Latest news of the domain name industry

Recent Posts

A quarter of registrar’s names are “illicit pharmacies”

Kevin Murphy, January 16, 2015, Domain Services

One in four of the domain names registered with the registrar NetLynx are linked to current, past or potential future rogue drug sites, according to online pharmacy monitor LegitScript.

The Mumbai-based registrar was hit with a breach notice by ICANN Compliance last week, over an alleged failure to investigate an abuse complaint about a single customer domain, tnawsol24h.com.

NetLynx did not adequately respond to ICANN’s calls from November 26 to January 5, according to the notice (pdf).

While ICANN did not identify the source or nature of the complaint, according to LegitScript it was filed by the UK Medicines and Healthcare products Regulatory Agency and it claimed that the domain was being used as a “rogue internet pharmacy”.

LegitScript did some research into NetLynx’s domains under management and now claims that it is not an isolated case.

Company president John Horton blogged:

at least a quarter of the registrar’s business is dependent on rogue Internet pharmacy registrations, with roughly 3,000 of the 12,000 domain names under the registrar’s portfolio taggable as current, past or “holding sites” for illicit online pharmacies.

Horton clarified for DI that the 3,000 number is extrapolated from the fact that LegitScript managed to categorize 1,820 out of the 7,000 NetLynx domains it could find as problematic.

Of those, 820 were “online and active” rogue pharmacies, he said. He gave canadian-drug-pharmacy.com, pills-delivery.net and pillsforlife.net as examples.

Another 780 were hosting rogue pharmacies in the past but have since been shut down, he said.

Finally, LegitScript categorized 220 as “meeting known patterns” for “holding sites” where illicit pharmacies may be launched in future. Horton said:

many of the spam pharma organizations use “holding domain names” (not all are online at any one time), so if the website was NOT currently online, we looked to a variety of data — known domain name patterns, screenshots, known rogue name servers, known rogue IP addresses, etc. — to determine the likelihood that a domain name is likely to be a rogue Internet pharmacy, and gave NetLynx the benefit of the doubt if there was any lack of certainty

LegitScript classifies online pharmacies as “rogue” if they offer to ship medicines without a prescription to people in jurisdictions where prescriptions are required.

Horton is now calling for ICANN to look into terminating NetLynx’s accreditation.

New .jobs contract based on new gTLD agreement

Kevin Murphy, December 10, 2014, Domain Registries

ICANN and Employ Media are set to sign a new contract for operation of the .jobs registry which is based heavily on the Registry Agreement signed by all new gTLD registries.

.jobs was delegated in 2005 and its first 10-year RA is due for renewal in May 2015.

Because Employ Media, like all gTLD registries, has a presumption of renewal clause in its contract, ICANN has published the proposed new version of its RA for public comment.

It’s basically the new gTLD RA, albeit substantially modified to reflect the fact that .jobs is a “Sponsored TLD” — slightly different to a “Community” TLD under the current rules — and because .jobs has been around for nine years already.

That means it won’t have to sign a contract forcing it to run Sunrise or Trademark Claims periods, for example. It won’t have to come up with a Continued Operations Instrument — a financial arrangement to cover operating costs should the company go under — either.

Its commitments to its sponsor community remain, however.

ICANN said it conducted a compliance audit on Employ Media before agreeing to the renewal.

Employ Media remains the only gTLD registry to have been hit by a formal breach notice by ICANN Compliance. In 2011, it threatened to terminate its contract over a controversial proposal to all job aggregation sites to run on .jobs domains.

The registry filed an Independent Review Process complaint to challenge the ruling and ICANN eventually backed down in 2012.

The fight came about as a result of complaints from the .JOBS Charter Compliance Coalition, a group of jobs sites including Monster.com.

Black Ice suspended by ICANN

Kevin Murphy, December 8, 2014, Domain Registrars

A small Israeli registrar has had its registrar accreditation suspended by ICANN.

Black Ice domains, which has a few thousand .com and .net domains under management, failed to comply with an ICANN audit and was overdue on its fees by over $5,000, according to the ICANN notice (pdf).

It won’t be allowed to sell gTLD domains or accept inbound transfers from December 19 to March 18, and may be terminated if it fails to come back into compliance.

The registrar is the fourth to have its accreditation suspended by ICANN in 2014. The organization has terminated a further seven registrars, down on the 11 terminated in the whole of 2013.

IP Mirror rapped for failing to deal with abuse

Kevin Murphy, November 17, 2014, Domain Registrars

Here’s something you don’t see every day: a corporate brand management registrar getting smacked by an ICANN breach notice.

Singapore-based registrar IP Mirror has been sent a warning by ICANN Compliance about a failure to respond to abuse complaints filed by law enforcement, which appears to be another first.

Under the 2013 Registrar Accreditation Agreement, registrars are obliged to have a 24/7 abuse hotline to field complaints from “law enforcement, consumer protection, quasi-governmental or other similar authorities” designated by the governments of places where they have a physical office.

According to its web site, IP Mirror has offices in Singapore, Australia, Canada, Hong Kong, Indonesia, Japan, Malaysia, South Korea, Taiwan and the UK, but ICANN’s breach notice does not specify which authority filed the complaint or which domains were allegedly abusive.

Registrars have to respond to such complaints within 24 hours, the RAA says.

The ICANN notice (pdf) takes the company to task for alleged breaches of other related parts of the RAA, such as failure to retain records about complaints and to publish an abuse contact on its web site.

The company has been given until December 5 to come back into compliance or risk losing its accreditation.

IP Mirror isn’t massive in terms of gTLD names. According to the latest registry reports it has somewhere in the region of 30,000 gTLD domains under management.

But it is almost 15 years old and establishment enough that it has been known to sponsor the occasional ICANN meeting. It’s not your typical Compliance target.

DreamHost hit with big breach notice

Kevin Murphy, November 3, 2014, Domain Registrars

DreamHost, a web hosting provider which says it hosts over 1.3 million web sites, has been hit with a lengthy ICANN compliance notice, largely concerning alleged Whois failures.

The breach notice raises questions about the company’s popular free Whois privacy service.

Chiefly, DreamHost has failed to demonstrate that it properly investigates Whois inaccuracy complaints, as required by the Registrar Accreditation Agreement, according to ICANN.

The notice contains numerous other complaints about alleged failures to publish information about renewal fees, its directors and abuse contacts on its web site.

The domain highlighted by ICANN in relation to the Whois failure is senect.com

ICANN sent three compliance notices to DreamHost concerning a Whois inaccuracy report for the domain name and requested DreamHost demonstrate that it took reasonable steps to investigate the Whois inaccuracy claims. DreamHost’s failure to provide documentation demonstrating the reasonable steps it took to investigate and correct the alleged Whois inaccuracy is a breach of Section 3.7.8 of the RAA.

Weirdly, senect.com has been under private registration at DreamHost since the start of 2012.

ICANN seems to be asking the registrar to investigate itself in this case.

DreamHost offers private registration to its customers for free. It populates the Whois with proxy contact information and the registrant name “A Happy DreamHost Customer”.

DomainTools associates “A Happy DreamHost Customer” with over 710,000 domain names.

As an accredited registrar, DreamHost had over 822,000 gTLD domain names at the last count. According to its web site, it has over 400,000 customers.

The breach notice also demands the company immediately start including the real contact information for its privacy/proxy customers in its data escrow deposits.

ICANN has given the company until November 21 to resolve a laundry list of alleged RAA breaches, or risk losing its accreditation.