Latest news of the domain name industry

Recent Posts

IP lobby demands halt to Whois reform

Kevin Murphy, March 17, 2021, Domain Policy

Trademark interests in the ICANN community have called on the Org to freeze implementation of the latest Whois access policy proposals, saying it’s “not yet fit for purpose”.

The Intellectual Property Constituency’s president, Heather Forrest, has written (pdf) to ICANN chair Maarten Botterman to ask that the so-called SSAD system (for Standardized System for Access and Disclosure) be put on hold.

SSAD gives interested parties such as brands a standardized pathway to get access to private Whois data, which has been redacted by registries and registrars since the EU’s Generic Data Protection Regulation came into force in 2018.

But the proposed policy, approved by the GNSO Council last September, still leaves a great deal of discretion to contracted parties when it comes to disclosure requests, falling short of the IPC’s demands for a Whois that looks a lot more like the automated pre-GDPR system.

Registries and registrars argue that they have to manually verify disclosure requests, or risk liability — and huge fines — under GDPR.

The IPC has a few reasons why it reckons ICANN should slam the brakes on SSAD before implementation begins.

First, it says the recommendations sent to the GNSO Council lacked the consensus of the working group that created them.

Intellectual property, law enforcement and security interests — the likely end users of SSAD — did not agree with big, important chucks of the working group’s report. The IPC reckons eight of the 18 recommendations lacked a sufficient degree of consensus.

Second, the IPC claims that SSAD is not in the public interest. If the entities responsible for “policing the DNS” don’t think they will use SSAD due to its limitations, then why spend millions of ICANN’s money to implement it?

Third, Forrest writes that emerging legislation out of the EU — the so-called NIS2, a draft of a revised information security directive —- puts a greater emphasis on Whois accuracy

Forrest concludes:

We respectfully request and advise that the Board and ICANN Org pause any further work relating to the SSAD recommendations in light of NIS2 and given their lack of community consensus and furtherance of the global public interest. In light of these issues, the Board should remand the SSAD recommendations to the GNSO Council for the development of modified SSAD recommendations that meet the needs of users, with the aim of integrating further EU guidance.

It seems the SSAD proposals will be getting more formal scrutiny than previous GNSO outputs.

When the GNSO Council approved the recommendations in September, it did so with a footnote asking ICANN to figure out whether it would be cost-effective to implement an expensive — $9 million to build, $9 million a year to run — system that may wind up being lightly used.

ICANN has now confirmed that SSAD and the other Whois policy recommendations will be one of the first recipients of the Operational Design Phase (pdf) treatment.

The ODP is a new, additional layer of red tape in the ICANN policy-making sausage machine that slots in between GNSO Council approval and ICANN board consideration, in which the Org, in collaboration with the community, tries to figure out how complex GNSO recommendations could be implemented and what it would cost.

ICANN said this week that the SSAD/Whois recommendations will be subject to a formal ODP in “the coming months”.

Any question about the feasibility of SSAD would be referred back to the GNSO, because ICANN Org is technically not supposed to make policy.

EU cancels .eu tender after Brexit cock-up

Kevin Murphy, February 23, 2021, Domain Registries

The European Commission has been forced to cancel its search for a new .eu registry operator after apparently misunderstanding how Brexit works.

When the Commission put the .eu contract up for grabs last October, it said deal was only open to organizations based in the EU or the UK.

It seemed weird at the time, given that the UK had already officially left the EU and was just a few months away from terminating its year-long transition agreement, under which it still operated as if it were still a member.

And it turns out to have been a mistake, based on a misunderstanding of the legalities of the Brexit process. UK registries should never have been allowed to bid in the first place.

The Commission said today “the inclusion of the clause for applicants established in the United Kingdom in the Call was an error”.

It’s therefore scrapped the entire process and intends to relaunch it “in the near future”.

Only not-for-profit entities may apply.

.eu is currently managed by EURid, which is of course not barred from bidding to renew its longstanding contract.

Brit .eu owners get another three-month stay of execution

Kevin Murphy, February 16, 2021, Domain Registries

EURid, the .eu registry, has given UK-based registrants another three months to reclaim their suspended .eu domains.

The transition period governing Brexit ended with 2020, and with it UK citizens’ right to own a .eu domain. The registry suspended 80,000 names as a result.

These domains were due to be deleted at the end of March and released for re-registration by eligible registrants next year.

But EURid has now extended that deadline to the end of June.

Anecdotally, the New Year purge caused a flood of customer support inquiries at registrars, as registrants who somehow missed EURid’s repeated warnings tried to figure out why their domains no longer resolved.

Registrants can keep a hold of their domains if they move them to a registrant with an EU address, or if they declare themselves an EU citizen living in the UK.

EURid reports 3% growth in final quarter before Brexit crunch

Kevin Murphy, February 3, 2021, Domain Registries

The .eu ccTLD grew by 108,682 domains in the fourth quarter of 2020, the last reporting period before the full impact of Brexit is felt.

The registry said this week that it ended December with 3,684,984 names under management, a number which also includes .ею and .ευ. That’s a 3% increase over the three months.

Portugal was the big driver, due to local registrar promotions. It was up 64.8% sequentially and 116% year-over-year. Portuguese registrants owned 105,895 names at the end of the year.

The Q4 numbers show 77,000 names registered to UK registrants and do not reflect the impact of the Brexit transition, which ended at the end of the year.

EURid said last month that it had suspended around 80,000 domains belonging to about 48,000 registrants, as the UK fell out of eligibility.

Some of those will likely be recovered during Q1, as UK-resident EU citizens are still eligible for .eu domains.

EURid suspends 80,000 domains as Brexit transition ends

Kevin Murphy, January 4, 2021, Domain Registries

EURid suspended about 80,00 domain names on Friday, as the UK’s 11 months of Brexit transition came to an end.

All the names were registered to UK-based, non-EU citizens and organizations, which are no longer eligible under registry policy.

“On 1 January 2021 we suspended around 80 000 domain names and send out just over 48 000 notifications to the registrants,” a registry spokesperson told DI today.

From Friday, the domains have not been resolvable, meaning email, web sites and other services using those names are no longer functional.

Affected registrants have a few months to get their records in order, if they wish to to keep them, by transferring them to a EU-based registrant or informing their registrar they’re an EU citizen living in the UK.

They’ll have until a minute before midnight CET March 31 to make the change. A minute later, the domains will move from “suspended” status to “withdrawn” status, at which point they will become unrecoverable.

Withdrawn domains will become available for registration again in 2022.

.eu had 130,114 UK-registered names at the end of September, suggesting about 50,000 domains were relocated at the eleventh hour, despite the eligibility policy being publicized for at least a couple of years.

Losing 80,000 names from its register would mean about a 2.2% decline in overall .eu regs compared to the end of the third quarter.

The UK officially left the EU at the end of January, but operated provisionally under the same trade rules during the transition period.

Brits get small reprieve in Brexit domain crackdown

Kevin Murphy, November 30, 2020, Domain Registries

The .eu registry has given UK-based registrants an extra window to keep hold of their domains, which will soon be deleted due to Brexit.

Brits were originally set to lose their .eu names at the end of the year, due to the expiry of the year-long Brexit transition deal.

But rather than immediately “withdrawing” these domains, EURid will now merely “suspend” them at midnight January 1.

Registrant will then have until midnight April 1 to bring their registration data back into compliance — by transferring them to an entity still based in the EU — to remove the suspension.

Suspended domains will not resolve.

All affected domains will be placed in “withdrawn” status April 1, and then will be deleted and returned to the available pool in batches from January 1, 2022.

Essentially, EURid has given procrastinating Brits a three-month final warning window to avoid losing their names, along with a de facto alert system for those who have not been paying attention.

ICANN denies Whois policy “failure” as Marby issues EU warning

Kevin Murphy, October 19, 2020, Domain Policy

ICANN directors have denied that recently delivered Whois policy recommendations represent a “failure” of the multistakeholder model.

You’ll recall that the GNSO Council last month approved a set of controversial recommendations, put forward by the community’s EPDP working group, to create a semi-centralized system for requesting access to private Whois data called SSAD.

The proposed policy still has to be ratified by the ICANN board of directors, but it’s not on the agenda for this week’s work-from-home ICANN 69 conference.

That has not stopped there being some robust discussion, of course, with the board talking for hours about the recommendations with its various stakeholder groups.

The EPDP’s policy has been criticized not only for failing to address the needs of law enforcement and intellectual property owners, but also as a failure of the multistakeholder model itself.

One of the sharpest public criticisms came in a CircleID article by Fabricio Vayra, IP lawyer are Perkins Coie, who tore into ICANN last month for defending a system that he says will be worse than the status quo.

But ICANN director Becky Burr told registries and registrars at a joint ICANN 69 session last week: “We don’t think that the EPDP represents a failure of the multistakeholder model, we actually think it’s a success.”

“The limits on what could be done in terms of policy development were established by law, by GDPR and other data protection laws in particular,” she added.

In other words, it’s not possible for an ICANN working group to create policy that supersedes the law, and the EPDP did what it could with what it was given.

ICANN CEO Göran Marby doubled down, not only agreeing with Burr but passing blame to EU bureaucrats who so far have failed to give a straight answer on important liability issues related to the GDPR privacy regulation.

“I think the EPDP came as far as it could,” he said during the same session. “Some of the people now criticizing it are rightly disappointed, but their disappointment is channeled in the wrong direction.”

He then referred to his recent outreach to three European Commission heads, in which he pleaded for clarity on whether a more centralized Whois model, with more liability shifted away from registrars to ICANN, would be legal.

A failure to provide such clarity would be to acknowledge that the EPDP’s policy proposals are all just fine and dandy, despite what law enforcement and some governments believe, he suggested.

“If the European Union, the European Commission, member states in Europe, or the data protection authorities don’t want to do anything, they’re happy with the situation,” he told registrars and registries.

“If they don’t take actions now, or answer our questions, they’re happy with the way people or organizations get access to the Whois data… it seems that if they don’t change or do anything, they’re happy, and then were are where we are,” he said.

He reiterated similar thoughts at sessions with other stakeholders last week.

But he faced some pushback from members of the pro-privacy Non-Commercial Stakeholders Group, particularly during an entertaing exchange with EPDP member Milton Mueller, who’s unhappy with how Marby has been characterizing the group’s output to the EU.

He specifically unhappy with Marby telling the commissioners: “Should the ICANN Board approve the SSAD recommendations and direct ICANN org to implement it, the community has recommended that the SSAD should become more centralized in response to increased legal clarity.”

Mueller reckons this has no basis in what the EPDP recommended and the GNSO Council approved. It is what the IP interests and governments want, however.

In response, Marby talked around the issue and seemed to characterize it as a matter of interpretation, adding that he’s only trying to provide the ICANN community with the legal clarity it needs to make decisions.

.eu registry contract up for grabs

Kevin Murphy, October 8, 2020, Domain Registries

The European Commission has opened up the .eu registry contract for rebid.

It’s a five-year contract that will come into effect in October 2022. Registries have to apply before the end of the year, and the Commission expects to make its pick in October 2021.

The incumbent is of course EURid, which has been running the ccTLD for the last 15 years and surely has a strong chance of renewing.

There are a few restrictions of which companies can apply.

First, they must be based in the EU or the UK. The registry infrastructure must also be located in the EU.

Second, they must be a not-for-profit entity. For-profit companies would have to set up a separate non-profit registry vehicle in order to be able to apply. All surplus revenue goes into the EU budget.

Third, they need at least seven years of experience running a registry — .eu currently has over 3.6 million names under management, making it the 13th or 14th largest TLD that I have numbers for.

There are a variety of technical and financial criteria applicants will be measured against, and a scoring system for picking a winner.

All the application forms can be found over here.

EURid suspends and delays thousands of coronavirus domains

Kevin Murphy, October 8, 2020, Domain Registries

Thousands of .eu domains containing words related to the coronavirus pandemic have either been suspended or frozen due to suspicions the registrants may have been up to no good, EURid reported this week.

The company started scanning new and recent registrations for these keywords at the start of April.

It found 3,489 such domains registered in the first quarter, and it suspended 1,709 of them because the registrant failed to verify their identity and confirm that the registration was made in good faith.

From April to the end of September, 4,656 domains triggered the system and were delayed from going live until EURid carried out its checks. Only a quarter of these names have so far passed the checks, EURid said.

While there are many legit sites providing pandemic-related information, the high-profile disease has also attracted many fraudsters.

No lockdown bump for .eu as domain base shrinks in Q2

Kevin Murphy, August 20, 2020, Domain Registries

The European Union ccTLD .eu did not see an overall benefit from the pandemic lockdowns that affected many of its member states in the second quarter.

Registry operator EURid this week said that its total domains under management for .eu was 3,606,143 at the end of June, down by 16,907 from 3,623,050 at the end of March.

The company blamed Brexit for the decline, as Brits will no longer be eligible for .eu domains after the political transition period expires at the end of the year and many are therefore being allowed to expire.

This has been EURid’s story for many quarters, with the exception of a discount-related Portuguese aberration in Q1.

The number of regs from the UK dropped by 16.6% year-over-year and 5.1% quarter-over-quarter, to wind up at 135,355.

But .eu did not see the lockdown bump experienced by many other registries and registrars during the quarter either.

New regs in Q2 were at 163,277, compared to 190,011 in Q1 and 164,906 in Q2 2019. It sold fewer domains, even as its peers reported significant increases in sales.

I expect this is fairly easily explained.

Anecdotally, much of the pandemic-related boost the industry has experienced has been due to bricks-and-mortar microbusinesses such as mom-n-pop retailers, bars and restaurants selling online for the first time and needing domain names to make the switch.

These types of registrants, serving a small local area, don’t need a TLD reflecting their membership of a vast trading union, and are probably better served by their national ccTLD or a descriptive generic, so .eu got overlooked.

When it comes to the lockdown bump, it appears .eu was the exception to the rule.