Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
Five registrars on the ICANN naughty step
ICANN has sent breach notices to five domain name registrars, including two owned by Epik and DomainTools, for failing to cooperate with a Whois accuracy audit.
InTrust Domains, Planet Online, Server Plan, Infocom Network and DomainAllies.com did not respond to ICANN’s 2011 Whois Data Reminder Policy audit, according to ICANN.
The WDRP is the longstanding policy that requires all ICANN-accredited registrars to remind their customers to keep their Whois records up to date once a year.
The annual WDRP audit asks registrars to state how many reminders they sent out and how many Whois records were updated as a result, among other things.
The non-compliant registrars, with the exception of Server Plan, are also evidently past due paying their ICANN accreditation fees, according to the breach notices.
All five registrars have been given 15 days to rectify the problems or risk losing their accreditations.
Given that the audit is, I believe, a simple web-based form, I don’t think anyone is going to go out of business as a result of these breaches.
It’s interesting to dig a little bit into who owns these registrars.
DomainAllies.com belongs to DomainTools parent Thought Convergence.
InTrust, which has come in for criticism for shady marketing practices under its previous management, was acquired by Epik last July.
Planet Online, meanwhile, is one of those odd registrars that hides its own contact information behind a Whois privacy service (though its web site does carry a physical address).
New gTLDs now a month behind schedule
ICANN has announced yet another delay in its new generic top-level domains program.
Last night’s much-anticipated update on its efforts to deal with the fallout of the TLD Application System security bug merely deferred resolution of the problem for a week. Again.
The whole program is now essentially a month behind schedule.
Chief operating office Akram Atallah said in a statement:
ICANN will notify all applicants within the next seven business days whether our analysis shows they were affected by the technical glitch in the TLD application system.
…
Shortly after the notification process has been completed, we will announce the schedule for reopening the application system and completing the application period. We are mindful of the need to allow sufficient time during the reopening period for applicants to confirm the completeness of their submissions.
The seven business days for applicant notifications takes us to May 8.
It’s not clear whether TAS would reopen immediately after this, but I suspect we’re probably looking at a buffer of at least a day or two between the end of notifications and TAS coming back online.
ICANN has previously said that TAS will be open for five business days, to enable applicants to finish off their applications. This brings us to, at the very earliest, May 15.
The Big Reveal of the list of applications, I estimate, will come one to two weeks after that.
We’re essentially looking at a late May or early June finish to a process that should have ended in late April.
As a result, the entire timetable for evaluating, approving and delegating new gTLDs will likely also be pushed out by a month.
For applicants, the anticipated November 12 date for the completion of the first-batch Initial Evaluation phase is now likely to come some time in mid-December instead.
Unhelpfully, the deadlines for filing objections and requesting Extended Evaluation for first-batch applicants is now likely to fall around about January 1, 2013.
That’s assuming we do not see any more delays, of course, which I think would be optimistic.
Verisign selected for 220 new gTLDs
Verisign is the appointed back-end registry operator for 220 new generic top-level domain applications, according to the company.
Verisign itself has applied to ICANN for 14 new gTLDs, 12 of which are transliterations — ie, internationalized domain names — of .com and .net.
During its first-quarter 2012 earnings conference call, ongoing right now, CEO Jim Bidzos disclosed the numbers, saying:
VeriSign applied directly for 14 new gTLDs. Twelve of these 14 are transliterations of .com and .net. Also, applicants for approximately 220 new gTLDs selected Verisign to provide back-end registry services.
Many of these are dot-brands, Bidzos said.
Neustar, which also reported earnings yesterday, did not disclose how many applications it is involved in, other than to say that it has not applied for any as a front-end operator.
ANA demands TAS bug probe
Never one to miss the chance for a bit of trouble-making, the Association of National Advertisers has demanded a full independent probe into ICANN’s TLD Application System bug.
Writing to ICANN today, ANA president Bob Liodice has pointed to the TAS outage – now in its 13th day – as an example of why the new gTLD program needs to be scaled back.
“Doesn’t this situation demonstrate the need for a pilot project/test roll-out of the new Top Level Domain process to resolve any such problems before a major roll-out?” he asks.
In a press release, he added:
We are urgently requesting that the Department of Commerce and its National Telecommunications and Information Administration (NTIA) exercise their oversight of ICANN and encourage ICANN to engage an independent IT expert to fully investigate this serious and inadequately explained vulnerability.
The ANA has of course been the loudest objector to the program, forming the Coalition For Responsible Internet Domain Oversight last year to lobby against the gTLD expansion.
Liodice’s latest letter puts 10 questions to ICANN, several quite sensible and precisely the kinds of things I plan to ask just as soon as ICANN changes its mind about doing media interviews.
But it also asks for the release of information ICANN has already provided or has said it intends to provide, such as the number of affected TAS users or the date of the first reported incident.
The ANA also does not appear to be aware that the ICANN board new gTLD subcommittee recently passed a resolution calling for more work on the defensive registration problem.
Liodice notes that ICANN has not responded to its demands for a “Do Not Sell” list that would enable brand owners to block others from registering their trademarks in the DNS.
You can read the letter in PDF format here.
ICANN currently plans to provide its next big update on the TAS outage before the end of Friday.
OpenRegistry behind 20 new gTLD apps
OpenRegistry will provide the back-end technical infrastructure for 20 new generic top-level domain applications filed by 15 clients, according to a report.
Dutch telco KPN, consultancy Deloitte and financial management firm LPL Financial are among its dot-brand clients, according to Knack.be, quoting executives.
Presumably, we’re looking at bids for .kpn and .lpl as well as .deloitte, which Deloitte confirmed earlier this month.
Its portfolio of applications also includes two cities – one is .gent for Ghent, the other is an American city – and two generic terms that have not yet been revealed.
(UPDATE: While OpenRegistry is not naming the American city, I hear through the grapevine that it might be Boston).
Its clients have a total market cap of $150 billion, according to the report.
That’s not a bad roster for the start-up, whose technical arm is known as Sensirius. The Benelux company was founded in late 2010 by former executives from EuroDNS and Belgian ccTLD manager DNS.be.
A year ago it won the contract to manage the back-end for .sx, the new ccTLD for Sint Maarten.
Rugby board tries for .rugby with TLDH
The International Rugby Board has applied to ICANN for the generic top-level domain .rugby with Top Level Domain Holdings, the IRB announced today.
It appears to be a defensive as well as offensive move, judging by the press release.
It’s about “protecting and promoting Rugby’s values and ethos” and ensuring .rugby “resides within the sport”, according to IRB chairman Bernard Lapasset.
The application will be filed in partnership with TLDH, as well as a new company called ROAR Domains, which appears to be a part of a Kiwi sports marketing agency.
If the bid is successful, TLDH subsidiary Minds + Machines will provide the registry back-end.
The IRB is the international body for rugby associations which organizes the Rugby World Cup.
There are already a few .sport bids, and the Australian Football League has applied for a .afl dot-brand, but I think .rugby may be the first sport-specific gTLD application to be announced.
TAS down for at least another week
If you’re just joining us, welcome to the ICANN community.
The TLD Application System will be offline for another week, possibly more, as ICANN struggles to deal with the fallout from its embarrassing data leakage bug.
ICANN had promised an update today on the timing of the reopening of TAS, which was taken offline April 12 just 12 hours before the new gTLD application filing deadline arrived.
But what applicants got instead was a promise to provide another timing update a week from now.
Chief operating officer Akram Atallah said in a statement:
identifying which applicants may have been affected by the technical glitch, and determining who may have been able to see someone else’s data, require extensive analysis of a very large data set. This is a time-consuming task, but it is essential to ensure that all potentially affected applicants are accurately identified and notified.
Until that process is complete, we are unable to provide a specific date for reopening the application system.
In order to give all applicants notice and an opportunity to review and complete their applications, upon reopening the system we will keep it open for at least five business days.
No later than 27 April 2012 we will provide an update on the reopening of the system and the publication of the applied-for new domain names.
So the best-case scenario, if these dates hold up, would see TAS coming back online Monday, April 30 and closing Friday, May 4.
The April 30 target date for the Big Reveal is clearly no longer possible.
ICANN has stated previously that it expects to take two weeks between the closing of the application window and the revelation of the list of gTLDs being applied for.
The Big Reveal could therefore be postponed until mid-May, almost a month from now.
Any applicant who has already booked flights and hotels in order to attend one of the various reveal events currently being planned by third parties may find themselves out of pocket.
Regular ICANN participants are of course accustomed to delay.
ICANN’s image problem now is rather with the hundreds of companies interfacing with the organization for the first time, applying for new gTLDs, which may be wondering whether this kind of thing is par for the course.
Well, yes, frankly, it is.
That said, the time to avoid this problem was during testing, before the application window opened in January.
Now that the bug has manifested, it’s probably in most people’s best interests for ICANN to fully understand went wrong and what impact it could have had on which applicants. This takes time.
ICANN vows to fight TAS bug “monkey business”
ICANN chief security officer Jeff Moss has pledged to fully disclose what new gTLD application data was leaked to which users via the TLD Application System security bug.
Talking to ICANN media chief Brad White in a video interview, Moss said:
We’re putting everyone on notice: we know what file names and user names were displayed to what people who were logged in and when. We want to do this very publicly because we want to prevent any monkey business. We are able to reconstruct what file names and user names were displayed.
ICANN has been going through its logs and will know “very specifically” what data was visible to which TAS users, he said.
The bug, he confirmed, was related to file deletions:
Under certain circumstances that were hard to replicate users that had previously deleted files could end up seeing file names of users that had uploaded a file… Certain data was being revealed to users that were not seeking data, it was just showing up on their screen.
The actual contents of the files uploaded to TAS were not visible to unauthorized users, he confirmed. There are also no reasons to believe any outside attacks occurred, he said.
He refused to reveal how many applicants were affected by the vulnerability, saying that ICANN has to first double-check its data in order to verify the full extent of the problem.
The interview reveals that the bug could manifest itself in a number of different ways. Moss said:
The problem has several ways it can express itself… we would solve it one way and it would appear another way, we would solve it another way and it would appear a third way. At some point we were just uncomfortable that we understood the core issue and that’s when we took the system offline.
TAS was taken down April 12, just 12 hours before the new gTLD application window closed.
ICANN has been providing daily updates ever since, and has promised to reveal tonight when TAS will reopen for business, for how long, and whether April 30 Big Reveal day has been postponed.
Applicants first reported the bug March 19, but ICANN did not realize the extent of the problem until later, Moss said.
In hindsight now we realized the 19th was the first expression of this problem, but at the time the information displayed made no sense to the applicant, it was just random numbers… at that point there were no dots to connect.
Here’s the video:
How the world’s biggest brands use new gTLDs
DomainIncite PRO is excited to reveal the results of the domain name industry’s first in-depth study into how the world’s biggest brands use new generic top-level domains.
In March and April 2012, we surveyed the domain name ownership and usage patterns of the world’s 100 most-valuable brands — representing over $1.2 trillion in brand value, according to Interbrand — in six gTLDs introduced since 2001.
As well as confirming the long-held belief that brand owners see little value in defensive registrations — many not even choosing to benefit from residual traffic — the survey also revealed which brands are more likely to develop their sites, which are most vulnerable to cybersquatting, and which appear to care the least about enforcing their brands.
We also examined how “cybersquatters” use the domain names they register, with some surprising results.
Privacy/proxy registration is not nearly as prevalent as many believe, our study found, and a significant portion of registrants have made no effort to monetize the domains they own that match famous brand names.
This extensive, fully illustrated report includes:
A comparison of defensive registration trends across 100 brands in six new gTLDs. How many domains are owned by the respective brands and how many are owned by third parties? How many are reserved by the registry and how many are still available for registration?
A breakdown of usage trends by gTLD in .asia, .biz, .info, .jobs, .mobi and .pro. When brand owners register domains in new gTLDs, how likely are they to develop content on those domains, and what can new gTLD registries do to encourage this desirable behavior?
An analysis of cybersquatting behavior in over 100 domain names registered to entities other than the brand owner. How much do brand owners have to worry about their brands being impaired by damaging behavior such as redirection to competing web sites or porn?
Full survey results. Subscribers have full access to the survey results, which include details of which brand-domains belong to third parties, which exhibit potentially damaging behavior, and which are currently available for registration.
DI PRO subscribers can click here for the full report.
Non-subscribers can learn how to subscribe instantly here.
First TAS security bug details revealed
The data leakage bug in ICANN’s TLD Application System was caused when applicants attempted to delete files they had uploaded, the organization has revealed.
In his latest daily update into the six-day-old TAS downtime, chief operating officer Akram Atallah wrote this morning:
ICANN’s review of the technical glitch that resulted in the TLD application system being taken offline indicates that the issue stems from a problem in the way the system handled interrupted deletions of file attachments. This resulted in some applicants being able to see some other applicants’ file names and user names.
This sounds rather like an applicant’s file names may have become visible to others if the applicant attempted to delete the file (perhaps in order to upload a revised version) and the deletion process was cut off.
Speculating further, this also sounds like exactly the kind of problem that would have been exacerbated by the heavy load TAS was under on April 12, as lots of applicants simultaneously scrambled to get their gTLD bids finalized to deadline.
Rather than being a straightforward web app, TAS is accessed via Citrix XenApp virtual machine software, which provides users with an encrypted tunnel into a Windows box running the application itself.
As you might expect with this set-up, performance issues have been observed for weeks. Every applicant logged into TAS last Thursday reported that it was running even more slowly than usual.
A security bug that only emerged under user load would have been relatively tricky to test for, compared to regular penetration testing.
But ICANN had some good news for applicants this morning: it thinks it will be able to figure out not only whose file names were leaked, but also who they were leaked to. Atallah wrote:
We are also conducting research to determine which applicants’ file names and user names were potentially viewable, as well as which applicants had the ability to see them.
This kind of disclosure would obviously be beneficial to applicants whose data was compromised.
It may also prove surprising and discomfiting to some applicants who were unwittingly on the receiving end of this confidential data but didn’t notice the rogue files on their screens at the time.
ICANN still plans to provide an update on when TAS will reopen for business this Friday. It will also confirm at the time whether it is still targeting April 30 for the Big Reveal.
Recent Comments