Latest news of the domain name industry

Recent Posts

ICANN throws the book at Net4 over dodgy transfer claims

Kevin Murphy, December 15, 2020, Domain Registrars

Struggling Indian registrar Net 4 India has been slammed with a massive breach notice by ICANN, following claims of domain transfers failing or happening without the consent of the registrant.

ICANN also accuses the company, which is or was India’s largest independent registrar, of trying to bullshit its compliance staff about whether expired domains had been renewed or not.

According to ICANN, Net4 is in breach of the Registrar Accreditation Agreement on four counts, three of which relate to domain ownership records.

ICANN says the company isn’t operating a Whois service on the web or port 43, has failed to escrow its registration data on two recent occasions, and has failed to hand over registrant information upon ICANN’s request.

It’s also past due with its fees, ICANN says.

ICANN’s been dealing with complaints about Net4 for months, after the company’s customer service system appeared to break down in the wake of the coronavirus pandemic. Hundreds of customers have said their domains were unrenewable and that they were unable to transfer to another registrar.

In the latest breach notice — the first published breach notice against any registrar since February — ICANN names almost 200 domain names that have allegedly been held hostage at Net4, despite the registrant’s efforts to transfer out.

ICANN wants proof that registrants were given transfer authorization codes and that their domains were unlocked.

In a smaller number of cases, ICANN wants proof that domains were transferred to Net4 partner Openprovider, for which it acts as a reseller, with the consent of the registrants.

It also claims that Net4 has more than once tried to prove that a registrant renewed their expired name by supplying the registry’s expiration date instead of its own, to blag its way out of accusations that registrants were unable to renew.

ICANN also accuses the registrar of dragging its feet to address complaints:

Over the past few months, the number of complaints ICANN Contractual Compliance has received from [registered name holders], and authorized representatives, asserting that Net 4 India is exhibiting a pattern of non-response to domain transfer and renewal requests has steadily increased. While addressing the relevant compliance cases, Net 4 India’s responses to ICANN Contractual Compliance have also regularly been untimely and incomplete.

Net4 is now in the unprecedented position of being subject to two different breach notices simultaneously.

ICANN actually issued a suspension notice in June 2019, after noticing that Net4 had been in insolvency proceedings for two years — a debt recovery agency is trying to recover $28 million in unpaid debts.

But that suspension deadline was paused after talks with the “resolution professional” handling the insolvency case, for reasons ICANN’s been rather quiet about, and it remains on pause to this date.

The newest breach notice has a December 31 deadline on it. Unless Net4 turns on its Whois and hands over the reams of requested data by then, ICANN could terminate its contract.

Assuming the insolvency court allows it to, presumably.

Mucho weirdness as Google “forgets” to renew major domain

Google has lost control of a key domain name, breaking millions of URLs used by its customers.

It emerged today that the domain blogspot.in expired in May and was deleted around June 24.

It was promptly re-registered via a non-ICANN registrar based in India called Domainming and put up for sale on Sedo for $5,999.

Blogspot is the brand used by people using Google’s Blogger platform. While the .com is the primary domain, the company localizes URLs to the ccTLD of the visitor’s home country in most cases.

There are currently over four million blogspot.in URLs listed in Google’s index.

Most of the reports I’ve read today chalk the loss of the domain down to corporate forgetfulness, but it appears to be weirder than that.

Google uses MarkMonitor to manage its portfolio, so if it is a case of the registrar forgetting to renew a client’s domain, it would be hugely embarrassing for whoever looks after Google over there.

However, historical Whois records archived by DomainTools suggests something odder is going on. It looks like MarkMonitor would have been prevented from renewing the domain by the .in registry.

These records show that from June 1, 2018, blogspot.in has had a serverRenewProhibited status applied, basically meaning the registry won’t allow the registrar to renew the domain.

ICANN describes the code like this:

This status code indicates your domain’s Registry Operator will not allow your registrar to renew your domain. It is an uncommon status that is usually enacted during legal disputes or when your domain is subject to deletion.

Often, this status indicates an issue with your domain that needs to be addressed promptly. You should contact your registrar to request more information and resolve the issue. If your domain does not have any issues, and you simply want to renew it, you must first contact your registrar and request that they work with the Registry Operator to remove this status code. This process can take longer than it does for clientRenewProhibited because your registrar has to forward your request to your domain’s registry and wait for them to lift the restriction.

The domain was placed into clientDeleteProhibited, clientTransferProhibited, clientUpdateProhibited, serverDeleteProhibited, serverTransferProhibited, and serverUpdateProhibited statuses at the same time.

Basically, it was fully locked down at both registrar and registry levels.

All of those status codes apart from serverRenewProhibited were removed in the first week of May this year, after almost two years.

The registry for .in is government-affiliated NIXI, but the back-end provider is Neustar.

At the time the domain was locked down, Afilias ran the back end, and there was a somewhat fractious battle going on between the two companies for the .in contract.

Judging by the changing status codes, it appears that two years ago somebody — Google, MarkMonitor, NIXI or Afilias — put the domain into a state in which it could not be renewed, transferred or deleted.

For some reason, the domain stayed like that until just a couple of weeks before it expired, when the prohibitions on deletion and transfer were removed.

I’ve been unable to find any information about legal trouble Google had in India two years ago that would have led to this unusual state of affairs.

It doesn’t seem to be a simple case of forgetfulness, however.

ICANN declares coronavirus a “natural disaster” to protect expired domains

Registrants unable to renew their domain names when they expire may not lose them, following a decree from ICANN today.

The organization has declared the coronavirus a “natural disaster” and invoked part of the Registrar Accreditation Agreement that permits registrars to keep hold of domains that have come to the end of their post-expiration renewal period.

Under the RAA, registrars have to delete domains a maximum of 45 days after the reg period expires, unless there are “extenuating circumstances” such as an ongoing UDRP case, lawsuit or technical stability dangers.

There’s no accounting for natural disasters in the contract, but ICANN has the discretion to name any “other circumstance as approved specifically by ICANN” an extenuating circumstance. That’s what it’s done here.

It’s invoked this provision once before, following Hurricane Maria in late 2017.

ICANN said that policies to specifically protect domains in the event of natural disasters should be considered.

The new coronavirus exception applies to all registrars in all gTLDs, although implementation will vary by registrar.

The announcement follows Verisign’s announcement last week that it is waiving its registry-level restore fee for .com and .net domains until June 1.

GoDaddy renewal revamp “unrelated” to domainer auction outrage

Kevin Murphy, November 21, 2017, Domain Registrars

GoDaddy has made some big changes to how it handles expired domain names, but denied the changes are related to domainer outrage today about “fake” auctions.

The market-leading registrar today said that it has reduced the period post-expiration during which registrants can recover their names from 42 days to 30. After day 30, registrants will no longer be able to renew or transfer affected names.

GoDaddy is also going to start cutting off customers’ MX records five days after expiry. This way, if they’re only using their domain for email, they will notice the interruption. Previously, the company did not cut off MX records.

The changes were first reported at DomainInvesting.com and subsequently confirmed by a GoDaddy spokesperson.

One impact of this will be to reduce confusion when GoDaddy puts expired domains up for auction when it’s still possible for the original registrant reclaim them, which has been the cause of complaints from prominent domain investors this week.

As DomaingGang reported yesterday, self-proclaimed “Domain King” Rick Schwartz bought the domain GoDaddyBlows.com in order to register his disgust with the practice.

Konstantinos Zournas of OnlineDomain followed up with a critique of his own today.

But the GoDaddy spokesperson denied the changes are being made in response to this week’s flak.

“This is unrelated to any events in the aftermarket,” he said. “We’ve been working on this policy for more than a year.”

He said the changes are a case of GoDaddy “optimizing our systems and processes”. The company ran an audit of when customers were renewing and found that fewer than 1% of names were renewed between days 30 and 42 following expiration, he said.

GoDaddy renews about 2.5 million domains per month in just the gTLDs it carries, according to my records, so a full 1% would equal roughly 25,000 names per month or 300,000 per year. But the company spokesperson said the actual number “quite a bit less” than that.

How many of these renewals are genuinely forgetful registrants and how many are people attempting to exploit the auction system is not known.

The changes will come into effect December 4. The news broke today because GoDaddy has started notifying its high-volume customers.

Hurricane victims get a renewal pass under ICANN rules

Kevin Murphy, November 20, 2017, Domain Policy

ICANN has given registries and registrars the ability to delay the cancellation of domain names owned by victims of Hurricane Maria and other similar natural disasters.

In a note to contracted parties, published by Blacknight boss Michele Neylon this weekend, Global Domains Division president Akram Atallah said:

registrars will be permitted to temporarily forebear from canceling domain registrations that were unable to be renewed as a result of the natural disaster.

Maria and other hurricanes caused widespread damage to infrastructure in the Caribbean earlier this year — not to mention the loss of life — making it difficult for many people to get online to renew their registrations.

ICANN’s Registrar Accreditation Agreement ties registrars to a fairly strict domain name renewal and expiration life-cycle, but there’s a carve out for certain specified “extenuating circumstances” such as bankruptcy or litigation.

Atallah’s note makes it clear that ICANN considers hurricane damage such a circumstance, so its contractual compliance department will not pursue registrars who fail to expire domains on time when the registrant has been affected by the disaster.

He added that perhaps it’s time for the ICANN community to come up with a standardized policy for handling such domains. There’s already been mailing list chatter of such an initiative.

ICANN is heading to Puerto Rico, which was quite badly hit by Maria, for its March 2018 public meeting.

While attendees have been assured that the infrastructure is in place for the meeting to go ahead, large parts of the island are reportedly still without power.

Nigger.com returned to NAACP after expiration prompts $10,000 auction

Kevin Murphy, February 14, 2017, Gossip

US civil rights group the National Association for the Advancement of Colored People has reclaimed the domain name nigger.com after it expired and went to auction.

The names nigger.org and nigger.net were also affected, but according to Whois records the NAACP restored all three yesterday.

The names had been in pending renewal/delete status for three weeks, during which time the registrant was listed as Perfect Privacy, Web.com’s proxy/privacy provider.

While expired, the .com had been placed (presumably automatically) in a NameJet auction, as first reported by Raymond Hackney at The Domains.

At time of writing, the auction had attracted 72 bids and a high offer of $10,000.

It was a “Wish List Auction”, indicating that the domain’s prior registrant had not yet exhausted all options to have the name restored.

As Hackney noted, if these domains fell into the wrong hands it could have a negative impact on race relations in the US.

But the NAACP, which first got hold of the domains almost 20 years ago, seems to have had a remarkably lackadaisical attitude to them over the last few years.

Not only did it accidentally allow the names to expire, but DomainTools and Archive.org captures show that the associated web sites had been compromised repeatedly since late 2014.

Every capture since late 2014 shows taunting, racist messages from the hackers, at least one of which associated himself with troll group the “Gay Nigger Association of America”.