Latest news of the domain name industry

Recent Posts

Emoji domains get a 😟 after broad study

Kevin Murphy, October 28, 2019, Domain Tech

Domain names containing emojis are a security risk and not recommended, according to a pretty comprehensive review by an ICANN study group.

The Country-Code Names Supporting Organization has delivered the results of its 12-person, 18-month Emoji Study Group, which was tasked with looking into the problems emoji domains can cause, review current policy, and talk to ccTLD registries that currently permit emoji domains.

The ESG didn’t have a lot of power, and its recommendations are basically an exercise in can-kicking, but it’s easily the most comprehensive overview of the issues surrounding emoji domains that I’ve ever come across.

It’s 30 pages long, and you can read it here (pdf).

Emojis are currently banned in gTLDs, where ICANN has to approve new Unicode tables before they can be used by registries at the second level, under its internationalized domain name policy, IDNA 2008.

But ccTLDs, which are not contracted with ICANN, have a lot more flexibility. There are 15 ccTLDs — almost all representing small islands or low-penetration African nations — that currently permit emoji domains, the ESG found.

That’s about 6% of Latin-script ccTLDs out there today. These TLDs are .az, .cf, .fm, .je, .ga, .ge, .gg, .gq, .ml, .st, .to, .tk, .uz, .vu, and .ws.

Five of them, including .tk, are run by notorious freebie registry Freenom, but perhaps the best-known is .ws, where major brands such as Budweiser and Coca-Cola have run marketing campaigns in the past.

The main problem with emojis is the potential for confusing similarity, and the ESG report does a pretty good job of enumerating the ways confusability can arise. Take its comparison of multiple applications’ version of the exact same “grinning face” emoji, for example:

Emoji comparison

If you saw a domain containing one of those in marketing on one platform, would you be able to confidently navigate to the site on another? I doubt I would.

There’s also variations in how registrars handle emojis on their storefronts, the report found. On some you can search with an emoji, on others you’ll need to type out the xn-- prefixed Punycode translation longhand.

In terms of recommendations, the ESG basically just asked ICANN to keep an eye on the situation, to come to a better definition of what an emoji actually is, and to reach out for information to the ccTLDs accepting emojis, which apparently haven’t been keen on opening up so far.

Despite the lack of closure, it’s a pretty good read if you’re interested in this kind of thing.

Verisign report deletes millions of domains from history

Verisign has dramatically slashed its estimates for the number of domains in existence in its quarterly Domain Name Industry Brief reports, two of which were published this week.

The headline number for the end of the fourth quarter is 329.3 million, a 0.7% increase sequentially and a 6.8% increase annually.

But it’s actually a lower number than Verisign reported in its second-quarter report just five months ago, which was 334.6 million.

The big swinger, as you may have guessed if you track this kind of thing, was .tk, the Freenom ccTLD where names are given away for free and then reclaimed and parked by the registry when they are deleted for abuse expire.

It seems a change in the way .tk is counted (or estimated) is the cause of the dip.

Verisign gets its gTLD data for the report from ICANN-published zone files and its ccTLD data from independent researcher Zooknic.

Problem is, Zook hasn’t had up-to-date data on .tk for a couple of years, so every DNIB published since then has been based on its December 2014 numbers.

But with the Q3 report (pdf), Zook revised its .tk estimates down by about six million names.

In earlier reports, the ccTLD was being reported at about 25 million names (exact numbers were not given), but now that’s been slashed to 18.7 million, relegating it to the second-largest ccTLD after China’s .cn, which has 21.1 million.

I’ve asked Freenom to confirm the latest numbers are correct and will update this post if I get a response.

Verisign does not say what caused the decision to scale down .tk’s numbers, but explains what happened like this:

In Q3 2016, Zooknic reported a significant decline in the .tk zone and restated the estimated zone size of .tk for each quarter from Q4 2014 through Q3 2016 using a proprietary methodology. As a result, for comparative purposes of this DNIB to the Q3 2016 DNIB and the Q4 2015 DNIB, Verisign has applied an updated estimate of the total zone size across all TLDs for Q3 2016 of 327.0 million and Q4 2015 of 307.7 million and an updated estimate of the total ccTLD zone size for Q3 2016 of 140.1 million and Q4 2015 of 138.1 million.

Apples-to-apples comparisons in the Q4 report show the ccTLD universe was up to 142.7 million names, a 1.8% sequential increase and up 3.1% on 2015. Excluding .tk, annual growth was 6.9%.

Verisign’s own .com and .net combined grew 1.7% to 142.2 million names at the end of the year, one percentage point smaller than their 2015 growth.

The full Q4 report can be read here (pdf).

OpenTLD suspension reinstated

Kevin Murphy, August 25, 2015, Domain Registrars

ICANN has suspended OpenTLD’s ability to sell gTLD domain names for the second time, following an arbitration ruling yesterday.

OpenTLD, part of the Freenom group, will not be able to sell gTLD names or accept inbound transfers from tomorrow — about two hours from now — to November 24, according to ICANN’s web site.

That doesn’t give the company much time to make the required changes to its web site and registrar systems.

As reported earlier today, OpenTLD lost its battle to have the suspension frozen in arbitration with ICANN.

The arbitrator agreed with ICANN Compliance that the registrar cybersquatted its competitors and has not yet done enough to ensure that it does not do the same again in future.

Yes, you are dangerous, arbitrator tells “cybersquatter” OpenTLD

Kevin Murphy, August 25, 2015, Domain Registrars

Free domains provider OpenTLD has been dealt a crushing blow in its fight against the suspension of its Registrar Accreditation Agreement.

ICANN is now free to suspend OpenTLD’s RAA, due to the company’s “pattern of cybersquatting”, following a decision by an independent arbitrator.

The arbitrator ruled yesterday that OpenTLD’s suspension should go ahead, because “OpenTLD’s continued operation could potentially harm consumers and the public interest.”

The 90-day suspension was imposed by ICANN Compliance in June, after it became aware that OpenTLD had lost two UDRP cases filed by competing registrars.

WIPO panelists found in both cases that the company had infringed its competitors’ trademarks in order to entice resellers over to its platform.

The suspension was put on hold voluntarily by ICANN, pending the arbitrator’s ruling on OpenTLD’s request for emergency stay. That request was conclusively rejected yesterday.

The arbitrator wrote:

the Arbitrator has little doubt that the multiple abusive name registrations made by OpenTLD, each of which included the registered mark of a competing domain name registrar and OpenTLD’s subsequent use of those domains… formed part of a broad concerted effort by OpenTLD calculated to deliberately divert name registration business, otherwise destined for competing domain name registrars… away from those registrars to OpenTLD instead.

He wrote that OpenTLD needs to put a process in place to prevent similarly cybersquatty behavior in future, rather than just making a commitment to changing its ways.

It’s pretty harsh stuff.

OpenTLD said recently that a suspension would “devastate” and “decimate” its business, due to the intertwining of its massive ccTLD business and rather smaller gTLD platform, but the arbitrator thought a technology workaround would be rather simple to implement.

No RAA means no gTLD sales and no inbound transfers.

OpenTLD is part of Freenom, which runs .tk and other free-to-register ccTLDs.

The company’s only ray of sunlight in the ruling is that the arbitrator said the costs of the proceeding should be split equally, not all falling on OpenTLD’s shoulders.

ICANN has not yet re-instituted the suspension, but it could come soon.

The full ruling can be read here.

OpenTLD says suspension would “devastate” its business

Kevin Murphy, August 14, 2015, Domain Registrars

OpenTLD has fired off its newest salvo in its ongoing cybersquatting dispute with ICANN, saying the ICANN-imposed suspension would “devastate” its business.

The company has also addressed many of ICANN’s cybersquatting allegations, while failing to deny it squatted on two competitors’ trademarks.

In its latest arbitration filing (pdf), OpenTLD said: “Quite simply, the suspension of OpenTLD’s ability to offer gTLD registrations and inbound transfers would decimate its unique business model.”

ICANN had argued that the suspension of its registrar accreditation was no big deal because its gTLD domain base is measured in the low thousands, whereas the total domains under management of parent Freenom, which offers free domains in .tk and other ccTLDS, is in excess of 25 million.

But OpenTLD said the two businesses as “deeply intertwined” and separating the two would impair its ability to do business.

ICANN is pushing for the suspension because OpenTLD lost two UDRP cases earlier this year. Both were filed by competitors — Key-Systems and NetEarth — who accused the registrar of attempting to lure resellers to its platform by infringing rivals’ trademarks.

ICANN has since followed up by accusing OpenTLD of continuing to cybersquat famous brands, including Google and Facebook, even after the suspension notice was issued. These claims, as I noted last week, are very dubious, however.

In its latest filing, OpenTLD denies that any of those domains — all of which use its privacy service — were registered by itself. It goes so far as to name the actual registrants.

But it fails to deny that it was the true registrant of the Key-Systems and NetEarth domains lost in the UDRP cases.

Rather, it focuses on ICANN’s claims that it committed “cyberflight” by deleting the UDRP’d domains rather than allowing them to be transferred to the trademark owners.

It admits that the domains were deleted but said this was “inadvertent” and that it attempted to transfer them to its competitors later.

OpenTLD wants the threatened suspension stayed.

The case continues. A decision by the arbitration panel is expected August 24.

OpenTLD cybersquatting fight escalates

Kevin Murphy, August 7, 2015, Domain Registrars

ICANN has accused OpenTLD, the registrar arm of Freenom, of cybersquatting famous brands even after it was threatened with suspension.

The claims may be worrying for some registrars as ICANN may in fact be holding the registrar responsible for the actions of its proxy service customers.

OpenTLD was suspended by ICANN in early July, after two UDRP rulings found the company had cybersquatted rival registrars’ brands in order to poach customers.

The suspension was lifted after just a few hours when OpenTLD took ICANN to arbitration under the terms of its Registrar Accreditation Agreement.

In ICANN’s latest arbitration filing, the organization’s lawyers argue that the suspension should not be stayed, because OpenTLD has been shown to engage in a pattern of cybersquatting.

Like the original suspension notice, the filing cites the two UDRP losses, along with footnotes indicating that as many as seven competing brands had been cybersquatted.

But ICANN has now also escalated its allegations to bring in non-registrar brands where it’s far from clear that OpenTLD is the actual registrant.

ICANN’s filing states:

even a brief review of the domain names in OpenTLD’s portfolio demonstrates that OpenTLD appears to be continuing to engage in bad faith and abusive registration practices. As of 3 August 2015, there were at least 73 gTLD domains registered to Stichting OpenTLD WHOIS Proxy (which is OpenTLD’s proxy service) that are identical to or contain the registered trademarks or trade names of third parties, including, by way of small example, the domain names barnesandnoble.link, sephora.bargains, at-facebook.com, ebaybh.com, googlefreeporn.com, global-paypal.com, hotmailtechnicalsupport.com, and secure-apple.com. ICANN is not aware of any legitimate interest or right that OpenTLD has to use these third-party trademarks and trade names.

Even more concerning is the fact that at least 14 gTLD domain names that contain the registered trademarks or trade names of third parties were registered by OpenTLD’s proxy service after the 23 June 2015 Suspension Notice was issued to OpenTLD, further demonstrating that OpenTLD’s overtures of “cooperation” ring hollow.

To be clear, that’s ICANN accusing OpenTLD of cybersquatting because some of the domains registered via its privacy service appear to be trademark infringements.

It’s basically equating infringing use of OpenTLD’s proxy service (such the registration of barnesandnoble.link) with the infringing behavior of OpenTLD itself (such as the registration of godaddy.cf, a February 2015 screenshot of which can be seen below.)

This may just be legal posturing, but I imagine many other registrars would be worried to know that they could have their accreditation suspended for cybersquatting simply because some of their privacy customers are cybersquatters.

I’d wager that every proxy/privacy service available has been used by blatant cybersquatters at one time or another.

Filings in the arbitration case can be found here.

OpenTLD suspension stayed in unprecedented arbitration case

“Cybersquatting” registrar OpenTLD, part of the Freenom group, has had its accreditation un-suspended by ICANN while the two parties slug it out in arbitration.

Filed three weeks ago by OpenTLD, it’s the first complaint to head to arbitration about under the 2013 Registrar Accreditation Agreement.

ICANN suspended the registrar for 90 days in late June, claiming that it “engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party”.

But OpenTLD filed its arbitration claim day before the suspension was due to come in to effect, demanding a stay.

ICANN — voluntarily, it seems — put the suspension on hold pending the outcome of the case.

The suspension came about due to OpenTLD being found guilty of cybersquatting its competitors in two UDRP cases.

In both cases, the UDRP panel found that the company had cybersquatted the trademarks of rival registrars in an attempt to entice their resellers over to its platform.

But OpenTLD claims that ICANN rushed to suspend it without giving it a chance to put forward its side of the story and without informing it of the breach.

It further claims that the suspension is “disproportionate and unprecedented” and that the public interest would not be served for the suspension to be upheld.

This is not an Independent Review Process proceeding, so things are expected to move forward relatively quickly.

The arbitration panel expects to hear arguments by phone August 14 and rule one way or the other by August 24.

Read the OpenTLD complaint here.

Freenom suspended for cybersquatting rival registrars

Freenom, the company behind .tk and other freebie ccTLDs, has had its ICANN registrar accreditation suspended for cybersquatting competing registrars including Go Daddy and Key-Systems.

OpenTLD, its registrar business, has been told it cannot accept new registrations or inbound transfers from July 8 to October 6 or until it provides ICANN with a full list of the names it squatted.

I believe it’s the first time ICANN has suspended a registrar for this reason.

The suspension notice states:

ICANN has found that OpenTLD has engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest

That’s a long-winded way of saying “massive cybersquatting”.

ICANN is basing its claims on two UDRP cases that Freenom and its CEO, Joost Zuurbier, lost.

According to WIPO panelists in Key-Systems GmbH v. Joost Zuurbier, OpenTLD B.V. and NetEarth Group, Inc. v. Stichting OpenTLD WHOIS Proxy, the company squatted at least seven of its rivals’ trademarks.

The domains were netearthone.biz, rrpproxy.me, key-systems.cc, resellerclub.tk, resellbiz.biz, godaddy.cf and resello.ws.

According to the UDRP decisions, Freenom used the domains to try to entice resellers of the other registrars over to OpenTLD.

It bought the competing registrars’ trademarks as search keywords on Google’s advertising platform, a WIPO panelist found. If you searched Google for Key-Systems trademark “RRPproxy”, for example, you’d get an ad linking to rrpproxy.me.

In some cases the names were registered behind Freenom’s in-house privacy service. In others, Zuurbier and OpenTLD were listed plainly as the registrants.

The WIPO panelists also found that Freenon shirked its duties under the UDRP as registrar, deleting the squatted domains rather than locking them, which essentially amounted to “cyberflight”.

It all looks pretty bad for Freenom, which only gained its accreditation two years ago.

To avoid termination, it has to provide ICANN with a list of all of its trademark infringing names, agree to transfer them to the mark owners or delete them, and bunch of other stuff.

Here’s the letter.

New gTLD phishing still tiny, but .xyz sees most of it

New gTLDs are not yet being widely used to carry out phishing runs, but most such attacks are concentrated in .xyz.

That’s one of the conclusions of the Anti-Phishing Working Group, which today published its report for the second half of 2014.

Phishing was basically flat in the second half of the year, with 123,972 recorded attacks.

The number of domains used to phish was 95,321, up 8.4% from the first half of the year.

However, the number of domains that were registered maliciously in order to phish (as opposed to compromised domains) was up sharply — by 20% to 27,253 names.

In the period, 272 TLDs were used, but almost 54% of the attacks used .com domains. In terms of maliciously registered domains, .com fared worse, with over 62% share.

According to APWG, 75% of maliciously registered domains were in .com, .tk, .pw, .cf and .net.

Both .tk and .cf are Freenom-administered free ccTLDs (for Tokelau and the Central African Republic) while low-cost .pw — “plagued” by Chinese phishers — is run by Radix for Palau.

New gTLDs accounted for just 335 of the maliciously registered domains — 1.2% of the total.

That’s about half of what you’d expect given new gTLDs’ share of the overall domain name industry.

Twenty-four new gTLDs had malicious registrations, but .xyz saw most of them. APWG said:

Almost two-thirds of the phishing in the new gTLDs — 288 domains — was concentrated in the .XYZ registry. (Of the 335 maliciously registered domains, 274 were in .XYZ.) This is the first example of malicious registrations clustering in one new gTLD, and we are seeing more examples in early 2015.

XYZ.com aggressively promoted cheap or free .xyz names during the period, but APWG said that only four .xyz phishing names were registered via freebie partner Network Solutions.

In fact, APWG found that most of its phishing names were registered via Xin Net and used to attack Chinese brands.

But, normalizing the numbers to take account of different market shares, .xyz shapes up poorly when compared to .com and other TLDs, in terms of maliciously registered domains. APWG said:

XYZ had a phishing-per-10,000-domains score of 3.6, which was just slightly above the average of 3.4 for all TLDs, and lower than .COM’s score of 4.7. Since most phishing domains in .XYZ were fraudulently registered and most in .COM compromised, .XYZ had a significantly higher incidence of malicious domain registrations per 10,000 coming in at 3.4 versus 1.4 for .COM.

APWG said that it expects the amount of phishing to increase in new gTLDs as registries, finding themselves in a crowded marketplace, compete aggressively on price.

It also noted that the amount of non-phishing abuse in new gTLDs is “much higher” than the phishing numbers would suggest:

Tens of thousands of domains in the new gTLDs are being consumed by spammers, and are being blocklisted by providers such as Spamhaus and SURBL. So while relatively few new gTLD domains have been used for phishing, the total number of them being used maliciously is much higher.

The number of maliciously registered domains containing a variation on the targeted brand was more or less flat, up from 6.6% to 6.8%.

APWG found that 84% of all phishing attacks target Chinese brands and Chinese internet users.

The APWG report can be downloaded here.

UPDATE: XYZ.com CEO Daniel Negari responded to the report by pointing out that phishing attacks using .xyz have a much shorter duration compared to other TLDs, including .com.

According to the APWG report, the average uptime of an attack using .xyz is just shy of 12 hours, compared to almost 28 hours in .com. The median uptime was a little over six hours in .xyz, compared to 10 hours in .com.

Negari said that this was due to the registry’s “aggressive detection and takedowns”. He said XYZ has three full-time employees devoted to handling abuse.

.tk registrar gets ICANN breach notice

Kevin Murphy, March 19, 2015, Domain Registrars

OpenTLD, the registrar owned by .tk registry Freenon, has received an odd contract-breach notice from ICANN.

The company apparently forgot to send ICANN a Compliance Certificate for 2014, despite repeated pestering by ICANN staff.

It’s the first time I’ve seen ICANN issue a breach notice (pdf) for this reason.

A Compliance Certificate, judging by the 2013 Registrar Accreditation Agreement, seems to be a simple form letter that the CEO must fill in, sign and submit once a year.

Coming back into compliance would be, one imagines, five minutes’ work.

As well as being an ICANN-accredited registrar, OpenTLD is part of Freenom. That’s the registry that repurposes under-used ccTLDs with a “freemium” model that allows free registrations.

Its flagship, .tk, is the biggest ccTLD in world, with over 30 million active names.

  • Page 1 of 2
  • 1
  • 2
  • >