Latest news of the domain name industry

Recent Posts

ICANN cancels registrar audit as GDPR headaches loom

Kevin Murphy, April 30, 2018, Domain Registrars

ICANN has decided to call off a scheduled audit of its registrar base, to enable registrars to focus on sorting out compliance with the General Data Protection Regulation.

The biannual audit, carried out by ICANN Compliance, was due to start in May. As you likely know by now, May 25 is GDPR Day, when the EU’s privacy law comes into full effect.

In a letter (pdf) to registrars, senior VP of compliance Jamie Hedlund said: “The April 2018 registrar audit round is on hold.”

He added: “We are reviewing the schedule, resources and risks associated with holding a single, larger audit round in autumn of 2018, as well as considering alternative approaches.”

His letter came in response to a plea (pdf) from Registrar Stakeholder Group chair Graeme Bunton, who said an audit that clashed with GDPR deadline would be an “enormous undertaking” for affected registrars.

The audits, which have been running for a few years, randomly select a subset of registries and registrars to spot-check compliance with their Registrar Accreditation Agreements and Registry Agreements.

The program looks at 20-odd areas of compliance, one of which is Whois provision.

Another failing new gTLD stopped paying its dues

Kevin Murphy, April 23, 2018, Domain Registries

Another new gTLD registry has been slapped with an ICANN breach notice after failing to pay its fees.

California-based dotCOOL, which runs .qpon, seems to be at least six months late in making its $6,250 quarterly payment to ICANN, according to the notice (pdf).

It’s perhaps not surprising. The TLD has been live since mid-2014 and yet has failed to top more than about 650 simultaneous domains under management, at least 100 of which were registry-owned.

Right now, its zone file contains about 470 domains.

It typically sells new domains in the single digits each month, with retail prices in the $15 to $20 range.

With that volume and the inferred registry fee, a full year’s revenue probably wouldn’t cover one quarter of ICANN fees.

The string “qpon” is a pun on “coupon”. The idea was that companies would use the TLD to push discount coupons on their customers.

But they didn’t.

The number of live sites indexed by Google is in the single figures and none of them are using .qpon for its intended purpose.

ICANN’s breach notice also demands the company start publishing a DNSSEC Practice Statement on its registry web site, but that seems like the least of its worries.

As a novel, non-dictionary string, I worry that .qpon may struggle to find a buyer.

Last week, .fan and .fans, both operated by Asiamix Digital, got similar breach notices from ICANN.

I just bought a new gTLD registry’s domain for $10

Kevin Murphy, April 18, 2018, Domain Registries

Are .fan and .fans the latest new gTLDs to go out of business? It certainly looks that way.

ICANN has hit the registry with a breach notice for unpaid dues and stripped it of its registrar accreditation.

In addition, its web sites no longer appear functional and I’ve just bought its official IANA-listed domain name for under $10.

Asiamix Digital is the Hong Kong-based company behind both TLDs, doing business as dotFans.

It launched .fans in September 2015, with retail pricing up around the $100 mark, but never actually got around to launching the singular variant, which it acquired (defensively?) from Rightside (now Donuts) earlier that year.

.fans had fewer than 1,400 domains in its zone file yesterday, down from a peak of around 1,500, while .fan had none.

dotFans in-house accredited registrar, Fan Domains, didn’t seem to actually sell any domains and it got terminated by ICANN (pdf) at the end of March for failing to provide basic registrar services.

And now it seems the registry itself has been labeled as a deadbeat by ICANN Compliance, which has filed a breach notice (pdf) alleging non-payment of registry fees.

While breach notices against TLD registries are not uncommon these days, I think this is the first one I’ve seen alleging non-payment and nothing else.

The notice claims that the registry’s legal contact’s email address is non-functional.

In addition, the domains nic.fans, nic.fan and dotfans.com all currently resolve to dead placeholder pages.

Meanwhile, dotfans.net, the company’s official domain name as listed in the IANA database now belongs to me, kinda.

It expired March 12, after which it was promptly placed into a GoDaddy expired domains auction. Where I just bought it for £6.98 ($9.92).

dotfans

To be clear, I do not currently control the domain. It’s still in post-expiration limbo and GoDaddy support tells me the original owner still has eight days left to reclaim it.

After that point, maybe I’ll start getting the registry’s hate mail from ICANN. Or perhaps not; it seems to have been using the .com equivalent for its formal communications.

Should .fan and .fans get acquired by another registry soon — which certainly seems possible — rest assured I’ll let the domain go for a modest sum.

ICANN confirms GoDaddy Whois probe

ICANN is looking into claims that GoDaddy is in breach of its registrar accreditation contract.

The organization last week told IP lawyer Brian Winterfeldt that his complaint about the market-leading registrar throttling and censoring Whois queries over port 43 is being looked at by its compliance department.

The brief note (pdf) says that Compliance is “in receipt of the correspondence and will address it under its process”.

Winterfeldt is annoyed that GoDaddy has starting removing contact information from its port 43 Whois responses, in what the company says is an anti-spam measure.

It’s also started throttling port 43 queries, causing no end of problems at companies such as DomainTools.

Winterfeldt wrote last month “nothing in their contract permits GoDaddy to mask data elements, and evidence of illegality must be obtained before GoDaddy is permitted to throttle or deny port 43 Whois access to any particular IP address”.

It’s worth saying that ICANN is not giving any formal credibility to the complaint merely by looking into it.

But while it’s usual for ICANN to publish its responses to correspondence it has received and published, it’s rather less common for it to disclose the existence of a compliance investigation before it has progressed to a formal breach notice.

It could all turn out to be moot anyway, given the damage GDPR is likely to do to Whois across the industry in a matter of weeks.

Zero registrars pass ICANN audit

Some of the biggest names in the registrar game were among a bewildering 100% that failed an ICANN first-pass audit in the latest round of random compliance checks.

Of the 55 registrars picked to participate in the audit, a resounding 0 passed the initial audit, according to data released today.

Among them were recognizable names including Tucows, Register.com, 1&1, Google and Xin Net.

ICANN found 86% of the registrars had three or more “deficiencies” in their compliance with the 2013 Registrar Accreditation Agreement.

By far the most problematic area was compliance with sections 3.7.7.1 to 3.7.7.12 of the RAA, which specifies what terms registrars must put in their registration agreements and how they verify the contact details of their customers.

A full three quarters of audited registrars failed on that count, according to ICANN’s report (pdf).

More than half of tested registrars failed to live up to their commitments to respond to reports of abuse, where they’re obliged among other things to have a 24/7 contact number available.

There was one breach notice to a registrar as a result of the audit, but none of the failures were serious enough for ICANN to terminate the deficient registrar’s contract. Two registrars self-terminated during the process.

ICANN’s audit program is ongoing and operates in rounds.

In the current round, registrars were selected from those which either hadn’t had an audit in a couple of years, were found lacking in previous rounds, or had veered dangerously close to formal breach notices.

The round kicked off last September with requests for documents. The initial audit, which all registrars failed, was followed by a remediation phase from January to May.

Over the remediation phase, only one third of the registrars successfully resolved all the issues highlight by the audit. The remainder issued remediation plans and will be followed up on in future rounds.

The 0% pass rate is not unprecedented. It’s the same as the immediately prior audit (pdf), which ran from May to October 2016.