Latest news of the domain name industry

Recent Posts

ICANN playing ping-pong on closed generics controversy

Kevin Murphy, October 1, 2020, Domain Policy

ICANN’s board of directors has refused to comment on the issue of “closed generic” gTLDs, bouncing the thorny issue back to the community.

In its response to the SubPro working group’s draft final report this week, the board declined to be drawn on whether it thinks closed generics should be allowed in future application rounds, and urged the GNSO to figure it out, writing:

the Board is not in a position to request policy outcomes… we will base our decision on whether we reasonably believe that the policy proposal is or is not in the best interests of the ICANN community or ICANN

A closed generic is a gTLD representing a non-trademark dictionary word, where the registry is the only eligible registrant. Dozens of companies tried to snap up such TLDs in 2012

ICANN changed the rules to disallow them, based largely on government advice, before punting the issue to the community, in the form of the GNSO, back in 2015.

But despite five years of thinking, the GNSO’s SubPro working group was unable to reach a consensus on whether closed generics should be allowed or not, or whether they should be allowed, but only when there’s a “public interest” purpose.

As I noted last month, it presented three possible ways closed generics could be permitted, none of which have consensus support.

So it asked the board for guidance, and the board’s response is basically “not our problem, figure it out yourselves”.

It would be churlish to criticize the board for refusing to make policy from the top-down, of course.

Much better to wait for the next time it does make policy from the top-down, and criticize it then.

Has ICANN cut off its regulatory hands?

Kevin Murphy, October 1, 2020, Domain Policy

ICANN may have voluntarily cut off its power to enforce bans on things like cyberbullying, pornography and copyright infringement in future new gTLDs.

Its board of directors yesterday informed the chairs of SubPro, the community group working on new gTLD policy for the next round, that its ability to enforce so-called Public Interest Commitments may be curtailed in future.

A PIC is a contractual promise to act in the public interest, enforceable by ICANN through a PIC Dispute Resolution Process. All 2012 new gTLDs have them, but some have additional PICs due to the gTLD’s sensitive nature.

They were created because ICANN’s Governmental Advisory Committee didn’t like the look of some applications for gTLD strings it considered potentially problematic.

.sucks is a good example — registry Vox Populi has specific commitments to ban cyberbullying, porn, and parking in its registry agreement.

Should ICANN receive complaints about bullying in .sucks, it would be able to invoke the PICDRP and, at least in theory, terminate Vox Pop’s registry contract.

But these are all restrictions on content, and ICANN is singularly focused on not being a content regulator.

It’s so focused on staying away from content that four years ago, during the IANA transition, it amended its bylaws to specifically handcuff itself. The bylaws now state, front and center:

ICANN shall not regulate (i.e., impose rules and restrictions on) services that use the Internet’s unique identifiers or the content that such services carry or provide… For the avoidance of doubt, ICANN does not hold any governmentally authorized regulatory authority.

There’s a specific carve-out grandfathering contracts inked before October 1, 2016, so PICs agreed to by 2012-round applicants are still enforceable.

But it’s doubtful that any PICs not related to the security and stability of the DNS will be enforceable in future, the board told SubPro.

The issue is being raised now because SubPro is proposing a continuation of the PICs program, baking it into policy in what it calls Registry Voluntary Commitments.

Its draft final report acknowledges that ICANN’s not in the content regulation business, but most of the group were in favor of maintaining the status quo.

But the board evidently is more concerned. It told SubPro’s chairs:

The language of the Bylaws, however, could preclude ICANN from entering into future registry agreements (that materially differ in form from the 2012 round version currently in force) that include PICs that reach outside of ICANN’s technical mission as stated in the Bylaws. The language of the Bylaws specifically limits ICANN’s negotiating and contracting power to PICs that are “in service of its Mission.” The Board is concerned, therefore, that the current Bylaws language would create issues for ICANN to enter and enforce any content-related issue regarding PICs or Registry Voluntary Commitments (RVCs)

There’s a possibility that it could now be more difficult for future applicants to get their applications past GAC concerns or other complaints, particularly if their chosen string addresses a “highly sensitive or regulated industry”.

There was a “chuck it in the PICs” attitude to many controversies in the 2012 round, but with that option perhaps not available in future, it may lead to an increase in withdrawn applications.

Could .sucks get approved in future, without a cast-iron, enforceable commitment to ban bullying?

This ICANN comment period is a Kafkaesque nightmare

Kevin Murphy, September 29, 2020, Domain Policy

With the deadline for commenting on draft new gTLD program rules rapidly approaching, you may be tempted to visit the ICANN web site to peruse the comments that have already been submitted by others. Good bloody luck.

The way ICANN has chosen to present the comments is so bafflingly opaque, confusing and confounding that I can’t help but conclude it must have been deliberately designed to be as soul-crushing as possible.

Regular comment periods are pretty straightforward: you email your comments as prose to ICANN, ICANN publishes the email and any attachments for others to read. Everyone knows where everyone stands. Job done.

But recently there’s been a worrying trend towards a questionnaire and spreadsheet model based around Google Docs, and that’s the model being used for comments on the final draft report of the new gTLD program working group, known as SubPro.

You can check out the spreadsheet here.

The first thing you’ll notice is that the spreadsheet is 215 columns wide, with each respondent given one row for their responses.

You’ll also notice that the spreadsheet doesn’t seem to understand line breaks. Where the respondent has provided some textual commentary, it’s spread across multiple columns in some cases and not in others.

And then there’s the column headings.

While stumbling randomly through the spreadsheet, I discovered an interesting nugget of information — it seems the new gTLD registry MMX wants the next application round delayed until all of the 2012 round have been launched, which I found a bit surprising.

This nugget can be found under the column heading “Enter your response here”, a heading that is helpfully shared by 90 (ninety) other columns on the same damn page.

The heading “Do you want to save your progress and quit for now? You will be able to return to the form to complete it at a later time” appears 10 times in the document.

No information in adjacent columns sheds any light on what triggered MMX to make its comment.

In order to figure out the question for pretty much any response, the only option appears to be to cross-reference the spreadsheet with the original form questionnaire, which can be found as a PDF here.

But the questionnaire has 234 questions and there’s no straightforward correlation between the question number and the columns on the spreadsheet, which are addressed as AA through IG.

So when you see that European industry group CENTR went to the trouble to “Support Output(s) as written” in column DI, under the heading “If you choose one of the following responses, there is no need to submit comments”, it’s virtually impossible to figure out what it actually supports.

If you are able to figure out which question it was answering, that probably won’t help you much either.

The form merely contains brief summaries of changes the working group has made. To see the “Output(s) as written” you’d have to cross-reference with the 363-page draft final report (pdf).

A lot of you are probably thinking that I should just export the spreadsheet into Excel or OpenOffice and clean it up a bit. But, no, you can’t. ICANN has disabled exporting, downloading, and even copy-pasting.

It’s enough to make one feel like going out and licking the floor on public transport.

Way to go on the transparency, ICANN!

I have to believe that the ICANN staffer responsible for compiling all these comments into the official ICANN summary has some tools at his or her disposal to render this mess decipherable, because otherwise they’ve got a huge, hair-ripping job on their hands.

Of course, since there doesn’t appear to be a way for the rest of us to verify the summary report’s accuracy, they can probably just write whatever they want.

Could .cpa be the most successful new gTLD sunrise yet?

Kevin Murphy, September 25, 2020, Domain Registries

The registry for the new .cpa gTLD reckons it has received “thousands” of applications for domains during its current launch period, potentially making it the most successful gTLD sunrise since 2012.

The American Institute of Certified Public Accountants, which manages the TLD, said today:

Well over half of the 100 biggest U.S. firms — as well as an equally large percentage of the next 400 — have begun advancing their applications as part of the early phase of the .cpa registration process, which launched on Sept. 1.

Assuming “thousands” means at least 2,000, this would make .cpa a top three or four sunrise, judging by figures collected by ICANN showing Google’s .app the current volume leader at 2,908.

But we can’t assume that all the .cpa domains boasted of are trademark-verified sunrise period applications under ICANN’s rules.

AICPA is running a simultaneous Limited Registration Period during which any CPA firm can apply for domains that are “most consistent with their current digital branding” — ie, no trademark required.

Both of these periods end October 31, after which the registry will dole out domains in a batch, presumably giving preference to the sunrise applicants.

We have to assume the amount of purely defensive registrations will be relatively low, due to AICPA’s policies.

Not only are registrants limited to licensed CPA companies and individuals, but registrants have to commit to redirect their .cpa domain to their existing web site within a month and deploy a full web site within a year.

.cpa domains sell for $225 a year, according to the registry. General availability is scheduled for January 15.

ICANN 69 returning to YouTube

Kevin Murphy, September 25, 2020, Domain Policy

ICANN is to make its annual general meeting next month available streaming on YouTube, the org has announced.

That’s in addition to the Zoom rooms that have been used exclusively for meetings since the coronavirus pandemic hit at the start of the year.

The YouTube streams will be listen/view only and will have up to 30 seconds delay compared to the live Zoom rooms, which will of course continue to have interactivity.

The move will be a welcome return for those of us who need to listen in to sessions and not necessarily engage.

Unfortunately, only five “high-interest” sessions will be available, and there won’t be any live interpretation for the non-English speakers.

For the Zoom rooms, they’ll be mandatory registration before you can even view the meeting schedule. The links will be hidden behind a login screen.

This is largely due to repeated incidents of “Zoom-bombing”, where trolls interrupt proceedings with inflammatory off-topic material.

Whois plan approved, but it may be a waste of money

Kevin Murphy, September 24, 2020, Domain Policy

ICANN’s GNSO Council has approved a plan to overhaul Whois and sent it to the ICANN board for the royal assent, alongside a warning that it may be a huge waste of money.

All seven members of the Contracted Parties House voted in favor of the plan, created by the so-called EPDP working group, which would create a centralized System for Standardized Access/Disclosure for Whois records.

In the Non-Contracted Parties House, only the two members of the Intellectual Property Constituency and the two members of the Business Constituency voted against the headline resolution, with the remaining nine voting in favor.

This was sufficient to count as a supermajority, which was the threshold required.

But the board will be receiving the SSAD recommendations alongside a request for a consultation on “whether a further cost-benefit analysis should be conducted”:

Noting some of the questions surrounding the financial sustainability of SSAD and some of the concerns expressed within the different minority statements, the GNSO Council requests a consultation with the ICANN Board as part of the delivery of the GNSO Council Recommendations Report to the ICANN Board to discuss these issues, including whether a further cost-benefit analysis should be conducted before the ICANN Board considers all SSAD-related recommendations for adoption.

The cost of SSAD is currently estimated by ICANN loosely at $9 million to build and $8.9 million a year to run. Under the approved recommendations, it would be paid for by accreditation fees paid by end-user data requestors.

And the benefits?

Well, to listen to the IPC, BC, governments and security experts — collectively the expected customers of SSAD — the system will be a bit rubbish and maybe not even worth using.

They complain that SSAD still leaves ultimate responsibility for deciding whether to grant access to Whois records to trained humans at individual registries and registrars. They’d prefer a centralized structure, with much more automation, more closely resembling the pre-GDPR universe.

Contracted parties counter that if GDPR is going to hold them legally responsible for disclosures, they can’t risk offloading decision-making to a third party.

But this could prove a deterrent to adoption, and if fewer companies want to use SSAD that could mean less revenue to fund it which in turn could lead to even higher prices or the need for subsidies out of ICANN’s budget.

The IPC called the recommendations “an outcome that will not meet the needs of, and therefore will not be used by, stakeholders”.

It’s a tricky balancing act for ICANN, and it could further extend the runway to implementation.

The most likely first chance the ICANN board will get to vote on the recommendations would be the AGM, October 22, but if the GNSO consultation concludes another cost/benefit analysis is due, that would likely push the vote out into 2021.

There’s the additional wrinkle that three of ICANN’s four advisory committees, including the governments, have expressed their displeasure with the EPDP outcome, which is likely to add complexity and delay to the roadmap.

And the GNSO’s work on Whois is not even over yet.

Also during today’s meeting, the Council started early talks on whether to reopen the EPDP to address the issues of data accuracy, whether registrars should be obliged to distinguish between legal and natural persons, and whether it’s feasible to have a uniform system of anonymized email addresses in Whois records.

Should YOU have to pay when lawyers access your private Whois info?

Kevin Murphy, September 23, 2020, Domain Policy

The question of who should shoulder the costs of ICANN’s proposed Whois overhaul is being raised, with governments and others suggesting that the burden should fall on registrants themselves.

In separate statements to ICANN recently, the Governmental Advisory Committee and Security and Stability Advisory Committee both put forward the view that registrants, rather than the trademark lawyers behind most requests for private Whois data, should fund the system.

ICANN currently expects the so-called System for Standardized Access/Disclosure (SSAD), proposed after two years of talks in an ICANN community working group, to cost $9 million to build and another $9 million a year to operate.

The working group, known as the EPDP, has recommended in its final report that registrants “MUST NOT bear the costs for having data disclosed to third parties”.

Instead, it recommended that requestors themselves should pay for the system, probably via an annual accreditation fee.

But now the GAC and SSAC have issued minority statements calling that conclusion into question.

The GAC told ICANN (pdf):

While the GAC recognizes the appeal of not charging registrants when others wish to access their data, the GAC also notes that registrants assume the costs of domain registration services as a whole when they register a domain name.

While the SSAC said (pdf):

Data requestors should not primarily bear the costs of maintaining the system. Requestors should certainly pay the cost of getting accredited and maintaining their access to the system. But the current language of [EPDP Recommendation] 14.2 makes victims and defenders cover the costs of the system’s operation, which is unfair and is potentially dangerous for Internet security…

No previous PDP has protected registrants from having the costs associated with “core” registration services or the implementation of consensus policies being passed on to them. No previous PDP has tried to manipulate the functioning of market forces as is proposed in Recommendation 14.

SSAC suggested instead that registrars should be allowed to pass on the costs of SSAD to their customers, and/or that ICANN should subsidize the system.

Over 210 million gTLD domain names, $9 million a year would work out to less than five cents per domain, but one could argue there’s a principle at stake here.

Should registrants have to pay for the likes of Facebook (probably the biggest requestor of private Whois data) to access their private contact information?

The current proposed system would see the estimated $9 million spread out over a far smaller number of requestors, making the fee something like $450 per year.

EPDP member Milton Mueller did the math and concluded that any company willing to pay its lawyers hundreds of thousands of dollars to fight for greater Whois access in ICANN could certainly swallow a measly few hundred bucks a year.

But the minority objections from the GAC, SSAC and Intellectual Property Constituency do not focus wholly on the costs. They’re also bothered that SSAD doesn’t go nearly far enough to actually provide access to Whois data.

Under the current, temporary, post-GDPR system, registries and registrars basically use their own employees’ discretion when deciding whether to approve a Whois data request.

That wouldn’t change significantly under SSAD, but there would be a huge, multi-tiered system of accreditation and request-forwarding that’s been described as “glorified, overly complex and very expensive ticketing system”.

The GAC wants something much more automated, or for the policy to naturally allow increased automation over time. It also wants increased centralization, taking away much of the human decision-making at registrars out of the equation.

The response from the industry has basically been that if GDPR makes them legally liable for their customers’ data, then it’s the registries and registrars that should make the disclosure decisions.

The GAC has a great deal of power over ICANN, so there’s likely to be a bit of a fight about the EPDP’s outcomes and the future of SSAD.

The recommendations are due to be voted on by the GNSO Council at its meeting tomorrow, and as I’ve noted before, it could be tight.

Council chair Keith Drazek seems to be anticipating some lively debate, and he’s already warned fellow members that’s he’s not minded to approve any request for a delay on the vote, noting that the final report has been available for review for several weeks.

By convention, the Council will defer a vote on the request of any of its constituency groups, but this is sometimes exploited.

Should the Council approve the resolution approving the final report — which contains a request for further financial review of SSAD — then it will be forwarded to the ICANN board of directors for final discussion and approval.

But with the GAC on its case, with its special advisory powers, getting SSAD past the board could prove tricky.

Donuts to launch .contact next week

Kevin Murphy, September 23, 2020, Domain Registries

Almost a year and a half after buying it, Donuts is ready to launch its newest gTLD, .contact.

According to ICANN records, the sunrise period for the domain will run from September 29 to November 28.

Registrars report that general availability will begin December 9. Retail pricing is expected to be competitive with .com.

Donuts will also run its traditional Early Access Period, from December 2, a week during which prices start very high and decline day by day.

It will be an unrestricted space, as it Donuts’ wont, and I imagine the suggested use case is something similar to the .tel model — the publication of contact information.

Donuts acquired .contact from Top Level Spectrum for an undisclosed amount in April 2019.

Is India’s largest registrar about to go titsup? And where the hell is ICANN?

Kevin Murphy, September 21, 2020, Domain Registrars

India’s largest independent domain name registrar appears to be “doing an AlpNames”, with many customers complaining about domains going dark, transfer codes not being issued, and customer support being unavailable for weeks.

Net 4 India, which claims to have 400,000 customers, has been in insolvency proceeds for over two years, but it’s only in the last couple months that the complaints have started piling up by the scores from disgruntled customers.

A major complaint is that renewals are not processed even after they are paid for, that transfer authcodes never arrive, that customer support never picks up the phone or replies to emails, and (occasionally) that the Net4 web site itself is down.

As we saw with AlpNames last year and RegisterFly back in the mists of time, These are all the warning signs of a registrar in trouble.

On its web site, Net4 prominently warns customers that its call centers are operating on a skeleton staff due to India’s coronavirus lockdown measures, which may account for the lack of support.

But there are reports that customers have visited the company’s offices in person to find them closed.

There’s been radio silence from the registrar. Even its Twitter account is private.

Many local commentators are pointing to the fact that Net4 is in protracted insolvency proceedings as the true underlying issue.

There have been calls for government intervention, action by .in registry NIXI, ICANN enforcement, and even the Indian equivalent of a class action lawsuit. This local cyber law blogger is all over it.

But what is ICANN doing about it?

Net4 was taken to a quasi-judicial insolvency court in 2017 by a debt-recovery company called Edelweiss over the rupee equivalent of about $28 million of unpaid loans from the State Bank of India.

ICANN has been aware of this fact since at least April 2019, when it started calling the registrar for an explanation.

Under the standard Registrar Accreditation Agreement, being in insolvency for over 30 days is grounds for unilateral termination by ICANN.

ICANN could terminate the agreement and transfer all of Net4’s gTLD domain names to a different registrar pretty much at will — all the registrant data is in escrow. This would not protect Net4’s many thousands of .in registrants of course.

ICANN suspended Net4’s RAA in June last year, but Net4 somehow managed to talk its way out of it. ICANN later rescinded the suspension on the proviso that the registrar provide monthly updates regarding its insolvency.

Net4’s cure period has been extended three times by ICANN. The latest expired July 31 this year.

At least one ICANN staffer is on the case, however. ICANN’s head of India Samiran Gupta has recently been reaching out to customers on Twitter, offering his email address and assistance getting in contact with Net4 staff, apparently with some success.

But Net4 had 95,000 gTLD names under management at the last count (though it’s been hemorrhaging thousands per month) so this individual approach won’t go very far.

No ICANN meetings until 2021

Kevin Murphy, September 16, 2020, Domain Policy

Community members itching to be able to suck up to (or berate) ICANN staffers in person rather than over the phone or videoconferencing will have to wait a little longer.

The Org announced today that all face-to-face meetings have been cancelled until the end of the year due to the ongoing coronavirus pandemic.

It doesn’t affect any of the big public meetings — the AGM in October was relocated from Hamburg to Zoom a few months ago — but regular business travel and intersessional meetings are hit.

It also means ICANN staffers will continue to work from home until January at the earliest, ICANN said.

The health and safety of our community and staff are always our top concern, and we believe it is not prudent to travel or encourage gatherings until at least the end of 2020. The ongoing and long-term health impact of COVID-19 on our community and staff is a risk that we are not willing to take. In addition, the travel landscape has not yet stabilized, which makes any travel complicated and risky.

Call me a pessimist, but I’d be very surprised if this is the last time the travel ban is extended.