Latest news of the domain name industry

Recent Posts

“Just give up!” ICANN tells its most stubborn new gTLD applicant

Kevin Murphy, April 8, 2019, Domain Policy

ICANN has urged the company that wants to run .internet as new gTLD to just give up and go away.

The India-based company, Nameshop, actually applied for .idn — to stand for “internationalized domain name” — back in the 2012 application round.

It failed the Geographic Names Review portion of the application process because IDN is the International Standards Organization’s 3166-1 three-letter code for Indonesia, and those were all banned.

While one might question the logic of applying for a Latin-script string to represent IDNs, overlooking the ISO banned list was not an incredibly stupid move.

Even a company with Google’s brainpower resources overlooked this paragraph of the Applicant Guidebook and applied for three 3166-1 restricted strings: .and, .are and .est.

But rather than withdraw its .idn bid, like Google did with its failed applications, Nameshop decided to ask ICANN to change its applied-for string to .internet.

There was a small amount of precedent for this. ICANN had permitted a few applicants to correct typos in their applied-for strings, enabling DotConnectAfrica for example to correct its nutty application for “.dotafrica” to its intended “.africa”.

But swapping out .idn for .internet was obviously not a simple correction but rather looked a complete upgrade of its addressable market. Nobody else had applied for .internet, and Nameshop was well aware of this, so Nameshop’s bid would have been a shoo-in.

To allow the change would have opened the floodgates for every applicant that found itself in a tricky contention set to completely change their desired strings to something cheaper or more achievable.

But Nameshop principal Sivasubramanian Muthusamy did not take no for an answer. He’s been nagging ICANN to change its mind ever since.

There’s a lengthy, rather slick timeline of his lobbying efforts published on the Nameshop web site.

He filed a Request for Reconsideration back in 2013, which was swiftly rejected by the ICANN board of directors.

In July 2017, he wrote to ICANN to complain that Nameshop’s string change request should be treated the same as any other:

It seems that if ICANN can allow string changes from a relatively undesirable name to a more desireable name based on misspelling, then ICANN should allow a change from a desireable name in three characters(IDN) to longer name in eight characters (Internet) based on confusion with geographical names

Meetings with ICANN staff, the Ombudsman, the Governmental Advisory Committee and others to discuss his predicament several times over the last several years have proved fruitless.

Finally, today ICANN has published a letter (pdf) it sent to Muthusamy on Friday, urging him to ditch his Quixotic quest and get his money back. Christine Willett, VP of gTLD operations, wrote:

Given we are unable to take further action on Nameshop’s application, we encourage you to withdraw the application for a full refund of Nameshop’s application fee.

I doubt this is the first time ICANN has urged Nameshop to take its money and run, but it seems ICANN is now finally sick of talking about the issue.

Willett added that ICANN staff and directors “politely decline” his request for further in-person meetings to discuss the application, and encouraged him to apply for his desired string in the next application round, whenever that may be.

Research finds homograph attacks on big brands rife

Kevin Murphy, January 22, 2018, Domain Tech

Apparent domain name homograph attacks against major brands are a “significant” problem, according to research from Farsight Security.

The company said last week that it scanned for such attacks against 125 well-known brands over the three months to January 10 and found 116,113 domains — almost 1,000 per brand.

Homographs are domains that look like other domains, often indistinguishable from the original. They’re usually used to phish for passwords to bank accounts, retailers, cryptocurrency exchanges, and so on.

They most often use internationalized domain names, mixing together ASCII and non-ASCII characters when displayed in browsers.

To the naked eye, they can look very similar to the original ASCII-only domains, but under the hood they’re actually encoded with Punycode with the xn-- prefix.

Examples highlighted by Farsight include baŋkofamerica.com, amazoṇ.com and fàcebook.com

Displayed as ASCII, those domains are actually xn--bakofamerica-qfc.com, xn--amazo-7l1b.com and xn--fcebook-8va.com.

Farsight gave examples including and excluding the www. subdomain in a blog post last week, but I’m not sure if it double-counted to get to its 116,113-domain total.

As you might imagine, almost all of this abuse is concentrated in .com and other TLDs that were around before 2012, judging by Farsight’s examples. That’s because the big brands are not using new gTLDs for their primary sites yet.

Farsight gave a caveat that it had not generally investigated the ownership of the homograph domains it found. It’s possible some of them are defensive registrations by brands that are already fully aware of the security risk they could present.

After long battle, first Bulgarian IDN domain goes live

Bulgarians finally have the ability to register domain names in their native Cyrillic script, after years of fighting with ICANN.

The domain Имена.бг, which translates as “names.bg” went live on the internet this week, according to local reports.

Bulgaria was one of the first countries to ask for a internationalized domain name version of its ccTLD, almost seven years ago, but it was rejected by ICANN in 2010.

The requested .бг was found too similar to Brazil’s existing Latin-script ccTLD .br. Evaluators thought the risk of phishing and other types of attacks was too high.

The requested string didn’t change, but ICANN processes were adapted to allow appeals and a new method for establishing similarity was established.

On appeal, .бг was determined to be less prone to confusion with .br than existing pairs of Latin ccTLDs are with each other, ergo should be approved.

Имена.бг does not yet directly resolve (for me at least) from the Google Chrome address bar. It’s treated as a web search instead. But clicking on links to it does work.

The new ccTLD, which is .xn--90ae in the DNS, was delegated last week.

The registry is Imena.bg (which also means “names.bg”), based in Sofia and partially owned by Register.bg, the .bg registry.

Despite the long battle, the success of .бг is by no means assured. IDNs have a patchy record worldwide.

It’s true that Russians went nuts for their .рф (.rf for Russian Federation) ccTLD during its scandal-rocked launch in 2010, but Arabic IDNs have had hardly any interest and the current boom in China seems to be largely concentrated on Latin-script TLDs.

.бг is expected to open for general registration in the fourth quarter.

I guess we’ll have to wait until at least next year to discover whether the concerns about confusion with .br were well-founded.

IDN .com hits the root

Eleven variants of .com and .net in non-Latin scripts joined the internet today.

Verisign’s whole portfolio of internationalized domain name new gTLDs were added to the DNS root at some point in the last 24 hours, and the company is planning to start launching them before the end of the year.

But the company has been forced to backtrack on its plans to guarantee grandfathering to thousands of existing [idn].com domains in the new domains, thereby guaranteeing a backlash from IDN domainers.

The eleven gTLDs are: .कॉम, .ком, .点看, .คอม, .नेट, .닷컴, .大拿, .닷넷, .コム, .كوم and .קוֹם. Scripts include Arabic, Cyrillic and Hebrew.

Verisign signed registry agreements with ICANN back in January, but has been trying to negotiate a way to allow it to give the owners of [idn].com domains first rights to the matching domain in the “.com” in the appropriate script.

The company laid out its plans in 2013. The idea was to reduce the risk of confusion and minimize the need for defensive registrations.

So what happened? Trademark lawyers.

Verisign CEO Jim Bidzos told financial analysts last week that due to conversations with the “community” (read: the intellectual property lobby) and ICANN, it won’t be able grandfather all existing [idn].com registrants.

All of the new IDN gTLDs will be subject to a standard ICANN Sunrise period, which means trademarks owners will have first dibs on every string.

If you own водка.com, and somebody else owns a trademark on “водка”, the trademark owner will get the first chance to buy водка.ком.

According to SeekingAlpha’s transcript, Bidzos said:

Based primarily on feedback from domain name community stakeholders, we have revised our IDN launch strategy. We will offer these new IDN top-level domains as standalone domain names, subject to normal introductory availability and rights protection mechanisms, available to all new gTLDs. This revised approach will not require ICANN approval and is designed to provide end users and businesses with the greatest flexibility and, for registrars, a simple and straightforward framework to serve the market.

Finally, we believe this approach should provide the best opportunity for increased universal acceptance of IDNs. We expect to begin a phased rollout of the IDNs towards the end of this year, and we’ll provide more information on our launch plans when appropriate.

Senior VP Pat Kane added on the call that the grandfathering provisions, which would have required ICANN approval, have been “taken out”.

The question now is whether Verisign will introduce a post-sunrise mechanism to give rights to [idn].com.

That would not be unprecedented. ICM Registry ran into similar problems getting its grandfathering program for .porn approved by ICANN. It wound up offering a limited, secondary sunrise period for existing .xxx registrants instead.

Bulgaria looking for an IDN registry operator

The Bulgarian government is looking for a company to run the registry for its recently awarded .бг internationalized domain name.

.бг is the Cyrillic equivalent of .bg, the nation’s existing ccTLD.

After a tortuous battle through ICANN’s IDN ccTLD Fast Track process — where it was repeatedly rejected for looking too much like Brazil’s .br — the string was finally approved after an appeal last October.

The RFP is being carried out by the Ministry of Transport, Information Technology and Communications and will be open for the next 90 days.

MTITC says the winner will be registry whose proposal most closely adheres to a “principles and requirements” document, which is currently a dead link on the ministry web site.

There’s no government money on offer, but the winner will be supported in its request to IANA for delegation of the TLD.

I gather that the bidding is open to any European Union company.