Latest news of the domain name industry

Recent Posts

After .org price outrage, ICANN says it has NOT scrapped public comments

Kevin Murphy, October 11, 2019, Domain Policy

ICANN this evening said that it will continue to open up gTLD registry contract amendments for public comment periods, despite posting information yesterday suggesting that it would stop doing so.

The organization recently formalized what it calls “internal guidelines” on when public comment periods are required, and provided a summary in a blog post yesterday.

It was very easy to infer from the wording of the post that ICANN, in the wake of the controversy over the renegotiation of Public Interest Registry’s .org contract, had decided to no longer ask for public comments on future legacy gTLD contract amendments.

I inferred as much, as did another domain news blogger and a few other interested parties I pinged today.

I asked ICANN if that was a correct inference and Cyrus Namazi, head of ICANN’s Global Domains Division, replied:

No, that is not correct. All Registry contract amendments will continue to be posted for public comment same as before.

He went on to say that contract changes that come about as a result of Registry Service Evaluation Process requests or stuff like change of ownership will continue to not be subject to full public comment periods (though RSEP does have its own, less-publicized comment system).

The ICANN blog post lists several scenarios in which ICANN is required to open a public comment period. On the list is this:

ICANN org base agreements with registry operators and registrars.

The word “base” raised at least eight eyebrows of people who read the post, including my two.

The “base” agreements ICANN has with registries and registrars are the 2013 Registrar Accreditation Agreement and the 2012/2017 Registry Agreement.

The RAA applies to all accredited registrars and the base RA applies to all new gTLD registries that applied in the 2012 round.

Registries that applied for, or were already running, gTLDs prior to 2012 all have bespoke contracts that have been gradually brought more — but not necessarily fully — into line with the 2012/17 RA in renewal renegotiations over the last several years.

In all cases, the renegotiated legacy contracts have been subject to public comment, but in no cases have the comments had any meaningful impact on their ultimate approval by ICANN.

The most recent such renewal was Public Interest Registry’s .org contract.

Among the changes were the introduction of the Uniform Rapid Suspension anti-cybersquatting policy, and the removal of price caps that had limited PIR to a 10% increase per year.

The comment period on this contract attracted over 3,200 comments, almost all of which objected to the price regulation changes or the URS.

But the contract was signed regardless, unaffected by the comments, which caused one registrar, NameCheap, to describe the process as a “sham”.

With this apparently specific reference to “base” agreements coming so soon thereafter, it’s easy to see how we could have assumed ICANN had decided to cut off public comment on these contentious issues altogether, but that appears to not be the case.

What this seems to mean is that when .com next comes up for renewal, it will be open for comment.

Hindu god smites Chrysler gTLD

Kevin Murphy, October 11, 2019, Domain Policy

Car-maker Chrysler has withdrawn its application for the .ram dot-brand gTLD more than six years after receiving a government objection on religious grounds.

Ram is a brand of pickup trucks manufactured by Chrysler, but it’s also a variant spelling of Rama, an important deity in the Hindu pantheon.

Back in 2013, ICANN’s Governmental Advisory Committee forwarded an objection from majority-Hindu India, later saying: “The application for .ram is a matter of extreme sensitivity for the Government of India on political and religious considerations.”

In a 19-page response (pdf), Chrysler said that Ram vehicles had been around for 75 years without offending Hindus, and that .ram was to be a restricted dot-brand that could not be used by third parties to post offensive content.

The objection appeared at a time when the GAC was not obliged to show its thinking and often deliberately obfuscated its advice. But ICANN placed .ram on hold anyway, where it has remained ever since.

Over the intervening time, Chrysler has rethought its dot-brand strategy, and last month called on ICANN to cancel five of the six gTLDs it already owns (but does not use) — .chrysler, .dodge, .mopar, .srt and .uconnect.

It’s still contracted to run .jeep, weirdly.

Top ICANN advisor Tarek Kamel dies at 57

Kevin Murphy, October 11, 2019, Domain Policy

Tarek Kamel, a senior advisor to the ICANN CEO and one-time shortlisted candidate for the top job, died yesterday, according to ICANN. He was 57.

His cause of death was not released, but he apparently had been suffering from health challenges for some time.

At ICANN, Kamel was senior advisor to the president and senior vice president for government and IGO engagement, a role he was appointed to in 2012 by then-incoming CEO Fadi Chehadé.

Kamel had been one of three shortlisted candidates for the CEO role and was hired immediately after Chehadé took over.

Born in Egypt, Kamel was considered locally as an internet pioneer, helping to found, then deregulate and reform the sector in his country.

He trained as an electrical engineer in Egypt and Germany, and is said to have established Egypt’s first connection to the internet in the mid-1990s, a period in which he also founded the local chapter of the Internet Society.

But Kamel spend much of his career in government, acting as Egypt’s minister for information and communication technology between 2004 and 2011.

His tenure ended in January 2011, as a result of the revolution which ousted President Hosni Mubarak.

During the final weeks of Mubarak’s regime, the government attempted to disrupt popular resistance by shutting down internet access across the country, causing pleas from Kamel’s friends for him to restore connectivity and preserve his legacy.

But Chehadé later defended Kamel’s actions during the revolution, telling DI in 2012 that he was not responsible for the shutdown and that he showed “near-heroism”, putting himself and his family at great personal risk, in order to restore services as quickly as possible.

Kamel was described yesterday by current CEO Göran Marby as a “dear friend” with a “big heart” and a “great sense of humor” who helped open diplomatic doors for ICANN in the Middle East.

Former ICANN chair and father of the internet Vint Cerf said “our Internet community has lost a kindred spirit so devoted to the idea of a global Internet to hold and use in common”.

He added, “if heaven does not have broadband yet, Tarek will make it so.”

Kamel is survived by his wife and two children.

Marby yesterday encouraged friends and colleagues to leave a memorial in the comments section of this blog post, assuring commenters that their words will reach Kamel’s family.

His family and friends have my condolences.

Radix acquires another gTLD

Kevin Murphy, October 7, 2019, Domain Registries

Radix has added the 10th new gTLD to its portfolio with an acquisition last month, bringing its total TLD stable to 11.

The company has acquired .uno from Missouri-based Dot Latin LLC for an undisclosed amount.

.uno, which of course means “one” in Spanish, has been around for over five years but has struggled to grow.

It’s current ranked as the 131st largest new gTLD, with 16,271 domains in its zone file. It peaked at about 22,000 about three years ago.

That said, it appears to have rather strong renewals, at least by Radix standards, with no evidence of relying on discounts or throwaway one-year registrations for growth.

.uno names can currently be obtained for roughly $12 to $20 per year.

Radix said its expects to migrate the TLD off its current Neustar back-end onto long-time registry partner CentralNic by “early 2020”.

The company appears to be excited that its only the second three-letter TLD in its portfolio.

It already runs .fun, along with the likes of .website, .tech and .online. It also runs .pw, the repurposed ccTLD for Palau.

.uno was Dot Latin’s only gTLD, though affiliated entity Dot Registry LLC signed its ICANN registry agreement for .llp (for “Limited Liability Partnership”) in August. That TLD has yet to launch.

.whoswho survives!

Kevin Murphy, October 3, 2019, Domain Registries

The registry running the failing new gTLD .whoswho has managed to avoid having its contract terminated by ICANN.

According to an update on the ICANN web site, Who’s Who Registry came back into compliance with its obligations earlier this week, meaning it can continue operating.

It had been under a cloud of uncertainty since January, when ICANN Compliance sent off a breach notice saying the company was overdue with its $25,000-a-year fees.

Who’s Who originally had until a date in February to pay up, but this deadline has been extended repeatedly over the course of the year.

Registry CEO John McCabe had told ICANN last November that the fee is “onerous” and “the single largest item in .whoswho’s budget”.

ICANN later rejected his request for a fee reduction.

.whoswho, which seeks to replicate the once-popular biography compilation books of the same name, has fewer than 100 real registrations to its name, most of which appear to be defensive, despite being live for five years.

At about $70 a pop, that’s still not nearly enough to cover ICANN fees, never mind other operating costs.

It sold barely a dozen names in the first half of this year.

I thought it was a goner for sure.

But it looks like it’s been saved from the axe for now, so maybe there’s time to turn things around.

Registrar suspended over dodgy transfers

Kevin Murphy, October 1, 2019, Domain Registrars

ICANN has suspended a Los Angeles-based registrar after failing to get answers to its questions about a bunch of domain transfer.

World Biz Domains won’t be able to sell any gTLD domains, or accept transfers, from October 16 until January 13 next year. It will also have to post ICANN’s suspension notice on its home page.

Its crime? Failing to provide ICANN with records proving that the change of registrant requests for 15 potentially valuable domain names were legitimate.

ICANN has been badgering World Biz for these records since April, but says it was given the runaround.

The domains in question — 28.net, 68.net, 88.org, changi.com, tay.net, goh.net, koh.net, kuantan.com, yeong.com, merlion.org, og.net, raffles.net, sentosa.org, sg.org and shenton.com — all appear to have been registered to a Singaporean investor using the registrar DomainDiscover until about a year ago.

The non-numeric names all have significance to Singapore or neighboring Malaysia one way or the other. Some of them are arguably UDPR fodder.

Shenton is a busy street and hotel in the city, Merlion is Singapore’s lion mascot, Sentosa is a Singaporean island, and Raffles is of course the name of the famous hotel. Other domains on the list are common Chinese surnames used by Singaporeans.

It appears that about a year ago, according to DomainTools’ historical Whois records, they were transferred to World Biz and put under privacy protection.

There’s no specific claim in ICANN’s notice that any domain hijacking has taken place, but it’s easy to infer that the original registrant was for some reason not happy that the domains changed hands and therefore complained to ICANN.

Some of the domains in question have since been transferred to other registrars and may have been returned to the original registrant.

If ICANN’s track record of demanding records is any guide, this will not help World Biz come into compliance.

Should it be terminated, it looks like very few registrants will be affected.

While World Biz at one point had over 5,000 gTLD domains under management, it’s been shrinking consistently for the best part of a decade and in May had just 74 DUM.

September last year, when the domains in question moved to World Biz, was the company’s most-successful month in terms of inbound transfers — 17 domains — since I started tracking this kind of data nine years ago.

ICANN’s babysitting fund goes live

Kevin Murphy, October 1, 2019, Domain Policy

ICANN has started accepting applications for its childcare grants program.

As previously reported, ICANN plans to offer up to $750 per family to community members who have no choice but to show up to its meetings with their offspring in tow.

The money is designed to cover childcare costs while the parent attends sessions at ICANN’s thrice-yearly public meetings.

ICANN will not be providing any on-site childcare itself, nor will it approve any providers.

The program is in a pilot, covering the next three meetings.

The current application period, for ICANN 67 in Cancun, Mexico next March, runs until November 20. The application form wouldn’t open for me.

Full details can be found here.

PIR’s “new” .org domain is just temporary. Help it pick another new one!

Kevin Murphy, September 18, 2019, Domain Registries

Public Interest Registry unveiled a fancy new set of logos and a swanky new web site yesterday, but CEO Jon Nevett tells us that its new domain name is temporary.

The new site and logos are undeniably superior to those they replace, but what raised eyebrows was the fact that the non-profit company has replaced its old pir.org domain with thenew.org, and deprecated the PIR brand almost entirely on its site.

The old PIR domain now redirects to the new thenew one, but the older domain still ranks higher in search engines.

But Nevett tells us it’s not a permanent move.

“Think of it more as a marketing campaign,” Nevett said. “This is a limited campaign, then we’ll move to another name.”

The campaign is basically about PIR going back to its roots and repositioning itself as the .org guys.

It’s only been six years since PIR last rebranded. In September 2013, the company started calling itself “Your Public Interest Registry” in its logo, deliberately playing down the “.org”.

Then-CEO Brian Cute told us at the time that playing up .org “made a lot of sense when we were a single-product company” but that with the imminent launch of sister TLDs .ngo and .ong, the decision was made to lead with the PIR branding instead.

.ngo and .ong — for “non-governmental organization” in English and other languages — haven’t exactly flown off the shelves. Neither one has ever topped 5,000 domains under management, while .org, while declining for a few years, still sits comfortably at over 10 million domains.

“I wouldn’t say so,” Nevett said, when I asked him whether PIR is now essentially back to being a single-product company. “But .org is the flagship, and we’re going back to leading with .org as the key brand. It’s what we’re known for and to say otherwise would be silly.”

People outside the industry have no idea what PIR is, he said, but they all know what .org is.

Some suspect that the rebranding is a portent of PIR gearing up to raise prices, given its newly granted ability to up its registry fees beyond the 10% annual price increase cap that it has it has been to date contractually bound to.

But Nevett said the rebranding is “not at all related to a price increase”. He told me several times that PIR still has “no plans to raise prices”.

He said the rebranding was first put in motion over a year ago, after Cute’s departure but before Nevett’s hiring, during Jay Daley’s interim interregnum.

Anyway, here are the new logos:

PIR logos

To the untrained eye, like both of mine, the new, primary .org logo may just look like two blue circles and the word “org”, but PIR’s press release tells us it’s communicating so much more:

The open “ORG” lettering on either side of the sphere signals that .ORG is an open domain for anyone; it serves as a powerful and inclusive global connector. The logo uses a deep royal blue, evoking feelings of trust, security, and reliability that reflect .ORG’s long-standing reputation.

Because I don’t want to alienate any of PIR’s utterly lovely public relations agency people (the same PR agency that came up with the new branding), I’m not going to pass any comment whatsoever on this piffle.

I think the new logos and web site are improvements. They’re also long-term investments, while the new domain name is not.

“For three to six months we’ll be leading with the marketing campaign of thenew.org, after that we’ll be using a new name as the lead,” Nevett said.

But it won’t be back to pir.org or thenew.org, he said.

Which begs the question: what domain will PIR switch to?

During the course of our conversation, Nevett made the mistake of asking me what I thought the next domain should be, and I made the mistake of saying that I should open the question up to my readers.

So… what should PIR’s next domain be?

Be nice.

Sixty gTLD registries not monitoring security threats

Kevin Murphy, September 18, 2019, Domain Registries

Roughly 5% of gTLD registry operators have been doing no abuse monitoring, despite contractual requirements to do so, a recent ICANN audit has found.

ICANN checked with 1,207 registries — basically all gTLDs — between November 2018 and June, and found about 60 of them “were not performing any security threat monitoring, despite having domains registered in their gTLDs”.

A further 180 (15%) were not doing security checks, but had no registered domains, usually because they were unused dot-brands. ICANN told these companies that they had to do the checks anyway, to remain in compliance.

In all cases, ICANN said, the registries remediated their oversights during the audit to bring their gTLDs back into compliance.

ICANN does not name the non-compliant registries in the summary of the audit’s results, published yesterday (pdf).

Registries under the 2012 new gTLD base registry agreement all have to agree to this:

Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request.

It’s possible to keep tabs on abuse by monitoring domain blocklists such as SpamHaus, SURBL and PhishTank. Some such lists are freely available, others carry hefty licensing fees.

ICANN itself monitors these lists through its Domain Abuse Activity Reporting project, so it’s able to work out the differences between the levels of abuse registries report and what the empirical data suggests.

Registries typically either use these lists via in-house tools or license products provided by vendors such as Neustar, RegistryOffice, Knipp, CSC, DOTZON, Afnic, AusCERT, Shadowserver, Telefonica, Secure Domain Foundation and Netcraft, ICANN said.

Perhaps unsurprisingly, there’s a bit of disagreement between ICANN and some registries about how the somewhat vague obligations quote above are be interpreted.

ICANN thinks registries should have to provide information about specific domains that were identified as abusive and what remediation actions were taken, but some registries think they only have to provide aggregate statistical data (which would be my read of the language).

The contracts also don’t specify how frequently registries much carry out security reviews.

Of the 80% (965) of registries already in compliance, 80% (772) were doing daily abuse monitoring. Others were doing it weekly, monthly, or even quarterly, ICANN found, all of which appear to be in line with contractual requirements.

ICANN must do more to fight internet security threats [Guest Post]

ICANN and its contracted parties need to do more to tackle security threats, write Dave Piscitello and Lyman Chapin of Interisle Consulting.

The ICANN Registry and Registrar constituencies insist that ICANN’s role with respect to DNS abuse is limited by its Mission “to ensure the stable and secure operation of the internet’s unique identifier systems”, therefore limiting ICANN’s remit to abuse of the identifier systems themselves, and specifically excluding from the remit any harms that arise from the content to which the identifiers point.

In their view, if the harm arises not from the identifier, but from the thing identified, it is outside of ICANN’s remit.

This convenient formulation relieves ICANN and its constituencies of responsibility for the way in which identifiers are used to inflict harm on internet users. However convenient it may be, it is fundamentally wrong.

ICANN’s obligation to operate “for the benefit of the Internet community as a whole” (see Bylaws, “Commitments”) demands that its remit extend broadly to how a domain name (or other Internet identifier) is misused to point to or lure a user or application to content that is harmful, or to host content that is harmful.

Harmful content itself is not ICANN’s concern; the way in which internet identifiers are used to weaponize harmful content most certainly is.

Rather than confront these obligations, however, ICANN is conducting a distracting debate about the kinds of events that should be described as “DNS abuse”. This is tedious and pointless; the persistent overloading of the term “abuse” has rendered it meaningless, ensuring that any attempt to reach consensus on a definition will fail.

ICANN should stop using the term “DNS abuse” and instead use the term “security threat”.

The ICANN Domain Abuse Activity Reporting project and the Governmental Advisory Committee (GAC) use this term, which is also a term of reference for new TLD program obligations (Spec 11) and related reporting activities. It is also widely used in the operational and cybersecurity communities.

Most importantly, the GAC and the DAAR project currently identify and seek to measure an initial set of security threats that are a subset of a larger set of threats that are recognized as criminal acts in jurisdictions in which a majority of domain names are registered.

ICANN should acknowledge the GAC’s reassertion in its Hyderabad Communique that the set of security threats identified in its Beijing correspondence to the ICANN Board were not an exhaustive list but merely examples. The GAC smartly recognized that the threat landscape is constantly evolving.

ICANN should not attempt to artificially narrow the scope of the term “security threat” by crafting its own definition.

It should instead make use of an existing internationally recognized criminal justice treaty. The Council of Europe’s Convention on Cybercrime is a criminal justice treaty that ICANN could use as a reference for identifying security threats that the Treaty recognizes as criminal acts.

The Convention is recognized by countries in which a sufficiently large percentage domain names are registered that it can serve the community and Internet users more effectively and fairly than any definition that ICANN might concoct.

ICANN should also acknowledge that the set of threats that fall within its remit must include all security events (“realized security threats”) in which a domain name is used during the execution of an attack for purposes of deception, for infringement on copyrights, for attacks that threaten democracies, or for operation of criminal infrastructures that are operated for the purpose of launching attacks or facilitating criminal (often felony) acts.

What is that remit?

ICANN policy and contracts must ensure that contracted parties (registrars and registries) collaborate with public and private sector authorities to disrupt or mitigate:

  • illegal interception or computer-related forgery,
  • attacks against computer systems or devices,
  • illegal access, data interference, or system interference,
  • infringement of intellectual property and related rights,
  • violation of laws to ensure fair and free elections or undermine democracies, and
  • child abuse and human trafficking.

We note that the Convention on Cybercrime identifies or provides Guidance Notes for these most prevalently executed attacks or criminal acts:

  • Spam,
  • Fraud. The forms of fraud that use domain names in criminal messaging include, business email compromise, advance fee fraud, phishing or other identity thefts.
  • Botnet operation,
  • DDoS Attacks: in particular, redirection and amplification attacks that exploit the DNS
  • Identity theft and phishing in relation to fraud,
  • Attacks against critical infrastructures,
  • Malware,
  • Terrorism, and,
  • Election interference.

In all these cases, the misuse of internet identifiers to pursue the attack or criminal activity is squarely within ICANN’s remit.

Registries or registrars should be contractually obliged to take actions that are necessary to mitigate these misuses, including suspension of name resolution, termination of domain name registrations, “unfiltered and unmasked” reporting of security threat activity for both registries and registrars, and publication or disclosure of information that is relevant to mitigating misuses or disrupting cyberattacks.

No one is asking ICANN to be the Internet Police.

The “ask” is to create policy and contractual obligations to ensure that registries and registrars collaborate in a timely and uniform manner. Simply put, the “ask” is to oblige all of the parties to play on the same team and to adhere to the same rules.

This is unachievable in the current self-regulating environment, in which a relatively small number of outlier registries and registrars are the persistent loci of extraordinary percentages of domain names associated with cyberattacks or cybercrimes and the current contracts offer no provisions to suspend or terminate their operations.

This is a guest editorial written by Dave Piscitello and Lyman Chapin, of security consultancy Interisle Consulting Group. Interisle has been an occasional ICANN security contractor, and Piscitello until last year was employed as vice president of security and ICT coordination on ICANN staff. The views expressed in this piece do not necessary reflect DI’s own.