URS comes to .mobi as ICANN offers Afilias lower fees

Afilias’ .mobi is to become the latest of the pre-2012 gTLDs to agree to adopt the Uniform Rapid Suspension policy in exchange for lower ICANN fees.
Its Registry Agreement is up for renewal, and Afilias and ICANN have come to similar terms to .jobs, .travel, .cat, .pro and .xxx.
Afilias has agreed to take on many of the provisions of the standard new gTLD RA that originally did not apply to gTLDs approved in the 2000 and 2003 rounds, including the URS.
In exchange, its fixed registry fees will go down from $50,000 a year to $25,000 a year and the original price-linked variable fee of $0.15 to $0.75 per transaction will be replaced with the industry standard $0.25.
It’s peanuts really, given that .mobi still has about 690,000 domains, but Afilias is getting other concessions too.
Notably, the ludicrous mirage that .mobi was a “Sponsored” gTLD serving a specific restricted community (users of mobile telephones, really) rather than an obvious gaming of the 2003-round application rules, looks like it’s set to evaporate.
Appendix S to the current RA is not being carried over, ICANN said, so .mobi will not become a “Community” gTLD, with all the attendant restrictions that would have entailed.
Instead, Afilias has simply agreed to the absolute basic set of Public Interest Commitments that apply to all 2012 new gTLDs. Text that would have committed the registry to abide by the promises made in its gTLD application have been removed.
But the change likely to get the most hackles up is the inclusion of URS in the proposed new contract.
URS is an anti-cybserquatting measure that enables trademark owners to shut down infringing domains, without taking ownership, more quickly and cheaply than the UDRP.
It’s obligatory for all 2012-round gTLDs, and five of the pre-2012 registries have also agreed to adopt it during their contract renewal talks with ICANN.
Most recently, ICM Registry agreed to URS in exchange for much deeper cuts in its ICANN fees in .xxx.
In recent days, ICANN published its report into the public comments on the .xxx renewal, summarizing some predictably irate feedback.
Domainer group the Internet Commerce Association, which is concerned that URS will one day be forced upon .com and .net, had a .xxx comment that seems particularly pertinent to the .mobi news:

Given the history of flimsy and self-serving justifications by [Global Domains Division] staff and the ICANN Board for similar actions taken in 2015, we are under no illusion that this comment letter will likely be successful in effecting removal of the URS and other new gTLD RA provisions from the revised .XXX RA. Nonetheless, we strenuously object to this GDD action that intrudes upon and debases ICANN’s legitimate policymaking process, and urge the GDD and Board to reconsider their positions, and to ensure that GDD staff ceases and desists from taking similar action in the context of future RA renewals and revisions until the RPM Review WG renders the community’s judgment as to whether the URS and other new gTLD RPMs should become Consensus Policy and such recommendation is reviewed by GNSO Council and the ICANN Board.

The Intellectual Property Constituency of the GNSO, conversely, broadly welcomed the addition of more rights protection mechanisms to .xxx.
The Non-Commercial Stakeholder Group, meanwhile, expressed concern that whenever ICANN negotiates a non-consensus policy into a contract it negates and discourages all the work done by the volunteer community.
You can read the summary of the .xxx comments, along with ICANN staff’s reasons for ignoring them, here (pdf).
The .mobi proposed amendments are also now open for public comment.
Any lawyers wishing to rack up a few billable hours railing against a fait accompli can do so here.

RANT: Governments raise yet another UN threat to ICANN

ICANN’s transition away from US government oversight is not even a month old and the same old bullshit power struggles and existential threats appear to be in play as strongly as ever.
Governments, via the chair of the Governmental Advisory Committee, last week yet again threatened that they could withdraw from ICANN and seek refuge within the UN’s International Telecommunications Union if they don’t get what they want from the rest of the community.
It’s the kind of thing the IANA transition was supposed to minimize, but just weeks later it appears that little has really changed in the rarefied world of ICANN politicking.
Thomas Schneider, GAC chair, said this on a conference call between the ICANN board and the Generic Names Supporting Organization on Thursday:

I’m just urging you about considering what happens if many governments consider that this system does not work. They go to other institutions. If we are not able to defend public interest in this institution we need to go elsewhere, and this is exactly what is happening currently at the ITU Standardization Assembly.

This is a quite explicit threat — if governments don’t like the decisions ICANN makes, they go to the ITU instead.
It’s the same threat that has been made every year or two for pretty much ICANN’s entire history, but it’s also something that the US government removing its formal oversight of ICANN was supposed to help prevent.
So what’s this “public interest” the GAC wants to defend this time around?
It’s protections for the acronyms of intergovernmental organizations (IGOs) in gTLDs, which we blogged about a few weeks ago.
IGOs are bodies ranging from the relatively well-known, such as the World Health Organization or World Intellectual Property Organization, to the obscure, such as the European Conference of Ministers of Transport or the International Tropical Timber Organization.
According to governments, the public interest would be served if the string “itto”, for example, is reserved in every new gTLD, in other words. It’s not known if any government has passed laws protecting this and other IGO strings in their own ccTLDs, but I suspect it’s very unlikely any have.
There are about 230 such IGOs, all of which have acronyms new gTLD registries are currently temporarily banned from selling as domains.
The multi-stakeholder GNSO community is on the verge of coming up with some policy recommendations that would unblock these acronyms from sale and grant the IGOs access to the UDRP and URS mechanisms, allowing them to reclaim or suspend domains maliciously exploiting their “brands”.
The responsible GNSO working group has been coming up with these recommendations for over two years.
While the GAC and IGOs were invited to participate in the WG, and may have even attended a couple of meetings, they decided they’d have a better shot at getting what they wanted by talking directly to the ICANN board outside of the usual workflow.
The WG chair, Phil Corwin of the Internet Commerce Association, recently described IGO/GAC participation as a “near boycott”.
This reluctance to participate in formal ICANN policy-making led to the creation of the so-called “small group”, a secretive ad hoc committee that has come up with an opposing set of recommendations to tackle the same IGO acronym “problem”.
I don’t think it’s too much of a stretch to call the the small group “secretive”. While the GNSO WG’s every member is publicly identified, their every email publicly archived, their every word transcribed and published, ICANN won’t even say who is in the small group.
I asked ICANN for list of its members a couple of weeks ago and this is what I got:

The group is made up of Board representatives from the New gTLD Program Committee (NGPC), primarily, Chris Disspain; the GAC Chair; and representatives from the IGO coalition that first raised the issue with ICANN and some of whom participated in the original PDP on IGO-INGO-Red Cross-IOC protections – these would include the OECD, the UN, UPU, and WIPO.

With the publication two weeks ago of the small group’s recommendations (pdf) — which conflict with the expect GNSO recommendations — the battle lines were drawn for a fight at ICANN 57, which kicks off this week in Hyderabad, India.
Last Thursday, members of the GNSO Council, including WG chair Corwin, met telephonically with GAC chair Schneider, ICANN chair Steve Crocker and board small group lead Disspain to discuss possible ways forward.
What emerged is what Crocker would probably describe as a “knotty” situation. I’d describe it as a “process clusterfuck”, in which almost all the relevant parties appear to believe their hands are tied.
The GNSO Council feels its hands are tied for various reasons.
Council chair James Bladel explained that the GNSO Council doesn’t have the power to even enter substantive talks.
“[The GNSO Council is] not in a position to, or even authorized to, negotiate or compromise PDP recommendations that have been presented to use by a PDP working group and adopted by Council,” he said.
He went on to say that while the GNSO does have the ability to revisit PDPs, to do so would take years and undermine earlier hard-fought consensus and dissuade volunteers from participating in policy making. He said on the call:

By going back and revisiting PDPs we both undermine the work of the community and potentially could create an environment where folks are reluctant to participate in PDPs and just wait until a PDP is concluded and then get engaged at a later stage when they feel that the recommendations are more likely adopted either by the board or reconciled with GAC advice.

He added that contracted parties — registries and registrars — are only obliged to follow consensus policies that have gone through the PDP process.
Crocker and Disspain agreed that the the GAC and the GNSO appear to have their hands tied until the ICANN board makes a decision.
But its hands are also currently tied, because it only has the power to accept or reject GNSO recommendations and/or GAC advice, and it currently has neither before it.
Chair Crocker explained that the board is not able to simply impose any policy it likes — such as the small group recommendations, which have no real legitimacy — it’s limited to either rejecting whatever advice the GAC comes up with, rejecting whatever the GNSO Council approves, or rejecting both.
The GNSO WG hasn’t finished its work, though the GNSO Council is likely to approve it, and the GAC hasn’t considered the small group paper yet, though it is likely to endorse it it.
Crocker suggested that rejecting both might be the best way to get everyone around a table to try to reach consensus.
Indeed, it appears that there is no way, under ICANN’s processes, for these conflicting views to be reconciled formally at this late stage.
WG chair Corwin said that any attempt to start negotiating the issue before the WG has even finished its work should be “rejected out of hand”.
With the GNSO appearing to be putting up complex process barriers to an amicable way forward, GAC chair Schneider repeatedly stated that he was attempting to reach a pragmatic solution to the impasse.
He expressed frustration frequently throughout the call that there does not appear to be a way that the GAC’s wishes can be negotiated into a reality. It’s not even clear who the GAC should be talking to about this, he complained.
He sounds like he’s the sensible one, but remember he’s representing people who stubbornly refused to negotiate in the WG over the last two years.
Finally, he raised the specter of governments running off to the UN/ITU, something that historically has been able to put the willies up those who fully support (and in many cases make their careers out of) the ICANN multistakeholder model.
Here’s a lengthier chunk of what he said, taken from the official meeting transcript:

If it turns out that there’s no way to change something that has come out of the Policy Development Process, because formally this is not possible unless the same people would agree to get together and do the same thing over again, so maybe this is what it takes, that we need to get back or that the same thing needs to be redone with the guidance from the board.
But if then nobody takes responsibility to — in case that everybody agrees that there’s a public interest at stake here that has not been fully, adequately considered, what — so what’s the point of this institution asking governments for advice if there’s no way to actually follow up on that advice in the end?
So I’m asking quite a fundamental question, and I’m just urging you about considering what happens if many governments consider that the system does not work. They go to other institutions. They think we are not able to defend public interest in this institution. We need to go elsewhere. And this is exactly what is happening currently at the ITU Standardization Assembly, where we have discussions about protection of geographic names because — and I’m not saying this is legitimate or not — but because some governments have the feeling that this hasn’t been adequately addressed in the ICANN structure.
…
I’m really serious about this urge that we all work together to find solutions within ICANN, because the alternative is not necessarily better. And the world is watching what signals we give, and please be aware of that.

The “geographic names” issue that Schneider alludes to here seems to be a proposal (Word .doc) put forward by African countries and under discussion at the ITU’s WTSA 2016 meeting this week.
The proposal calls for governments to get more rights to oppose geographic new gTLD applications more or less arbitrarily.
It emerged not from any failure of ICANN policy — geographic names are already protected at the request of the GAC — but from Africa governments being pissed off that .africa is still on hold because DotConnectAfrica is suing ICANN in a California court and some batty judge granted DCA a restraining order.
It’s not really relevant to the IGO issue, nor especially relevant to the issue of governments failing to influence ICANN policy.
The key takeaway from Schneider’s remarks for me is that, despite assurances that the IANA transition was a way to bring more governments into the ICANN fold rather than seeking solace at the UN, that change of heart is yet to manifest itself.
The “I’m taking my ball and going home” threat seems to be alive and well for now.
If you made it this far but want more, the transcript of the call is here (pdf) and the audio is here (mp3). Good luck.

For $10,000, Donuts will block hundreds of typos and premiums for your brand

Donuts has announced an expansion of its domain-blocking service that will enable brand owners to cheaply (kinda) block misspellings of their trademarks.
Brand owners whose trademarks match “premium” generic strings will also be able to take matching domains out of circulation using the registry’s new DPML Plus service.
DPML, for Domain Protected Marks List, is Donuts’ way of giving trademark owners a way to bulk-block their marks across Donuts’ entire stable of gTLDs, which currently stands at 197 strings.
With typical sunrise period prices at $200+, registering a single string across almost 200 gTLDs during sunrise could near a $40,000 outlay. In general availability, it would often be about a tenth of that price.
But the original DPML, with a roughly $3,000 retail price for a five-year block, reduced the cost to protect a single string to about $3 per domain per year.
Now, with DPML Plus, Donuts is offering a premium service that adds the ability to block typos and premium names.
Typos and substring-based blocking were near the top of the intellectual property community’s wish-list when the new gTLD program was being developed, but those features were never incorporated into ICANN rights protection mechanisms.
But for $9,999 (suggested retail price), DPML Plus buyers get a 10-year block on the string that matches their trademark and three extra strings that are either typos of the trademark or contain the trademark as a substring, Donuts said.
So Google would for example be able to block android.examples, anrdoid.examples, androidphone.examples and googleandroidphone.examples using a single DPML Plus subscription.
Basically, they get to block up to 788 domains at $9,999 over 10 years, which works out to about $1.26 per domain per year.
It looks nice and cheap on that basis, but companies wishing to block dozens of base trademarks would be looking at six or seven-figure up-front payments.
DPML Plus also lifts the ban on blocking “premium” domains.
Under the old DPML, customers could not block a domain if Donuts had flagged it with a premium price, but under DPML Plus they can.
This opens the door to brand owners who have valuable trademarks on generic dictionary words to get them blocked across the whole Donuts portfolio.
A Donuts spokesperson said the company reserves the right to reject such strings if it suspects gaming.
Another benefit of the DPML Plus is the ability to prevent other companies with identical trademarks later unblocking and snatching blocked domains for themselves.
Currently, third parties with matching brands can “override” DPML blocks, but that feature is turned off for DPML Plus subscribers. They get exclusivity for the life of the block.
Donuts said the Plus offer will only be available to buy between October 1 and December 31.
As an added carrot, from January 1 the price of its vanilla DPML service is going to go up by an amount the company currently does not want to disclose.

“UDRP-proof” .feedback gTLD loses first UDRP

The first cybersquatting complaint against a .feedback domain name has resulted in a transfer, despite registry claims that the gTLD was “UDRP-proof”.
De Beers, the diamond merchant, won a UDRP case against the registrant of debeers.feedback earlier this month.
The registrant, who used a privacy service, registered the name back in January, when .feedback was in its unusual “Free Speech Partner Program” phase.
That took the place of an Early Access Program, but saw domains deeply discounted instead of premium-priced.
Buyers had to agree to point their domain to a registry-hosted social media platform and there was a $5,000 fee if they later decided to change name servers.
The registrant of debeers.feedback lost the UDRP largely because there wasn’t much actual feedback on the site until De Beers sent him a nastygram.
On March 24, the site only contained a single two-word post. Five more were added with apparently false earlier dates at a later time, the panelist found.
He wrote:

If the website were genuinely operating as a feedback forum, one would ordinarily expect the reviews to have appeared at or close to their respective dates. That they were not on the website on March 24 and did not appear until after the letter of demand was sent calls for explanation.

The panelist doesn’t mention it, but the reviews all seem to have been copied directly from Yelp!.
Basically, the registrant lost his domain for filling the site with bogosity rather than genuine free-speech griping.
It’s not a terribly surprising or worrying result, perhaps, but it does run counter to what Jay Westerdal, CEO of registry Top Level Spectrum, told us back in January.
“It is a great opportunity for domainers to register domains that will be UDRP proof,” he said at the time. “As free speech sites they are going to improve the world and let anyone read reviews on any subject.”
“I think they are UDRP proof,” he added back then, offering the services of his lawyers to registrants who found themselves served with UDRP complaints.
Today, Westerdal qualified his earlier remarks, telling DI: “I don’t think having a privacy service and also having a .feedback domain will hold up in the current UDRP system.”
Privacy services are discouraged by the registry, though explicitly permitted in its terms of service.
Westerdal said that because De Beers obtained the domain via UDRP, the company will not have to pay the $5,000 unlocking fee if it wants to point debeers.feedback’s name servers elsewhere.

Most businesses don’t care about .uk domains

The majority of businesses in the UK don’t care about direct second-level .uk domains, even when the benefits are spelled out for them, according to Nominet research.
The new survey found that only 27% of businesses would “definitely” or “probably” exercise their new right to buy a .uk domain that matches their .co.uk or .org.uk name.
That number only went up to 40% after respondents had seen a brief Nominet marketing pitch, the survey found.
Another 16% said they had no plans to get their .uk, post-pitch, while 44% remained undecided.
This was the value proposition the respondents saw (click to enlarge):

Under the direct .uk policy, all registrants of third-level domains, such as example.co.uk, have the right of refusal over the matching example.uk.
If they don’t exercise that right by June 10, 2019, the matching SLDs will be unfrozen and released into the available pool.
The new Nominet research also found out that most registrants don’t even know they have this right.
Only 44% of respondents were aware of the right. That went up to 45% for businesses and down to 33% for respondents who only owned .uk domain names (as opposed to gTLD names).
A quarter of respondents, which all already own 3LD .uk domains, didn’t even know second-level regs were possible.
Of those who had already bought their .uk names, over two thirds were either parking or redirecting. Individuals were much more likely to actually use their names for emails or personal sites.
The numbers are not terribly encouraging for the direct .uk initiative as it enters into its third year.
They suggest that if something is not done to raise awareness in the next few years, a lot of .co.uk businesses could find their matching SLDs in the hands of cybersquatters or domainers.
Nominet members (registrars and domainers primarily) were quizzed about possible ways to increase adoption during a company webinar today.
Suggestions such as making the domains free (they currently cost £2.50 a year, the same as a 3LD) or bribing a big anchor tenant such as the BBC to switch were suggested.
There’s a lot of dissatisfaction among the membership about the fact that .uk SLDs were allowed in the first place.
The number of second-level .uk names has gone from 96,696 in June 2014 to to 350,088 last year to 593,309 last month, according to Nominet stats.
Over the same periods, third-level regs have been shrinking, from 10.43 million to 10.22 million to 10.08 million, .

UK cybersquatting cases flat, transfers down

The number of cybersquatting cases involving .uk domains was basically flat in 2015, while the number of domains that were transferred was down.
That’s according to Nominet’s wrap-up of last year’s complaints passing through its Dispute Resolution Service.
There were 728 DRS complaints in 2015, the registry said, compared to 726 in the year before.
The number of cases that resulted in the transfer of the domain to the complainant was down to 53%, from 55% in 2014.
That’s quite a bit lower than complainants’ success rates in UDRP. In 2015, more than 70% of UDRP cases resulted in a transfer.
Nominet reckons that the DRS saved £7.74 million ($notasmuchasitusedtobe) in legal fees last year, based on a “conservative” estimate of £15,000 per case, had the complaint gone to court instead.
More stats can be found here.

Facebook, under Chinese court threat, transfers Instagram.com to its new registrar

It’s not quite cyberflight, but Facebook has transferred threatened domain name instagram.com to its newly acquired in-house registrar.
Whois records show that the domain, used for the popular photo-sharing social network, was moved from MarkMonitor to RegistrarSEC yesterday.
It emerged on Friday that Facebook had recently acquired RegistrarSEC.
So why the transfer?
It does not appear that the move is part of a wholesale transfer of domains — facebook.com, whatsapp.com, fb.com and all the other Facebook domains I checked are still with MarkMonitor.
Instead, I would speculate that it’s related to the lawsuit in China in which the family of a deceased cybersquatter are fighting for the return of the domain to their ownership.
Instagram acquired the name for $100,000 from the Guangdong-based Zhou family in January 2011, just a couple of months after Zhou Weiming, the now deceased patriarch, bought it from an American domainer.
According to a lawsuit (pdf) filed against the family in California by Instagram this January, Zhou’s widow and two daughters are suing the third daughter in a Chinese court for selling the domain without the proper authority.
They want the domain returned to them.
By transferring instagram.com to a registrar completely controlled by Facebook, the company has removed one huge risk factor from the Chinese lawsuit.
If MarkMonitor were to be served with a Chinese court order ordering the transfer of the domain to the Zhous, and it were to comply, the Instagram service used by millions could be held hostage by a group of known cybersquatters.
Now that the domain is at RegistrarSEC, Facebook gets the ability to refuse to comply with any such order.
This all begs the question of whether the deep-pocketed social network would go to the trouble of acquiring a registrar (with only 11 names to its accreditation) purely to provide a layer of insurance.
A fresh ICANN accreditation would be cheaper, but would take longer, and transferring to a different third-party registrar wouldn’t really solve the problem.
Instagram is predicted by one analyst to provide Facebook with $5.8 billion in annual revenue by the end of the decade.

Instagram paid Chinese cyberquatter $100,000 for instagram.com, Facebook lawsuit reveals

Facebook has sued a Chinese cybersquatter for trying to renege on a five-year-old deal that saw it buy the domain instagram.com for $100,000.
The lawsuit, filed in California last week, claims that a family of known cybersquatters, based in Guangdong, is trying to have the purchase invalidated by a Chinese court.
The company, which acquired Instagram for $1 billion in 2012, wants the court to rule that the domain deal was legal, preventing the cybersquatters retaking control of the domain.
Photo-sharing app Instagram launched in October 2010 using the domain instagr.am.
At that time, instagram.com was owned by a US-based domain investor, but it was bought by Zhou Weiming about a month later.
Zhou, Facebook says, was the now-dead father of three of the people it is suing, and the husband of the fourth.
When Zhou purchased the domain, Instagram had become wildly popular, well on the way to hitting the million-user mark in December 2010.
Instagram had applied for the US trademark on its name in September 2010, less than a month before its launch.
The company made the decision to pay $100,000 for the domain in January 2011.
The Whois information for instagram.com changed from Zhou Weiming to Zhou Murong, apparently his daughter, around about the same time, though the registrant email address did not change.
The purchase was processed by Sedo, according to a copy of the deal filed as evidence (pdf).
Now, Murong’s mother and sisters are suing her and Instagram in China, claiming she did not have the authority to sell the domain, according to Facebook’s complaint.
Facebook claims the Chinese suit is a “sham” and that the whole Zhou family is acting in concert.
The company wants the California court to declare that the sale was valid, and that registrar MarkMonitor should not be forced to transfer the domain back to the Zhous.
Facebook in 2014 won a 22-domain UDRP case against Murong Zhou, related to typos of its Instagram trademark.
Read the full California complaint as a PDF here.

Does .tickets have the ultimate anti-cybersquatting system?

I’ve never seen anything like this before.
.tickets gTLD registry Accent Media has launched an anti-cybersquatting measure that lets the world know who is trying to register what domain name a whole month before the domain is allowed to go live.
The service, at domains.watch, is currently only being used by .tickets, but it seems to be geared up to accept other TLDs too.
A spokesperson said the site soft-launched a couple months ago.
Today, if you want to register a .tickets domain name, you have a choice of two processes — “fast-track” or “standard”.
Fast-track is for organizations with trademarks matching their names. It take five days for the trademark to be verified and the domain to go live.
Standard-track applications, however, are published on domains.watch for 30 days before the the registration is fully processed (under the registry hood, the domain are kept in “Pending Create” status).

During that 30 days, anyone with a trademark they believe would be infringed by the domain may file a challenge against the registration. They have to pay a fee to do so.
The would-be registrant can counter by showing their own rights. If they have no documented rights, the challenger gets the name instead.
“Rights” in the case of .tickets means a trademark or evidence of use of a mark in a ticketing-related context.
While it’s certainly not unusual in the industry for restricted TLDs to manually vet their registrants before processing a registration, I’ve never before come across a registry that does it all in public, allowing basically anyone — or, at least, anyone who is willing to pay the challenge fee — to challenge any registration.
Can you imagine what the domain world would be like if this kind of system were commonplace across a range of TLDs?
A lot of people outside the industry — particularly in security, I fancy — would love it.

Top 2015 new gTLD sale looks like cybersquatting

One of the top secondary market domain sales of 2015, as reported by Sedo, appears to be a case of somebody selling a domain matching a trademark to the trademark’s owner.
According to a press release yesterday, the domain basic-fit.fitness was the third-priciest reportable new gTLD domain sale handled by Sedo last year.
It went for €7,949 ($8,634).
Given that it’s not intrinsically an attractive-looking domain, I tried to figure out why it sold.
Judging by Whois records, the buyer is the corporate owner of Basic-Fit, a chain of over 300 gyms in four European countries.
It has at least one trademark on “Basic-Fit”.
The original registrant, according to records cached by DomainTools, was a Belgian web designer.
The domain seems to have changed hands around May last year. In April, it spent a couple of weeks under Whois privacy.
The domain was registered August 27, 2014, the day .fitness exited its Early Access Period and domains were available at regular prices.
It seems the same Belgian web designer owns several more new gTLD domain names matching brands that are parked with Sedo and available to buy instantly.
Many are .immo (“.realestate”) domains matching the brands of Belgian real estate firms. There are also a few .beer domains under his name matching the brands of breweries and beers in the UK, US and Czech Republic.
It’s not unheard of for web developers to register domains on behalf of clients. It’s rather less common for them to then list them for sale, with buy-now prices, on domain marketplaces.
Looks dodgy to me.