Latest news of the domain name industry

Recent Posts

More on my Twitter.sucks reg

Kevin Murphy, December 21, 2015, Domain Registries

If you were reading on Friday, you’ll know that I brought about the registration of the domain twitter.sucks and took charge of a web site hosted at that address.

I hinted that there was a little more to the story, but couldn’t get into it.

The first part of the story is here.

What I didn’t mention was that twitter.sucks was in my This.sucks account for probably less than 10 minutes before I removed it.

I have no beef with Twitter and no particular desire to moderate a .sucks discussion forum.

After removing twitter.sucks from my account, I noticed that This.sucks again gave me the option to “register” a free .sucks domain.

So I experimentally “registered” thisdotsucks.sucks too.

Again, the domain started resolving, showed up in Whois, and the associated WordPress site went live within seconds.

At this point, I discovered that I had admin privileges for both twitter.sucks and thisdotsucks.sucks sites simultaneously.

Suspecting that I may have found a bug that would allow anyone to register an essentially unlimited number of free and potentially trademark-matching .sucks domains, I informed This.sucks of my findings in the interest of responsible bug disclosure and ended my blog post prematurely.

Late Friday, This.sucks spokesperson Phil Armstrong told me that it wasn’t a bug after all.

He said that the company allows one “do-over”. So if you register a name for free, then delete it, you get another one for free.

He also said that WordPress admin privileges for domains removed from user accounts expire after a period (I had admin rights for the twitter.sucks web site for roughly 48 hours after I deleted it from my account.)

Right now, the domain twitter.sucks still exists, registered to This.sucks as before, as does the associated web site. I have no idea if another user has taken over its administration or if it’s in some kind of limbo state.

All I know is that it’s nothing to do with me any more.

How I just registered Twitter.sucks for free in just five clicks

Kevin Murphy, December 18, 2015, Domain Registries

This morning, I caused the registration of and was given control of a web site at twitter.sucks.

I didn’t pay a thing, though I did — by checking a box linked to hidden terms and conditions — promise to pay $10,000 if I was later determined to be working for Twitter.

Ordinarily, registering a .sucks domain would have cost me over $200.

The controversial This.sucks service (which may share ownership with .sucks registry Vox Populi) has gone live and is giving out 10,000 .sucks web sites for free.

Users, who can sign up merely by connecting their Facebook or LinkedIn accounts, are able to cause This.sucks to register names on their behalf.

They are then immediately given limited control over a WordPress blog hosted at that domain, though not to the associated name servers or Whois records.

It’s actually quite a slick, streamlined service, that could quite easily dramatically increase the number of active .sucks site overnight.

But it’s going to cause no end of headaches for trademark owners.

Earlier this week, you may recall DI reporting that This.sucks seemed to have registered the .sucks names matching the brands of Twitter, Adobe, Goldman Sachs and Justin Timberlake.

It seems that this may have been a test of the This.sucks service, as I was tipped off last night that twitter.sucks was no longer registered.

Here’s how I got control over the twitter.sucks web site in just FIVE clicks.

This.sucks has a domain availability query box, just like a regular registrar. I looked up “twitter”:

This.sucks 1

Seeing that the domain was available, I went through the two-click process of allowing This.sucks to use my Facebook login credentials.

This.sucks 2

Obviously, while I used a genuine Facebook account, I see no reason why I couldn’t have used a fake one.

After connecting, I was bounced back to This.sucks and was given the ability to register twitter.sucks in a single click.

This.sucks 3

I also had to check a box confirming:

I’m a free-thinking individual, not a corporate yes-man. I agree to the terms and conditions and any penalties which may apply.

Clicking either of the T&C links, or hovering over the question mark, will introduce you to the concept of a $10,000 penalty.

This.sucks 4

That’s right — by causing This.sucks to register a .sucks domain, you agree to pay $10,000 if the company decides, in its “sole discretion” that you are affiliated with the matching trademark owner. The terms state:

Site Runners on this.sucks must be individuals who have no affiliation with the subject matter of the Site. You can’t be running the Site on behalf of a company, entity or anyone who is the subject of the Site.

As a Site Runner you agree that if you are found by this.sucks, in our sole discretion, to be in violation of this principal, that a $10,000 USD payment to This.sucks will immediately become due and payable. You will also no longer be a Site Runner with us. Your Site may also be given to a different Site Runner to run.

If you think a Site is being run by someone acting on behalf of the subject of the Site, please email us at whistleblower@this.sucks

Given that Twitter’s lawyers are probably going to hate me for doing this, I felt pretty confident in accepting this risk.

In addition, at this point This.sucks has not asked me for any payment information. If they want $10,000 off of me, they can take a hike, I figure.

So I clicked the “Register Now” button.

Bam! In under 10 seconds the domain name twitter.sucks existed in DNS, in Whois, and there was a simple WordPress web site there that I, to a significant extent, controlled.

The domain is registered to This.sucks, which makes it clear on its web site FAQ that its users — or “Site Runners” — do not actually own the domains they cause to be registered.

This.sucks 6

As administrator of the WordPress site, I am able to create and update blog posts as well as change the appearance by switching between a limited selection of themes. I can also edit and delete comments and manage registered users.

There’s a little bit more to my story — which I cannot get into for now.

For the moment, it must suffice to say that this is a whole new world for famous brand owners.

They can either pay the roughly $2,000 required to defensively register their brand in .sucks, or they can try to sneak through a free (or $0.99 per month) registration at This.sucks at the risk of being billed $10,000 if they get rumbled.

Twitter and Justin Timberlake targeted by This.sucks

Kevin Murphy, December 15, 2015, Domain Registries

This.sucks, a company with close ties to .sucks registry Vox Populi, has started registering domain names matching famous brands to itself.

Twitter, along with singer Justin Timberlake, software maker Adobe and investment bank Goldman Sachs all saw their matching .sucks domains registered by This.sucks on Friday, according to the .sucks zone file and Whois queries.

The domains twitter.sucks, goldmansachs.sucks, justintimberlake.sucks and adobe.sucks currently resolve in browsers, but only to a password-protected web site.

New York-based This.sucks says its service is in beta. It plans to give 10,000 .sucks domains away for free, and to sell them for as little as $12 per year. Its business model has not been revealed.

That’s a deep discount from their regular $250 suggested retail price, which rises to $2,500 for domains matching famous brands.

Technically, the company should have just paid around $10,000 for the four brand-matching domains it has just registered.

But it is broadly suspected that This.sucks shares ownership with Vox Populi, the .sucks registry operator, which would make this a case of the right hand paying the left.

As we uncovered in October, Vox Populi originally hosted This.sucks’ web sites and the CEO of Momentous, which founded Vox Pop, paid for its web site to be developed.

The two companies also share a physical address and a Cayman Islands lawyer.

Vox Pop has denied any involvement in This.sucks, saying it’s just another customer.

It will be interesting to see how long it takes for one of the four affected brands to file a UDRP or URS complaint on these new domains.

As far as I can tell, the .sucks namespace currently has an unblemished UDRP record.

Unlike rival Top Level Spectrum, which runs .feedback, neither Vox Pop nor This.sucks has revealed any plans to use brands belonging to third parties as part of their services.

TLS has said it plans to sell 5,000 branded .feedback domains to a third party after its sunrise period ends next month.

It has already registered fox.feedback to itself as one of its special 100-domain pre-sunrise registry allowance.

Since we last reported on .feedback a month ago, the registry appears to have also registered the names of all the current US presidential candidates — such as donaldtrump.feedback and hillaryclinton.feedback — to itself.

The sites are all live, as is santaclaus.feedback, which seeks commentary on the “fictional” character.

Forget .sucks, .feedback will drive trademark owners nuts all over again

Kevin Murphy, November 4, 2015, Domain Registries

Top Level Spectrum, the new gTLD registry behind .feedback, plans to give sell domains matching 5,000 of the world’s top brands to a third party that does not own the trademarks.

That’s one novel element of a .feedback business model that is guaranteed to drive the intellectual property community crazy in much the same way as .sucks did earlier this year.

The other piece of ‘innovation’ will see all .feedback domains — including the 5,000 brands — point by default to a hosted service that facilitates comment and criticism.

An example of such a site can be seen at www.eggsample.feedback. The registry’s CEO, Jay Westerdal, has a .feedback site at www.jay.feedback

If you agree to use the hosted service with your domain, the domain and service combined will cost a minimum of just $20 per year.

However, if you want to turn off the hosted service and use your .feedback like a regular domain, pointing to the web site of your choice, the price will ratchet up to $50 a month, or $620 a year.

Those are the wholesale prices. Both services will be offered through registrars, where some markup is to be expected.

The hosted service is being offered by Feedback SAAS LLC, a company that, judging by its web site, appears to share ownership with Top Level Spectrum, though Westerdal says the two firms have different employees.

It’s not dissimilar to the model employed by .tel, where name servers by default point to a registry-hosted service.

Unlike .tel, .feedback registrants will be able to opt out of using the SAAS service and point their domains to whatever name servers they want.

Westerdal told DI that .feedback is in the process of making a deal with a “third party” he could not yet name to have 5,000 branded .feedback domains deployed during the Early Access Period of the .feedback launch. That’s scheduled to start January 6.

“We are striking a deal to get feedback sites out there. We want everything to have feedback,” he said. “We are signing an agreement to get the ball rolling by doing a founders program to get names out there. Your favorite shoe, your pizza place, your everything.”

“The sites are all geared towards free speech and giving reviews,” he said. He said:

No trademark infringement will occur though, the sites are all geared towards free speech and giving reviews. Confusing the public that the brand is running the site will not happen, each site has a disclaimer and makes it clear the brand is not running the site.

Asked whether we were talking about a genuine third party or a shell set up by the registry, he said: “A real third party. I am not playing games.”

He said the higher pricing for the naked domain registration is intended to discourage companies from turning off the domains matching their brands.

The whole point of .feedback is to solicit feedback.

The as-yet unspecified third-party taking possession of the 5,000 brand names would not be prevented from selling the domains to the matching brand owner, or to any third parties, he said, though he would not be in favor of such a move.

He said that $20 a year to run a configurable .feedback site, with moderator privileges, is a “great deal” compared to the $300-a-month service he said consumer review site Yelp offers.

The SAAS service will make additional revenue by selling added features, suitable for enterprises, he said.

.feedback went into its sunrise period last week with a $2,000 wholesale fee — the same high price that attracted criticism for .sucks.

The original Registry Service Evaluation Process for the .feedback service hit ICANN over a year ago (pdf).

I missed it then. Sorry.

I noticed it today after corporate registrar MarkMonitor blogged about it.

Matt Serlin, VP of MarkMonitor, who blogged his opinion on .feedback’s strategy earlier today, said in an email that the .feedback strategy was “more objectionable” than he had thought, and that “[W]e would most likely look to raise to ICANN if that is his stated intent.”

URS arrives in three legacy gTLDs

Kevin Murphy, October 2, 2015, Domain Policy

The legacy gTLDs .cat, .pro and .travel will all be subject to the Uniform Rapid Suspension policy from now on.

Earlier this week, ICANN approved the new Registry Agreements, which are based on the new gTLD RA and include URS, for all three.

URS is an anti-cybersquatting policy similar to UDRP. It’s faster and cheaper than UDRP but has a higher burden of proof and only allows domains to be suspended rather than transferred.

The inclusion of the policy in pre-2012 gTLDs caused a small scandal when it was revealed a few months ago.

Critics, particularly the Internet Commerce Association, said that URS (unlike UDRP) is not a Consensus Policy and therefore should not be forced on registries.

ICANN responded that adding URS to the new contracts came about in bilateral negotiations with the registries.

The board said in its new resolutions this week:

the Board’s approval of the Renewal Registry Agreement is not a move to make the URS mandatory for any legacy TLDs, and it would be inappropriate to do so. In the case of .CAT, inclusion of the URS was developed as part of the proposal in bilateral negotiations between the Registry Operator and ICANN.

The concern for ICA and others is that URS may one day be forced into the .com RA, putting domainer portfolios at increased risk.

GoDaddy did not cybersquat the Oscars, court finds

Kevin Murphy, September 16, 2015, Domain Registrars

In a landmark decision, a US court has ruled that GoDaddy’s practice of parking unused domains with Google advertising does not count as cybersquatting.

The Academy of Motion Picture Arts and Sciences, which runs the annual Oscars awards, sued the registrar five years ago after seeing that GoDaddy had parked hundreds of names containing its mark.

Under UDRP, registrar parking is controversially often taken as a sign of the registrants bad faith by panelists.

But the California court ruled that GoDaddy’s actions did not amount to trademark infringement due to the unique circumstances of the case.

GoDaddy did not select the advertisements — Google’s algorithms did — nor did it manually review which domains were being parked.

Domain Name Wire has a pretty good breakdown of the key points in the 129-page ruling.

What’s going to be interesting is whether UDRP panelists — which sometimes take their cues from US legal precedent — will start to adjust to view registrar parking in a more benign way when judging registrant bad faith.

OpenTLD suspension reinstated

Kevin Murphy, August 25, 2015, Domain Registrars

ICANN has suspended OpenTLD’s ability to sell gTLD domain names for the second time, following an arbitration ruling yesterday.

OpenTLD, part of the Freenom group, will not be able to sell gTLD names or accept inbound transfers from tomorrow — about two hours from now — to November 24, according to ICANN’s web site.

That doesn’t give the company much time to make the required changes to its web site and registrar systems.

As reported earlier today, OpenTLD lost its battle to have the suspension frozen in arbitration with ICANN.

The arbitrator agreed with ICANN Compliance that the registrar cybersquatted its competitors and has not yet done enough to ensure that it does not do the same again in future.

Yes, you are dangerous, arbitrator tells “cybersquatter” OpenTLD

Kevin Murphy, August 25, 2015, Domain Registrars

Free domains provider OpenTLD has been dealt a crushing blow in its fight against the suspension of its Registrar Accreditation Agreement.

ICANN is now free to suspend OpenTLD’s RAA, due to the company’s “pattern of cybersquatting”, following a decision by an independent arbitrator.

The arbitrator ruled yesterday that OpenTLD’s suspension should go ahead, because “OpenTLD’s continued operation could potentially harm consumers and the public interest.”

The 90-day suspension was imposed by ICANN Compliance in June, after it became aware that OpenTLD had lost two UDRP cases filed by competing registrars.

WIPO panelists found in both cases that the company had infringed its competitors’ trademarks in order to entice resellers over to its platform.

The suspension was put on hold voluntarily by ICANN, pending the arbitrator’s ruling on OpenTLD’s request for emergency stay. That request was conclusively rejected yesterday.

The arbitrator wrote:

the Arbitrator has little doubt that the multiple abusive name registrations made by OpenTLD, each of which included the registered mark of a competing domain name registrar and OpenTLD’s subsequent use of those domains… formed part of a broad concerted effort by OpenTLD calculated to deliberately divert name registration business, otherwise destined for competing domain name registrars… away from those registrars to OpenTLD instead.

He wrote that OpenTLD needs to put a process in place to prevent similarly cybersquatty behavior in future, rather than just making a commitment to changing its ways.

It’s pretty harsh stuff.

OpenTLD said recently that a suspension would “devastate” and “decimate” its business, due to the intertwining of its massive ccTLD business and rather smaller gTLD platform, but the arbitrator thought a technology workaround would be rather simple to implement.

No RAA means no gTLD sales and no inbound transfers.

OpenTLD is part of Freenom, which runs .tk and other free-to-register ccTLDs.

The company’s only ray of sunlight in the ruling is that the arbitrator said the costs of the proceeding should be split equally, not all falling on OpenTLD’s shoulders.

ICANN has not yet re-instituted the suspension, but it could come soon.

The full ruling can be read here.

OpenTLD says suspension would “devastate” its business

Kevin Murphy, August 14, 2015, Domain Registrars

OpenTLD has fired off its newest salvo in its ongoing cybersquatting dispute with ICANN, saying the ICANN-imposed suspension would “devastate” its business.

The company has also addressed many of ICANN’s cybersquatting allegations, while failing to deny it squatted on two competitors’ trademarks.

In its latest arbitration filing (pdf), OpenTLD said: “Quite simply, the suspension of OpenTLD’s ability to offer gTLD registrations and inbound transfers would decimate its unique business model.”

ICANN had argued that the suspension of its registrar accreditation was no big deal because its gTLD domain base is measured in the low thousands, whereas the total domains under management of parent Freenom, which offers free domains in .tk and other ccTLDS, is in excess of 25 million.

But OpenTLD said the two businesses as “deeply intertwined” and separating the two would impair its ability to do business.

ICANN is pushing for the suspension because OpenTLD lost two UDRP cases earlier this year. Both were filed by competitors — Key-Systems and NetEarth — who accused the registrar of attempting to lure resellers to its platform by infringing rivals’ trademarks.

ICANN has since followed up by accusing OpenTLD of continuing to cybersquat famous brands, including Google and Facebook, even after the suspension notice was issued. These claims, as I noted last week, are very dubious, however.

In its latest filing, OpenTLD denies that any of those domains — all of which use its privacy service — were registered by itself. It goes so far as to name the actual registrants.

But it fails to deny that it was the true registrant of the Key-Systems and NetEarth domains lost in the UDRP cases.

Rather, it focuses on ICANN’s claims that it committed “cyberflight” by deleting the UDRP’d domains rather than allowing them to be transferred to the trademark owners.

It admits that the domains were deleted but said this was “inadvertent” and that it attempted to transfer them to its competitors later.

OpenTLD wants the threatened suspension stayed.

The case continues. A decision by the arbitration panel is expected August 24.

OpenTLD cybersquatting fight escalates

Kevin Murphy, August 7, 2015, Domain Registrars

ICANN has accused OpenTLD, the registrar arm of Freenom, of cybersquatting famous brands even after it was threatened with suspension.

The claims may be worrying for some registrars as ICANN may in fact be holding the registrar responsible for the actions of its proxy service customers.

OpenTLD was suspended by ICANN in early July, after two UDRP rulings found the company had cybersquatted rival registrars’ brands in order to poach customers.

The suspension was lifted after just a few hours when OpenTLD took ICANN to arbitration under the terms of its Registrar Accreditation Agreement.

In ICANN’s latest arbitration filing, the organization’s lawyers argue that the suspension should not be stayed, because OpenTLD has been shown to engage in a pattern of cybersquatting.

Like the original suspension notice, the filing cites the two UDRP losses, along with footnotes indicating that as many as seven competing brands had been cybersquatted.

But ICANN has now also escalated its allegations to bring in non-registrar brands where it’s far from clear that OpenTLD is the actual registrant.

ICANN’s filing states:

even a brief review of the domain names in OpenTLD’s portfolio demonstrates that OpenTLD appears to be continuing to engage in bad faith and abusive registration practices. As of 3 August 2015, there were at least 73 gTLD domains registered to Stichting OpenTLD WHOIS Proxy (which is OpenTLD’s proxy service) that are identical to or contain the registered trademarks or trade names of third parties, including, by way of small example, the domain names barnesandnoble.link, sephora.bargains, at-facebook.com, ebaybh.com, googlefreeporn.com, global-paypal.com, hotmailtechnicalsupport.com, and secure-apple.com. ICANN is not aware of any legitimate interest or right that OpenTLD has to use these third-party trademarks and trade names.

Even more concerning is the fact that at least 14 gTLD domain names that contain the registered trademarks or trade names of third parties were registered by OpenTLD’s proxy service after the 23 June 2015 Suspension Notice was issued to OpenTLD, further demonstrating that OpenTLD’s overtures of “cooperation” ring hollow.

To be clear, that’s ICANN accusing OpenTLD of cybersquatting because some of the domains registered via its privacy service appear to be trademark infringements.

It’s basically equating infringing use of OpenTLD’s proxy service (such the registration of barnesandnoble.link) with the infringing behavior of OpenTLD itself (such as the registration of godaddy.cf, a February 2015 screenshot of which can be seen below.)

This may just be legal posturing, but I imagine many other registrars would be worried to know that they could have their accreditation suspended for cybersquatting simply because some of their privacy customers are cybersquatters.

I’d wager that every proxy/privacy service available has been used by blatant cybersquatters at one time or another.

Filings in the arbitration case can be found here.