Are Whois email checks doing more harm than good?

“Tens of thousands” of web sites are going dark due to ICANN’s new email verification requirements and registrars are demanding to know how this sacrifice is helping solve crimes.

These claims and demands were made in meetings between registrars and ICANN’s board and management at the ICANN 49 meeting in Singapore last week.

Go Daddy director of policy planning James Bladel and Tucows CEO Elliot Noss questioned the benefit of the 2013 Registrar Accreditation Agreement during a Tuesday session.

The 2013 RAA requires registrars to verify that registrants’ email addresses are accurate. If registrants do not respond to verification emails within 15 days, their domains are turned off.

There have been many news stories and blog posts recounting how legitimate webmasters found their sites gone dark due to an overlooked verification email.

Just looking at my Twitter stream for an “icann” search, I see several complaints about the process every week, made by registrants whose web sites and email accounts have disappeared.

Noss told the ICANN board that the requirement has created a “demonstrable burden” for registrants.

“If you cared to hear operationally you would hear about tens and hundreds of thousands of terrible stories that are happening to legitimate businesses and individuals,” he said.

Noss told DI today that Tucows is currently compiling some statistics to illustrate the scale of the problem, but it’s not yet clear what the company plans to do with the data.

At the Singapore meeting, he asked ICANN to go to the law enforcement agencies that demanded Whois verification in the first place to ask for data showing that the new rules are also doing some good.

“What crime has been forestalled?” he said. “What issues around fraud? We heard about pedophilia regularly from law enforcement. What has any of this done to create benefits in that direction?”

Registrars have a renewed concern about this now because there are moves afoot in other fora, such as the group working on new rules for privacy and proxy services, for even greater Whois verification.

Bladel pointed to an exchange at the ICANN meeting in Durban last July, during which ICANN CEO Fadi Chehade suggested that ICANN would not entertain requests for more Whois verification until law enforcement had demonstrated that the 2013 RAA requirements had had benefits.

The exact Chehade line, from the Durban public forum transcript, was:

law enforcement, before they ask for more, we put them on notice that they need to tell us what was the impact of what we did for them already, which had costs on the implementers.

Quoted back to himself, in Singapore Chehade told Bladel: “It will be done by London.”

Speaking at greater length, director Mike Silber said:

What I cannot do is force law enforcement to give us anything. But I think what we can do is press the point home with law enforcement that if they want more, and if they want greater compliance and if they want greater collaborations, it would be very useful to show the people going through the exercise what benefits law enforcement are receiving from it.

So will law enforcement agencies be able to come up with any hard data by London, just a few months from now?

It seems unlikely to me. The 2013 RAA requirements only came into force in January, so the impact on the overall cleanliness of the various Whois databases is likely to be slim so far.

I also wonder whether law enforcement agencies track the accuracy of Whois in any meaningfully quantitative way. Anecdotes and color may not cut the mustard.

But it does seem likely that the registrars are going to have data to back up their side of the argument — customer service logs, verification email response rates and so forth — by London.

They want the 2013 RAA Whois verification rules rethought and removed from the contract and the ICANN board so far seems fairly responsive to their concerns.

Law enforcement may be about to find itself on the back foot in this long-running debate.

Registrars screwing up new gTLD launches?

Kevin Murphy, March 18, 2014, Domain Registrars

Some of the largest domain name registrars are failing to support new gTLDs properly, leading to would-be registrants being told unregistered names are unavailable.

The .menu gTLD went into general availability yesterday, gathering some 1,649 registrations in its first half day.

It’s not a great start for the new gTLD by any stretch, but how much of it has to do with the channel?

I tested out searches for available names at some of the biggest registrars and got widely different results, apparently because they don’t all properly support tiered pricing.

Market leader Go Daddy even refuses to sell available names.

The .menu gTLD is being operated by a What Box? subsidiary, the inappropriately named Wedding TLD2.

The company has selected at least three pricing tiers as far as I can tell — $25 is the baseline registry fee, but many unreserved “premium” names are priced by the registry at $50 and $65 a year.

For my test, I used noodleshop.menu, which seems to carry the $65 fee. Whois records show it as unregistered and it’s not showing up in today’s .menu zone file. It’s available.

This pricing seems to be accurately reflected at registrars including Name.com and 101domain.

Name.com, for example, says that the name is available and offers to sell it to me for $81.25.

Name.com

Likewise, 101domain reports its availability and a price of $97.49. There’s even a little medal icon next to the name to illustrate the fact that it’s at a premium price.

101domain

So far so good. However, other registrars fare less well.

Go Daddy and Register.com, which are both accredited .menu registrars, don’t seem to recognize the higher-tier names at all.

Go Daddy reports the name is unavailable.

Go Daddy

And so does Register.com.

Register.com

For every .menu name that carried a premium price at Name.com, Go Daddy was reporting it as unavailable.

With Go Daddy owning almost half of the new gTLD market, you can see why its failure to recognize a significant portion of a new gTLD’s available nice-looking names might impact day-one volumes.

The experience at 1&1, which has pumped millions into marketing new gTLD pre-registrations, was also weird.

At 1&1, I was offered noodleshop.menu at the sale price of $29.99 for the first year and $49.99 thereafter, which for some reason I was told was a $240 saving.

1&1

Both the sale price and the regular price appear to be below the wholesale cost. Either 1&1 is committed to take a $15 loss on each top-tier .menu name forever, or it’s pricing its names incorrectly.

A reader informed me this morning that when he tried to buy a .menu premium at 1&1 today he was presented with a message saying he would be contacted within 24 hours about the name.

He said his credit card was billed for the $29.99, but the name (Whois records seem to confirm) remains unregistered.

I’d test this out myself but frankly I don’t want to risk my money. When I tried to register the same name as the reader on 1&1 today I was told it was still available.

If I were a new gTLD registry I’d be very worried about this state of affairs. Without registrars, there’s no sales, but some registrars appear to be unprepared, at least in the case of .menu.

Go Daddy risking Oscars wrath with .buzz premium domains?

The new gTLD registry Dot Strategy included many famous brands on its list of premium .buzz names, including two that could get its partner, Go Daddy-owned Afternic, in hot water.

Until a couple of hours ago, nic.buzz carried what appeared to be thousands of premium listings, organized by category and carrying prices of $1,000 and up, some of which seemed to target brands.

The names of several sports teams, such as 49ers.buzz and blackhawks.buzz, were listed for sale in the sports category (hat tip: Valideus‘ Brian Beckham).

I also spotted listings for domains such as photoshop.buzz (an Adobe software brand) in the technology category and hobbit.buzz (believe it or not, “Hobbit” is a trademark) in an entertainment category.

But the ones that really caught my attention were academyaward.buzz and academyawards.buzz, which carried prices of $1,900 each.

null

That’s surprising because if you try to buy these domains you’ll be instructed to contact Afternic, which is handling the premium process. And as of September, Go Daddy owns Afternic.

The Academy of Motion Picture Arts and Sciences, which hands out the Oscars and owns “Academy Award” and “Academy Awards” trademarks, has been locked in litigation with Go Daddy for the last four years.

The Academy claims that Go Daddy is cybersquatting due to its practice of making money parking its customers’ domains, including domains containing Academy trademarks such as academyawardz.com.

Most recently, Go Daddy tried to get the appointed judge in the case kicked out, alleging that she’s in the Academy’s pocket.

While the lawsuit is certainly controversial, attempting to sell $3,800 worth of domain names matching the Academy’s marks probably wouldn’t help Go Daddy look less cybersquatty to its opponent.

It could be argued that many of the premium names that match brands are also generic — Black Hawks could be helicopters and I’m sure there are plenty of academies in the world that hand out awards.

A legitimate registrant could buy many of these trademark-matching listed names and fight off a UDRP, I reckon.

But when somebody lists the name for sale in a category appropriate to the class of trademark, I’d say that makes the name look a lot less generic.

Bieber is a surname presumably shared by many people, but when you list bieber.buzz for sale in a category related to entertainment it can only really refer to one person.

Somebody yanked the premium listings section from the nic.buzz web site after I requested comments from Dot Strategy and Go Daddy a few hours ago. This post will be updated should I receive said comments.

.buzz is currently in its sunrise period and is due to go to general availability in mid-April. As I’ve said before, it’s one of my favorite new gTLD strings and I wouldn’t be surprised if sells quite well.

UPDATE: Go Daddy said: “Afternic is working with dotStrategy, Co. (the .BUZZ registry) to review the list and revise as appropriate.”

Disappointing .sexy launch shows the importance of the channel

Kevin Murphy, February 27, 2014, Domain Registries

.sexy not so sexy after all?

Uniregistry’s first new gTLDs to launch, .sexy and .tattoo, have showed a poor first-day performance after the company failed to secure Go Daddy as a registrar partner.

During the 60-day sunrise period and the first 30 hours of general availability, .sexy sold just shy of 2,700 domains, judging by zone files, while .tattoo racked up a pitiful 700 registrations.

This makes .sexy the 19th most popular new gTLD. On the DI PRO league table it’s sandwiched between .holdings and .camera, and .tattoo the 28th, between .voyage and .careers.

It’s not a completely terrible performance for .sexy — .camera and .holdings have been on the market for three and four weeks respectively — but one might have expected better sales for a string that isn’t tied to a particular vertical niche and is, arguably, just intrinsically attractive.

.sexy’s first-day performance is in the same ball park as Donuts’ .gallery and .estate, hardly strings to get excited about.

For .tattoo, the story is less gray — under 1,000 domains sold is not a success in anyone’s book.

I think there are a couple reasons for the poor showing.

First, the strings themselves. While I can see .sexy proving popular with regular buyers, it doesn’t easily lend itself to domain names that are instinctively attractive to domainers.

You can put pretty much any profession or product name in front of a .guru and it is meaningful as a brand or a rather grandiose self-appointed title. Not so with .sexy.

Ironically, this appears to be Uniregistry CEO Frank Schilling’s “Toilet Paper Test” in action.

Schilling argues that the test of how generic, and by extension popular, a gTLD is should be whether toiletpaper.[tld] works. I think toiletpaper.guru works, but toiletpaper.sexy does not.

Second, Uniregistry lacked distribution.

While it had big registrars such as eNom and NameCheap (almost 50 in total) on its books, it lacked Go Daddy and 1&1 — the two companies that have been pushing pre-registrations more heavily than any other.

The reason Donuts’ gTLDs performed better in their first hours is that these companies, mainly Go Daddy, had been collecting pre-regs for weeks and spammed the registry with registration requests at the first second they were able. Day one registrations actually represent weeks of marketing and leads.

Uniregistry took an awfully big risk by demanding registrars hand over part of the customer relationship to the registry, and it seems to have impacted its sales.

The company plans to shortly launch its own registrar, and is betting hard of this being a successful sales channel.

I’m somewhat skeptical about this strategy, at least in the short term.

Go Daddy has spent tens (hundreds?) of millions of dollars on marketing over the last decade or so. It has a lot of eyeballs already and it’s going to be nigh-on impossible to replicate that degree of success.

Uniregistry is not the only new gTLD portfolio registry enthusiastically embracing vertical integration.

The trail was blazed by Minds + Machines, which launched its own registrar last November. Today, it’s difficult to tell on the company’s web site where the registrar ends and the registry begins.

What’s M+M’s launch channel going to look like? We’re not going to know for sure until its first TLDs hit the market.

Are the big registrars going to make the vertically integrated business model difficult to carry off successfully? While registries are obliged to give access to any registrar that wants to sell their names, registrars have no obligations to carry any TLD they don’t want to.

Here’s why registrars are boycotting .sexy

Kevin Murphy, February 25, 2014, Domain Registries

Will .sexy and .tattoo trip on the starting blocks today due to registrars’ fears about competition and Whois privacy?

Uniregistry went into general availability at 1600 UTC today with the two new gTLDs — its first to market — but it did so without the support of some of the biggest registrars.

Go Daddy — alone responsible for almost half of all new domain registrations — Network Solutions, Register.com and 1&1 are among those that are refusing to carry the new TLDs.

The reason, according to multiple sources, is that Uniregistry’s Registry-Registrar Agreement contains two major provisions that would dilute registrars’ “ownership” of their customer base.

First, Uniregistry wants to know the real identities of all of the registrants in its TLDs, even those who register names using Whois privacy services.

That’s not completely unprecedented; ICM Registry asks the same of .xxx registrars in order to authenticate registrants’ identities.

Second, Uniregistry wants to be able to email or otherwise contact those registrants to tell them about registry services it plans to launch in future. The Uniregistry RRA says:

Uniregistry may from time to time contact the Registered Name Holder directly with information about the Registered Name and related or future registry services.

We gather that registrars are worried that Uniregistry — which will shortly launch its own in-house registrar under ICANN’s new liberal rules on vertical integration — may try to poach their customers.

The difference between ICM and Uniregistry is that ICM does not own its own registrar.

The Uniregistry RRA seems to take account of this worry, however, saying:

Except for circumstances related to a termination under Section 6.7 below, Uniregistry shall never use Personal Data of a Registered Name Holder, acquired under this Agreement, (a) to contact the Registered Name Holder with a communication intended or designed to induce the Registered Name Holder to change Registrars or (b) for the purpose of offering or selling non-registry services to the Registered Name Holder.

Some registrars evidently do not trust this promise, or are concerned that Uniregistry may figure out a way around it, and have voted with their storefronts by refusing to carry these first two gTLDs.

Ownership of the customer relationship is a pretty big deal for registrars, especially when domain names are often a low-margin entry product used to up-sell more lucrative services.

What if a future Uniregistry “registry service” competes with something these registrars already offer? You can see why they’re worried.

A lot of registrars have asserted that with the new influx of TLDs, registrars have more negotiating power over registries than they ever did in a world of 18 gTLDs.

Uniregistry CEO Frank Schilling is basically testing out this proposition on his own multi-million-dollar investment.

But will the absence of these registrars — Go Daddy in particular — hurt the launch numbers for .sexy and .tattoo?

I think there could be some impact, but it might be tempered by the fact that a large number of early registrations are likely to come from domainers, and domainers know that Go Daddy is not the only place to buy domains.

Schilling tweeted at about 1605 UTC today that .sexy was over 1,800 registrations.

Longer term, who knows? This is uncharted territory. Right now Uniregistry seems to be banking on the 40-odd registrars — some of them quite large — that have signed up, along with its own marketing efforts, to make up any shortfall an absence of Go Daddy may cause.

Tomorrow, I’d be surprised if NameCheap, which is the distant number two registrar in new gTLDs right now (judging by name server counts) is not the leader in .sexy and .tattoo names.