Latest news of the domain name industry

Recent Posts

Single/plural gTLD combos to be BANNED

Kevin Murphy, August 27, 2020, Domain Policy

Singular and plural versions of the same string will be banned at the top level under proposed rule changes for the next round of new gTLDs.

The final set of recommendations of ICANN’s New gTLDs Subsequent Procedures working group (SubPro), which were published after four years of development last week, state:

the Working Group recommends prohibiting plurals and singulars of the same word within the same language/script in order to reduce the risk of consumer confusion. For example, the TLDs .EXAMPLE and .EXAMPLES may not both be delegated because they are considered confusingly similar.

The 2012 round had no hard and fast rule about plurals. There were String Similarity Review and String Confusion Objection procedures, but they produced unpredictable results.

At least 15 single/plural string pairs currently exist in the root, including .fan(s), .accountant(s), .loan(s), .review(s) and .deal(s). Sometimes they’re both part of the same registry’s portfolio, other times they’re owned by competitors.

But others, including .pet and .pets and .sport and .sports, were ruled by independent panels too “confusingly similar” to be allowed to coexist.

The proposed new rule would remove much of the subjectivity from these kinds of decisions, replacing the current system of objections with a flat no-coexistence rule.

If a gTLD that was the plural of an existing gTLD were applied for, the application would be rejected. If the singular and plural variants of the same word were applied for in the same round, the applications would likely end up at auction.

But there would be some wriggle room, with the ban only applying if both applied-for strings truly are singular/plural variations of each other in the same language. The working group wrote:

.SPRING and .SPRINGS could both be allowed if one refers to the season and the other refers to elastic objects, because they are not singular and plural versions of the same word. However, if both are intended to be used in connection with the elastic object, then they will be placed into the same contention set. Similarly, if an existing TLD .SPRING is used in connection with the season and a new application for .SPRINGS is intended to be used in connection with elastic objects, the new application will not be automatically disqualified.

In such situations, both registries would have to agree to binding Public Interest Commitments to only use the gTLDs for their stated, non-conflicting purposes. Registrants would also have to commit to only use .spring to represent the season and .springs for the elastic objects, also.

The ban will substantially eliminate the problem I’ve previously referred to as “tailgating”, where a registry applies for the plural variant of a competitor’s successful, well-marketed gTLD, prices domains slightly lower, then sits back to effortlessly reap the benefits of their rival’s popularity.

One could easily imagine applicants for strings such as .clubs or .sites in the next round, with applicants content to lazily ride the coat-tails of the million-selling singular namespaces.

The rule change will also remove the need for existing registries to defensively apply for the single/plural variants of their current portfolio, and for existing registrants to be compelled to defensively registry domains in yet another TLD.

On the flipside, it means that some potentially useful strings would be forever banned from the DNS.

While it might make sense for a film producer to register a .movie domain to market a single movie, it would not make sense for a review site or movies-related blog, where a .movies domain would be more appropriate. But now that’s never going to be possible.

SubPro’s work is still subject to final approval by SubPro, the GNSO Council and ICANN board of directors before it becomes policy.

ICANN might pay for your lockdown broadband

Kevin Murphy, August 25, 2020, Domain Policy

ICANN is to seriously consider requests that community volunteers should have their broadband costs subsidized out of the ICANN budget.

On Thursday, its board of directors will meet to discuss what it’s calling the “ICANN Pandemic Internet Access Reimbursement Program Pilot”.

No additional information is currently available, but the name of the proposed pilot is pretty descriptive.

The agenda item follows calls from some community members for ICANN to help out with the costs of broadband (and potentially hotel rooms) for those who have incurred out-of-pocket expenses to participate in ICANN’s remote Zoom meetings.

ICANN typically covers the travel and accommodation for certain key policy-making volunteers attending its thrice-yearly public meetings and occasional intersessional face-to-face gatherings.

With coronavirus confining most of these people to their home offices for the last several months, and with all official ICANN meetings going virtual, ICANN could save as much as $8 million this calendar year

Paying the broadband costs of a handful of community members would likely amount to a mere drop in that ocean.

However, while the details of the proposed pilot program are not yet known, one could imagine how galling it would be to many if ICANN opened its piggy-bank to North American lawyers on six-figure salaries, rather than only to volunteers from the broadband-poor developing world.

As a reminder, ICANN’s budget primarily comes from the “tax” registrants pay whenever they register a gTLD domain name.

Still, we shouldn’t prejudge these things. Perhaps the policy will be sensible.

ICANN introduced a similar pilot reimbursement program for community members with childcare needs last year, largely without controversy. Due to the absence of face-to-face meetings this year, this cash-for-kids scheme will run until ICANN 71 in June next year.

The end of the beginning? ICANN releases policies for next round of new gTLDs

Kevin Murphy, August 25, 2020, Domain Policy

Over eight years after ICANN last accepted applications for new gTLDs and more than four years after hundreds of policy wonks first sat around the table to discuss how the program could be improved, the working group has published its draft final, novel-length set of policy recommendations.

Assuming the recommendations are approved, in broad terms the next round will be roughly similar to the 2012 round.

But almost every phase of the application process, from the initial communications program to objections and appeals, is going to get tweaked to a greater or lesser extent.

The recommendations came from the GNSO’s New gTLD Subsequent Procedures working group, known as SubPro. It had over 200 volunteer members and observers and worked for thousands of hours since January 2016 to come up with its Final Draft Report.

Some of the proposed changes mean the cost of an application will likely go down, while others will keep the cost artificially high.

Some changes will streamline the application process, others may complicate it.

Many of the “changes” to policy are in fact mere codifications of practices ICANN brought in unilaterally under the controversial banner of “implementation” in the 2012 round.

Essentially, the GNSO will be giving the nod retroactively to things like Public Interest Commitments, lottery-based queuing, and name collisions mitigation, which had no basis in the original new gTLDs policy.

But other contentious aspects of the last round are still up in the air — SubPro failed to find consensus on highly controversial items such as closed generics.

The report will not tell you when the next round will open or how much it will cost applicants, but the scope of the work ahead should make it possible to make some broad assumptions.

What it will tell you is that the application process will be structurally much the same as it was eight years ago, with a short application window, queued processing, objections, and contention resolution.

SubPro thankfully rejected the idea replacing round-based applications with a first-come, first-served model (which I thought would have been a gaming disaster).

The main beneficiaries of the policy changes appear to be registry service providers and dot-brand applicants, both of which are going to get substantially lowered barriers to entry and likely lower costs.

There are far too many recommendations for me to summarize them eloquently in one blog post, so I’m going to break up my analysis over several articles to be published over the next week or so.

In the meantime, ICANN has opened up the final draft report for public comment. You have until September 30.

The report notes that previously rejected comments will not be considered, so if your line is “New gTLDs suck! .com is King!” you’re likely to find your input falling on deaf ears.

After the comment period ends, and SubPro considers the comments, the report will be submitted to the GNSO Council for approval. Subsequently, it will need to be approved by the ICANN board of directors.

It’s not impossible that this could all happen this year, but there’s a hell of a lot of implementation work to be done before ICANN starts accepting applications once more. We could be looking at 2023 before the next window opens and 2024 before the next batch of new gTLDs start to launch.

UPDATE: This post was updated August 27, 2020 to clarify procedural and timing issues.

It’s a CONSPIRACY! Canadian registrant “sues” pretty much everybody

Kevin Murphy, August 20, 2020, Domain Policy

Canadian domain registrant and noted industry troll Graham Schreiber has sued, or at least claims to have sued, just about every notable figure in the ICANN community.

A document purporting to be a lawsuit is being circulated today among some of the dozens of named defendants, which include several people who’ve not been involved with ICANN for many years.

It names 27 volunteers from ICANN’s Intellectual Property Constituency, 21 current and former senior executives of registries and registrars, several members of the US and UK governments, an FBI agent, an unnamed “White House Conspirator”, as well as lawyers for LinkedIn, Facebook, Twitter, ICANN, Google and the UK Intellectual Property Office.

It’s my job to tell you in simple terms what the alleged lawsuit alleges, but I’m afraid I’m at an utter loss with this one. It reads like the fever dream of a conspiracy theorist that would make the average Qanon believer appear the model of reason and clarity.

Schreiber variously refers to his defendants as “Kingpins” involved in a “Cartel” or “Conspiracy”, the factual details of which he never quite gets to.

Here’s a representative sample paragraph, unedited:

If and when, the “Defensive Registrations” obliged by ICANN’s R[r]egistry & R[r]egistrar “Stakeholders” = “Kingpins” and specifically CentralNic [ weren’t purchased ] assailants would strike; and Infringe, Dilute, Blur and Pass-Off as our online business, individually with identical and confusingly similar domain name, faking to be appointed or an authorized agent of the primary Registrant, in a country’s entrepreneurs Intellectual Property may or may not have been protectable at Common Law Trademark, under Madrid Protocol Rules, as it / they fulfilled the obligations of local National laws, to become a Registered Trademark, as I secured in the USA with USPTO, after the CIPO did their work.

At one point, he admits to trolling the defendants on social media since 2012, and points to their failure to sue him as evidence of a conspiracy:

I’ve made statements via those Social Media resources which would, if they were untrue, subject me to a singular lawsuit or multiple lawsuits from the Defendants listed, for: Defamation, Slander and Libel.

As yet, these well taunted Defendants have all conspired together, in collective silence, anticipating that their grandeur and my insignificance would, maintain safe passage, for them to continue.

As the vast majority of the Defendants are well schooled, powerful U.S. Attorneys, it’s my expectation that the Court oblige them to address the charges here stated, or collectively for their defence, they must File a lawsuit with this Court, charging me for what could be [ but aren’t ] remarks constituting Defamation, Slander & Libel against them, which again, I’ve posted on some of the Defendants own clients, Social Media Platforms

Schreiber was once a regular fixture in DI’s comments section too. Thankfully, we’ve not heard from him in years.

The root cause of the “lawsuit” appears to be an old beef Schreiber has with CentralNic.

He says he owns what he calls a “common law trademark” on the term “Landcruise” and he once used the matching .com domain to operate a motor-home rental business.

At some point in 2011, he became aware that a British registrant had registered landcruise.co.uk and landcruise.uk.com.

At the time, CentralNic was primarily in the business of selling domains at the third level in pseudo-gTLDs such as uk.com, gb.com and us.com.

Schreiber tried and failed (twice) to get the .uk domain transferred under Nominet’s Dispute Resolution Service, and then he took his beef to the courts.

In 2012, he sued CentralNic, ICANN, Verisign, eNom, and Network Solutions in a complaint that barely made much more sense than the “lawsuit” being circulated today.

That case was thrown out of court in 2013.

I expect the same fate to befall the current lawsuit, if indeed it has even been filed in a court.

Schreiber wants $5 million from every defendant.

If you want to check whether you’re one of them, read the PDF “complaint” here.

“Arms dealer” registrar probed by ICANN

Kevin Murphy, August 20, 2020, Domain Registrars

ICANN’s top security thinkers are looking into hotly denied claims that an Israeli registrar collaborated with malware distributors.

Luckily for the registrar, GalComm, so far they’ve come up empty-handed and ICANN has told the company it does not consider it “malicious”.

ICANN told GalComm this week that its Security, Stability and Resiliency team is looking into a report published by security consultancy Awake Security in June entitled “The Internet’s New Arms Dealers: Malicious Domain Registrars”.

The report connected GalComm to over 100 malicious browser extensions, used to steal data, that have been installed 33 million times. GalComm was apparently the attackers’ registrar of choice.

While Awake did not report the registrar to ICANN, GalComm took it upon itself to write to ICANN to deny the allegations, saying that it merely acted as a neutral registrar and had no involvement in hosting or distributing the malware.

It also demanded that Awake retract its report and apologize or face legal consequences. The report is still available.

Now, ICANN has written back (pdf) to assure the registrar that its investigations to date has been “unable to corroborate the findings Awake Security presented and it does appear that Awake Security had an inaccurate picture of the total domains under management by GalComm”.

It added that the investigation is ongoing, however:

Based on the information we have been able to obtain to date, we have no reason to believe it appropriate for GalComm to be considered a “malicious domain registrar” as asserted by Awake Security. However, as noted in Awake Security’s report, the malicious actors behind the domains in question may be utilizing detection evasion techniques. As such, our investigations continue, and we appreciate GalComm’s cooperation and support of those investigations.

ICANN has previously told news outlets that it receives very few complaints about GalComm, none related to malware.

ICANN names Egypt-based head of Istanbul office

Kevin Murphy, August 19, 2020, Domain Policy

ICANN has appointed veteran staffer Baher Esmat as the new head of its regional office in Istanbul, Turkey.

His new job title will be managing director for Middle East and Africa, having previously headed ICANN’s partnership programs for the region. He’s basically become ICANN’s point man in the region.

He’s replacing Nick Tomasso, who’s sticking around at ICANN in his main role as VP of meetings but appears to be leaving Istanbul.

Esmat currently lives in Egypt, which isn’t even in the same time zone, and there does not appear to be a short-term plan to move him to Istanbul

The ICANN board noted in its resolution promoting Esmat:

There will be a fiscal impact on ICANN in FY21 only to the extent of travel and related costs for Mr. Esmat as he will continue to reside in Egypt for the time being, but ICANN will save on the costs associated with Mr. Tomasso’s having resided in Istanbul during his tenure as the representative of the liaison office in Turkey, Istanbul.

It’s not clear whether the decision to stay in Egypt is coronavirus-related, but I imagine working from home in Egypt isn’t much different from working from home in Turkey.

Esmat has been at ICANN for 14 years. Tomasso ran the Istanbul office from 2017. The handover is effective at the end of the month.

Countries ask Amazon for thousands more domain blocks

Kevin Murphy, August 19, 2020, Domain Registries

The eight South American nations of the Amazon region are demanding Amazon block more domain names in the recently delegated .amazon gTLD.

Amazon Cooperation Treaty Organization secretary general Alexandra Moreira has written to Amazon VP of public policy Brian Huseman to complain that Amazon’s current set of “cultural” safeguards do not go far enough.

The August 14 letter, which was forwarded to DI, seems to mark a new phase of bilateral talks, after ICANN washed its hands of its reluctant role of third-party facilitator last month.

Currently, .amazon is governed by a set of Public Interest Commitments in its registry contract designed to protect the “Culture and Heritage specific to the Amazonia region”.

ACTO, as well as disagreeing with the use of the term “Amazonia”, has a narrow interpretation of the PICs that Moreira says is “insufficient to ensure respect for the historic and cultural heritage of the Amazon region”.

Under ACTO’s reading, Amazon is only obliged to block a handful of domains from use, namely the words “OTCA”, “culture”, “heritage”, “forest”, “river”, “rainforest”, the names of indigenous peoples and national symbols.

Moreira writes:

That would leave out a vast number of terms that can still cause confusion or mislead the public about matters specific to the Amazon region, such as the names of cities, villages, mountains, rivers, animals, plants, food and other expressions of the Amazon biome, biodiversity, folklore and culture.

ACTO wants the list of protected domains to be expanded to include these additional categories, and for Amazon and ACTO to sign a binding agreement to that effect.

Given that the Amazon forest is home to literally tens of thousands of distinct species and Brazil alone has over 5,500 municipalities, this could translate to a hell of a long list.

I should probably note that the .amazon PICs also offer ACTO the chance to block 1,500 strings of its own choosing, so ACTO’s narrow interpretation may not tell the whole story.

Dot-brand fizzles out after acquisition

Kevin Murphy, August 17, 2020, Domain Registries

Another dot-brand gTLD has decided to terminate its ICANN contract, but this time it’s because the brand itself has been discontinued.

.ceb was applied for by the Corporate Executive Board Company, a consulting company, in 2012.

But the company was acquired by Gartner in 2017, and the CEB brand was discontinued the following year.

For some reason it’s taken Gartner a couple of years to remember it has a gTLD it doesn’t need, and it’s told ICANN it no longer wishes to operate it.

The .ceb dot-brand was never used.

It’s the 81st dot-brand to self-terminate, the 12th this year.

The pricey, complex, clusterfuck plan to reopen Whois

Kevin Murphy, August 3, 2020, Domain Policy

After a little more than two years, an ICANN working group has finalized the policy that could allow people to start accessing unredacted Whois records again.

Despite the turnaround time being relatively fast by ICANN standards, the Expedited Policy Development Process group has delivered what could be the most lengthy and complex set of policy recommendations I’ve seen since the policy work on new gTLDs over a decade ago.

Don’t get too excited if you’re itching to get your hands on Whois data once more. It’s a 171-page document containing over a hundred recommendations that’s bound to take ages to implement in full, if it even gets approved in the coming weeks.

I’d be surprised if it’s up and running fully before 2022 at the earliest. If and when the system does eventually come online, don’t expect to get it for free.

It’s already being slammed in multiple quarters, with one constituency saying it could result in a “multi-year-implementation resulting in a system which would effectively be a glorified, overly complex and very expensive ticketing system”.

Trademark owners are livid, saying the proposed policy completely fails to address their needs, and merely entrenches the current system of registrar discretion into formal ICANN policy.

The recommendations describe a proposed system called SSAD, for System for Standardized Access/Disclosure, which would be overseen by ICANN and enforced through its contracts with registries and registrars.

It’s a multi-tiered system involving a few primary functions, wrapped in about a thousand miles of red tape.

First and foremost, you’ve got the Central Gateway Manager. This would either be ICANN, or a company to which ICANN outsources. Either way, ICANN would be responsible for overseeing the function.

The gateway manager’s job is to act as a middleman, accepting Whois data requests from accredited users and forwarding them to registries and registrars for processing.

In order to access the gateway, you’d need to be accredited by an Accreditation Authority. Again, this might be ICANN itself or (more likely) a contractor.

The policy recommendations only envisage one such authority, but it could rely on a multitude of Identity Providers, entities that would be responsible for storing the credentials of users.

It’s possible all of these roles and functions could be bundled up in-house at ICANN, but it appears the far more likely scenario is that there will be a bunch of RFPs coming down the pike for hungry contractors later this year.

But who gets to get accredited?

Anyone with a “legitimate interest or other lawful basis”, it seems. The document is far from prescriptive or proscriptive when it comes to describing possible users.

But the recommendations do give special privileges to governments and government-affiliated entities such as law enforcement, consumer protection bodies and data privacy watchdogs.

For law enforcement agencies, the proposed policy would mandate fully automated processing at the gateway and at the registry/registrar. It sounds like cops would get pretty much instant access to all the Whois data they need.

Requests just the for city field of the record would also be fully automated, for any accredited requestor.

There would be at least three priorities of Whois request under the proposed system.

The first, “Urgent”, would be limited to situations that “pose an imminent threat to life, serious bodily injury, critical infrastructure (online and offline) or child exploitation”. Non-cops could use this method too. Contracted parties would have one business day or three calendar days to respond.

The second would be limited to ICANN-related procedures like UDRP and URS, and registrars would have a maximum of two business days to respond.

The third would encapsulate all other requests, with some priority given to fraud or malware-related requests. Response times here could be a long as 10 days.

I’m trying to keep it simple here, but a lot of the recommendations describe the aforementioned red tape surrounding each stage of the process.

Registrars and registries would be bound to service level agreements, there’d be appeals processes for rejected requests, there’d be logging, audits, reporting, methods to de-accredit users and methods for them to appeal their de-accreditation… basically a shedload of checks and balances.

And who’s going to pay for it all?

ICANN’s latest guesstimate is that SSAD will cost $9 million to build and another $8.9 million annually to operate.

It seems the main burden will be placed on the shoulders of the end-user requestors, which will certainly have to pay for accreditation (which would have to be renewed periodically) and may have to pay per-query too.

Trademark lawyers within the ICANN community are furious about this — not because they have to pay, but because SSAD functionality does “not come close to justifying the costs”.

They’d envisaged a system that would be increasingly automated as time went by, eventually enabling something pretty much like the old way of doing Whois lookups, but say the current proposals preclude that.

It’s also not impossible that the system could lead to higher fees for registrants.

The EPDP group is adamant that domain registrants should not have to pay directly when somebody queries their Whois data, and says the SSAD should be cheaper to run for registrars than the current largely manual system, but acknowledges there’s nothing ICANN can do to stop registrars raising their prices as a result of the proposed policy.

The recommendations say that ICANN should not take a profit from SSAD, but do not discount its contractors from making a fair return from their work.

Prices are, like much else described in this Final Report, still very much TBD. The EPDP working group was given a lot to accomplish in very little time, and there’s a lot of buck-passing going on.

And there’s no guarantee that the policy will even be approved in the short term, given the level of dissent from working group participants.

Before the recommendations become formal Consensus Policy — and therefore binding on all registries and registrars — they first have to be approved by the GNSO Council and then the ICANN board of directors.

The first opportunity for the GNSO Council to vote is at its meeting September 24, but it could be a very tight vote.

For an EPDP to pass, it needs a supermajority vote of the Council, which means a two-thirds majority of both “houses” — the Contracted Parties House (ie, registries and registrars) and the Non-Contracted Parties house — or a 75% approval in one house and a simple majority in the other.

The way things stand, it looks to me like the CPH will very likely vote 100% in favor of the proposal, which means that only seven out of the 13 NCPH members will have to vote in favor of the report in order for it to pass.

The NCPH is made up of six people from the Non-Commercial Stakeholders Group, which generally hold pro-privacy views and have already criticized the report as not going far enough to protect registrants’ data.

Six more NCPH members comprise two members each from the Intellectual Property Constituency, Business Constituency and Internet Service Providers Constituency.

The IPC and BC put their names to a joint minority statement in the Final Report saying that its recommendations:

amount to little more than affirmation of the [pre-EPDP] status quo: the elements of WHOIS data necessary to identify the owners and users of domain names are largely inaccessible to individuals and entities that serve legitimate public and private interests.

I’m chalking those four Council members down as reliable “no” votes, but they’ll need the support of the two ISP guys and the wildcard Nominating Committee appointee in order to bury this policy proposal.

If it does pass the Council, the next and final stage of approval for SSAD would be the ICANN board, probably at ICANN 69 in October.

But then ICANN would actually have to build the damn thing.

This would take many months of implementation and review, then there’d have to be multiple RFP processes to select the companies to write the software and build the infrastructure to run it, who’d then actually have to build and test it.

In the same guesstimate that put a $9 million price tag on the system, ICANN reckoned that it would take a full year for a third party to build and test SSAD. That’s not even taking registrar integration into account.

So, if you’re looking for streamlined Whois access again, you’d best think 2022 at the very earliest, if ever.

If you wish to read the EPDP working group’s Final Report, you can do so here (pdf).

UPDATE: This article originally misstated the date of the next GNSO Council meeting at which this proposal could be considered. It’s not August 20. It’s September 24, which means initial ICANN board consideration is out in October. Add another month to whatever timeline you were hoping for.

After Chapter 11 filing, JCPenney dumps its dot-brand

American retailer JCPenney has told ICANN it no longer wishes to own its dot-brand gTLD, .jcp.

The notice was filed just a month after the company entered Chapter 11 bankruptcy protection and announced the permanent closure of hundreds of stores.

Like many retailers of non-essential goods, the company’s fortunes have been badly affected by the coronavirus pandemic.

I suspect the gTLD would have been scrapped eventually regardless — JCPenney never used it, and even the obligatory nic.jcp site merely redirects to the company’s primary .com.

It’s the 80th dot-brand to be dumped by its registry. the 11th this year.