Latest news of the domain name industry

Recent Posts

.whoswho survives!

Kevin Murphy, October 3, 2019, Domain Registries

The registry running the failing new gTLD .whoswho has managed to avoid having its contract terminated by ICANN.

According to an update on the ICANN web site, Who’s Who Registry came back into compliance with its obligations earlier this week, meaning it can continue operating.

It had been under a cloud of uncertainty since January, when ICANN Compliance sent off a breach notice saying the company was overdue with its $25,000-a-year fees.

Who’s Who originally had until a date in February to pay up, but this deadline has been extended repeatedly over the course of the year.

Registry CEO John McCabe had told ICANN last November that the fee is “onerous” and “the single largest item in .whoswho’s budget”.

ICANN later rejected his request for a fee reduction.

.whoswho, which seeks to replicate the once-popular biography compilation books of the same name, has fewer than 100 real registrations to its name, most of which appear to be defensive, despite being live for five years.

At about $70 a pop, that’s still not nearly enough to cover ICANN fees, never mind other operating costs.

It sold barely a dozen names in the first half of this year.

I thought it was a goner for sure.

But it looks like it’s been saved from the axe for now, so maybe there’s time to turn things around.

Registrar suspended over dodgy transfers

Kevin Murphy, October 1, 2019, Domain Registrars

ICANN has suspended a Los Angeles-based registrar after failing to get answers to its questions about a bunch of domain transfer.

World Biz Domains won’t be able to sell any gTLD domains, or accept transfers, from October 16 until January 13 next year. It will also have to post ICANN’s suspension notice on its home page.

Its crime? Failing to provide ICANN with records proving that the change of registrant requests for 15 potentially valuable domain names were legitimate.

ICANN has been badgering World Biz for these records since April, but says it was given the runaround.

The domains in question — 28.net, 68.net, 88.org, changi.com, tay.net, goh.net, koh.net, kuantan.com, yeong.com, merlion.org, og.net, raffles.net, sentosa.org, sg.org and shenton.com — all appear to have been registered to a Singaporean investor using the registrar DomainDiscover until about a year ago.

The non-numeric names all have significance to Singapore or neighboring Malaysia one way or the other. Some of them are arguably UDPR fodder.

Shenton is a busy street and hotel in the city, Merlion is Singapore’s lion mascot, Sentosa is a Singaporean island, and Raffles is of course the name of the famous hotel. Other domains on the list are common Chinese surnames used by Singaporeans.

It appears that about a year ago, according to DomainTools’ historical Whois records, they were transferred to World Biz and put under privacy protection.

There’s no specific claim in ICANN’s notice that any domain hijacking has taken place, but it’s easy to infer that the original registrant was for some reason not happy that the domains changed hands and therefore complained to ICANN.

Some of the domains in question have since been transferred to other registrars and may have been returned to the original registrant.

If ICANN’s track record of demanding records is any guide, this will not help World Biz come into compliance.

Should it be terminated, it looks like very few registrants will be affected.

While World Biz at one point had over 5,000 gTLD domains under management, it’s been shrinking consistently for the best part of a decade and in May had just 74 DUM.

September last year, when the domains in question moved to World Biz, was the company’s most-successful month in terms of inbound transfers — 17 domains — since I started tracking this kind of data nine years ago.

Net 4 India gets brief reprieve from ICANN suspension

India registrar Net 4 India has been given a bit of breathing space by ICANN, following its suspension last month.

ICANN suspended the registrar’s accreditation a month ago, effective June 21, after discovering the company had been in insolvency proceedings for some time.

But on June 20 ICANN updated its suspension notice to give Net4 more time to comply. It now has until September 4, the same day its insolvency case is expected to end, to provide ICANN with documentation showing it is still a going concern.

The registrar was sued by a debt collector that had acquired some Rs 1.94 billion ($28 million) of unpaid debts from an Indian bank.

ICANN’s updated suspension notice adds that Net4 is to provide monthly status updates, starting July 18, if it wants to keep its accreditation.

The upshot of all this is that the registrar can carry on selling gTLD domains and accepting inbound transfers for at least another couple months.

Five more gTLD deadbeats fingered by ICANN

The company that tried unsuccessfully to get the .islam new gTLD has been slammed by ICANN for failing to pay its dues on five different gTLDs.

Asia Green IT System, based in Turkey, has been considered “past due” on its registry fees since at least January, according to an ICANN breach notice sent yesterday.

The company runs .nowruz (Iranian New Year), .pars (refers to Persia/Iran), .shia (a branch of Islam), .tci (a closed dot-brand) and .همراه (.xn--mgbt3dhd, appears to mean something like “comrade” in Persian).

The only one of these to actually launch is .nowruz. It came to market March last year — bizarrely, it didn’t leave sunrise until a week after Nowruz was over — and has scraped just over 40 registrations. It does not appear to have any active web sites.

With little to no revenue, one can imagine why it might have difficulty paying ICANN’s $25,000 annual per-TLD registry fee, which it will have been paying for almost four years before lapsing.

None of its mandatory “nic.example” sites resolve for me today, though its “whois.nic.example” sites can be reached once you click through an SSL security warning.

The primary registry web site for AGIT, agitsys.com, also does not resolve for me.

ICANN’s breach notice claims that it has been unable to contact anyone at the registry, despite many outreach attempts, since January. It believes it has outdated contact data for the company.

AGIT is perhaps best-known to DI readers for its unsuccessful attempts to apply for .islam and .halal.

ICANN rejected these applications last October after an outcry from governments of Muslim-majority nations and the Organization for Islamic Cooperation.

Given AGIT’s apparent difficulties, perhaps that was a good call.

If the registry doesn’t cough up by June 13, ICANN may start termination proceedings.

It’s the 19th published breach notice ICANN has sent to a gTLD registry. In most cases, even the handful of cases that have escalated to termination, the registry has managed to resolve the issue before losing their contracts.

The only gTLD to actually get terminated to date I believe is .wed, which is currently being wound down by Nominet in its role as Emergency Back-End Registry Operator.

The most-recent registry breach notice, filed against .whoswho in January, is still “under review” by ICANN.

Pay up or sell up, ICANN tells failing new gTLD

Kevin Murphy, January 25, 2019, Domain Registries

ICANN has responded to a request for it to reduce the $25,000 annual fee it charges gTLD registries.

The answer is no.

That wholly unsurprising reply came in a letter from registry services director Russ Weinstein to John McCabe, CEO of failing new gTLD operator Who’s Who Registry.

McCabe, in November, had asked ICANN to reduce its fees for TLDs, such as its own .whoswho, that have zero levels of abuse. ICANN fees are the “single biggest item” in the company’s budget, he said.

His request coincided with ICANN commencing compliance proceedings against the company for failure to pay these fees

Weinstein wrote, in a letter (pdf) published today:

We sympathize with the financial challenges that some new gTLD registry operators may be facing in the early periods of these new businesses. New gTLD operators face a challenging task of building consumer awareness and this can and may take significant time and effort.

But he goes on to point out that the $25,000-a-year fee was known to all applicants before they applied, and had been subject to numerous rounds of public comment before the Applicant Guidebook was finalized.

Weinstein writes:

The AGB made clear that evaluation phase was to determine whether an applicant had the requisite technical, operation and financial capabilities to operate a registry, and was not a assessment nor an endorsement of a particular business plan.

It’s pretty clear that the .whoswho business plan has failed. It’s sold no more than a handful of non-defensive domains over the four years it has been available.

Weinstein concludes his letter by pointing out that all new gTLD registries are free to terminate their contracts for any reason, and that it’s perfectly permissible under ICANN rules to sell your contract to another registry.

ICANN told Who’s Who earlier this month that it has until February 10 to pay its overdue fees or risk having its contract terminated.

Another failing gTLD not paying its “onerous” dues

Kevin Murphy, January 15, 2019, Domain Registries

ICANN has sent out its first public contract breach notice of the year, and it’s going to another new gTLD registry that’s allegedly not paying its fees.

The dishonor goes to Who’s Who Registry, manager of the spectacularly failing gTLD .whoswho.

According to ICANN, the registry hasn’t paid its registry fees for several months and hasn’t been responding to private compliance outreach.

The company has a month to pay up or risk suspension or termination.

CEO John McCabe actually wrote to ICANN (pdf) the day after one of its requests for payment in November, complaining that its fees were too “onerous” and should be reduced for registries that are “good actors” with no abuse.

ICANN’s annual $25,000 fee is “the single largest item in .whoswho’s budget”, McCabe wrote, “the weight of which suppresses development of the gTLD”.

Whether ICANN fees are to blame is debatable, but all the data shows that .whoswho, which has been in general availability for almost four years, has failed hard.

It had 100 domains under management at the last count, once you ignore all the domains owned by the registry itself. This probably explains the lack of abuse.

Well over half of these names were registered through brand-protection registrars. ICANN statistics show 44 names were registered during its sunrise period.

A Google search suggests that only four people are currently using .whoswho for its intended purpose and one of those is McCabe himself.

The original intent of .whoswho was to mimic the once-popular Who’s Who? books, which contain brief biographies of notable public figures.

The gTLD was originally restricted to registrants who had actually appeared in one of these books, but the registry scrapped that rule and slashed prices from $70 to $20 a year in 2016 after poor uptake.

I’d venture the opinion that, in a world of LinkedIn and Wikipedia, Who’s Who? is an idea that might have had its day.

ICANN probing Donuts and Tucows over anti-Jewish web site

Kevin Murphy, November 16, 2018, Domain Policy

ICANN is investigating Tucows and Donuts over a web site that hosts antisemitic, white supremacist content.

CEO Goran Marby said in a letter published this week that he has referred a complaint about the web site judas.watch to ICANN’s Compliance department.

The web site in question says it is dedicated to documenting “anti-White traitors, agitators and subversives & highlighting Jewish influence.” It appears to be half database, half blog.

Its method of “highlighting Jewish influence” is possibly the most disturbing part — the site tags people it believes are Jewish with a yellow Star of David, mimicking the way the Nazis identified Jews during the Holocaust.

The site is quite liberal in how it applies these stars, going so far as to label UK Labour Party leader Jeremy Corbyn, who has been fighting off his own allegations of antisemitism for years, as Jewish.

Over 1,600 people and organizations are currently listed. Posts there also seem keen to highlight its subjects’ sexual orientation.

As far as I can tell, there are no direct calls to violence on the site, and the level of what you might call “hate speech” is pretty mild. It publishes the social media handles of its subjects, but I could not find any physical addresses or phone numbers.

The complaint to ICANN (pdf) came from WerteInitiative (“Values Initiative”), which appears to be a small, relatively new Jewish civil society group based in Germany.

WerteInitiative said judas.watch “poses a direct threat to the named persons with unforeseeable consequences for them, and especially so for the identified Jews”.

“We want this site banned from the Internet and ask for your help in doing so: can you help us to find out who behind this page is, so we can get it banned in Germany?” the letter concludes.

The domain has been behind Whois privacy since it was registered in 2014, so the registrant’s name was not public even prior to GDPR.

Marby, in response (pdf), says the complaint “raises a serious issue”.

While he goes to some lengths to explain that ICANN does not have the authority, contractual or otherwise, to demand the suspension of any domain name, he said he has nevertheless referred the complaint to Compliance.

Compliance has already reached out to the organization for more information, Marby said.

He also encouraged WerteInitiative to talk to .watch registry Donuts and judas.watch registrar eNom (owned by Tucows), as well as the hosting company, to see if that could help resolve the issue.

While ICANN is always adamant that it does not venture into content regulation, it strikes me that this exchange shows just what a tightrope it walks.

It comes against the backdrop of controversy over the suspension by GoDaddy of the domain Gab.com, a Twitter clone largely hosting far-right voices that have been banned from other social media platforms.

Chinese registrars on the decline

Kevin Murphy, October 1, 2018, Domain Registrars

Having been on a growth trajectory for some years, the number of ICANN-accredited registrars based in China appears to be on the decline.

According to my records, so far this year 26 registrar contracts have been terminated, voluntarily or otherwise, 11 of which were Chinese. I’m excluding the mass drop of Pheenix accreditations from these numbers.

The country with the next-highest number of terminations was the USA, with three.

ICANN has terminated nine registrars for breaches of the RAA this year, six of which were Chinese.

All the Chinese notices included non-payment of ICANN fees as a reason for termination, though it appears that most of them had a negligible number of gTLD domains under management.

ICANN Compliance tells me there’s no particular focus of China at the moment, this is all a result of regular day-to-day enforcement.

ICANN has sent breach notices to 28 companies this year, seven of which were to Chinese registrars.

Meanwhile, 22.cn has moved 13 of its accredited shell registrars to Hong Kong. Another registrar moved its base from China to Australia.

Seven Chinese registrars have been newly accredited this year,

Net, this has all reduced the number of accredited registrars based in China to 91.

The country still has the second-most registrars ahead of the US, with its almost 2,000 registrars, and a clear 31 registrars ahead of third-place India.

.tel’s second-biggest registrar gets canned

Kevin Murphy, August 31, 2018, Domain Registrars

A Chinese registrar that focused exclusively on selling .tel domain names has been shut down by ICANN.

Tong Ji Ming Lian (Beijing) Technology Corporation Ltd, which did business as Trename, had its registrar contract terminated last week.

ICANN claims the company had failed to pay its accreditation fees and failed to escrow its registration data.

The organization had been sending breach notices since June, but got no responses. Trename’s web site domain currently resolves to a web server error, for me at least.

Trename is a rare example of a single-TLD registrar, accredited only to sell .tel domains. It didn’t even sell .com.

It is Telnames’ second-largest registrar after Name.com, accounting for about 6,000 names at the last count. At its peak, it had about 55,000.

Its share seems to be primarily as a result of a deal the registry made with a Chinese e-commerce company way back in 2011.

I’m a bit fuzzy on the details of that deal, but it saw Trename add 50,000 .tel names pretty much all at once.

Back then, .tel still had its original business model of hosting all the domains it sold and publishing web sites containing the registrant’s contact information.

Since June 2017, .tel has been available as a general, anything-goes gTLD, after ICANN agreed to liberalize its contract.

That liberalization doesn’t seem to have done much to stave off .tel’s general decline in numbers, however. It currently stands at about 75,000 names, from an early 2011 peak of over 305,000.

ICANN told Trename that its contract will end September 19, and that it’s looking for another registrar to take over its domains.

With escrow apparently an issue, it may not be a smooth transition.

How a single Whois complaint got this registrar shitcanned

Kevin Murphy, August 15, 2018, Domain Registrars

A British registrar has had its ICANN contract terminated after a lengthy, unprecedented fight instigated by a single complaint about the accuracy of a single domain’s Whois.

Astutium, based in London and with about 5,000 gTLD domains under management, finally lost its right to sell gTLD domains last week, after an angry battle with ICANN Compliance, the Ombudsman, and the board of directors.

While the company is small, it does not appear to be of the shady, fly-by-night type sometimes terminated by ICANN. Director Rob Golding has been an active face at ICANN for many years and Astutium has, with ICANN approval, taken over portfolios from other de-accredited registrars in the past.

Nevertheless, its Registrar Accreditation Agreement has been torn up, as a result of a complaint about the Whois for the domain name tomzink.com last December.

Golding told DI today that he considers the process that led to his de-accreditation broken and that he’s considering legal action.

The owner of tomzink.com and associated web site appears to be a Los Angeles-based music producer called Tom Zink. The web site seems legit and there’s no suggestion anywhere that Zink has done anything wrong, other than possibly filling out an incomplete Whois record.

The person who complained about the Whois accuracy, whose identity has been redacted from the public record and whose motives are still unclear, had claimed that the domain’s Whois record lacked a phone and fax number and that the registrant and admin contacts contained “made-up” names.

Historical Whois records archived by DomainTools show that in October last year the registrant name was “NA NA”.

The registrant organization was “Astutium Limited” and the registrant email was an @astutium.com address. The registrant mailing address was in Long Beach, California (the same as Zink). There were no phone/fax numbers in the record.

Golding told DI that some of these details were present when the domain was transferred in from another registrar. Others seem to have been added because the registrar was looking after the name on behalf of its client.

The admin and technical records both contained Astutium’s full contact information.

Following the December complaint, the record was cleaned up to remove all references to Astutium and replace them with Zink’s contact data. Judging by DomainTools’ records, this seems to have happened the same day as ICANN forwarded the complaint to Astutium, December 20.

So far, so normal. This kind of Whois cleanup happens many times across the industry every day.

But this is where relations between Astutium and ICANN began to break down, badly.

Even though the Whois record had been cleaned up already, Golding responded to Compliance, via the ICANN complaints ticketing system:

Please dont forward bigus/meaningless whois complaints which are clearly themselves totally inaccurate… No action is necessary or will be taken on bogus/incomplete/rubbish reports. [sic]

Golding agreed with me today that his tone was fairly belligerent from the outset, but noted that it was far from the first time he’d received a compliance complaint he considered bogus.

In the tomzink.com case, he took issue with the fact that the complainant had said that the admin/tech records contained no fax number. Not only was this not true (it was Astutium’s own fax number), but fax numbers are optional under ICANN’s Whois policy.

He today acknowledges that some parts of the complaint were not bogus, but notes that the Whois record had been quickly updated with the correct information.

But simply changing the Whois record is not sufficient for ICANN. It wants you to show evidence of how you resolved the problem in the form of copies of or evidence of communications with the registered name holder.

The Whois Accuracy Program Specification, which is part of the RAA, requires registrars to verify and validate changes to the registered name holder either automated by phone or email, or manually.

Golding told DI that in this case he had called the client to advise him to update his contact information, which he did, so the paper trail only comprises records of the client logging in and changing his contact information.

What he told ICANN in January was:

If ICANN compliance are unable to do the simple job they have been tasked with (to correctly vet and format the queries before sending them on, as they have repeatedly agreed they will do *on record* at meetings) then Registrars have zero obligations to even look at them. Any ‘lack of compliance’ is firmly at your end and not ours in this respect.

However in this specific case we chose to look, contacted the registrant, and had them update/correct/check the records, as can easily be checked by doing a whois

ICANN then explained that “NA NA” and the lack of a phone number were legitimate reasons that the complaint was not wholly bogus, and again asked Golding to provide evidence of Astutium’s correspondence with Zink.

After ignoring a further round or two of communication via the ticketing system, Golding responded: “No, we don’t provide details of private communications to 3rd parties”.

He reiterated this point a couple more times throughout February, eventually saying that nothing in WAPS requires Astutium to “demonstrate compliance” by providing such communications to ICANN, and threatening to escalate the grievance to the Ombudsman.

(That may be strictly true, but the RAA elsewhere does require registrars to keep records and allow ICANN to inspect them on demand.)

It was around the same time that Compliance started trying to get in touch with Golding via phone. While it was able to get through to the Astutium office landline, Compliance evidently had the wrong mobile phone number for Golding himself.

Golding told DI the number ICANN was trying to use (according to ICANN it’s the one listed in RADAR, the official little black book for registrars) had two digits transposed compared to his actual number, but he did not know why that was. Several other members of ICANN staff have his correct number and call him regularly, he said.

By February 27, Compliance had had enough, and issued Astutium with its first public breach notice (pdf)

Allowing a compliance proceeding to get to this stage is always bad news for a registrar — when ICANN hits the public breach notice phase, staff go out and actively search for other areas of potential non-compliance.

Golding reckons Compliance staff are financially incentivized, or “get paid by the bullet point”, at this stage, but I have no evidence that is the case.

Whatever the reason, Compliance in February added on claims:

  • that Astutium was failing to output Whois records in the tightly specified format called for by the RAA (Golding blames typos and missed memos for this and says the errors have been corrected),
  • that Astutium’s registration agreement failed to include renewal and post-renewal fees (Golding said every single page of the Astution web site, including the registration agreement page, carries a link to its price list. While he admitted the text of the agreement does not include these prices, he claimed the same could be said of some of the biggest registrars),
  • that the registration agreement does not specify how expiration notices are delivered (according to Golding, the web site explains that it’s delivered via email)
  • that the address published on the Astutium web site does not match the one provided via the Registrar Information Specification, another way ICANN internally tracks contact info for its registrars (Golding said that his company’s address is published on every single page of its site)

A final bullet point asked the company to implement corrective measures to ensure it “will respond to ICANN compliance matters timely, completely and in line with ICANN’s Expected Standards of Behavior”.

The reference to the Expected Standards of Behavior — ICANN’s code of politeness for the community — is a curious one, not typically seen in breach notices. Unless I’m reading too much into it, it suggests that somebody at ICANN wasn’t happy with Golding’s confrontational, sometimes arguably condescending, attitude.

Golding claims that some of ICANN’s allegations in this breach notice are “provably false”.

He told us he still hasn’t ruled out legal action for defamation against ICANN or its staff as a result of the publication of the notice.

“I’ll be in California, serving the paperwork myself,” he said.

Astutium did not respond to the breach notice, according to ICANN documents, and it was escalated to full-blown termination March 21.

On March 30, the registrar filed a Request for Reconsideration (pdf) with ICANN. That’s one of the “unprecedented” things I referred to at the top of this article — I don’t believe a registrar termination has been challenged through the RfR process before.

The second unprecedented thing was that the RfR was referred to Ombudsman Herb Waye, under ICANN’s relatively new, post-transition, October 2016 bylaws.

Waye’s evaluation of the RfR (pdf), concluded that Astutium was treated fairly. He noted multiple times that the company had apparently made no effort to come into compliance between the breach notice and the termination notice.

Golding was not impressed with the Ombudsman’s report.

“The Ombudsman is totally useless,” he said.

“The entire system of the Ombudsman is designed to make sure nobody has to look into anything,” he said. “He’s not allowed to talk to experts, he’s not actually allowed to talk to the person who made the complaint [Astutium], his only job is to ask ICANN if they did the right thing… That’s their accountability process.”

The Board Accountability Mechanisms Committee, which handles reconsideration requests, in June found against Astutium, based partly on the Ombudsman’s evaluation.

BAMC then gave Golding a chance to respond to its decision, before it was sent to the ICANN board, something I believe may be another first.

He did, with a distinctly more conciliatory tone, writing in an email (pdf):

Ultimately my aim has always been to have the ‘final decision’ questioned as completely disproportionate to the issue raised… and the process that led to the decisions looked into so that improvements can be made, and should there still be unresolved issues, opportunity to work in a collaborative method to solve them, without the need to involve courts, lawyers, further complaints/challenge processes and so on.

And then the ICANN board voted to terminate the company, in line with BAMC’s recommendation.

That vote happened almost a month ago, but Astutium did not lose its IANA number until a week ago.

According to Golding, the company is still managing almost all of its gTLD domains as usual.

One registry, CentralNic, turned it off almost immediately, so Astutium customers are not currently able to manage domains in TLDs such as .host, he said. The other registries still recognize it, he said. (CentralNic says only new registrations and transfers are affected, existing registrants can manage their domains.)

After a registrar termination, ICANN usually transfers the affected domains to another accredited registrar, but this has not happened yet in Astutium’s case.

Golding said that he has a deal with fellow UK registrar Netistrar to have the domains moved to its care, on the understanding that they can be transferred back should Astutium become re-accredited.

He added that he’s looking into acquiring three other registrar accreditations, which he may merge.

So, what is to be learned from all this?

It seems to me that we may be looking at a case of a nose being cut off to spite a face, somebody talking themselves into a termination. This is a compliance issue that probably could have been resolved fairly quickly and quietly many months ago.

Another takeaway might be that, if the simple act of making a phone call to a registrar presents difficulties, ICANN’s Compliance procedures may need a bit of work.

A third takeaway might be that ICANN Compliance is very capable of disrupting registrars’ businesses if they fail to meet the letter of the law, so doing what you’re told is probably the safest way to go.

Or, as Golding put it today: “The lesson to be learned is: if you don’t want them fucking with your business, bend over, grab your ankles, and get ready.”