Latest news of the domain name industry

Recent Posts

IP Mirror rapped for failing to deal with abuse

Kevin Murphy, November 17, 2014, Domain Registrars

Here’s something you don’t see every day: a corporate brand management registrar getting smacked by an ICANN breach notice.

Singapore-based registrar IP Mirror has been sent a warning by ICANN Compliance about a failure to respond to abuse complaints filed by law enforcement, which appears to be another first.

Under the 2013 Registrar Accreditation Agreement, registrars are obliged to have a 24/7 abuse hotline to field complaints from “law enforcement, consumer protection, quasi-governmental or other similar authorities” designated by the governments of places where they have a physical office.

According to its web site, IP Mirror has offices in Singapore, Australia, Canada, Hong Kong, Indonesia, Japan, Malaysia, South Korea, Taiwan and the UK, but ICANN’s breach notice does not specify which authority filed the complaint or which domains were allegedly abusive.

Registrars have to respond to such complaints within 24 hours, the RAA says.

The ICANN notice (pdf) takes the company to task for alleged breaches of other related parts of the RAA, such as failure to retain records about complaints and to publish an abuse contact on its web site.

The company has been given until December 5 to come back into compliance or risk losing its accreditation.

IP Mirror isn’t massive in terms of gTLD names. According to the latest registry reports it has somewhere in the region of 30,000 gTLD domains under management.

But it is almost 15 years old and establishment enough that it has been known to sponsor the occasional ICANN meeting. It’s not your typical Compliance target.

DreamHost hit with big breach notice

Kevin Murphy, November 3, 2014, Domain Registrars

DreamHost, a web hosting provider which says it hosts over 1.3 million web sites, has been hit with a lengthy ICANN compliance notice, largely concerning alleged Whois failures.

The breach notice raises questions about the company’s popular free Whois privacy service.

Chiefly, DreamHost has failed to demonstrate that it properly investigates Whois inaccuracy complaints, as required by the Registrar Accreditation Agreement, according to ICANN.

The notice contains numerous other complaints about alleged failures to publish information about renewal fees, its directors and abuse contacts on its web site.

The domain highlighted by ICANN in relation to the Whois failure is senect.com

ICANN sent three compliance notices to DreamHost concerning a Whois inaccuracy report for the domain name and requested DreamHost demonstrate that it took reasonable steps to investigate the Whois inaccuracy claims. DreamHost’s failure to provide documentation demonstrating the reasonable steps it took to investigate and correct the alleged Whois inaccuracy is a breach of Section 3.7.8 of the RAA.

Weirdly, senect.com has been under private registration at DreamHost since the start of 2012.

ICANN seems to be asking the registrar to investigate itself in this case.

DreamHost offers private registration to its customers for free. It populates the Whois with proxy contact information and the registrant name “A Happy DreamHost Customer”.

DomainTools associates “A Happy DreamHost Customer” with over 710,000 domain names.

As an accredited registrar, DreamHost had over 822,000 gTLD domain names at the last count. According to its web site, it has over 400,000 customers.

The breach notice also demands the company immediately start including the real contact information for its privacy/proxy customers in its data escrow deposits.

ICANN has given the company until November 21 to resolve a laundry list of alleged RAA breaches, or risk losing its accreditation.

ICANN terminates deadbeat registrar

Kevin Murphy, October 27, 2014, Domain Registrars

ICANN has started termination proceedings on Domain Services Rotterdam, a Dutch registrar, for failure to pay accreditation fees.

The company owes ICANN $5,118.83 in dues but has failed to pay up despite breach notices dating back to May, according to an ICANN termination notice (pdf)

Domain Services does not have any gTLD domains under management, so no registrants will be affected by the termination, which is due to kick in November 21.

The registrar was accredited in March this year.

“Send registrars to jail!”, ICANN hears

Kevin Murphy, October 13, 2014, Domain Policy

ICANN is ramping up its focus on contractual compliance in the midst of calls for domain industry offenders to “go to jail”.

CEO Fadi Chehade yesterday revealed that he has has promoted chief contracting counsel Allen Grogan to the newly created role of chief contract compliance officer.

Grogan, who Chehade has worked with off and on since 1991, will report directly to him. Maguy Serad, who has been heading compliance under Chehade for the last couple of years, will now report to Grogan.

In a session with the GNSO Council at the ICANN 51 public meeting in Los Angeles yesterday, Chehade said the appointment was part of a new “strategic, analytical” approach to compliance.

It was hinted that the compliance focus may form part of Chehade’s address at the formal opening ceremony of ICANN 51 later today.

Ron Andruff of the Business Constituency made the “jail” comments in response.

“We need to see action, we need to see teeth,” he said. “We never see any really strong action taken and it’s time we did. It’s time we saw people go to jail for doing things, lose their contracts for doing things.”

“We’ve lived through 15 years of ICANN with all manner of transgressions, some very serious ones, but they all get slid off to the side and there’s never any mention of it,” he said.

“Should someone be the recipient of extremely strong actions — losing their contract, being thrown out the community — that would send a signal,” he said.

Andruff appeared to be relating comments made by the Intellectual Property Constituency’s Kristina Rosette, at a private Commercial Stakeholders Group meeting earlier that day.

However, Rosette was quick to take to Twitter to deny she’d said anything about jail time.

Chehade, in reply to Andruff, agreed with the need for action but clarified what he plans to do.

“It doesn’t mean to create a police force, that’s not what we need,” he said. “What we need is thoughtful, analytical analysis.”

“It doesn’t mean we’re going to take the job of all the global consumer protection agencies,” he said earlier in the session.

The notion of ICANN having the power to directly jail somebody is of course laughable — all of its power comes from its contracts with registrars and registries.

However, it’s not beyond the bounds of possibility that ICANN could refer registrars to law enforcement should it come across suspected illegality in the course of its compliance investigations.

ICANN Compliance currently employs 21 people and deals with 5,000 complaints per month, Chehade said.

In the last year, the number of breach, suspension and termination notices against registrars has been on the increase.

Notably, last November a registrar owned by “spam king” Scott Richter was terminated. Notorious domain “slammer” NameJuice faces possible termination this Friday based on a July suspension notice.

Korean registrar suspended

Kevin Murphy, September 26, 2014, Domain Registrars

ICANN has suspended the accreditation of Korean registrar Dotname Korea over failures to comply with Whois accuracy rules.

The company was told this week that it will lose the ability to sell names for three months.

“No new registrations or inbound transfers will be accepted from 7 October 2014 through 5 January 2015,” ICANN compliance chief Maguy Serad told the company (pdf).

The suspension follows breach notices earlier in the year pertaining to Dotname’s failure to show that it was responding adequately to Whois inaccuracy complaints.

Other breaches of the Whois-related parts of the 2013 Registrar Accreditation Agreement were also alleged.

The company has until December 16 to show compliance of face the possibility of termination.

ICANN terminates billion-dollar gTLD applicant over unpaid $3,000 bill

Kevin Murphy, August 27, 2014, Domain Registrars

Telefonica Brasil, part of the massive Telefonica group of telecoms companies, has lost its registrar accreditation after failing to pay its ICANN fees.

The company, which had revenue last year of $14.6 billion, is facing termination of its Registrar Accreditation Agreement over the pitiful sum of $3,082.12.

It’s also embarrassing because Telefonica is applying for the new gTLD .vivo, its consumer brand in Brasil, which will require it to sign a Registry Agreement with ICANN.

I don’t think the loss of the RAA affects the company’s ability to get its gTLD contracted and delegated.

According to ICANN (pdf), Telefonica also failed to comply with the Registrar Information Specification, a pretty basic rule in the 2013 Registrar Accreditation Agreement requiring registrars to provide their address and names of officers and any parent companies.

The company has no gTLD names under management, so registrants will not be affected by the termination, which will take effect September 25.

ICANN sent its initial breach notice in July, but Telefonica did not comply before the August deadline. It also received a breach notice over an unpaid $10,000 bill a year ago.

Domain “slammer” finally gets suspended by ICANN

The beneficiary of the long-running Domain Registry of America scam is finally at risk of losing its ICANN accreditation.

ICANN has suspended Brandon Gray Internet Services, which does business as NameJuice.com, due to the “deceptive” marketing practices carried out by its “resellers”.

The company won’t be able to register any gTLD names or receive transfers for 90 days.

If NameJuice hasn’t sorted out its act by October 17, it faces the risk of losing its accreditation permanently.

The company, you will recall, is the primary beneficiary of the “slamming” scam, which tricks customers of other registrars into transferring their names with confusing, invoice-style junk mail.

Slammers have been operating under various names including Domain Registry of America, Domain Registry of Europe and Domain Registry of Canada for close to 15 years.

I received one in 2011 from the “Domain Renewal Group”, which I blogged about here.

It was sued by Register.com in 2002 over the practice, was forced into a settlement with the US Federal Trade Commission in 2003, and has been involved in tangles with regulators all over the world for the last decade.

But it seems ICANN’s hands were tied until Brandon Gray signed the new 2013 Registrar Accreditation Agreement, which gives ICANN’s compliance department more power over resellers.

ICANN said:

Since at least 2009, ICANN has received numerous complaints from Registered Name Holders, registrars, and various ICANN Supporting Organizations and Advisory Committees regarding the business solicitation practices of Brandon Gray’s resellers. Such practices were not specifically prohibited under the 2001 and 2009 RAAs. Section 3.12 of the 2013 RAA, however, requires registrars to ensure its reseller’s actions comply with the RAA, as well as the Registrants’ Benefits and Responsibilities Specification, which protects Registered Name Holders from false or deceptive practices.

ICANN fingered “reseller” Registration Services Inc as the party behind DROA and the other slamming scams.

In order to cure the latest breach, NameJuice has until August 8 to provide a tonne of information about Registration Services, including its certificate of incorporation, samples of its mailshots, and details of how a sample of specific domains came to be transferred.

In order to avoid losing its accreditation by October 10, the company will also have to promise to force its reseller to stop its deceptive marketing and provide ICANN with samples of future mailings.

NameJuice has 13 tasks in total to comply with to avoid termination proceedings; it’s looking promising that ICANN will finally shut down this blight on the industry just a few months from now.

The irony is, of course, if NameJuice loses its accreditation, all of the names that were obtained under false pretenses will not revert naturally to their original registrar. Instead, if ICANN follows its standard practice, they’ll be transferred in bulk to a third registrar.

You can read the breach notice here and the suspension notice here.

Almost half of registrars “deficient” in compliance audit

Almost half of accredited domain name registrars were found “deficient” during a recent ICANN compliance survey.

Results of an audit published today show that 146 of 322 registrars (45%) picked at random for the September 2013 to May 2014 study had to carry out some form of remediation in order to comply with their contracts.

The report comes at the end of the second year of ICANN’s audit program, which aims to bring all accredited registrars and gTLD registries into compliance over three years.

The deficiencies noted at 146 registrars cover areas ranging from compliance with ICANN consensus policies to the availability of Whois services over the web and port 43.

In almost every instance the numbers were down on last year.

For example, ICANN documented 86 registrars who could not initially show compliance with requirements on the retention of registrant data, down from 105 a year ago.

Only 15 registrars of the 322 (4.6%) flunked the audit and will be re-tested. The others were all able to bring their systems into line with ICANN’s requirements during the course of the audit.

Three registrars were terminated as a result of deficiencies identified during this phase of the program.

The full report, along with the list of participating registrars, can be found here.

ICANN smacks new gTLDs for pre-sunrise auctions

Running a premium domain name auction before you’ve finished your new gTLD sunrise period is Officially Not Cool, according to ICANN’s compliance department.

People who won premium new gTLD domains in auctions that took place before sunrise periods now face the possibility of losing their names to trademark owners.

.CLUB Domains, and probably XYZ.com, operators of .club and .xyz, two of the highest-volume new gTLDs to launch so far, appear to be affected by the ICANN decision.

ICANN told .CLUB that its “winter auction“, which took place in late February, may have violated the rules about allocating or “earmarking” domains to registrants before sunrise takes place.

Meanwhile, NameJet has cancelled the auction for deals.xyz, which “sold” for $8,100 late last year, suggesting that .xyz’s pre-sunrise auction is also considered ultra vires.

ICANN told .CLUB that its auction sales “constitute earmarking” in violation of the rule stating that registries “must not allow a domain name to be allocated or registered prior to the Sunrise period”.

.CLUB had told its auction winners that a sunrise period registration would prevent them from getting the domain they wanted and that they would be refunded if a sunrise registrant emerged.

But ICANN evidently told the registry:

Irrespective of whether “[a]llocation was expressly conditioned upon any Sunrise claim,” or whether any Sunrise claim was made, the pre-selection, pre-registration or pre-designation to third parties, in this case via .Club Domains’ “winter auction,” constitutes improper allocation.

I kinda thought this would happen.

Back in November, when XYZ.com ran its first .xyz auction — about six months before its sunrise even started — CEO Daniel Negari told us he believed it was “comfortably within the rules“.

We said the auction “seems to be operating at the edge of what is permissible under the new gTLD program’s rights protection mechanisms, which state that no domains may be allocated prior to Sunrise.”

I’ve not yet been able to definitively confirm that .xyz is affected by this ICANN decision, but .club definitely is.

.CLUB Domains told its auction winners today that the names they won are now subject to a 60-day period during which they could be obtained by trademark owners.

If no trademark owner claims the name, .CLUB said it will give the auction winner a 10% rebate on their purchase price.

The email states:

We are placing the domain on hold for 60 days, during which time a Trademark Clearinghouse (TMCH) holder will have the opportunity to purchase the domain at Sunrise rates. Although, the domain is not currently in the TMCH, if a trademark holder should file in the TMCH over the next 60 days, the domain will be offered to that registrant. However, if the name is not claimed by filing in the TMCH over the next 60 days, your transaction will move forward as planned.

Although we disagree with ICANN compliance’s position on this matter, the actions we are taking are necessary to ensure that we are not offside with ICANN compliance in any way. We understand that you have been caught in the middle of this issue due to no fault of your own. Given these circumstances, we are offering you two options:

1) Should you decide to complete this transaction, we will issue you a payment of 10% of the purchase price after the transaction closes in 60 days, assuming the name is not registered by a TMCH mark holder because of the delay.

2) At any time during the 60 day period you have the option to rescind the auction bid and not purchasing the domain.

KnujOn scores a win as BizCN gets first breach notice

The Chinese registrar BizCN has received its first breach notice from ICANN’s compliance department, following a sustained campaign by anti-abuse activist KnujOn.

The notice concerns Whois accuracy, specifically for the domain names rapetube.org and onlinepharmacy4.org, and a bunch of other peripheral breaches of the Registrar Accreditation Agreement.

The “porn” site rapetube.org was the subject of a Washington Post article last December, in which KnujOn’s Garth Bruen said he feared the site might contain footage of actual crimes.

Bruen has been chasing BizCN about Whois inaccuracy, and specifically the rapetube.org domain, since 2011.

He said in a September 2013 CircleID post that he’s filed Whois inaccuracy complaints about the domain with ICANN “multiple times”.

His campaign against ICANN Compliance led to an Ombudsman complaint (which was rejected) last year.

Now Compliance appears to be taking the case more seriously. ICANN, according to the breach notice, has been on BizCN’s case about rapetube.org’s Whois since March 24 this year.

At that time, the name was registered to a Vietnamese name with a French address and phone number and a contact email address at privacy-protect.cn.

According to Bruen’s interview with the Post, this email address bounced and nobody answered the phone number. The privacy-protect.cn domain does not appear to currently resolve.

ICANN evidently has some unspecified “information” that shows the email “does not appear to be a valid functioning email address”.

But BizCN told ICANN April 2 that it had verified the registrant’s contact information with the registrant, and provided ICANN with correspondence it said demonstrated that.

ICANN says the correspondence it provided actually predated KnujOn’s latest complaint by six months.

In addition, when BizCN forwarded a scanned copy of the registrant’s ID card, ICANN suspected it to be a fake. The notice says:

Registrar provided copies of correspondence between the reseller and registrant. The response included the same email address that was still invalid according to information available to ICANN, and included a copy of a government identification card to confirm the registrant’s address. According to information available to ICANN, the identification card did not conform to any current or previous form of government identification for that jurisdiction.

Despite repeated follow-up calls, ICANN said it still has not received an adequate response from BizCN, so its accreditation is now in jeopardy.

BizCN has something like 450,000 gTLD names under management and is in the top 50 registrars by volume.

As for rapetube.org, it’s still registered with BizCN, but its Whois changed to a Russian company “Privat Line LLP”, at privatlinellp.me, on or about April 17.

That change is not going to help BizCN, however, which is being asked to provide evidence that it took “reasonable steps to investigate and reasonable steps to correct the Whois inaccuracy claims”.

It has until May 29 to sort out the breaches or face termination. Read the breach notice here.