Latest news of the domain name industry

Recent Posts

.hotel avoids auction with CPE win

A new gTLD applicant backed by the hotel industry has won a Community Priority Evaluation, meaning it gets to automatically win the .hotel contention set without going to auction.

If the decision stands, no fewer than six rival applicants for the string — including the likes of Donuts, Radix, Famous Four and Minds + Machines — are going to have to withdraw their applications.

It’s a bit of a shocker.

The CPE winner is HOTEL Top-Level-Domain, which scored 15 out of 16 available points in the CPE. The minimum required to vanquish all foes is 14 points.

The company will have spent a fair bit of cash fighting the CPE, but nothing compared to the millions of dollars an auction for .hotel would be likely to fetch.

Crucially, where HOTEL prevailed was on the “Nexus” criterion — demonstrating a link between the string and the community supporting the application — where four points are available.

In the first four CPE results to come through, back in March, each applicant scored a 0 on Nexus and none scored more than 11 points overall.

Dot Registry, which failed four CPEs (.inc, .llc, .corp and .llp) this week, also repeatedly flunked on this count.

HOTEL, however, scored a 3.

Rival applicants such as Donuts and M+M had argued that HOTEL’s stated community failed to take into account smaller hoteliers, such as bed and breakfast owners.

But the CPE panelist decided that the application did not “substantially overreach”:

The string nexus closely describes the community, without overreaching substantially beyond the community. The string identifies the name of the core community members (i.e. hotels and associations representing hotels). However, the community also includes some entities that are related to hotels, such as hotel marketing associations that represent hotels and hotel chains and which may not be automatically associated with the gTLD. However, these entities are considered to comprise only a small part of the community. Therefore, the string identifies the community, but does not over-reach substantially beyond the community, as the general public will generally associate the string with the community as defined by the applicant.

There’s no formal appeals mechanism for CPE, but rival applicants could try their luck with more general ICANN procedures such as Requests for Reconsideration.

HOTEL Top-Level-Domain is a Luxembourg-based entity, founded in 2008 to apply for the gTLD, backed by about a dozen international hotelier associations, including the International Hotel and Restaurant Association.

The IHRA counts 50 major hotel chain brands among its members and claims to be officially recognized by the UN for its lobbying work on behalf of the hospitality industry.

HOTEL intends to keep the .hotel gTLD restricted “initially” to only hotels as defined in the international standard ISO 18513.

Registrants will be verified against hotel industry databases. This will happen post-registration, but before the domain name can be activated in the DNS.

In other words, unless you’re a member of the hotel industry, you won’t be getting to use a .hotel domain name. Domainers are apparently not wanted.

All .hotel names will also be checked a year from registration to ensure that they have a web site displaying relevant content. Redirection to other TLDs may be allowed.

I was so convinced that the CPE was designed in such a way that it would be failed by all the applicants which had applied for it, I bet $50 (to go to an applicant-nominated charity) that none would.

If HOTEL wants to let me know which charity they want the $50 to go to, I’ll get it donated forthwith. I’m just glad I didn’t offer to eat my underwear.

Three more dot-brands dumped

Two companies have yanked three bids for dot-brand new gTLDs this week.

The German financial advisor Allfinanz Deutsche Vermögensberatung withdrew its applications for .allfinanzberatung and .allfinanzberater, which mean Allfinanz “advice” and “advisers”.

As well as being a bit of a mouthful, they both appear to be unnecessary given that the company also applied for .allfinanz by itself. That application has passed evaluation and is still active.

Meanwhile, in Finland, one of the world’s biggest elevator/escalator manufacturers, KONE, has withdrawn its equally unfathomable application for .kone.

Roughly 55 dot-brand applications have been withdrawn to date. Hundreds remain.

Afilias loses $600,000 auction for Chinese “.info”

The results of the first “auction of last resort” in the new gTLD program are in, and it’s a bit of a head-scratcher.

Afilias lost out to rival applicant Beijing Tele-info Network Technology in the ICANN-backed auction for .信息 which means “info” or “information” in Chinese.

The winning bid was $600,000, ICANN said.

That money goes into a special ICANN fund, which will be put to some kind of unspecified purpose (to be determined by the ICANN community) at a later date.

It seems like quite a low price. Given what little we know about new gTLD auctions conducted privately, over a million dollars seems to be pretty standard for a gTLD.

It also strikes me as odd that Afilias wasn’t willing to shell out over $600,000 for a gTLD that could take a localized version of its existing .info brand into the world’s largest market.

It’s the only contention set to be settled by ICANN auction so far. The next will take place July 9, and will see Minds + Machines take on Amazon for .coupon.

The third, which will see 22 strings hit the block, will take place August 6.

RADAR to be down at least two weeks after hack

ICANN expects its RADAR registrar database to be offline for “at least two weeks” following the discovery of a security vulnerability that exposed users’ login names and encrypted passwords.

ICANN seems to have been quick to act and to disclose the hack.

The attack happened last weekend and ICANN was informed about it by an “internet user” on Tuesday May 27, according to an ICANN spokesperson. RADAR was taken offline and the problem disclosed late May 28.

The spokesperson added that “we do not believe the user is affiliated with a current or previously accredited registrar.”

ICANN isn’t disclosing the nature of the vulnerability, but said RADAR will be offline for some time for a security audit. The spokesperson told DI in an email:

It will be at least two weeks. It is more important to complete a thorough security assessment of the site than to rush this process. First of all, we’re keeping the system offline until we complete a thorough audit of the system. We are also currently engaged in a security review of all systems and procedures at ICANN to assess and implement ongoing improvements as appropriate.

RADAR is a database used by registrars to coordinate stuff like emergency contacts and IP address whitelisting for bulk Whois access.

The downtime is not expected to impact registrants, according to ICANN. The spokesperson said: “Nothing that occurred has raised any concerns that registrants could or would be adversely affected.”

ICANN registrar database hacked

ICANN’s database of registrar contact information has been hacked and user data has been stolen.

The organization announced this morning that the database, known as RADAR, has been taken offline while ICANN conducts a “thorough review” of its security.

ICANN said:

This action was taken as a precautionary measure after it was learned that an unauthorized party viewed data in the system. ICANN has found no evidence of any unauthorized changes to the data in the system. Although the vulnerability has been corrected, RADAR will remain offline until a thorough review of the system is completed.

Users of the system — all registrars — have had their usernames, email addresses and encrypted passwords compromised, ICANN added.

ICANN noted that it’s possible to brute-force a hashed password into plaintext, so it’s enforcing a password reset on all users, but it has no evidence of any user accounts being accessed.

RADAR users may want to think about whether they have the same username/password combinations at other sites.

RADAR is a database used by registrars in critical functions such as domain name transfers.

Registrars can use it, for example, to white-list the IP addresses of rival registrars, enabling them to execute large amounts of Whois queries that would usually be throttled.

The news follows hot on the heels of a screwup in the Centralized Zone Data Service, which enabled any new gTLD registry to view data belonging to rival registries and other CZDS users.