Latest news of the domain name industry

Recent Posts

One year on, Namecheap still fighting aborted .org takeover and may target GoDaddy and Donuts next

Kevin Murphy, February 5, 2021, Domain Registrars

Even though Ethos Capital’s proposed takeover of Public Interest Registry was rejected last May, registrar Namecheap is still doggedly pursuing legal action against ICANN’s handling of the deal, regardless.

The Independent Review Process complaint filed last February is still active, with Namecheap currently fighting a recent ICANN motion to dismiss the case.

The company is also demanding access to information about GoDaddy’s acquisition of Neustar and Donuts’ acquisition of Afilias, and is threatening to file separate actions related to both those deals.

Namecheap has essentially two beefs with ICANN. First, that it should not have lifted price caps in its .org, .biz and .info registry contracts. Second, that its review of Ethos’ bid for PIR lacked the required level of transparency.

ICANN’s trying to get the IRP complaint thrown out on two fairly simple grounds. First, that Namecheap lacks standing because it’s failed to show a lack of price caps have harmed it. Second, that it rejected the PIR acquisition, so Namecheap’s claims are moot.

In its motion to dismiss (pdf), its lawyers wrote:

Namecheap’s entire theory of harm, however, is predicated on the risk of speculative future harm. In fact, nearly every explanation of Namecheap’s purported harm includes the words “may” or “potential.” Namecheap has not identified a single actual, concrete harm it has suffered.

Namecheap’s claims related to the Change of Control Request should be dismissed because ICANN’s decision not to consent to the request renders these claims moot
and, separately, Namecheap cannot demonstrate any harm resulting from this decision.

In December, Namecheap had submitted as evidence two analyses of its business prospects in the event of registry price increases, one compiled by its own staff, the other prepared by a pair of outside expert economists.

While neither shows Namecheap has suffered any directly quantifiable harm, such as a loss of revenue or customers, Namecheap argues that that doesn’t matter and that the likelihood of future harm is in fact a current harm.

A mere expectation of an increase in registry prices is sufficient to show harm. This is because such expectation reduces Namecheap’s expected profits and its net present value.

It further argues that if Namecheap was found to not have standing, it would give ICANN the ability to evade future IRP accountability by simply adding a 12-month delay to the implementation of controversial decisions, pushing potential complainants outside the window in which they’re able to file for IRP.

On the PIR change of control requests, Namecheap says it’s irrelevant that ICANN ultimately blocked the Ethos acquisition. The real problem is that ICANN failed in its transparency requirements related to the deal, the company claims.

The fact that ICANN withheld its consent is no excuse for refusing to provide full transparency with respect to the actions surrounding the proposed acquisition and ICANN’s approval process. Namecheap’s claims relate to the non-transparent process; not the outcomes of such process. Irrespective of the outcome, lack of transparency increases the level of systemic risk in Namecheap’s business environment.

How did ICANN come to its decision? Was an imminent request for a change of control known to ICANN, when it took the decision to remove the price control provisions? What was discussed in over 30 hours of secret meetings between ICANN org and the Board? What discussions took place between ICANN, PIR and other entities involved? All these questions remain unanswered

Namecheap refers to two incidents last year in which ICANN hid its deliberations about industry acquisitions by conducting off-the-books board discussions.

The first related to the PIR deal. I called out ICANN for avoiding its obligation to provide board meeting minutes in a post last May.

The second relates to the board’s consideration of Donuts’ proposed (and ultimately approved) acquisition of Afilias last December. Again, ICANN’s board discussed the deal secretly prior to its official, minuted December 17 meeting, thereby avoiding its transparency requirements.

In my opinion, this kind of bullshit has to stop.

Namecheap is also now threatening to bring the Afilias deal and GoDaddy’s acquisition of Neustar’s registry business last April into the current IRP, or to file separate complaints related to them, writing in its response to ICANN’s motion (pdf):

Namecheap seeks leave to have ICANN’s actions and inactions regarding its consideration of the Neustar and Afilias changes of control reviewed by this IRP Panel. If, per impossibile such leave is not granted, Namecheap reserves all rights to initiate separate proceedings on these issues.

The deals are similar because both involve the change of control of legacy gTLD contractors with millions of domains under management that have recently had their price caps lifted — Afilias ran .info and Neustar ran .biz.

Defensive windfall on the cards for .spa? It’s not just for spas any more

Kevin Murphy, February 3, 2021, Domain Registries

Forthcoming new gTLD .spa has published its planned launch dates and registrations policies, and it’s not just for spas any more.

Asia Spa and Wellness Promotion Council, the registry, has informed ICANN that it plans to take .spa to sunrise for 30 days starting April 20 and expects to go to general availability around the start of July.

But despite being a “Community” gTLD under ICANN rules, it appears to be also marketing itself at any Italian company that uses the S.p.A corporate suffix, which is generally equivalent to the US Inc/Corp and UK Plc.

According to its eligibility criteria (pdf), under the heading “Coincidental Community Guidelines”, proof of an Italian business address should be enough for any SpA company to qualify to register.

The registry’s web site at nic.spa currently says:

Apart from the spa and wellness industry, .spa can also be a abbreviation to represent:

  • Società per Azioni (a form of corporation in Italy, Public Limited Companies By Shares)
  • Sociedad por acciones (Joint-stock company in South American Countries)

This offers a great opportunity for entitles in Italy and South American Countries to registered a wonderful name.

This is interesting, because ASPWC applied for .spa as a Community applicant dedicated to the spa and wellness industry.

The primary reason it’s getting to run .spa rather than rival applicant Donuts is that ASPWC won a Community Priority Evaluation, enabling it to avoid a potentially costly auction against its deeper-pocketed competitor.

There’s no mention of Italians or South Americans in its 2015 CPE result (pdf).

Donuts fought the CPE result in ICANN’s Cooperative Engagement Process for three years, but eventually backed away for unknown reasons.

In its original application, ASWPC spends a lot of time discussing its “intended use” of .spa and possible overlap with other meanings of the string. Among this text can be found:

The use of “S.p.A.” as a short form for the Italian form of stock corporation: “Società Per Azioni” is also relatively much less prevalent than the word as intended for the spa community. Furthermore, a more proper and popular way of denoting the form of corporation is “S.p.A.” with the periods included. While this is an important usage of the string “SpA”, the Registry believes that it should not take away from the significant meaning of the word “spa” in its intended use for the spa community as a TLD. Furthermore, additional preventive measures can be put in place to mitigate against any concerns for abusive utilization of the TLD in this manner.

I could find no text explicitly ruling out the Italian corporate use in the application, nor could I find any indication that it was part of the hard-C “Community” upon whose behalf ASWPC was applying for, and eventually won, the gTLD.

The application does seem to envisage some kind of reserved names list that could include S.p.A companies, but that doesn’t appear to be what the registry has in mind any more.

Two more dot-brands take the easy way out

Kevin Murphy, February 3, 2021, Domain Registries

A US insurance giant with close to $50 billion in annual revenue has taken the decision to kill off its two dormant dot-brand gTLDs.

Nationwide Mutual Insurance has informed ICANN that it wants to cancel its .nationwide and .onyourside gTLD contracts.

Neither was being used beyond the obligatory nic.example web sites.

In fact, it appears that Nationwide cared so little about its dot-brands that both NIC sites inadvertently plug another, unaffiliated gTLD.

nationwide

The text on both sites reads:

To better serve our members, Nationwide has secured a top-level domain.

Now, when you visit a Nationwide.Insurance website, you can have confidence that it’s from the company you trust – Nationwide.

But Nationwide does not run .insurance, that’s owned by fTLD. It does however have nationwide.insurance registered and parked with the same messaging.

They’re the 87th and 88th dot-brands to cancel their ICANN registry agreements.

Eight years after asking, Israel to get its Hebrew ccTLD

Kevin Murphy, February 3, 2021, Domain Registries

Israel is likely to be awarded the Hebrew-script version of its ccTLD, at a meeting of ICANN’s board of directors next week.

ICANN is poised to approved ישראל. (the dot goes on the right, in accordance with Hebrew writing practice), which means “Israel”, on February 8.

The beneficiary will be not-for-profit ISOC-IL, which has been running .il for the last 25 years. The Latin-script version currently has just shy of 270,000 domains under management.

ISOC-IL first expressed its interest in an internationalized domain name ccTLD (pdf) in 2012, but only received final technical approval from ICANN last May.

The proposal appears to have been held up by government delays in selecting a registry operator — government approval is a requirement under ICANN’s increasingly inappropriately named IDN ccTLD “Fast Track” program, which began in 2009.

It’s debatable how much demand there is for Hebrew domains. There are fewer than 10 million speakers in the world and most are very familiar with the Latin script.

Verisign’s gTLD קום., a transliteration of .com, has fewer than 1,700 domains in its zone file today, and is on a downward trend, two years after launch. Most are registered via local registrar Domain The Net, which had planned to compete with ISOC-IL for the IDN contract.

Time is running out for Net4 as ICANN questions Indian court ruling

Kevin Murphy, February 1, 2021, Domain Registrars

Struggling registrar Net 4 India has been hit with an unprecedented fourth concurrent breach-of-contract notice by ICANN, but an Indian court has ruled that ICANN should NOT terminate its accreditation.

It also turns out that Public Interest Registry wants to terminate its Registry-Registrar Agreement with Net4, after it failed to deposit about $22,000 in its account to cover renewal fees, putting 1,644 .org domains at risk.

The latest ICANN breach notice is much the same as the two delivered in December, both of which suggest that Net4 has been transferring its customers’ domains to a partner registrar, OpenProvider, without the registrants’ knowledge or consent.

They further suggest that Net4 has not enabled its customers to renew their domains or reclaim them after they’ve expired, and claim that the company has consistently refused to hand over records proving that its disputed transfers were legit.

Net4 also owes ICANN thousands in past due fees.

The company has been in quasi-judicial insolvency proceedings since 2017 over $28 million in unpaid bank loans that were acquired by a debt recovery agency called Edelweiss; its first breach notice came two years later when ICANN first learned of the case.

For some reason, ICANN did not terminate or suspend Net4’s contract back then.

With hindsight, this may have proven a bad move — during India’s first coronavirus lockdown last year, hundreds of Net4 customers started complaining about lost domains and non-existent customer service.

It was not until December last year that these complaints were escalated to the level of formal breach notices, and more threats to terminate its Registrar Accreditation Agreement.

Net4, in response, asked its insolvency court for a ruling preventing ICANN and PIR from terminating their respective agreements. It reckons it can get is house in order in the next five or six weeks.

ICANN presented what appears to be a wealth of evidence of the company’s misconduct and argued that the court has no jurisdiction over ICANN anyway, because the RAA is governed by California law and ICANN has no presence in India.

Nevertheless, the National Company Law Tribunal in New Delhi has ruled, in a virtually impenetrable word soup of a document (pdf) that reads like it was vomited up by a Victorian-era college freshman who’d just rolled up and smoked an entire legal dictionary, that ICANN and PIR should not “terminate these agreements at least until three months from hereof”.

That would stay Net4’s executive until April 25. The latest ICANN breach notice gives the company until February 19 to come back into compliance, though technically there’s nothing stopping it starting termination proceedings today based on past notices.

The orders given to ICANN and PIR are more “requests”, due to the fact that the court couldn’t decide whether its words had any jurisdictional power over either.

Rather hilariously, ICANN said in a press release late Friday:

When a registrar fails to allow registrants to renew, transfer, and manage their domain names, ICANN will not hesitate to take whatever actions are necessary, up to and including termination of the registrar, to protect registrants’ rights and interests.

These are words that ring hollow, given that it’s allowed Net4 to slide three times already and has been hesitating since June 2019.

New rules could stop registries ripping off big brands

Kevin Murphy, January 25, 2021, Domain Policy

New gTLD registries could be banned from unfairly reaching into the deep pockets of famous brands, under proposed rules soon to be considered by ICANN.

A recommendation approved by the GNSO Council last Thursday targets practices such as using reserved and premium lists to block trademark owners from registering their brands during sunrise periods, or charging them exorbitant fees.

It’s believed to target new TLDs that hope to copy controversial practices deployed by the likes of .sucks, .feedback and .top in the 2012 gTLD round.

The recommendations came in the final report of Review of All Rights Protection Mechanisms (RPMs) in All gTLDs working group, which suggests over 30 tweaks to policies such as Sunrise, Trademark Claims, Trademark Clearinghouse and Uniform Rapid Suspension.

While the recommendations almost all received full consensus of the working group, that’s largely because the group could not agree to any of the major changes that had been demanded by the intellectual property lobby.

The aforementioned RPMs will therefore not change a great deal for the next batch of new gTLD applicants.

Even the recommendation about not ripping off big brands is fairly weak, and may well be watered down to homeopathic levels by the forthcoming Implementation Review Team, which will be tasked with turning policy into practice.

This is the recommendation:

Sunrise Final Recommendation #1

The Working Group recommends that the Registry Agreement for future new gTLDs include a provision stating that a Registry Operator shall not operate its TLD in such a way as to have the effect of intentionally circumventing the mandatory RPMs imposed by ICANN or restricting brand owners’ reasonable use of the Sunrise RPM.

Implementation Guidance:

The Working Group agrees that this recommendation and its implementation are not intended to preclude or restrict a Registry Operator’s legitimate business practices that are otherwise compliant with ICANN policies and procedures.

The idea is that ICANN Compliance could come down on registries deploying unfair rules designed to rip off trademark owners.

Practices that have come in for criticism in the past, and are cited in the report, include:

.top’s attempt to charge Facebook $30,000 for facebook.top

.feedback registering thousands of brand-match domains to itself

.sucks placing brand-match domains in an expensive premium pricing tier

Famous Four Media doing the same thing

The working group could not agree on whether any of these should be banned, and it looks like the IRT will have a lot of wriggle room when it comes to interpret the recommendation.

Now that the GNSO Council has approved the RPM working group’s final report (pdf), it will be passed to the ICANN board of directors for consideration before the nitty-gritty work of translating words into reality begins.

Crackdown looms for new gTLD auction gaming

Kevin Murphy, January 21, 2021, Domain Policy

ICANN will be urged to consider taking a stronger position against companies who apply for new gTLDs simply to lose them at auction or immediately flip them to others.

A community working group, known as SubPro and tasked with developing rules for the next new gTLD round, delivered its final Final Report this week, and the one area that failed to gain a designation of “consensus” or stronger was private auctions.

In the 2012 application round, several companies applied for large portfolios of strings that look — in hindsight at least — like efforts to game the system by forcing rivals to auctions they planned to deliberately use.

Companies such as MMX made millions losing auctions during the round, some of which was reinvested in winning auctions for other TLDs.

Applicant Nu Dot Co was notable for losing every private auction it participated in, then quickly flipping its successful .web application when Verisign stepped up with a $135 million bankroll.

While it’s difficult to know the extent to which this was all planned in advance, it proved the business model — filing spurious applications for new gTLDs you have no intention of launching — could be lucrative in future rounds.

But SubPro has put forward a slew of recommendations that, should they pass the remaining hurdles of the policy development track, could bring in substantial sanctions for those applicants and registries found to be gaming the system.

The SubPro recommendations are heavily buttressed with square parentheses, indicating disputed text, and supplemented by some minority statements from members of the working group who think that private auctions should be banned outright in future application rounds.

But the headline recommendation, numbered 35.3, is this:

Applications must be submitted with a bona fide (“good faith”) intention to operate the gTLD. Applicants must affirmatively attest to a bona fide intention to operate the gTLD clause for all applications that they submit.

Far from merely providing a check-box assertion that they’re legit, which would itself be easily gamed, applicants would also find their applications scrutinized by ICANN and its external evaluators to check for signs of a lack of bona fides.

Factors used to determine shadiness could include how many applications for contested strings are applied for, how many private auctions are lost, whether the successful applicant has not launched its gTLD within two years, and whether contracts are flipped within the first year.

SubPro discussed penalties for gaming could include the loss of registry contracts, a ban from future rounds or straight-up monetary fines. But the group did not put forward any recommendations.

SubPro couldn’t seem to come to agreement on most of this. The recommendations were determined to have “strong support but significant opposition” during the group’s recent consensus call.

One strong objection came from a somewhat diverse group of SubPro participants comprising Alan Greenberg (At-Large), Christopher Wilkinson (At-Large), Elaine Pruis (Verisign), George Sadowsky (Afilias/ISOC), Jessica Hooper (Verisign), Jim Prendergast (consultant), Jorge Cancio (Swiss government, but signed in a personal capacity) and Kathryn Kleiman (non-commercial users). They said:

The recommendations in the final report are a mix of overly complex disclosures and attestations that needlessly complicate the program to allow for private auctions. And they will not work. The only way to prevent a repeat of the activity from the 2012 round is to ban private auctions

They also claimed that allowing private auctions would putter smaller, niche and community applicants at a disadvantage, and that ICANN’s reputation would be harmed if it was seen to be overseeing gaming.

The At-Large Advisory Committee also issued a strong objection to private auctions along the same lines:

We remain concerned about attempts to “game” the application process through use of private auction and share the ICANN Board’s concerns on the consequences of shuffling of funds between private auctions. The ability for a loser to apply proceeds from one private auction to fund their other private auctions only really benefits incumbent registry operators or multiple-string applicants and clearly disadvantages single-TLD/niche applicants. We believe there should be a ban on private auctions, and that by mandating ICANN only auctions, the proceeds of ICANN auction can be directed for uses in public interest

The assumption there of course is that an ICANN “last resort” auction, in which the winning bid is funneled into ICANN’s cash pile, would be spent on stuff genuinely in the public interest, rather than frittered away on secretly settling employee lawsuits or indulging in more expensive, self-important navel-gazing.

Perhaps unsurprisingly, the ICANN board of directors has indicated that it prefers the idea of last resort auctions to private auctions.

But SubPro has also made some recommendations that could potentially keep the price of last-resort bids down, completely redesigning the auction process compared to the 2012 round.

If the recommendations are implemented, applicants would have to submit bids towards the start of the application process, when they don’t even know who they’re bidding against.

After all the applications have been submitted, ICANN evaluators would group them all according to whether they’re identical or confusingly similar to each other, then inform each applicant in a contention set how many bidders — but not their identities — they’re up against.

Applicants would then have to submit a sealed bid stating the maximum price they’d be willing to pay for the gTLD in question. It would be only after “reveal day”, when ICANN publishes the applications themselves, that everyone would learn who they’re bidding against.

They’d then be able to engage in private resolutions (auctions could come into play at this point), but it would only be after contention resolution phases such as objections and Community Priority Evaluations were complete that applicants would find out who’d submitted the highest bid.

The winning bidder would pay the amount of the second-highest bid to ICANN.

The 400-page final report (pdf), along with the minority statements, will now be sent to the GNSO Council for approval, before it makes its way to the ICANN board.

Given how much work remains to be done on private auctions and other issues that I’ll get to in later coverage, it seems that a lot of the mechanics of how contention resolution will work will have to be devised by ICANN and the community during the Implementation Review Team and Operation Design Phase phases, along with at least one round of commentary on at least one edition of the next Applicant Guidebook.

The next round of new gTLDs has moved a step closer, but it’s still going to be well over a decade after the last application window before we see the next one.

Would-be new country wants to share another country’s ccTLD

Kevin Murphy, January 21, 2021, Domain Policy

What do you do if you’re the government of a country without a ccTLD, because the rest of the world does not recognize you as a country?

Perhaps the strangest solution to this predicament is to ask another country with a semantically meaningful ccTLD of its own if you can share that national resource.

And that’s reportedly what the government of Somaliland has done, reaching out to Sierra Leone for permission to use its .sl TLD.

According to the Somaliland Chronicle, its IT minister has written to his counterpart in Sierra Leone to propose “a commercial partnership with your esteemed office regarding the internet Top Level Domain”.

The east African country, which has its own government and a small degree of international recognition, is not currently acknowledged by the United Nations — it’s considered part of neighboring Somalia — and as such does not qualify for a ccTLD under International Standards Organization (and therefore ICANN) policies.

The minister has reportedly forbidden the use of Somalia’s .so domain, and the government itself uses a .org.

Sierra Leone, on the other side of the continent, uses .sl, which would also be the perfect choice for Somaliland if it were not already taken.

It’s not clear to what extent Somaliland wishes to share the ccTLD, but if it were to go as far as full joint ownership that would be unusual indeed.

Of course, the quickest way into the DNS root in its own right could be to apply for a memorable, relevant gTLD in ICANN’s next application round, which is probably not too many years away right now.

In 2012, there were several applications for geo-gTLDs representing regions that want, to a greater or lesser extent, independence.

This trail was over course blazed almost in 2003 by Catalonia’s .cat and now includes the likes of .scot (Scottish), .eus (Basques) and .krd (Kurds).

New gTLD consultants, start your engines.

153 registrars fingered for ICANN security probe

Kevin Murphy, January 18, 2021, Domain Registrars

Registrars will be asked to account for abusive domain names found on their services, under a new ICANN security audit.

ICANN says it will soon send requests for information to 153 registrars, asking them to provide documentation showing how they dealt with domains used for distribution of malware or spam.

Registrars will get audited if more than five domains under their sponsorship showed up on a number of block-lists ICANN uses (SpamHaus and the like) during November 2020.

ICANN is spinning the number of affected registrars as a very small percentage of the accredited base, but it really isn’t.

It said that “only” 153 out of 2,380 accredited registrars are affected, apparently willfully ignoring the fact that well over 1,700 of these registrars are shell accreditations used for drop-catching and belonging to just two companies: Web.com and NameBright.

Domains never stick around at drop-catch shells for long, and abusive registrants typically aren’t buying expensive names on the aftermarket, they’re prowling the budget registrars for sub-dollar bargains and bulk-reg tools.

Up to a couple hundred or other accredited registrars have no or negligible domains under management. Several more are corporate registrars with no retail front-end.

So we’re really looking at “only” 153 out of 500 to 600 active retail registrars that saw the required level of abuse, a much higher percentage than would be ideal.

The audit is part of ICANN’s regular Contractual Compliance Audit Program, which seeks to determine whether any registrars or registries are in breach of their contractual obligations.

Under the 2013 Registrar Accreditation Agreement, registrars are obliged to document their responses to abuse reports, keep the data for two years, and hand it over to ICANN on demand.

ICANN hopes to finish the audit by the third quarter this year.

ICANN axes Cancun again. Apparently there’s a pandemic

Kevin Murphy, January 18, 2021, Domain Policy

ICANN has formally confirmed that its seventieth public meeting will be online-only, disappointing restaurateurs and sex workers in Cancun, Mexico for the second year running.

The meeting will also be mercifully shorter, with two days cut from its running time. The new dates are March 22 to March 25. Thankfully, ICANN actually announced the date change this time around.

ICANN top brass had indicated as far back as October that Cancun was very unlikely to go ahead as an in-person meeting.

It will be the fourth consecutive meeting to be held via Zoom since the coronavirus pandemic began a year ago. My guess is it won’t be the last.

The next meeting this year is slated to take place in The Hague in late June, but I think only an strident optimist or denialist could imagine that actually happening.