Latest news of the domain name industry

Recent Posts

ICANN audit claims two more registrar scalps

Kevin Murphy, January 20, 2015, Domain Registrars

Two tiny registrars — WebZero and Black Ice Domains — have had their registrar accreditations terminated for a failure to respond to a routine ICANN audit.

Israel-based Black Ice had just a couple thousands gTLD domains under management; US-based WebZero had fewer than 100.

Both registrars stood accused of not providing documents to ICANN in response to an audit, per their Registrar Accreditation Agreements.

ICANN will now look for a registrar or registrars to take over these registrars’ domains.

A quarter of registrar’s names are “illicit pharmacies”

Kevin Murphy, January 16, 2015, Domain Services

One in four of the domain names registered with the registrar NetLynx are linked to current, past or potential future rogue drug sites, according to online pharmacy monitor LegitScript.

The Mumbai-based registrar was hit with a breach notice by ICANN Compliance last week, over an alleged failure to investigate an abuse complaint about a single customer domain, tnawsol24h.com.

NetLynx did not adequately respond to ICANN’s calls from November 26 to January 5, according to the notice (pdf).

While ICANN did not identify the source or nature of the complaint, according to LegitScript it was filed by the UK Medicines and Healthcare products Regulatory Agency and it claimed that the domain was being used as a “rogue internet pharmacy”.

LegitScript did some research into NetLynx’s domains under management and now claims that it is not an isolated case.

Company president John Horton blogged:

at least a quarter of the registrar’s business is dependent on rogue Internet pharmacy registrations, with roughly 3,000 of the 12,000 domain names under the registrar’s portfolio taggable as current, past or “holding sites” for illicit online pharmacies.

Horton clarified for DI that the 3,000 number is extrapolated from the fact that LegitScript managed to categorize 1,820 out of the 7,000 NetLynx domains it could find as problematic.

Of those, 820 were “online and active” rogue pharmacies, he said. He gave canadian-drug-pharmacy.com, pills-delivery.net and pillsforlife.net as examples.

Another 780 were hosting rogue pharmacies in the past but have since been shut down, he said.

Finally, LegitScript categorized 220 as “meeting known patterns” for “holding sites” where illicit pharmacies may be launched in future. Horton said:

many of the spam pharma organizations use “holding domain names” (not all are online at any one time), so if the website was NOT currently online, we looked to a variety of data — known domain name patterns, screenshots, known rogue name servers, known rogue IP addresses, etc. — to determine the likelihood that a domain name is likely to be a rogue Internet pharmacy, and gave NetLynx the benefit of the doubt if there was any lack of certainty

LegitScript classifies online pharmacies as “rogue” if they offer to ship medicines without a prescription to people in jurisdictions where prescriptions are required.

Horton is now calling for ICANN to look into terminating NetLynx’s accreditation.

.top says Facebook shakedown was just a typo

Kevin Murphy, January 16, 2015, Domain Registries

Jiangsu Bangning Science & Technology, the .top registry, is blaming a typo for a Facebook executive’s claim that it wanted $30,000 or more for facebook.top.

Information provided to the ICANN GNSO Council by Facebook domain manager Susan Kawaguchi yesterday showed that .top wanted RMB 180,000 (currently $29,000) for a trademarked name that previously had been blocked due to ICANN’s name collisions policy.

But Mason Zhang, manager of the registry’s overseas channel division, told DI today that the price is actually RMB 18,000 ($2,900):

We were shocked when seeing that our register price for TMCH protected names like Facebook during Exclusive Registration Period is changed from “eighteen thousand” into what is written, the “one hundred and eighty thousand”.

I think that might be a type mistake from our side, and we checked and we are certain that the price is CNY EIGHTEEN THOUSAND.

The 18,000-yuan sunrise fee is published on the registry’s official web site, as I noted yesterday.

The registry email sent to Facebook is reproduced in this PDF.

I wondered yesterday whether a breakdown in communication may to be blame. Perhaps I was correct.

While $3,000 is still rather high for a defensive registration, it doesn’t stink of extortion quite as badly as $30,000.

Still, it’s moderately good news for Facebook and any other company worried they were going to have to shell out record-breaking prices to defensively register their brands.

Here’s how the new number two new gTLD got so big so quick

Kevin Murphy, January 13, 2015, Domain Registries

Attentive DI readers will recall my journalistic meltdown last week, when I tried to figure out how the Chinese new gTLD .网址 managed to hit #2 in the new gTLD zone file size league table, apparently shifting a quarter of a million names in a week.

Well, after conversations with well-placed sources here at NamesCon in Las Vegas this week, I’ve figured it out.

.网址 is the Chinese for “.url”.

Its rapid growth — hitting 352,000 names today — can be attributed primarily to two factors.

First, these weren’t regular sales. The registry, Knet, which acquired original applicant Hu Yi last year, operates a keyword-based navigation system in China that predates Chinese-script gTLDs.

The company has simply grandfathered its keyword customers into .网址, I’m told.

The keyword system allows Latin-script domains too, which explains the large number of western brands that appear in the .网址 zone.

The second reason for the huge bump is the fact that many of the domains are essentially duplicates.

Chinese script has “traditional” and “simplified” characters, and in many cases domains in .网址 are simply the traditional equivalents of the simplified versions.

I understand that these duplicates may account for something like 30% of the zone file.

I’ve been unable to figure out definitively why the .网址 Whois database appeared to be so borked.

As I noted last week, every domain in the .网址 space had a Knet email address listed in its registrant, admin and technical contact fields.

It seems that Knet was substituting the original email addresses with its own when Whois queries were made over port 43, rather than via its own web site.

Its own Whois site (which doesn’t work for me) returned the genuine email addresses, but third-party Whois services such as DomainTools and ICANN returned the bogus data.

Whether Knet did this by accident or design, I don’t know, but it would have almost certainly have been a violation of its contractual commitments under its ICANN Registry Agreement.

However, as of today, third-party Whois tools are now returning the genuine Whois records, so whatever the reason was, it appears to be no longer an issue.

The new massive number two new gTLD has me paralyzed with confusion

Kevin Murphy, January 8, 2015, Domain Registries

The Chinese-script gTLD .网址 powered to the number two spot in the new gTLD rankings by zone file size this week, but it’s doing some things very strangely.

.网址 is Chinese for “.site”, “.url” or “.webaddress”.

The registry is Hu Yi Global, ostensibly a Hong Kong-based registrar but, judging by IANA’s records, actually part of its Beijing-based back-end Knet.

I’m going to come out and admit it: even after a few hours research I still don’t know a heck of a lot about these guys. The language barrier has got me, and the data is just weird.

These are the things I can tell you:

  • .网址 has 352,727 domains in its zone file today, up by about a quarter of a million names since the start of the week.
  • The names all seem to be using knet.cn name servers
  • I don’t think any of them resolve on the web. I tried loads and couldn’t find so much as a parking page. Google is only aware of about eight resolving .网址 pages.
  • They all seem to have been registered via the same Chinese registrar, which goes by the name of ZDNS (also providing DNS for the TLD itself).
  • They all seem to be registered with “nameinfo@knet.com” in the email address field for the registrant, admin and technical contacts in Whois, even when the registrants are different.
  • That’s even true for dozens of famous trademarks I checked — whether it’s the Bank of China or Alexander McQueen, they’re all using nameinfo@knet.cn as their email address.
  • I’ve been unable to find a Whois record with a completed Registrant Organization field.
  • Nobody seems to be selling these things. ZDNS (officially Internet Domain Name System Beijing Engineering Research Center) is apparently the only registrar to sell any so far and its web site doesn’t say a damn thing about .网址. The registry’s official nic.网址 site doesn’t even have any information about how to buy one either.
  • ZDNS hasn’t sold a single domain in any other gTLD.
  • News reports in China, linked to from the registry’s web site, boast about how .网址 is the biggest IDN TLD out there.

So what’s going on here? Are we looking at a Chinese .xyz? A bunch of registry-reserved names? A seriously borked Whois?

Don’t expect any answers from DI today on this one. I’ve been staring at Chinese characters for hours and my brain is addled.

I give up. You tell me.