Latest news of the domain name industry

Recent Posts

ICANN denies Whois policy “failure” as Marby issues EU warning

Kevin Murphy, October 19, 2020, Domain Policy

ICANN directors have denied that recently delivered Whois policy recommendations represent a “failure” of the multistakeholder model.

You’ll recall that the GNSO Council last month approved a set of controversial recommendations, put forward by the community’s EPDP working group, to create a semi-centralized system for requesting access to private Whois data called SSAD.

The proposed policy still has to be ratified by the ICANN board of directors, but it’s not on the agenda for this week’s work-from-home ICANN 69 conference.

That has not stopped there being some robust discussion, of course, with the board talking for hours about the recommendations with its various stakeholder groups.

The EPDP’s policy has been criticized not only for failing to address the needs of law enforcement and intellectual property owners, but also as a failure of the multistakeholder model itself.

One of the sharpest public criticisms came in a CircleID article by Fabricio Vayra, IP lawyer are Perkins Coie, who tore into ICANN last month for defending a system that he says will be worse than the status quo.

But ICANN director Becky Burr told registries and registrars at a joint ICANN 69 session last week: “We don’t think that the EPDP represents a failure of the multistakeholder model, we actually think it’s a success.”

“The limits on what could be done in terms of policy development were established by law, by GDPR and other data protection laws in particular,” she added.

In other words, it’s not possible for an ICANN working group to create policy that supersedes the law, and the EPDP did what it could with what it was given.

ICANN CEO Göran Marby doubled down, not only agreeing with Burr but passing blame to EU bureaucrats who so far have failed to give a straight answer on important liability issues related to the GDPR privacy regulation.

“I think the EPDP came as far as it could,” he said during the same session. “Some of the people now criticizing it are rightly disappointed, but their disappointment is channeled in the wrong direction.”

He then referred to his recent outreach to three European Commission heads, in which he pleaded for clarity on whether a more centralized Whois model, with more liability shifted away from registrars to ICANN, would be legal.

A failure to provide such clarity would be to acknowledge that the EPDP’s policy proposals are all just fine and dandy, despite what law enforcement and some governments believe, he suggested.

“If the European Union, the European Commission, member states in Europe, or the data protection authorities don’t want to do anything, they’re happy with the situation,” he told registrars and registries.

“If they don’t take actions now, or answer our questions, they’re happy with the way people or organizations get access to the Whois data… it seems that if they don’t change or do anything, they’re happy, and then were are where we are,” he said.

He reiterated similar thoughts at sessions with other stakeholders last week.

But he faced some pushback from members of the pro-privacy Non-Commercial Stakeholders Group, particularly during an entertaing exchange with EPDP member Milton Mueller, who’s unhappy with how Marby has been characterizing the group’s output to the EU.

He specifically unhappy with Marby telling the commissioners: “Should the ICANN Board approve the SSAD recommendations and direct ICANN org to implement it, the community has recommended that the SSAD should become more centralized in response to increased legal clarity.”

Mueller reckons this has no basis in what the EPDP recommended and the GNSO Council approved. It is what the IP interests and governments want, however.

In response, Marby talked around the issue and seemed to characterize it as a matter of interpretation, adding that he’s only trying to provide the ICANN community with the legal clarity it needs to make decisions.

.eu registry contract up for grabs

Kevin Murphy, October 8, 2020, Domain Registries

The European Commission has opened up the .eu registry contract for rebid.

It’s a five-year contract that will come into effect in October 2022. Registries have to apply before the end of the year, and the Commission expects to make its pick in October 2021.

The incumbent is of course EURid, which has been running the ccTLD for the last 15 years and surely has a strong chance of renewing.

There are a few restrictions of which companies can apply.

First, they must be based in the EU or the UK. The registry infrastructure must also be located in the EU.

Second, they must be a not-for-profit entity. For-profit companies would have to set up a separate non-profit registry vehicle in order to be able to apply. All surplus revenue goes into the EU budget.

Third, they need at least seven years of experience running a registry — .eu currently has over 3.6 million names under management, making it the 13th or 14th largest TLD that I have numbers for.

There are a variety of technical and financial criteria applicants will be measured against, and a scoring system for picking a winner.

All the application forms can be found over here.

EURid suspends and delays thousands of coronavirus domains

Kevin Murphy, October 8, 2020, Domain Registries

Thousands of .eu domains containing words related to the coronavirus pandemic have either been suspended or frozen due to suspicions the registrants may have been up to no good, EURid reported this week.

The company started scanning new and recent registrations for these keywords at the start of April.

It found 3,489 such domains registered in the first quarter, and it suspended 1,709 of them because the registrant failed to verify their identity and confirm that the registration was made in good faith.

From April to the end of September, 4,656 domains triggered the system and were delayed from going live until EURid carried out its checks. Only a quarter of these names have so far passed the checks, EURid said.

While there are many legit sites providing pandemic-related information, the high-profile disease has also attracted many fraudsters.

No lockdown bump for .eu as domain base shrinks in Q2

Kevin Murphy, August 20, 2020, Domain Registries

The European Union ccTLD .eu did not see an overall benefit from the pandemic lockdowns that affected many of its member states in the second quarter.

Registry operator EURid this week said that its total domains under management for .eu was 3,606,143 at the end of June, down by 16,907 from 3,623,050 at the end of March.

The company blamed Brexit for the decline, as Brits will no longer be eligible for .eu domains after the political transition period expires at the end of the year and many are therefore being allowed to expire.

This has been EURid’s story for many quarters, with the exception of a discount-related Portuguese aberration in Q1.

The number of regs from the UK dropped by 16.6% year-over-year and 5.1% quarter-over-quarter, to wind up at 135,355.

But .eu did not see the lockdown bump experienced by many other registries and registrars during the quarter either.

New regs in Q2 were at 163,277, compared to 190,011 in Q1 and 164,906 in Q2 2019. It sold fewer domains, even as its peers reported significant increases in sales.

I expect this is fairly easily explained.

Anecdotally, much of the pandemic-related boost the industry has experienced has been due to bricks-and-mortar microbusinesses such as mom-n-pop retailers, bars and restaurants selling online for the first time and needing domain names to make the switch.

These types of registrants, serving a small local area, don’t need a TLD reflecting their membership of a vast trading union, and are probably better served by their national ccTLD or a descriptive generic, so .eu got overlooked.

When it comes to the lockdown bump, it appears .eu was the exception to the rule.

Despite Brexit, .eu actually returned to growth in Q1

Brexit may have been pounding EURid’s domain base for the last few years, but .eu domains recovered a little in the first quarter due to promotional activity in Portugal.

The UK left the European Union on January 31, and Brits will lose their right to register and hold .eu domains when the so-called transition period ends at the end of the year.

Naturally enough, UK-based registrations of .eu domains continued to decline in Q1, down 24% year over year and 5% on the quarter to end March at 142,600 domains. It’s still the ninth-biggest eligible nation in terms of regs.

But a remarkable 64% spike in regs from Portugal, which EURid attributes to registrar-led promotions, seems to have helped .eu return to a growth state.

There were 80,000 .eu regs from Portugal at the end of the quarter, up by about 30,000 from the end of 2019, more than enough to counteract the 8,000-domain loss from the UK.

Overall, .eu grew from 3,579,689 domains to 3,623,050 domains during the quarter, an increase of about 43,000 or 0.5%.

The number of domains being claimed by EU citizens living outside the EU — possible under a newish policy — more than doubled to 759 domains.

Brexit hell: .eu suspension plan put on hold

Kevin Murphy, October 23, 2019, Domain Registries

EURid’s policy to boot out Brits next week has been put on hold due to the current impasse in Brexit talks.

UK citizens had been told they would lose their .eu domains November 1, the first day the country was scheduled to no longer be a member of the European Union.

But the October 31 exit date appears increasingly unlikely, with the divorce plan agreed to by the EU and UK Prime Minister Boris Johnson still in UK parliamentary limbo.

So EURid posted today:

Following the recent developments in the UK withdrawal scenario, the entire plan outlined below is on hold. We will keep you informed as soon as we receive further instructions from the European Commission.

Under the suspended plan, EURid would have emailed all of its UK and Gibraltar-based registrants tomorrow to inform them that their domains were in jeopardy.

It would have closed down new registrations to Brits on November 1 and given existing registrants a two-month grace period to come into compliance — by transferring their names to addresses in eligible nations — before suspending the names.

A year later, the names would be deleted and returned to the available pool.

EURid said it will provide further guidance when it gets word from the European Commission.

Now you don’t have to live in the EU to register a .eu domain, but there’s a catch

Kevin Murphy, October 21, 2019, Domain Registries

Residents of countries outside the European Union are now able to register .eu domain names.

A new rule that kicked in at the weekend broadened eligibility from only residents of the EU and European Economic Area. Now, residency is irrelevant.

The catch is that you have to still have to be an EU citizen to qualify.

EURid, the .eu registry, said the change opens up the ccTLD to “millions of Europeans living around the world”.

In practice, it could open up the space to basically anyone.

While residency can fairly easily be checked by looking at the mailing address in a Whois record, demonstrating citizenship is a different kettle of fish.

There’s no indication that EURid is asking registrars to collect passport numbers at the point of sale, so it appears to be a post-registration enforcement regime.

.eu is also still open to non-EU citizens who live in the EU or EEA.

.eu had 3.6 million names under management at the last count, having declined by about 200,000 since the Brexit vote three years ago.

Let’s see if the new, liberalized regime has any impact.

Kafka turns in grave as ICANN crowbars “useless” Greek TLD into the root

Kevin Murphy, September 9, 2019, Domain Policy

ICANN has finally approved a version of .eu in Greek script, but it’s already been criticized as “useless”.

Yesterday, ICANN’s board of directors rubber-stamped .ευ, the second internationalized domain name version of the European Union’s .eu, which will be represented in the DNS as .xn--qxa6a.

There’s a lot of history behind .ευ, much of it maddeningly illustrative of ICANN’s Kafkaesque obsession with procedure.

The first amusing thing to point out is that .ευ is technically being approved under ICANN’s IDN ccTLD Fast Track Process, a mere NINE YEARS after EURid first submitted its application.

The “Fast Track” has been used so far to approve 61 IDN ccTLDs. Often, the requested string is merely the name of the country in question, written in one of the local scripts, and the TLD is approved fairly quickly.

But in some cases, especially where the desired string is a two-character code, a string review will find the possibility of confusion with another TLD. This runs the risk of broadening the scope of domain homograph attacks sometimes used in phishing.

That’s what happened to .ευ, along with Bulgaria’s Cyrillic .бг and Greece’s own .ελ, which were rejected on string confusion grounds back in 2010 and 2011.

Under pressure from the Governmental Advisory Committee, ICANN then implemented an Extended Process Similarity Review Panel, essentially an appeals process designed to give unsuccessful Fast Track applicants a second bite at the apple.

That process led to Bulgaria being told that .бг was not too similar to Brazil’s .br, and Greece being told that .ελ did not look too much like .EA, a non-existent ccTLD that may or may not be delegated in future, after all.

But the EU’s .ευ failed at the same time, in 2014. The appeals review panel found that the string was confusable with upper-case .EY and .EV.

Again, these are not ccTLDs, just strings of two characters that have the potential to become ccTLDs in future should a new country or territory emerge and be assigned those codes by the International Standards Organization, a low-probability event.

I reported at the time that .ευ was probably as good as dead. It seemed pretty clear based on the rules at the time that if a string was confusable in uppercase OR lowercase, it would be rejected.

But I was quickly informed by ICANN that I was incorrect, and that ICANN top brass needed to discuss the results.

That seems to have led to ICANN tweaking the rules yet again in order to crowbar .ευ into the root.

In 2015, the board of directors reached out to the GAC, the ccNSO and the Security and Stability Advisory Committee for advice.

They dutifully returned two years later with proposed changes (pdf) that seemed tailor-made for the European Union’s predicament.

A requested IDN ccTLD that caused confusion with other strings in only uppercase, but not lowercase (just like .ευ!!!) could still get delegated, provided it had a comprehensive risk mitigation strategy in place, they recommended.

The recommendation was quickly approved by ICANN, which then sent its implementation guidelines (again, tailor-made for EURid (pdf)) back to the ccNSO/SSAC.

It was not until February this year that the ccNSO/SSAC group got back to ICANN (pdf) to approve of its implementation plan and to say that it has already tested it against EURid’s proposed risk-mitigation plan (pdf).

Basically, the process in 2009 didn’t produce the desired result, so ICANN changed the process. It didn’t produced the desired result again in 2014, so the process was changed again.

But at least Greek-speaking EU citizens are finally going to get a meaningful ccTLD that allows them to express their EUishness in their native script, right?

WRONG!

I recently read with interest and surprise a blog post by domainer-blogger Konstantinos Zournas, in which he referred to .ευ as the “worst domain extension ever”.

Zournas, who is Greek, opened my eyes to the fact that “.ευ” is meaningless in his native tongue. It’s just two Greek letters that visually resemble “EU” in Latin script. It’s confusing by design, but with .eu, a ccTLD that EURid already manages.

While not for a moment doubting Zournas’ familiarity with his own language, I had to confirm this on the EU’s Greek-language web site.

He’s right, the Greek for “European Union” is “Ευρωπαϊκής Ένωσης”, so the sensible two-letter IDN ccTLD would be .ΕΈ (those are Greek characters that look a bit like Latin E).

That would have almost certainly failed the ICANN string similarity process, however, as .ee/EE is the current, extant ccTLD for Estonia.

In short (too late), it seems to have taken ICANN the best part of a decade, and Jesus H Christ knows how many person-hours, to hack its own procedures multiple times in order to force through an application for a TLD that doesn’t mean anything, can’t be confused with anything that currently exists on the internet, and probably won’t be widely used anyway.

Gratz to all involved!

“We’re Irish!” claim Brits as .eu shrinks yet again

Kevin Murphy, August 14, 2019, Domain Registries

British companies are moving their .eu domain names to their Irish branches in an effort to keep them after Brexit, according to the speculations of EURid.

.eu regs in Ireland grew 18% to 47,781 in the second quarter, according to the registry’s Q2 roundup. EURid said:

The high increase in Ireland could be related to the notice about UK withdrawal from the EU and its subsequence to UK .eu domain name holders. Some of the UK domain name holders may have had the chance to transfer the domain names to their branches in other countries of the EU and EEA, e.g. the neighboring Ireland.

Regs in the UK dropped by 13.9% compared to Q1 and by almost half — 46.7% — year over year. There are now 162,287 UK-based .eu domains.

Overall, .eu is still shrinking, partly as a result of this Brexit impact, which has been felt ever since the 2016 referendum.

There were 3,602,573 registered domains at the end of June, down from 3,661,899 at the end of March.

UK-based registrants have been told that they cannot continue to own .eu domains after Brexit, currently slated for October 31. It’s still a possibility that the date could change, or that Brexit may not happen at all.

Confusing matters, EU citizens living in the UK will still be eligible for .eu domains.

All this data, plus a whole lot more, can be read in the EURid Q2 report (pdf).

Revenue dips as Brexit whacks .eu in 2018

Kevin Murphy, April 16, 2019, Domain Registries

.eu saw its registrations sink substantially in 2018, largely due to Brexit, which affected its revenue and profit.

Registry EURid said yesterday that it was managing 3,684,750 .eu domains at the end of the year, down by 130,305 over the year.

It’s .eu’s lowest end-of-year domain count since 2012.

The UK, which voted to leave the EU in 2016 but has yet to follow through, sank from the fourth-largest .eu country to the sixth, now behind less populous countries Poland and Italy.

EURid and the UK government have warned UK-based registrants that they stand to lose their domains after Brexit is actually executed (if it ever is)

As Brits abandoned their .eu names by the tens of thousands, EURid also suspended over 36,000 domains for abuse, which affected its annual total.

The decline hit EURid’s revenue, which was down to €12.7 million, from €13.3 million in 2017. Profit was down from €1.7 million, from €2 million.

The data was published in the registry’s annual report (pdf), published yesterday.