Latest news of the domain name industry

Recent Posts

.feedback threatens to shut off MarkMonitor

Top Level Spectrum, the controversial .feedback gTLD registry, has threatened to de-accredit MarkMonitor unless it apologizes for “breaching” its registrar contract.

The move is evidently retaliation for the MarkMonitor-coordinated complaint about .feedback’s launch policies, which last month led to TLS being found in breach of its own ICANN contract.

De-accreditation would mean MarkMonitor would not be able to sell .feedback domains any more, and its .feedback names would be transferred to another registrar.

In a letter to MarkMonitor (pdf) yesterday, TLS informs the registrar that it breached its Registry-Registrar Agreement by releasing said RRA to “the press” as part of the exhibits to its Public Interest Commitments Dispute Resolution Policy complaint.

The problem we take issue with is that your exhibit should have redacted the “Confidential RRA Agreement” prior to being handed over to ” the press ” and it should have been marked in an appropriate way so ICANN would not publicly disclose it. As we can tell no precautions were taken and as a party to the action we find that you violated the confidentiality of the agreement.

I understand “the press” in this case includes DI and others. We published the document last October. We were not asked to keep anything confidential.

The RRA section of the document is marked as “private and confidential” and contains terms forbidding the disclosure of such information, but the name of the registrar is redacted.

TLS believes the undisclosed registrar is actually Facebook, a MarkMonitor client and one of the several parties to the PICDRP complaint against .feedback.

While Facebook may not have actually signed the RRA, MarkMonitor certainly did and therefore should not have released the document, TLS says.

The letter concludes that the “breach… seems incurable” and says: “Please let us know what actions you will take to cure this breach with us or we will have no other option but to de-accredited your Registrars.”

Despite this, TLS CEO Jay Westerdal tells us that an apology will be enough to cure the alleged breach.

The threat is reminiscent of a move pulled by Vox Populi, the .sucks registry, last year. Vox deaccredited MarkMonitor rival Com Laude in June for allegedly leaking a confidential document to DI (I was never able to locate or identify the allegedly leaked document, and had not published any document marked as confidential).

TLS was found in breach of the Public Interest Commitments in its ICANN contract last month by a PICDRP panel. It was the first registry to suffer such a loss.

The PICDRP panel found that .feedback’s launch had not been conducted in a transparent way, but it stopped short of addressing MarkMonitor’s complaints about “fraudulent” behavior.

Facebook, under Chinese court threat, transfers Instagram.com to its new registrar

Kevin Murphy, April 19, 2016, Domain Registrars

It’s not quite cyberflight, but Facebook has transferred threatened domain name instagram.com to its newly acquired in-house registrar.

Whois records show that the domain, used for the popular photo-sharing social network, was moved from MarkMonitor to RegistrarSEC yesterday.

It emerged on Friday that Facebook had recently acquired RegistrarSEC.

So why the transfer?

It does not appear that the move is part of a wholesale transfer of domains — facebook.com, whatsapp.com, fb.com and all the other Facebook domains I checked are still with MarkMonitor.

Instead, I would speculate that it’s related to the lawsuit in China in which the family of a deceased cybersquatter are fighting for the return of the domain to their ownership.

Instagram acquired the name for $100,000 from the Guangdong-based Zhou family in January 2011, just a couple of months after Zhou Weiming, the now deceased patriarch, bought it from an American domainer.

According to a lawsuit (pdf) filed against the family in California by Instagram this January, Zhou’s widow and two daughters are suing the third daughter in a Chinese court for selling the domain without the proper authority.

They want the domain returned to them.

By transferring instagram.com to a registrar completely controlled by Facebook, the company has removed one huge risk factor from the Chinese lawsuit.

If MarkMonitor were to be served with a Chinese court order ordering the transfer of the domain to the Zhous, and it were to comply, the Instagram service used by millions could be held hostage by a group of known cybersquatters.

Now that the domain is at RegistrarSEC, Facebook gets the ability to refuse to comply with any such order.

This all begs the question of whether the deep-pocketed social network would go to the trouble of acquiring a registrar (with only 11 names to its accreditation) purely to provide a layer of insurance.

A fresh ICANN accreditation would be cheaper, but would take longer, and transferring to a different third-party registrar wouldn’t really solve the problem.

Instagram is predicted by one analyst to provide Facebook with $5.8 billion in annual revenue by the end of the decade.

Facebook bought a registrar

Kevin Murphy, April 14, 2016, Domain Services

Facebook has acquired a domain name registrar, according to its point person in ICANN.

Facebook domain manager Susan Kawaguchi said on tonight’s GNSO Council teleconference, as a matter of disclosure, that Facebook recently acquired a registrar.

Multiple sources say the registrar is RegistrarSEC LLC.

DI records show that RegistrarSEC took over the ICANN registrar accreditation of Focus IP Inc, doing business as AppDetex, on March 26.

RegistrarSEC is led by one of the long-gone founders of brand protection registrar MarkMonitor, Faisal Shah, and Chris Bura, founder of Alldomains.com.

Facebook is one of MarkMonitor’s most prominent clients.

RegistrarSEC is not a conventional registrar. It had just 11 registrations under its IANA ID at the end of 2015.

But its parent was founded in 2013 as primarily a provider of brand protection services focused on the mobile app space.

My guess is that Facebook is interested in RegistrarSEC’s parent’s intellectual property, rather than its registrar.

Instagram paid Chinese cyberquatter $100,000 for instagram.com, Facebook lawsuit reveals

Kevin Murphy, January 20, 2016, Domain Sales

Facebook has sued a Chinese cybersquatter for trying to renege on a five-year-old deal that saw it buy the domain instagram.com for $100,000.

The lawsuit, filed in California last week, claims that a family of known cybersquatters, based in Guangdong, is trying to have the purchase invalidated by a Chinese court.

The company, which acquired Instagram for $1 billion in 2012, wants the court to rule that the domain deal was legal, preventing the cybersquatters retaking control of the domain.

Photo-sharing app Instagram launched in October 2010 using the domain instagr.am.

At that time, instagram.com was owned by a US-based domain investor, but it was bought by Zhou Weiming about a month later.

Zhou, Facebook says, was the now-dead father of three of the people it is suing, and the husband of the fourth.

When Zhou purchased the domain, Instagram had become wildly popular, well on the way to hitting the million-user mark in December 2010.

Instagram had applied for the US trademark on its name in September 2010, less than a month before its launch.

The company made the decision to pay $100,000 for the domain in January 2011.

The Whois information for instagram.com changed from Zhou Weiming to Zhou Murong, apparently his daughter, around about the same time, though the registrant email address did not change.

The purchase was processed by Sedo, according to a copy of the deal filed as evidence (pdf).

Now, Murong’s mother and sisters are suing her and Instagram in China, claiming she did not have the authority to sell the domain, according to Facebook’s complaint.

Facebook claims the Chinese suit is a “sham” and that the whole Zhou family is acting in concert.

The company wants the California court to declare that the sale was valid, and that registrar MarkMonitor should not be forced to transfer the domain back to the Zhous.

Facebook in 2014 won a 22-domain UDRP case against Murong Zhou, related to typos of its Instagram trademark.

Read the full California complaint as a PDF here.

Are new gTLD registries ripping off brands with unfair sunrise fees?

Forget .sucks — several less controversial new gTLD registries have come under fire from the likes of Google, Facebook and Adobe for charging sunrise fees as high as $17,000 for domains matching famous trademarks.

According to figures supplied to DI by ICANN’s Business Constituency, the domain instagram.love carries a $17,610 “Premium Name Fee” during the current sunrise period.

Instagram is of course the photo sharing service belonging to Facebook, and to the best of my knowledge not a dictionary word.

The domain facebook.love has a $8,930 fee, these figures show, while google.love costs $6,610, both in addition to sunrise fees of $350 and annual fees of $60.

The regular sunrise fee for .love comes in at $265 at some registrars.

The new gTLDs .design, .video, .wang, .wein, .rich and .top also seem to carry very high fees for brands such as Facebook, according to the BC’s numbers.

Google recently filed a public comment with ICANN which warned:

some registry operators are taking advantage of rights owners during Sunrise by charging exorbitant and extortionate Sunrise registration fees. Although such pricing policies are not strictly within the ICANN compliance mandate, they contravene the spirit of the RPMs [rights protection mechanisms], damage ICANN’s reputation, harm consumers in contravention of ICANN’s mandate to promote the public interest, and create disincentives for rights owners to take advantage of the Sunrise period

Similar comments were sent by the Intellectual Property Constituency, BC, and others.

The issue of registries charging super-high “premium” fees for trademarked names has been on the radar of the BC and the IPC since at least 2013.

It seems that in at least some cases, trademark owners are being hit with the higher fees because their marks are dictionary words that the registry has identified as premium due to their regular meaning.

For example, adobe.design is on the list of names provided by the BC, carrying a $1,175 registration fee.

But Andrew Merriam, director of business development at .design registry Top Level Design, denied that the software company is being targeted. Instead, he said “adobe” refers to the material used in architecture — its dictionary meaning.

He said: “Stucco.design, concrete.design, wood.design, granite.design (and many other materials and building styles) are all on the premium list, at varying prices. In fact, adobe.design is priced on the lower end of all these materials.”

Merriam said the registry’s premium fee for adobe.design is actually $250 and speculated that $1,175 could be the price quoted by Adobe’s brand protection registrar post-markup. It was $349 at Go Daddy, he said.

In other cases, trademarks may have found their way on to premium lists due to a lack of manual vetting by the registry, rather than nefarious targeting.

In the case of instagram.love, Evatt Merchant of .love registry Merchant Law Group told DI that Facebook can buy the name for the normal sunrise fee if it wants.

He told DI that trademark owners should contact the registry if they believe their marks have been wrongly given premium prices. He said:

While it is possible that some brand terms that are frequently googled have ended up on the premium list, valued based on their Google search frequency, there is a simple solution. During the sunrise period, brands seeking non-dictionary trademarked domain names can contact the registry so that a review of individual sunrise pricing can occur. As has already occurred, such requests will often result in the .LOVE TLD voluntarily offering to reduce their sunrise application cost to the base sunrise price and that would certainly be the case for Instagram.

ICANN’s does not regulate pricing in new gTLDs, but nevertheless the IPC and BC and their members have asked ICANN to include premium pricing of trademarked names in its upcoming review of rights protection mechanisms.

Wildly popular Facebook scam attack hits .ninja

Rightside’s .ninja appears to be the victim of a broad, highly effective affiliate marketing scam that targets Indians and exploits Facebook’s trademark.

Today, 11 of the top 12 most-visited .ninja domains are linked to the same attack. Each has an Alexa ranking of under 15,000. They’re all in the top 40 new gTLD domain names by traffic, according to Alexa.

The domains are com-news.ninja, com-finance-news.ninja, com-important-finance-update.ninja, com-important-finance-news.ninja, com-important-update.ninja, com-important-news.ninja, com-important-news-update.ninja, com-finance-now.ninja, com-finance.ninja, com-news-now.ninja and com-personal-finance.ninja.

The domains do not directly infringe any trademarks and appear innocuous enough when visited — they merely redirect to the genuine facebook.com.

However, adding “facebook” at the third level leads users to pages such as this one, which contains a “work at home” scam.

Scam

Indian visitors are told that that Facebook will pay them the rupee equivalent of about $250 per day just for posting links to Facebook, under some kind of deal between Bill Gates and Mark Zuckerberg.

It’s all nonsense of course. The page is filled with faked social media quotes and borrowed stock photos.

Not only that, but it uses Facebook’s logo and look-and-feel to make it appear, vaguely, like it’s a genuine Facebook site.

The links in the page all lead to an affiliate marketing campaign that appears, right now, to be misconfigured.

Infringing trademarks at the third level in order to spoof brands is not a new tactic — it’s commonly used in phishing attacks — but this is the first time I’ve seen it deployed so successfully in the new gTLD space.

It would be tricky, maybe impossible, for Facebook to seize the domains using UDRP or have them suspended using URS, given that the second-level domains are clean.

But it seems very probable that the domains are in violation of more than one element of Rightside’s anti-abuse policy, which among other things forbids trademark infringement and impersonation.

.top says Facebook shakedown was just a typo

Kevin Murphy, January 16, 2015, Domain Registries

Jiangsu Bangning Science & Technology, the .top registry, is blaming a typo for a Facebook executive’s claim that it wanted $30,000 or more for facebook.top.

Information provided to the ICANN GNSO Council by Facebook domain manager Susan Kawaguchi yesterday showed that .top wanted RMB 180,000 (currently $29,000) for a trademarked name that previously had been blocked due to ICANN’s name collisions policy.

But Mason Zhang, manager of the registry’s overseas channel division, told DI today that the price is actually RMB 18,000 ($2,900):

We were shocked when seeing that our register price for TMCH protected names like Facebook during Exclusive Registration Period is changed from “eighteen thousand” into what is written, the “one hundred and eighty thousand”.

I think that might be a type mistake from our side, and we checked and we are certain that the price is CNY EIGHTEEN THOUSAND.

The 18,000-yuan sunrise fee is published on the registry’s official web site, as I noted yesterday.

The registry email sent to Facebook is reproduced in this PDF.

I wondered yesterday whether a breakdown in communication may to be blame. Perhaps I was correct.

While $3,000 is still rather high for a defensive registration, it doesn’t stink of extortion quite as badly as $30,000.

Still, it’s moderately good news for Facebook and any other company worried they were going to have to shell out record-breaking prices to defensively register their brands.

New gTLD extortion? Registry asks Facebook for $35,000 to register its brand

Kevin Murphy, January 16, 2015, Domain Registries

More Chinese weirdness, or just plain old trademark owner extortion?

The registry for the new gTLD .top is asking Facebook to cough up $35,000 in order to defensively register one of its trademarks as a .top domain — probably facebook.top — according to a Facebook executive.

The registry’s demand — which some are cautiously likening to “extortion” — is linked to the release of name collision domains in .top, which is due to start happening today.

Nanjing, China-based registry Jiangsu Bangning Science & Technology runs the .top gTLD.

It has been in general availability since November 18 and currently has just shy of 40,000 names in its zone file, making it the 16th-largest new gTLD.

I haven’t checked whether they’re all legitimate buyer registrations, but given the shape the new gTLD industry is in right now I have my doubts.

From today, Jiangsu Bangning is running a month-long “Exclusive Registration Period”, according to ICANN records.

But Facebook domain manager Susan Kawaguchi today complained on an ICANN GNSO Council call that the registry had asked for $4,500 for a Sunrise period registration and now wants an extra RMB 180,000 ($30,000) because the desired domain is on its collisions block-list.

UPDATE: The registry says the price is just RMB 18,000. It blames a typo for the error.

I don’t know for sure what domain Facebook wants — I’ve reached out to Kawaguchi for clarification — but I rather suspect it’s facebook.top, which appeared on the list of 30,205 name collisions that Jiangsu Bangning was obliged by ICANN to block.

Name collisions are domains that were already receiving traffic prior to the launch of the new gTLD program. ICANN forces registries to block them for a minimum of 90 days in order to mitigate potential security risks.

According to the registry’s web site, Sunrise registrations cost RMB 18,000 per name per year. That’s about $3,000 a year for a defensive registration, a ridiculously high sum when compared to most new gTLDs.

There’s no mention on its site that I can find of the additional RMB 180,000 collision release fee, but Kawaguchi forwarded an email to the GNSO Council that strongly suggests that trademark owners with brands on the .top collisions list face the inexplicable extra $30,000.

Sunrise prices, just like regular general availability prices, are not controlled by ICANN in new gTLDs.

There are no rules I’m aware of governing pricing for collision names, nor am I aware of any registry costs that could justify a $30,000 fee to register one. A premium generic string may be worth that much, but asking that amount for a trademark smacks of extortion.

So, assuming this isn’t just a breakdown of communication, is the registry trying to screw Facebook in a targeted fashion, knowing it has deep pockets and a cybersquatting target painted on its back, or is it applying a $30,000 fee to every domain coming off its collisions list this week?

Facebook isn’t the only big tech company with its primary trademark on the list — Microsoft, Google, Twitter and Amazon also appear on it, along with many other famous brands.

Kawaguchi said she’s taken her complaint to ICANN Compliance.

MarkMonitor infiltrated by Syrian hackers targeting Facebook

Kevin Murphy, February 6, 2014, Domain Registrars

The corporate brand protection registrar MarkMonitor was reportedly hacked yesterday by the group calling itself the Syrian Electronic Army, in an unsuccessful attempt to take out Facebook.

While MarkMonitor refused to confirm or deny the claims, the SEA, which has been conducting a campaign against high-profile western web sites for the last couple of years, tweeted several revealing screenshots.

One was a screen capture of a DomainTools Whois lookup for facebook.com, which does not appear to have been cached by DomainTools.

Another purported to be a cap of Facebook’s control panel at the registrar.

The SEA tweeted more caps purporting to show it had access to domains belonging to Amazon and Yahoo!.

In response to an inquiry, MarkMonitor rather amusingly told DI “we do not comment on our clients — including neither confirming nor denying whether or not a company is a client.”

This despite the fact that the company publishes a searchable database of its clients on its web site.

The attackers were unable to take down Facebook itself because the company has rather wisely chosen to set its domain to use Verisign’s Registry Lock anti-hijacking service.

Registry Lock prevents domains’ DNS settings being changed automatically via registrar control panels. Instead, registrants need to provide a security pass phrase over the phone.

First URS case decided with Facebook the victor

Kevin Murphy, October 25, 2013, Domain Policy

Facebook has become the first company to win a Uniform Rapid Suspension complaint.

The case, which dealt with the domain facebok.pw, took 37 days from start to finish.

This is what the suspended site now looks like:

The URS was designed for new gTLDs, but .PW Registry decided to adopt it too, to help it deal with some of the abuse it started to experience when it launched earlier this year.

Facebook was the first to file a complaint, on August 21. According to the decision, the case commenced about three weeks later, September 11, and was decided September 26.

I don’t know when the decision was published, but World Trademark Review appears to have been the first to spot it.

It was pretty much a slam-dunk, uncontroversial decision, as you might imagine given the domain. The standard is “clear and convincing evidence”, a heavier burden than UDRP.

The registrant did not respond to the complaint, but Facebook provided evidence showing he was a serial cybersquatter.

The decision was made by the National Arbitration Forum’s Darryl Wilson, who has over 100 UDRP cases under his belt. Here’s the meat of it:

IDENTICAL OR CONFUSINGLY SIMILAR

The only difference between the Domain Name, facebok.pw, and the Complainant’s FACEBOOK mark is the absence of one letter (“o”) in the Domain Name. In addition, it is well accepted that the top level domain is irrelevant in assessing identity or confusing similarity, thus the “.pw” is of no consequence here. The Examiner finds that the Domain Name is confusingly similar to Complainant’s FACEBOOK mark.

NO RIGHTS OR LEGITIMATE INTERESTS

To the best of the Complainant’s knowledge, the Respondent does not have any rights in the name FACEBOOK or “facebok” nor is the Respondent commonly known by either name. Complainant has not authorized Respondent’s use of its mark and has no affiliation with Respondent. The Domain Name points to a web page listing links for popular search topics which Respondent appears to use to generate click through fees for Respondent’s personal financial gain. Such use does not constitute a bona fide offering of goods or services and wrongfully misappropriates Complainant’s mark’s goodwill. The Examiner finds that the Respondent has established no rights or legitimate interests in the Domain Name.

BAD FAITH REGISTRATION AND USE
The Domain Name was registered and is being used in bad faith.

The Domain Name was registered on or about March 26, 2013, nine years after the Complainant’s FACEBOOK marks were first used and began gaining global notoriety.

The Examiner finds that the Respondent has engaged in a pattern of illegitimate domain name registrations (See Complainant’s exhibit URS Site Screenshot) whereby Respondent has either altered letters in, or added new letters to, well-known trademarks. Such behavior supports a conclusion of Respondent’s bad faith registration and use. Furthermore, the Complainant submits that the Respondent is using the Domain Name in order to attract for commercial gain Internet users to its parking website by creating a likelihood of confusion as to the source, sponsorship or affiliation of the website. The Examiner finds such behavior to further evidence Respondent’s bad faith registration and use.

The only remedy for URS is suspension of the domain. According to Whois, it still belongs to the respondent.

Read the decision in full here.