Latest news of the domain name industry

Recent Posts

How much money will ICM make from .xxx blocks?

Kevin Murphy, September 13, 2011, Domain Registries

There’s a pretty ludicrous report in the Australian media today, claiming that Aussie businesses are being forced to pay AUD $400 million to ICM Registry to protect their brands in .xxx.

The laughable number ($411 million) appears to have been fabricated from whole cloth. The report in the Murdoch-owned Herald Sun does not even bother trying to source or justify it.

But it’s becoming increasingly clear that ICM is going to make some money out of its .xxx sunrise, including from Sunrise B – the one-time defensive “blocks” that do not result in a domain registration.

The company priced Sunrise B at $162 per domain based on an assumption that it would see 10,000 of them. Any fewer and it would lose money, any more and it would profit.

According to official registry reports, no TLD launched in the last five years – .asia, .co, .jobs, .mobi – saw more than about 10,000 domains defensively registered during its sunrise period.

But my hunch is that .xxx will blow those out of the water. I would not be at all surprised if the final number tops 20,000 names.

It’s just a hunch at this point, based on a comparison to the .co launch – which had a reported 11,000 sunrise applications last year – and four main assumptions:

First, that 10,000 was a conservative estimate. I don’t think ICM would have risked making a big loss.

Second, based on a very small number of conversations, I think that some companies are not taking any chances. They’re applying for blocks in more second-tier brands that maybe they strictly need to.

Third, ICM has a much larger registrar channel than .co enjoyed, and much more aggressively FUDdy registrar marketing tactics.

ICM has approved about 70 registrars, compared to the 10 that .CO Internet had at launch, and a lot of registrar promotion has focused on the “Protect Your Brand!” angle, which was discouraged by .co.

Fourth, the vast amount of mainstream media attention the .xxx sunrise has been receiving, most which has doggedly followed the same line as the registrar FUD.

While the value of defending against typosquatting during the .co sunrise last year was probably more important to trademark holders from a security and traffic loss perspective, the brand protection angle did not receive nearly the same amount of press as .xxx has.

ICM president Stuart Lawley has done dozens of media interviews since the sunrise kicked off last week. I even heard him on a UK radio news show aimed at teenagers.

And this press has been going on for over six years, remember. ICANN first approved .xxx in 2005, and the story has been in and out of the media ever since.

It’s worth noting that a Sunrise B block, with its one-time fee, basically denies ICM Registry a bunch of recurring revenue events forever.

Nike is going to be paying $20 to .CO Internet for its defensively registered nike.co domain name every year until the end of time, in addition to the up-front sunrise fee.

If it blocks nike.xxx, it will pay $162 to ICM now but it will also deny the registry its $60 fee for every year it could have been a renewing domain. In three years, ICM’s losing revenue.

But Sunrise B is very probably going to be profitable for ICM. At 20,000 applications, its top line would be $3.24 million, with profit probably pushing seven figures.

Nowhere near $411 million, obviously, but not a bad payday for selling domain names that will never resolve.

Fifth ad group opposes new gTLDs

Kevin Murphy, August 31, 2011, Domain Policy

The World Federation of Advertisers has become the fifth major coalition of advertising big-spenders to ask ICANN to rethink its new gTLD program.

Stephan Loerke, managing director of the Brussels-based organization, wrote to Rod Beckstrom, to “strongly urge ICANN to abandon the program in its current form”.

The letter (pdf) explicitly echoes statements first made by Bob Liodice of the US Association of National Advertisers, which is a WFA member.

To recap, these organizations are worried about consumer confusion, leading to phishing and cybersquatting and an increase in the cost of defending trademarks online.

Loerke said in a press release:

ICANN’s decision flies in the face of their own impact assessments, which highlight the potential dangers and massive costs that unlimited domain names could incur. Worse, it could lead to significant confusion among consumers and expose them to abuse by fraudulent operators.

The WFA is an umbrella trade group that comprises the national advertising trade groups of 50-odd countries. It also has 50-odd brand names as members.

Its members collectively spend $700 billion a year on advertising.

As well as the ANA, the Interactive Advertising Bureau, the Association of American Advertising Agencies and the UK Direct Marketing Association have recently opposed the new gTLD program.

Want Beyonce.xxx? JustinBieber.xxx? Forget it

Kevin Murphy, August 22, 2011, Domain Registries

ICM Registry has banned a whole bunch of celebrity names from the new .xxx top-level domain, in order to scupper cybersquatters and opportunistic porn webmasters.

Want to register Beyonce.xxx, AngelinaJolie.xxx, OlsenTwins.xxx, Madonna.xxx, BritneySpears.xxx, KimKardashian.xxx, HalleBerry.xxx or WinonaRyder.xxx?

How about JustinBieber.xxx, BradPitt.xxx, CharlieSheen.xxx, SimonCowell.xxx, GeorgeMichael.xxx, EltonJohn.xxx, VerneTroyer.xxx, DonaldTrump.xxx or OsamaBinLaden.xxx?

Forget it. According to Whois records, you’re out of luck on all counts. They’ve all been reserved by the registry.

These are all among what I’m guessing is at least hundreds – maybe more – of celebrity names that ICM has blocked from ever being registered.

The company won’t say how many celebrities have been afforded this privilege, or how it came up with the list, but it has said in the past that a total of about 15,000 domains have been registry-reserved.

That also includes the names of the world’s capital cities, culturally sensitive strings put forward by a handful of governments, and the “premium” names that ICM plans to auction.

I’m wondering what the cut-off point is for celebrities. How famous do you have to be to get your .xxx blocked by default by the registry? B-List minimum? D-List? What database is ICM using?

American Pie actor Tara Reid just entered Celebrity Big Brother here in the UK, which pretty much means her career is over, and she’s managed to make it to ICM’s reserved list.

While ICM has always said it would help protect personal names from abuse, it’s never been entirely clear about how it would go about it.

Its registry agreement with ICANN has for some time said that “unauthorized registration of personal names” would be forbidden, but there were no real details to speak of.

As I reported last week, its souped-up cybersquatting policy, Rapid Evaluation Service, has a special provision for personal names.

But presumptively blocking a subset of the world’s famous people from .xxx is bound to raise questions in the wider context of the ICANN new gTLD program, however.

As far as I can tell, no corporate trademarks have been given the same rights in .xxx as, say, David Cameron or Barack Obama.

If ICM can protect Piers Morgan’s “brand”, why can it not also protect CNN? Or Microsoft or Coke or Google? None of these brands are registry-reserved, according to Whois.

The trademark lobby will raise this question, no doubt. ICM has its own celebrity Globally Protected Marks List for .xxx, which only applies to individuals, they could argue.

There are some differences, of course.

Celebrities sometimes find they have a harder time winning cybersquatting complaints using UDRP if they have not registered their names as trademarks, which can be quite hard to come by, for example.

(UPDATE: And, of course, they may not qualify for ICM’s sunrise period if they don’t have trademarks, as EnCirca’s Tom Barrett points out in the comments below).

In addition, celebrity skin is a popular search topic on the web, which may give cybersquatters a greater impetus to register their names as domains, despite the high price of .xxx.

Also, if a registry were to reserve the brand names of, say, the Fortune 1000, it would wind up blocking many dictionary or otherwise multi-purpose strings, which is obviously not usually the case with personal names.

FSC steps up anti-.xxx campaign

Kevin Murphy, August 16, 2011, Domain Registries

The Free Speech Coalition is trying to rally its supporters into a legal nastygram campaign against ICM Registry ahead of the launch of .xxx next month.

The California-based porn trade group wants webmasters to inform ICM that if it sells their trademarks as .xxx domains, they may sue.

It’s released a template letter (pdf) for members to use. It reads, in part:

ICM is now on notice that the registration of any domain name using the .XXX extension that is identical or confusingly similar to one of the trademarks or domains listed on Exhibit A will violate (COMPANY NAME)’s intellectual property rights and constitute an unfair business practice. ICM must take steps to prevent such activity before it can occur. Failure to take affirmative steps to prevent this conduct will establish ICM’s substantial liability.

The FSC believes that because .xxx is squarely aimed at porn webmasters, it smells like a shakedown a lot more than a more generic-sounding string would.

Its tactics are interesting – encouraging others to issue legal threats instead of doing it itself.

As I’ve previously noted, top-level domain registries based in the US have a pretty good legal defense against cybersquatting suits under the Anticybersquatting Consumer Protection Act.

Whether those defenses extend to claims of trademark infringement is a different matter. As far as I know, a sponsored gTLD manager has never been sued on these grounds.

The .xxx gTLD is of course one of the most cybersquatting-unfriendly namespaces ever, in terms of the number and strength of its trademark protection mechanisms.

Beckstrom strikes back at ANA threat

Kevin Murphy, August 10, 2011, Domain Policy

ICANN president Rod Beckstrom has come out swinging against the latest attack on its new top-levels domains program, promising to “vigorously defend” it.

In his response to a harshly critical missive from the Association of National Advertisers, Beckstrom calls ANA’s claims “either incorrect or problematic in several respects”.

I think “firmly worded” would be an appropriate way to characterize his letter (pdf).

In it, he notes that the new gTLD program has been on the cards since 1998, and has been developed over several years using input from the entire ICANN community, including ANA itself.

He further states that some of the complaints outlined by ANA president Bob Liodice show a lack of research.

As I noted in my interview with Liodice yesterday, ANA seems to think cybersquatting at the top-level will be enabled unless companies defensively apply for their “.brand” gTLDs.

Beckstrom said that these statements “demonstrate a lack of understanding of Program details”.

The letter suggests that companies have no choice but to apply for their own gTLDs. Operating a gTLD means assuming a number of significant responsibilities; this is clearly not for everyone. Indeed, it is hoped that those without an interest in making a contribution to expanded choice or innovation in the DNS will not apply. One clear directive of the consensus policy advice on which the program is built is that TLDs should not infringe the existing legal rights of others. The objection process and other safeguards eliminate the need for “defensive” gTLD applications, because where an infringement of legal rights can be established using these processes, an application will not be approved.

The response goes on to outline some of the mandatory second-level trademark protection mechanisms that have been included in the program’s Applicant Guidebook.

ICANN is arguably on shakier ground here – making use of these mechanisms is still going to cost brand owners time and money, which is the basis of ANA’s objections.

The question now is whether Beckstrom’s responses will be enough to get ANA to call off the dogs.

He has offered to talk to ANA to “to discuss how the ANA might participate more actively in the policy development activities and other ICANN processes going forward”.

That’s specifically not an offer to get into negotiations with ANA about the contents of the Guidebook or to delay the launch of the program.

That was never going to happen, particularly not in response to a thirteenth-hour complaint from an organization that hasn’t commented on the program for the last two years.

Liodice said yesterday that unless ICANN agrees to suspend the program, ANA plans to lobby the US Congress, its Department of Commerce, and may sue.

Reaction from the domain name industry to Beckstrom’s letter has so far been predictably positive.

Advertisers threaten to sue over new gTLDs

Kevin Murphy, August 4, 2011, Domain Policy

The Association of National Advertisers is threatening legal action unless ICANN “abandons” its recently approved new generic top-level domains program.

Its CEO, Robert Liodice, has written to his ICANN counterpart Rod Beckstrom outlining its litany of concerns about new gTLDs.

ANA’s strongly worded arguments will be familiar territory for anyone who has been following development of the program for the last few years.

It’s worried about cybersquatting, typosquatting, phishing, as well as the cost of defensive registrations and post-launch trademark enforcement.

The organization represents 400 companies that collectively spend $250 billion every year on their brands, according to the letter.

It also claims that ICANN shirked its duties by failing to adequately consider the economic impact of the program, and that it failed to develop it in a transparent, bottom-up manner.

Liodice wrote (pdf), with my emphasis:

ICANN must not ignore the legitimate concerns of brand owners and the debilitating effect on consumer protection and healthy markets its unsupervised actions will cause. Should ICANN refuse to reconsider and adopt a program that takes into account the ANA’s concerns expressed in this letter, ICANN and the Program present the ANA and its members no choice but to do whatever is necessary to prevent implementation of the Program and raise the issues in appropriate forums that can consider the wisdom, propriety and legality of the program.

The letter ends with a bunch of legal blah about ANA’s rights and remedies, a pretty obvious indication that it’s considering its legal position.

ICANN should “abandon” the program until ANA’s concerns have been addressed, Liodice wrote.

That’s not going to happen, of course.

There’s no way ICANN can put a halt to the program without basically admitting ANA’s analysis of it has merit.

If ANA wants to stop new gTLDs from going ahead, it’s going to need to do more than send a letter.

The letter is CC’d to the US Department of Commerce and several Congressmen, which suggests that we may see another Congressional hearing into the program before too long.

But will we see a lawsuit as well?

ICANN, at least, has anticipated the likelihood of having to defend itself in court for some time.

About 30% of the the $185,000 application fee – $30 million in a 500-application round – is allocated to various “risks”, of which a legal defense fund is one component.

I’d be surprised if ICANN’s legal team hasn’t war-gamed potential claims and defenses every time the Applicant Guidebook has been updated.

The next five months are going to be very interesting times.

Is 80% of .xxx going to be defensive?

Kevin Murphy, August 4, 2011, Domain Registries

Is the new adults-only top-level domain going to turn out to be just as big of a trademark shakedown as some had feared?

EasySpace, a British domain name registrar, claims that 80% of its .xxx pre-orders are from organizations outside the porn industry.

“Out of the hundreds of businesses that have rushed to pre-register with Easyspace ahead of the opening of the Sunrise phase for .XXX domains on 7 September 2011, only 20% of them are from the adult industry,” the company said in a press release.

EasySpace is just one rather small registrar, of course, and its marketing of .xxx is very much in the “Protect your brand” camp, so its numbers may not necessarily hold up industry-wide.

The company is charging $189.99 ($310) for non-porn defensive registrations, an almost 100% markup on the registry fee.

Still, 80% is a big number, and likely to be used by critics not only of .xxx but of new TLDs in general.

Big Content calls for government new gTLD oversight

Kevin Murphy, August 1, 2011, Domain Policy

The music, movie and advertising industries have backed a US move that could see governments getting more control over the approval of new top-level domains.

They’ve urged the National Telecommunications and Information Administration to keep a proposed rule that would force ICANN to show a new gTLD is in the “global public interest” before giving it the nod.

But they are opposed by many other stakeholders who responded to the NTIA’s Further Notice Of Inquiry on the renewal of ICANN’s IANA contract.

The FNOI resulted in about 35 responses, from companies and organizations on five continents.

The most controversial question posed by the NTIA was whether the IANA contract should include this provision:

For delegation requests for new generic TLDS (gTLDs), the Contractor [ICANN] shall include documentation to demonstrate how the proposed string has received consensus support from relevant stakeholders and is supported by the global public interest.

This was broadly interpreted as a way for governments to have a de facto veto over new gTLD applications, via ICANN’s Governmental Advisory Committee.

The proposed measure has now been supported by the Recording Industry Association of America, the Association of National Advertisers, and the Coalition for Online Accountability, which represents the music and movie industries.

Brand owners want another bite

In his strongly worded response, ANA president Robert Liodice wrote that the new gTLD program “is likely to cause irreparable injury to brand owners”, adding that it supported the NTIA’s proposal.

[It] provides a layer, however thin, of contractual protection that gTLDs will not be deposited to the authoritative root zone without appropriate justification. While the ANA believes that these protections are marginal at best, and that a more secure, safe and permanent solution must be found to prevent the harms to brand owners and consumers described above; nonetheless, “something is better than nothing”

Special interests

The RIAA said in its filing that it “strongly supports” the proposal, on the basis that it thinks .music, if approved as a gTLD, could lead to more online music piracy.

there are no concrete obligations in the latest application guidebook to implement heightened security measures for these types of gTLDs that are focused on particular industries such as record music. Given the the risk that such a gTLD application could pass through the ICANN process without committing to such measures, it should be incumbent on the IANA contractor to document how its entry into the root would meet the “global public interest” standard.

It’s a drum the RIAA, never afraid of making special-interest arguments on matters of internet governance, has been beating for some time.

It stopped short of asking for all existing TLDs (and IP addresses, in the case of peer-to-peer applications) to be banned outright, which would presumably do much more to prevent piracy.

Oh no you ditn’t!

The COA, which includes the RIAA among its members, has the honor of being the first of ICANN’s critics to raise the Peter Dengate Thrush Situation to officially bash the organization.

PDT, as you’ll recall, joined Minds + Machines, likely to be a volume gTLD applicant next year, just a few weeks after he helped push through ICANN’s approval of the gTLD program.

COA counsel Steve Metalitz wrote:

This development tends to confirm COA’s view that “the new gTLD process, like so much of ICANN’s agenda, has been ‘led’ by only a small slice of the private sector, chiefly the registrars and registries who stand to profit from the introduction of new gTLDs.”

If a “check and balance” on addition of these new gTLDs to the root was advisable prior to this announcement, it now appears to be indispensable.

Plenty of ICANN stakeholders on both sides of the new gTLD debate have been calling for a review of ICANN’s ethics policies recently, so the COA is far from alone in highlighting the perception problem PDT’s move, and others, may have created.

It looked dodgy, and people noticed.

But on the other hand…

Many responses to the FNOI take the opposing view – saying that the “global public interest” requirements appear to run contrary to IANA’s technical coordination mandate.

IANA’s statement of work, which mandates IANA staff independence from ICANN policy-making, seems like a very odd place to introduce a vague and highly policy-driven oversight check.

Opposition came from the gTLD registry community and likely applicants, as you might expect, as well as from a number of ccTLD operators, which was perhaps less predictable.

A typical response, from the ccNSO, was:

While recognising and supporting the need for ensuring that new gTLDs have consensus support and are consistent with the global public interest, the ccNSO suggests that the IANA contractor’s role should simply be to verify that ICANN has followed the Guidebook process and that all the evaluation criteria (not just the two referred to) have been met.

A number of responses also call for the strict separation of IANA staff from ICANN’s policy-making functions to be relaxed. The way the NTIA’s proposal is currently worded, it’s not clear if IANA’s experts would be able to provide their input to important work.

FarmVille domain seized from Chinese squatter

Kevin Murphy, July 28, 2011, Domain Policy

Zynga has claimed control of the domain name farmville.co.uk from a Chinese cyberquatter.

The summary decision under Nominet’s Dispute Resolution Service was made July 14, and posted to the Nominet web site today, but the Whois still shows the previous owner.

According to Whois records, the domain was registered July 1, 2009, just a couple of weeks after the popular FarmVille game launched on Facebook.

The domain currently resolves to a Sedo placeholder page.

If this proves anything, it’s that owners of rapidly growing web applications need to keep an eye on their brands in non-core TLDs, because cybersquatters are too.

Bit-squatting – the latest risk to domain name owners

Kevin Murphy, July 26, 2011, Domain Tech

Forget phishing, forget cybersquatting, forget typosquatting, high-value domain name owners may have a whole new threat to worry about – “bit-squatting”.

This appears to be the conclusion of fascinating new research to be presented by Artem Dinaburg at the Black Hat and DEF CON hacker conferences in Las Vegas next week.

Defective internet hardware, it turns out, may be enabling a whole new category of typosquatting that could prove worrying for companies already prone to domain name abuse.

According to a summary of Dinaburg’s research, RAM chips can sometimes malfunction due to heat or radiation, resulting in “flipped bits”, where a 1 turns into a 0 or vice-versa.

Because the DNS uses ASCII encoding, a query containing a single flipped bit could actually send the user to a completely different domain name to the one they intended to visit.

To test the theory, Dinaburg appears to have registered the typo domain name mic2osoft.com. While it’s not visually confusing or a likely typo, in binary it is only one bit different to microsoft.com.

The ASCII binary code for the digit 2 is 00110010, which is only one bit different to the lower-case letter r, 01110010.

The binary for the string “microsoft” is:

011011010110100101100011011100100110111101110011011011110110011001110100

and the binary encoding for “mic2osoft” is (with the single changed bit highlighted):

011011010110100101100011001100100110111101110011011011110110011001110100

Therefore, if that one bit were to be accidentally flipped by a dodgy chip, the user could find themselves sending data to the bit-squatter’s domain rather than Microsoft’s official home.

I would assume that this is statistically only a concern for very high-traffic domains, and only if the bit-flipping malfunction is quite widespread.

But Dinaburg, who works for the defense contractor Raytheon, seems to think that it’s serious enough to pay attention to. He wrote:

To verify the seriousness of the issue, I bit-squatted several popular domains, and logged all HTTP and DNS traffic. The results were shocking and surprising, ranging from misdirected DNS queries to requests for Windows updates.

I hope to convince the audience that bit-squatting and other attacks enabled by bit-flip errors are practical, serious, and should be addressed by software and hardware vendors.

His conference presentations will also discuss possible hardware and software solutions.

For large companies particularly at risk of typosquatting, the research may also present a good reason to conduct a review of their trademark enforcement strategies.

I’m not going to be in Vegas this year, but I’m looking forward to reading more about Dinaburg’s findings.

The annual Black Hat and DEF CON conferences are frequently the venues where some of the most beautifully creative DNS hacks are first revealed, usually by Dan Kaminsky.

Kaminsky is not discussing DNS this year, judging by the agendas.

The conferences were founded by Jeff Moss, aka The Dark Tangent, who joined ICANN as its chief security officer earlier this year.