Latest news of the domain name industry

Recent Posts

ICANN smacks new gTLDs for pre-sunrise auctions

Running a premium domain name auction before you’ve finished your new gTLD sunrise period is Officially Not Cool, according to ICANN’s compliance department.

People who won premium new gTLD domains in auctions that took place before sunrise periods now face the possibility of losing their names to trademark owners.

.CLUB Domains, and probably XYZ.com, operators of .club and .xyz, two of the highest-volume new gTLDs to launch so far, appear to be affected by the ICANN decision.

ICANN told .CLUB that its “winter auction“, which took place in late February, may have violated the rules about allocating or “earmarking” domains to registrants before sunrise takes place.

Meanwhile, NameJet has cancelled the auction for deals.xyz, which “sold” for $8,100 late last year, suggesting that .xyz’s pre-sunrise auction is also considered ultra vires.

ICANN told .CLUB that its auction sales “constitute earmarking” in violation of the rule stating that registries “must not allow a domain name to be allocated or registered prior to the Sunrise period”.

.CLUB had told its auction winners that a sunrise period registration would prevent them from getting the domain they wanted and that they would be refunded if a sunrise registrant emerged.

But ICANN evidently told the registry:

Irrespective of whether “[a]llocation was expressly conditioned upon any Sunrise claim,” or whether any Sunrise claim was made, the pre-selection, pre-registration or pre-designation to third parties, in this case via .Club Domains’ “winter auction,” constitutes improper allocation.

I kinda thought this would happen.

Back in November, when XYZ.com ran its first .xyz auction — about six months before its sunrise even started — CEO Daniel Negari told us he believed it was “comfortably within the rules“.

We said the auction “seems to be operating at the edge of what is permissible under the new gTLD program’s rights protection mechanisms, which state that no domains may be allocated prior to Sunrise.”

I’ve not yet been able to definitively confirm that .xyz is affected by this ICANN decision, but .club definitely is.

.CLUB Domains told its auction winners today that the names they won are now subject to a 60-day period during which they could be obtained by trademark owners.

If no trademark owner claims the name, .CLUB said it will give the auction winner a 10% rebate on their purchase price.

The email states:

We are placing the domain on hold for 60 days, during which time a Trademark Clearinghouse (TMCH) holder will have the opportunity to purchase the domain at Sunrise rates. Although, the domain is not currently in the TMCH, if a trademark holder should file in the TMCH over the next 60 days, the domain will be offered to that registrant. However, if the name is not claimed by filing in the TMCH over the next 60 days, your transaction will move forward as planned.

Although we disagree with ICANN compliance’s position on this matter, the actions we are taking are necessary to ensure that we are not offside with ICANN compliance in any way. We understand that you have been caught in the middle of this issue due to no fault of your own. Given these circumstances, we are offering you two options:

1) Should you decide to complete this transaction, we will issue you a payment of 10% of the purchase price after the transaction closes in 60 days, assuming the name is not registered by a TMCH mark holder because of the delay.

2) At any time during the 60 day period you have the option to rescind the auction bid and not purchasing the domain.

KnujOn scores a win as BizCN gets first breach notice

The Chinese registrar BizCN has received its first breach notice from ICANN’s compliance department, following a sustained campaign by anti-abuse activist KnujOn.

The notice concerns Whois accuracy, specifically for the domain names rapetube.org and onlinepharmacy4.org, and a bunch of other peripheral breaches of the Registrar Accreditation Agreement.

The “porn” site rapetube.org was the subject of a Washington Post article last December, in which KnujOn’s Garth Bruen said he feared the site might contain footage of actual crimes.

Bruen has been chasing BizCN about Whois inaccuracy, and specifically the rapetube.org domain, since 2011.

He said in a September 2013 CircleID post that he’s filed Whois inaccuracy complaints about the domain with ICANN “multiple times”.

His campaign against ICANN Compliance led to an Ombudsman complaint (which was rejected) last year.

Now Compliance appears to be taking the case more seriously. ICANN, according to the breach notice, has been on BizCN’s case about rapetube.org’s Whois since March 24 this year.

At that time, the name was registered to a Vietnamese name with a French address and phone number and a contact email address at privacy-protect.cn.

According to Bruen’s interview with the Post, this email address bounced and nobody answered the phone number. The privacy-protect.cn domain does not appear to currently resolve.

ICANN evidently has some unspecified “information” that shows the email “does not appear to be a valid functioning email address”.

But BizCN told ICANN April 2 that it had verified the registrant’s contact information with the registrant, and provided ICANN with correspondence it said demonstrated that.

ICANN says the correspondence it provided actually predated KnujOn’s latest complaint by six months.

In addition, when BizCN forwarded a scanned copy of the registrant’s ID card, ICANN suspected it to be a fake. The notice says:

Registrar provided copies of correspondence between the reseller and registrant. The response included the same email address that was still invalid according to information available to ICANN, and included a copy of a government identification card to confirm the registrant’s address. According to information available to ICANN, the identification card did not conform to any current or previous form of government identification for that jurisdiction.

Despite repeated follow-up calls, ICANN said it still has not received an adequate response from BizCN, so its accreditation is now in jeopardy.

BizCN has something like 450,000 gTLD names under management and is in the top 50 registrars by volume.

As for rapetube.org, it’s still registered with BizCN, but its Whois changed to a Russian company “Privat Line LLP”, at privatlinellp.me, on or about April 17.

That change is not going to help BizCN, however, which is being asked to provide evidence that it took “reasonable steps to investigate and reasonable steps to correct the Whois inaccuracy claims”.

It has until May 29 to sort out the breaches or face termination. Read the breach notice here.

NameCheap gets contract breach notice

ICANN has sent a formal breach notice to top ten registrar NameCheap, saying the company failed to comply with a mandatory audit.

ICANN also claims in the notice (pdf) that the company has failed to keep its web site up to date with pricing information required by policies.

NameCheap, which says it has over three million domains under management, may be the largest registrar to get to the formal, published breach notice stage of the ICANN compliance process.

But it should be noted that while the company is accredited and must comply with its Registrar Accreditation Agreement, it does almost all of its business as an eNom reseller.

Just a handful of domain names are registered under NameCheap’s own IANA number.

Jetpack Domains hit with ICANN breach notice

Kevin Murphy, December 9, 2013, Domain Registrars

A small Californian registrar has been sent a contract breach notice by ICANN.

ICANN says Irvine-based Jetpack Domains has failed to comply with a scheduled audit, breaking the terms of the Registrar Accreditation Agreement that require it to supply records on demand.

The company has until January 2 to provide ICANN with the data it has asked for or risk losing its accreditation, ICANN said (pdf).

Jetpack, which had fewer than 6,000 gTLD domains under management at the last count, appears to use DomainCocoon for registrar management services.

Small Kiwi registrar loses accreditation

Kevin Murphy, December 5, 2013, Domain Registrars

ICANN has terminated the registrar accreditation of Pacnames, a small New Zealand registrar.

The roughly 10,000 domain names the company had under management will now be transferred to Net-Chinese, a Taiwanese registrar that is not much bigger as measured by DUM.

The termination was voluntary, according to ICANN, but it follows the suspension of Pacnames’ accreditation in October.

ICANN had held the company in breach of its Registrar Accreditation Agreement for failing to provide records about 25 domain names upon request.

The story told in the October breach notice (pdf) makes it sound like Pacnames had refused to provide the data because it was “burdensome” and too much like an “audit”.

Pacnames’ customers, if there are any, should now receive emails from Net-Chinese informing them about the transfer. Which, let’s face it, are definitely going to look dodgy.

ICANN cans “Spam King” registrar

Kevin Murphy, November 26, 2013, Domain Registrars

ICANN has terminated the registrar accreditation of Dynamic Dolphin, which it turned out was owned by self-professed “Spam King” Scott Richter.

The company has until December 20 to take down its ICANN logo and cease acting as a registrar.

ICANN, in its termination notice (pdf) late last week, said that it only became aware earlier this month that Richter was the 100% owner of Dynamic Dolphin.

Richter grew to fame a decade ago for being one of the world’s highest-profile spammers. He was sued for spamming by Microsoft and Myspace and was featured on the popular TV program The Daily Show.

As well as being a thoroughly unpleasant chap, he has a 2003 conviction for grand larceny, which should disqualify him from being the director of an ICANN-accredited registrar.

He removed himself as an officer on October 9 in response to ICANN’s persistent inquiries, according to ICANN’s compliance notice.

But he was much too late. ICANN has terminated the accreditation due to the “material misrepresentation, material inaccuracy, or materially misleading statement in its application”.

The question now has to be asked: why didn’t ICANN get to this sooner? In fact, why was Dynamic Dolphin allowed to get an accreditation in the first place?

Former Washington Post security reporter Brian Krebs has been all over this story for five years.

Back in 2008, with a little help from anti-spam outfit KnujOn, he outed Richter’s links to Dynamic Dolphin when it was just a Directi reseller.

Yesterday, Krebs wrote a piece on his blog going into a lot of the background.

Another question now is: which registrar is going to risk taking over Dynamic Dolphin’s registrations?

As of the last registry reports, Dynamic Dolphin had fewer than 25,000 gTLD domains under management.

According to ICANN’s termination notice, 13,280 of these use the company’s in-house privacy service, and 9,933 of those belong to just three individuals.

According to DomainTools, “Dynamic Dolphin Inc” is listed as the registrant for about 23,000 names.

According to KnujOn’s research and Krebs’s reporting, the registrar was once among the most spam-friendly on the market.

Tucows takes over as Cheapies loses accreditation

Kevin Murphy, November 8, 2013, Domain Registrars

ICANN has terminated the registrar Cheapies.com and is to transfer its registrations to Tucows.

Cheapies had fewer than 12,000 gTLD domains under management judging by the last available registry reports.

The registrar was terminated two weeks ago, having previously having its accreditation suspended for 90 days, for various violations of the Registrar Accreditation Agreement mainly related to records keeping.

ICANN said Cheapies’ customers should receive an email from Tucows instructing them how to proceed.

ICANN smacks Cheapies with the ban hammer

Kevin Murphy, September 16, 2013, Domain Registrars

ICANN for only the second time has suspended an accredited registrar’s ability to sell domain names.

Cheapies.com, which has roughly 12,000 gTLD domain names under management, will not be able to create new domains or accept inbound transfers until January 2, 2014, according to ICANN.

The 90-day suspension of its accreditation, longer by two months than the 30 days Alantron received last year, comes because it’s the third time this year Cheapies has been sent an ICANN breach notice.

The latest breach concerns the domain ebookvortex.com. Apparently Cheapies did not provide the registrant with the required authorization information when he initiated a transfer request.

In January, the company received breach notices related to its records-keeping and another instance of failing to abide by ICANN’s inter-registrar transfers policy.

It’s also being spanked for consistently ignoring or stonewalling ICANN’s attempts to resolve the situation.

Cheapies has the opportunity to rectify its problems to avoid losing its accreditation entirely. In the meantime, it also has to display the following notice “prominently” on its web site:

No new registrations or inbound transfers will be accepted from 4 October 2013 through 2 January 2014.

There’s a clear takeaway for fly-by-night registrars here: ignore ICANN Compliance at your peril.

Register.com hit by breach notice over 62,232 domains

Kevin Murphy, September 12, 2013, Domain Registrars

Register.com, a Web.com business that is one of the top ten registrars by domains under management, has been hit by an ICANN compliance notice covering 62,232 domain names.

It’s a weird one.

ICANN says that the company has failed to provide records documenting the ownership trail of the domains in question, which all currently belong to Register.com itself.

The notice names 000123.net, 0011pp.com, 00h4.com, 010fang.net, 01rabota.com, 02071988.com and 020tong.com, but it seems that these are merely the first in a alphabetical list that is much, much longer.

Judging by DomainTools’ Whois history, these domains all appear to have been originally registered at various times by individuals in China and India, then allowed to expire, then registered by Register.com to itself.

The only common link appears to be that they were kept by Register.com after they expired, for whatever reasons registrars usually hoard their customers’ expired domains.

According to the compliance notice, ICANN wants the registrar to:

Provide a detailed explanation to ICANN how 62,232 domains in which Register.com itself is the registrant are used for the purposes of Registrar Services, as defined by Section 1.11 of the RAA;

The Registrar Accreditation Agreement says registrars have to keep registrant agreement records, except for a limited class of cases where the domain is owned by the registrar itself and used for registrar-related stuff.

Register.com, one of the original five oldest competitive registrars, has been given until October 2 to come up with the requested information for face losing its accreditation.

The registrar has almost three million gTLD domains under management. Combined with its Web.com sister registrars, which include Network Solutions, the number is closer to 10 million.

Registrar rapped for failing to transfer UDRP domain

Kevin Murphy, August 20, 2013, Domain Registrars

The domain name registrar Gal Comm has been warned by ICANN that it risks losing its accreditation for failing to transfer a cybersquatted name to Home Depot.

The compliance notice (pdf) concerns the domain name homedpeot.com, which was lost in a UDRP filed in early March and decided on April 21.

According to ICANN, Gal Comm, which has about 30,000 gTLD domains under management, failed to transfer the domain within 10 days of finding out about the decision, as required under the policy.

Whois records compiled by DomainTools show that the domain was instead deleted at in early April, and subsequently re-registered with a different registrar, where it’s currently under dubious-looking privacy.

According to the ICANN compliance notice, Gal Comm says that it deleted the domain because it received a Whois inaccuracy complaint about it.

Assuming that’s correct (and the Whois back in March was blatantly false) we have an interesting tension between policies that seems to have caused a slip-up at the registrar.

But registrars are supposed to lock domains they manage after they become aware of UDRP actions, so allowing the domain to delete seems to be a breach of the policy.

ICANN has given Gal Comm until September 10 to produce its records relating to the domain — and pay past-due accreditation fees — or face possible de-accreditation.

It’s very rare for ICANN to send compliance notices to registrars related to UDRP implementation.