthy tirade against Go Daddy and its policy on ZDNet today.

Raymond points out that Go Daddy seems to be in violation of ICANN’s Inter-Registrar Transfer Policy, which explicitly prohibits the rejection of a transfer request due to a recent Whois change.

He’s not alone. Even Andrew Allemann of Domain Name Wire, hardly Go Daddy’s fiercest critic, said as recently as May that he thinks the company is in violation of the IRTP.

With good reason – this April 2008 ICANN advisory seemed to be specifically written with a ban on Go Daddy’s 60-day policy in mind.

But is the company non-compliant? ICANN doesn’t seem to think so.

I’ve tracked down this November 2009 email from David Giza, then ICANN’s head of compliance, in which he describes what seems to amount to a loophole Go Daddy and other registrars exploit.

Giza explains that the 2008 advisory “only addresses mandatory updates to Whois contact information, not a transfer or assignment to a new registrant”.

Registrants are obliged to keep their Whois data up-to-date; that’s what he means by “mandatory”.

Giza’s email adds:

the transfer policy does not prohibit registrars from requiring registrants to agree to the blocking of transfer requests as a condition for registrar facilitation of optional services such as the transfer of a registration to a new registrant.

We understand GoDaddy.com’s 60-day lock is a voluntary opt-in process where registrants are made aware of and agree to the restriction that the domain name is not to be transferred for 60-days following the completion of transfer. As such, this practice is not prohibited by the transfer policy.

In other words, there are “Whois Changes” and there are “Registrant Changes”, and registrars are only allowed to trigger a lock-down in the latter case, according to Giza.

And according to DNW’s reporting on the subject, that’s exactly what Go Daddy continues to do — locking the domain if certain fields in the registrant record are changed.

So the 60-day lock appears to be kosher, at least in the opinion of ICANN’s erstwhile compliance chief. Whether that could change under the department’s new management is unknown.

As it happens, the subject was raised by a recent working group that was looking into revising the IRTP, but it was so contentious that consensus could not be found.

The problem has been bounced down the road. The most recent mention came in this ICANN issue report (pdf, page 14-15).

Anyway, if I lost you several paragraphs ago, the net result of all this seems to be that Go Daddy probably isn’t breaking the rules, but that nobody can agree whether that’s a good thing or not.

The fact that one has to do this much digging into ICANN esoterica just to figure out whether Go Daddy is screwing its customers over isn’t very reassuring, is it?

Another registrar on the ICANN naughty step

Kevin Murphy, September 6, 2011, Domain Registrars

ICANN has threatened to terminate the accreditation of Samjung Data Service, a South Korean domain name registrar.

The threat, the 13th ICANN’s compliance department has issued to a registrar this year, is notable because it’s a rare example where money does not appear to be an issue.

Samjung’s failing, according to ICANN’s termination letter, is its inability to escrow registrant data with Iron Mountain on the agreed schedule and in the required format.

The tiny registrar has also failed to make the technical contacts in its customers’ Whois records available online, and has been apparently ignoring ICANN’s calls and emails.

What ICANN does not do is accuse Samjung of not paying its accreditation fees, which in the past has been a notable feature of compliance actions.

Delinquent payments tend to alert ICANN that there may be other problems at a registrar, but this has led to criticisms that the organization is only concerned about its revenue.

Could the Samjung case be another example of the newly staffed-up ICANN compliance department taking the more proactive stance that was promised?