Freenom gets yet another ICANN breach notice
ICANN Compliance is really up in Freenom’s face now, filing yet another contract-breach notice against its registrar arm barely a week after the last one.
The September 29 notice adds three new tickets to the 12 in the September 20 notice I wrote about last month. It’s the sixth notice OpenTLD has received since 2015.
The cases are similar to those in the previous missive. ICANN wants proof that the registrar has been complying with the Transfer Policy and the Expired Registration Recovery Policy.
It seems some Freenom customers have had difficulty transferring their names out of the company’s control, and have been unable to restore their domains after accidentally allowing them to expire.
It still also owes ICANN past-due fees, the notice reiterates.
The notice covers complaints from June and July. The company has until October 20 to comply or risk losing its accreditation. The claims in the earlier notice give it until October 11.
Freenom is the company that runs a dwindling collection of free-to-register ccTLDs, notably .tk. It has not allowed registrations on its site all year, blaming technical issues. It’s also being sued by Facebook owner Meta over alleged cybersquatting.
After Verisign’s sluggish year, ICANN misses funding goal by $2 million
ICANN’s fiscal 2023 revenue came in $2 million light when compared to its budget, the annual report published today shows.
The Org blamed lower-than-expected transaction fees for the shortfall, suggesting the domain industry wasn’t quite as buoyant as its accountants had hoped.
Funding for the year came in at $150 million against a budgeted target of $152 million.
The period covered is July 1, 2022 to June 30, 2023, a period in which Verisign — ICANN’s biggest contributor by some margin — repeatedly lowered its revenue estimates from .com and .net sales.
This is not a coincidence. The two outfits’ fates are intertwined. Verisign funded ICANN to the tune of $49.7 million from its legacy gTLD business in FY23, up only slightly from $49.5 million in FY22.
Overall, ICANN said that its revenue from registry transactions was $60 million versus its budget estimate of $62 million, and that registrar transactions revenue was $39 million versus its $41 million estimate.
Other registrar fees and registry fixed fees seem to have come in a bit ahead of budget, and rounding accounts for the fact that the numbers don’t make prima facie sense.
ICANN said its expenses for the year came in $10 million lower than expected, at $142 million, due to lower professional services and personnel costs. Its travel expenses were $2 million more than expected, it seems due to the Washington DC meeting being more expensive than planned.
Russia cuts off ICANN funding after pro-Ukraine stance
Russia did not pay its usual annual tribute to ICANN in the Org’s fiscal 2023, newly published funding data reveals.
Coordination Center for TLD RU usually funnels $50,000 a year into ICANN’s budget, but that was reduced to nothing in the year to June 30, 2023, according to ICANN’s FY23 annual report, published today.
While it could of course be a coincidence, I rather suspect it’s retaliation for ICANN’s overt support for Ukraine following Russia’s invasion last year.
ccTLD.ru counts the Russian Ministry of Communications and Mass Media as one of its “founding members”.
ICANN donated $1 million to the Emergency Telecommunications Cluster, a relief organization, to support Ukrainians affected by the war, and gave the Ukrainian government a platform to denounce the war at a public meeting.
Later last year, ICANN also lobbied against the Russian candidate for ITU secretary general.
The .ru registry was not the only ccTLD operator to slash funding in FY23.
Belgium already said it would cut its donation from $75,000 to $25,000 in protest at “mission creep” and perceived failures to deal with privacy regulations, and the annual report shows it made good on its threat.
But it seems to have been joined by the Netherlands and Denmark, which cut their contributions respectively by $45,000 to $180,000 and by $30,800 to $30,000. Slovenia halved its donation to $5,000.
Overall, ccTLD contributions were down $176,535 to $2,214,240.
ICANN’s bean-counters probably won’t be losing any sleep over the decline; the Org’s overall funding was $150 million in the year.
Palage’s epic rant as he asks ICANN to cancel Verisign’s .net contract
ICANN is devolving into a trade association hiding under a thinning veneer of multistakeholderism and the domain industry is becoming a cartel.
Those are two of the conclusions reached by consultant Michael Palage, who’s been involved with ICANN since pretty much the start, in an epic Request for Reconsideration in which he asks the Org to unsign Verisign’s recently renewed .net registry contract.
ICANN’s equally intriguing response — denying, of course, Palage’s request — also raises worrying questions about how much power ICANN’s lawyers have over its board of directors.
The RfR paints a picture of a relationship where Verisign receives special privileges — such as exemptions from certain fees and obligations — in exchange for paying higher fees — contributing $55 million of ICANN’s budget — some of which is accounted for quite opaquely.
Palage claims the domain industry of being “on the precipice of becoming a cartel” due to recent consolidation, and says that is being enabled by ICANN’s failure to conduct an economic study of the market.
Verisign’s .net and .com contracts are the only registry agreements that do not oblige the registry to participate in economic studies, Palage says, reducing ICANN’s ability, per its bylaws, “to promote and sustain a competitive environment in the DNS market.”
Palage writes:
The failure of ICANN to have the contractual authority to undertake a full economic study to ensure a “competitive environment in the DNS market” undermines one of its core values. This failure is resulting in a growing consolidation within the industry which is on the precipice of becoming a cartel. ne needs to look no further than four US-based companies, Verisign, PIR, GoDaddy, and Identity Digital which currently control almost the entirety of the gTLD registry market based on domain names under management. This unchecked consolidation within the industry directly and materially impacts the ability of individual consultants to make a livelihood unless working for one of the dominant market players.
While Palage says he and other registrants are being harmed by increasing .net prices, and that an economic study would help lower them, he also asks ICANN to get Verisign to migrate to the Base Registry Agreement, which would enable Verisign to raise prices at will, without the current 10%-a-year cap.
He’s also concerned that ICANN’s volunteer community is shrinking as the domain industry becomes an increasingly dominant percentage of public meeting attendance.
Figures published by ICANN show that, at the last count, 39% of attendees were from the domain industry. ICANN stopped breaking down attendee allegiance in 2020 during the pandemic and did not resume publication of this data afterwards.
“ICANN has started down the slippery slope of becoming a trade association,” Palage writes.
While his RfR was going through the process of being considered by ICANN and its Board Accountability Mechanisms Committee, Palage separately wrote to ICANN general counsel John Jeffrey to express concerns that ICANN policy-making might be risking falling foul of antitrust law.
It seems a recent meeting of the working group discussing updates to ICANN’s Transfers Policy debated whether to cap the amount registries are allowed to charge registrars for bulk transfers. Dollar amounts were discussed.
Palage suggested ICANN might want to develop a formal antitrust policy statement that could be referred to whenever ICANN policy-makers meet, in much the same way as its Expected Standards of Behavior are deployed.
If the RfR as published by ICANN lacks some coherence, it may be because ICANN’s lawyers have redacted huge chunks of text as “privileged and confidential”. That’s something that hardly ever happens in RfRs.
It seems Palage knows some things about the .net contract and Verisign’s relationship with ICANN from his term on the ICANN board, which ran from April 2003 to April 2006, a time when Verisign and ICANN were basically at war.
Because the information Palage is privy to is still considered privileged by ICANN, it was redacted not only from the published version of the RfR but also it seems from the version supplied to the BAMC for consideration.
ICANN cited this part of its bylaws to justify the redactions:
The Board Accountability Mechanisms Committee shall act on a Reconsideration Request on the basis of the public written record, including information submitted by the Requestor, by the ICANN Staff, and by any third party.
Reading between the lines, it seems most of the redactions likely refer to the Verisign v ICANN lawsuit of 2004-2005.
Fellow greybeards will recall that Verisign sued ICANN for blocking its Site Finder service, which put a wildcard in the .com zone and essentially parked and monetized all unregistered domains while destabilizing software that relied on NXDOMAIN replies.
The October 2005 settlement (pdf) forced Verisign to acknowledge ICANN as king of the internet. In exchange, it got to keep .com forever. The deal gave Verisign financial security and ICANN legitimacy and was probably the most important of ICANN’s foundational documents before the IANA transition.
So what did the board of 2005 know that’s apparently too sensitive for the board of 2023? Dunno. I asked Palage if he’d be willing to share and he politely declined.
In any event, his RfR (pdf), which among other things asked for ICANN to reopen .net contract negotiations, was dismissed summarily (pdf) by BAMC last week on the grounds that he had not sufficiently shown how he was injured by ICANN’s actions.
Papac named interim ICANN Ombudsman
ICANN has appointed Krista Papac as interim Ombudsman, following the resignation of Herb Waye earlier this year.
Papac is currently the Org’s complaints officer, a similar role to that of the Ombudsman.
The move means that an ICANN staffer is taking the structurally independent role for the first time.
ICANN chair Tripti Sinha blogged that Papac will now report directly to the board “to ensure that the confidentiality and independence of the Ombudsman Office are maintained”, but it isn’t clear whether she will also continue to report to the usual staff chain of command in her complaints officer role.
The appointment was evidently made by the board at its September 10 retreat but was not disclosed at the time. Waye resigned in July and his last day is September 30.
The board is looking for a permanent replacement for Waye via a search committee formed two weeks ago. If the hunt is anywhere near as long-winded as the CEO search, now in its ninth month, Papac could be enjoying her new gig for some time.
.tube registry claims victory in linkification fight
Latin American Telecom, the company that runs the .tube gTLD, has claimed victory in its fight to get popular social media apps to “linkify” more than 400 TLDs that have gone live in the last eight years.
As I reported two weeks ago, CEO Rami Schwartz managed to figure out that any TLD that entered the root after November 2015 wasn’t being recognized by apps such as WhatsApp, the world’s most-popular messaging app.
This meant that any attempt to share a URL in .tube or 467 other TLDs (including major dot-brands and geo-gTLDs) would be frustrated by the fact that WhatsApp would not automatically turn the URL into a clickable link.
The root cause of the problem appeared to be a library used in the Android operating system, which had a hard-coded list of valid TLDs that had not been updated since November 2015.
In a press release today, the registry reported that the library in question was updated on September 11 (hey, that’s the same day I published my article!) with a brand-new list of TLDs.
So it seems the linkification issue will be solved, once the updated software actually makes it to affected devices.
There are not many TLDs in the pipeline for delegation for the next four years — maybe some contested 2012-round stragglers and the odd IDN ccTLD — so this particular issue is unlikely to cause much more upset for a while.
“This story exemplifies how the perseverance of a small company unearthed a Universal Acceptance issue of global significance, rallying the support of industry leaders and setting a precedent for cooperation that can positively impact billions of internet users,” the registry said in its press release.
Ancient registrar gets ICANN breach notice over UDRP
A thirty-year-old registrar — practically prehistoric by internet standards — has been hit with an ICANN breach notice after apparently failing to transfer a domain lost in a UDRP and not paying its fees.
ICANN has told Texas-based GKG.net that it failed to implement a July UDRP decision (pdf) over the domain top-rx-market.com, which was won by generic pharmaceuticals firm TopRX.
That domain is using GKG’s Whois privacy service and suspended-domains.net as its name servers but still resolves to an active pharma storefront from where I’m sitting. The UDRP says the domain was registered to a Russian, who did not respond to the UDRP.
While the UDRP-related alleged breach is pretty recent, it looks like ICANN has been chasing GKG for a couple of years.
Compliance first notified the registrar that it was past due on its quarterly fees back in February 2022.
Since March, it also has been looking at alleged failures to handle abuse reports for pharma-related domains including canadianpharmstore.net, usapharmacymall.com, good-pills.com, and 1-pharm.com, which all resolve to the same discount medicines site.
ICANN says all of its attempts to call, email and fax GKG have fallen on deaf ears.
GKG isn’t tiny. It had over 83,000 gTLD domains under management in May, though it appears to have been shrinking by hundreds of domains per month for over a decade.
The company was accredited by ICANN with IANA number 93, which means it’s among the first wave of registrars accredited over two decades ago — it’s older than GoDaddy.
GKG has until October 13 to clean up its act or face suspension and termination.
ICANN is starting to auto-renew new gTLD contracts
Almost 10 years have passed since ICANN delegated its first 2012-round new gTLDs and the Org has started to auto-renew their contracts.
As far as I can tell, the first delegated gTLD, شبكة. (Arabic “.web”, .xn--ngbc5azd) got its Registry Agreement renewed on July 13. The registry, dotShabaka, was informed all the way back in April.
That gTLD eventually made it to the DNS root in late October.
ICANN has this week informed Identity Digital’s subsidiaries that dozens of their RAs — the first Latin-script gTLDs from the round to go live — will auto-renew starting this month.
Under the base RA, registries get to run their TLDs for a decade and, unless they seriously screw up, there’s a presumptive right of renewal.
Freenom hit by FIFTH ICANN action after litany of screw-ups
Is time up for Freenom? After being sued by Facebook and losing its contracts to operate ccTLDs for at least two countries, now it also has ICANN Compliance to deal with.
Its registrar arm, Netherlands-based OpenTLD, has been hit with a lengthy ICANN breach notice that alleges the company failed to allow its customers to renew and/or transfer their domains, in violation of the registrar contract.
It’s the fifth time OpenTLD has been targeted by Compliance, following breach notices in 2020, 2017 and 2015 and a notice of suspension later in 2015. ICANN says this notice is for the same sorts of failures as in 2020 and 2017.
The latest notice covers a dozen separate cases, probably the largest number in a single breach notice to date. Some of them ICANN has been investigating as far back as January 2022.
The notice says that OpenTLD failed to allow some registrants of expired domains to recover their names under the Expired Registration Recovery Policy and that some registrants were not provided with the AuthInfo codes they need to transfer their domains to other registrars upon request, which registrars have to do under the Transfer Policy.
It goes on to describe a situation where the registrar habitually did not respond to Compliance’s calls, emails or faxes.
OpenTLD apparently has not filed its 2022 Compliance Certificate with ICANN either, which it was supposed to do before January 20 this year.
The company had almost 19,000 gTLD domain names under management at the end of May, down from a 2019 peak of almost 45,000, but it’s probably better known for being Freenom, the registry behind .ml, .ga, .cf, .gq and .tk.
Domains in these five ccTLDs — mostly representing West African nations suffering under military dictatorships or civil war — were offered for free and monetized by the registry upon expiration or suspension.
But Freenom has not offered new regs in these TLD since the start of the year. Its web site blames technical problems, but it’s widely believed to be a result of the cyberquatting lawsuit filed by Facebook owner Meta in late 2022.
Mali and Gabon, of .ml and .ga, have since severed ties with Freenom. It turned out .ga had seven million domains in its zone, most of which presumably belonged to the registry.
OpenTLD has until October 11 to give ICANN evidence that it followed policy with the renewals or transfers of dozens of names domains or risk losing its accreditation.
Single/plural gTLD combos to be UNBANNED
It’s looking like ICANN won’t ban companies from applying for plural versions of existing singular gTLDs, and vice-versa, after all.
Among the pieces of the GNSO’s new gTLD policy advice ICANN’s board of directors rejected at the weekend was a proposal to essentially ban potentially confusing singular/plural combos coexisting in the DNS.
The board threw out the advice because it reckons ICANN would be put in a position where it would have to police internet content, which is outside its mission and something it is very averse to.
The recommendations would have prevented two strings existing in the DNS if one was the plural of the other, but only if they were in the same language and had the same intended usage.
The example the GNSO gave was applications for .spring and .springs — if both were intended for English-language sites related to bouncy metal coils, they would be deemed confusingly similar and only one would be allowed to exist. But if .spring was intended to relate to the season, both would be permitted to coexist.
But ICANN is uncomfortable with this because no matter what an applicant says in its application about intended language and intended use, without some post-delegation policing actual use may vary.
“Though a gTLD applicant can arbitrarily set the language of a TLD during an application round, a registrant and end-user can only see
the script of the TLD string in its practical usage. So the singular/plural determination by the gTLD applicant does not carry
onward to the registrant and end user,” the board wrote.
“Restricting the use and potentially the content of strings registered in TLDs based on the intended use therefore raises concerns for the Board in light of ICANN’s Bylaws Section 1.1 (c),” it said, referring to the part of its bylaws that says it is not allowed to regulate internet content.
So it seems likely that plural/singular clashes are probably going to be permitted in future new gTLD round after all.
This, of course, reopens the business model of a lazy applicant going after the singular/plural of an existing registry’s string and piggybacking on its installed user base or marketing budget.
Recent Comments