Latest news of the domain name industry

Recent Posts

“Just give up!” ICANN tells its most stubborn new gTLD applicant

Kevin Murphy, April 8, 2019, Domain Policy

ICANN has urged the company that wants to run .internet as new gTLD to just give up and go away.

The India-based company, Nameshop, actually applied for .idn — to stand for “internationalized domain name” — back in the 2012 application round.

It failed the Geographic Names Review portion of the application process because IDN is the International Standards Organization’s 3166-1 three-letter code for Indonesia, and those were all banned.

While one might question the logic of applying for a Latin-script string to represent IDNs, overlooking the ISO banned list was not an incredibly stupid move.

Even a company with Google’s brainpower resources overlooked this paragraph of the Applicant Guidebook and applied for three 3166-1 restricted strings: .and, .are and .est.

But rather than withdraw its .idn bid, like Google did with its failed applications, Nameshop decided to ask ICANN to change its applied-for string to .internet.

There was a small amount of precedent for this. ICANN had permitted a few applicants to correct typos in their applied-for strings, enabling DotConnectAfrica for example to correct its nutty application for “.dotafrica” to its intended “.africa”.

But swapping out .idn for .internet was obviously not a simple correction but rather looked a complete upgrade of its addressable market. Nobody else had applied for .internet, and Nameshop was well aware of this, so Nameshop’s bid would have been a shoo-in.

To allow the change would have opened the floodgates for every applicant that found itself in a tricky contention set to completely change their desired strings to something cheaper or more achievable.

But Nameshop principal Sivasubramanian Muthusamy did not take no for an answer. He’s been nagging ICANN to change its mind ever since.

There’s a lengthy, rather slick timeline of his lobbying efforts published on the Nameshop web site.

He filed a Request for Reconsideration back in 2013, which was swiftly rejected by the ICANN board of directors.

In July 2017, he wrote to ICANN to complain that Nameshop’s string change request should be treated the same as any other:

It seems that if ICANN can allow string changes from a relatively undesirable name to a more desireable name based on misspelling, then ICANN should allow a change from a desireable name in three characters(IDN) to longer name in eight characters (Internet) based on confusion with geographical names

Meetings with ICANN staff, the Ombudsman, the Governmental Advisory Committee and others to discuss his predicament several times over the last several years have proved fruitless.

Finally, today ICANN has published a letter (pdf) it sent to Muthusamy on Friday, urging him to ditch his Quixotic quest and get his money back. Christine Willett, VP of gTLD operations, wrote:

Given we are unable to take further action on Nameshop’s application, we encourage you to withdraw the application for a full refund of Nameshop’s application fee.

I doubt this is the first time ICANN has urged Nameshop to take its money and run, but it seems ICANN is now finally sick of talking about the issue.

Willett added that ICANN staff and directors “politely decline” his request for further in-person meetings to discuss the application, and encouraged him to apply for his desired string in the next application round, whenever that may be.

Research finds homograph attacks on big brands rife

Kevin Murphy, January 22, 2018, Domain Tech

Apparent domain name homograph attacks against major brands are a “significant” problem, according to research from Farsight Security.

The company said last week that it scanned for such attacks against 125 well-known brands over the three months to January 10 and found 116,113 domains — almost 1,000 per brand.

Homographs are domains that look like other domains, often indistinguishable from the original. They’re usually used to phish for passwords to bank accounts, retailers, cryptocurrency exchanges, and so on.

They most often use internationalized domain names, mixing together ASCII and non-ASCII characters when displayed in browsers.

To the naked eye, they can look very similar to the original ASCII-only domains, but under the hood they’re actually encoded with Punycode with the xn-- prefix.

Examples highlighted by Farsight include baŋkofamerica.com, amazoṇ.com and fàcebook.com

Displayed as ASCII, those domains are actually xn--bakofamerica-qfc.com, xn--amazo-7l1b.com and xn--fcebook-8va.com.

Farsight gave examples including and excluding the www. subdomain in a blog post last week, but I’m not sure if it double-counted to get to its 116,113-domain total.

As you might imagine, almost all of this abuse is concentrated in .com and other TLDs that were around before 2012, judging by Farsight’s examples. That’s because the big brands are not using new gTLDs for their primary sites yet.

Farsight gave a caveat that it had not generally investigated the ownership of the homograph domains it found. It’s possible some of them are defensive registrations by brands that are already fully aware of the security risk they could present.

After long battle, first Bulgarian IDN domain goes live

Bulgarians finally have the ability to register domain names in their native Cyrillic script, after years of fighting with ICANN.

The domain Имена.бг, which translates as “names.bg” went live on the internet this week, according to local reports.

Bulgaria was one of the first countries to ask for a internationalized domain name version of its ccTLD, almost seven years ago, but it was rejected by ICANN in 2010.

The requested .бг was found too similar to Brazil’s existing Latin-script ccTLD .br. Evaluators thought the risk of phishing and other types of attacks was too high.

The requested string didn’t change, but ICANN processes were adapted to allow appeals and a new method for establishing similarity was established.

On appeal, .бг was determined to be less prone to confusion with .br than existing pairs of Latin ccTLDs are with each other, ergo should be approved.

Имена.бг does not yet directly resolve (for me at least) from the Google Chrome address bar. It’s treated as a web search instead. But clicking on links to it does work.

The new ccTLD, which is .xn--90ae in the DNS, was delegated last week.

The registry is Imena.bg (which also means “names.bg”), based in Sofia and partially owned by Register.bg, the .bg registry.

Despite the long battle, the success of .бг is by no means assured. IDNs have a patchy record worldwide.

It’s true that Russians went nuts for their .рф (.rf for Russian Federation) ccTLD during its scandal-rocked launch in 2010, but Arabic IDNs have had hardly any interest and the current boom in China seems to be largely concentrated on Latin-script TLDs.

.бг is expected to open for general registration in the fourth quarter.

I guess we’ll have to wait until at least next year to discover whether the concerns about confusion with .br were well-founded.

IDN .com hits the root

Eleven variants of .com and .net in non-Latin scripts joined the internet today.

Verisign’s whole portfolio of internationalized domain name new gTLDs were added to the DNS root at some point in the last 24 hours, and the company is planning to start launching them before the end of the year.

But the company has been forced to backtrack on its plans to guarantee grandfathering to thousands of existing [idn].com domains in the new domains, thereby guaranteeing a backlash from IDN domainers.

The eleven gTLDs are: .कॉम, .ком, .点看, .คอม, .नेट, .닷컴, .大拿, .닷넷, .コム, .كوم and .קוֹם. Scripts include Arabic, Cyrillic and Hebrew.

Verisign signed registry agreements with ICANN back in January, but has been trying to negotiate a way to allow it to give the owners of [idn].com domains first rights to the matching domain in the “.com” in the appropriate script.

The company laid out its plans in 2013. The idea was to reduce the risk of confusion and minimize the need for defensive registrations.

So what happened? Trademark lawyers.

Verisign CEO Jim Bidzos told financial analysts last week that due to conversations with the “community” (read: the intellectual property lobby) and ICANN, it won’t be able grandfather all existing [idn].com registrants.

All of the new IDN gTLDs will be subject to a standard ICANN Sunrise period, which means trademarks owners will have first dibs on every string.

If you own водка.com, and somebody else owns a trademark on “водка”, the trademark owner will get the first chance to buy водка.ком.

According to SeekingAlpha’s transcript, Bidzos said:

Based primarily on feedback from domain name community stakeholders, we have revised our IDN launch strategy. We will offer these new IDN top-level domains as standalone domain names, subject to normal introductory availability and rights protection mechanisms, available to all new gTLDs. This revised approach will not require ICANN approval and is designed to provide end users and businesses with the greatest flexibility and, for registrars, a simple and straightforward framework to serve the market.

Finally, we believe this approach should provide the best opportunity for increased universal acceptance of IDNs. We expect to begin a phased rollout of the IDNs towards the end of this year, and we’ll provide more information on our launch plans when appropriate.

Senior VP Pat Kane added on the call that the grandfathering provisions, which would have required ICANN approval, have been “taken out”.

The question now is whether Verisign will introduce a post-sunrise mechanism to give rights to [idn].com.

That would not be unprecedented. ICM Registry ran into similar problems getting its grandfathering program for .porn approved by ICANN. It wound up offering a limited, secondary sunrise period for existing .xxx registrants instead.

Bulgaria looking for an IDN registry operator

The Bulgarian government is looking for a company to run the registry for its recently awarded .бг internationalized domain name.

.бг is the Cyrillic equivalent of .bg, the nation’s existing ccTLD.

After a tortuous battle through ICANN’s IDN ccTLD Fast Track process — where it was repeatedly rejected for looking too much like Brazil’s .br — the string was finally approved after an appeal last October.

The RFP is being carried out by the Ministry of Transport, Information Technology and Communications and will be open for the next 90 days.

MTITC says the winner will be registry whose proposal most closely adheres to a “principles and requirements” document, which is currently a dead link on the ministry web site.

There’s no government money on offer, but the winner will be supported in its request to IANA for delegation of the TLD.

I gather that the bidding is open to any European Union company.

Verisign lays out ‘buy once’ IDN gTLD plans

Verisign has finally clarified how it proposes to let existing registrants of internationalized domain names grab the matching domains in its 12 forthcoming IDN gTLDs.

The company has applied for transliterations of .com in nine non-Latin scripts and .net in three, but its applications were light on details about existing registrants’ rights.

But today Verisign senior vice president Pat Kane outlined precisely how name allocations will be handled.

At first glance it sounds like good news for existing IDN registrants, particularly domainers whose investments in IDN .com and .net domains are about to become much more valuable.

If you already own a .com domain that is an IDN at the second level, you will have exclusive rights to that IDN string in all other .com transliterations, but not .net transliterations.

That works the other way around too: if you own the IDN .net domain, you get the matching second level in all of Verisign’s .net transliterations.

Owning the Chinese word for “beer” in Latin .com would not give you rights to the Thai word for “beer” in the Thai transliteration of .com, but you could buy the Chinese equivalent.

The rules seem to apply to future registrations too.

You could register the Hebrew for “beer” in the Hebrew transliteration of .com and you would also get the exclusive right to that Hebrew string in Latin .com.

There would be no obligation, and you wouldn’t lose your right to register matching domains if you chose not to immediately exercise it, Kane said. He wrote:

Two primary objectives in our strategy to implement new IDN gTLDs are, where feasible, to avoid costs to consumers and businesses from purely defensive registrations in these new TLDs, as well as to avoid end-user confusion.

It all sounds pretty fair to me, based on Kane’s blog post.

There’s a hint that trademark rights protection mechanisms may complicate matters, which has apparently been discussed in a letter to ICANN, but if it’s been published anywhere I’ve been unable to find a copy.

Two more new gTLD bids bite the dust

ICANN appears to have formally killed off two new gTLD applications that had asked for subsidized application fees.

The bids for .idn and .ummah both failed to meet the criteria of ICANN’s Applicant Support Program back in March, but were only officially marked as dead over the weekend.

The .ummah application was voluntarily withdrawn by Ummah Digital, while the applicant for .idn (an Indian company called NameShop) unsuccessfully fought the decision.

Nevertheless, NameShop has now been flagged on ICANN’s site with “Did not meet all criteria” for the Applicant Support Program.

We’re taking this as a signal it’s been officially kicked out of the current application round and have updated the DI PRO database accordingly.

As well as failing applicant support, NameShop would have failed the Geographic Names component of its Initial Evaluation because IDN is the reserved three-letter country code for Indonesia.

NameShop had attempted to change its application from .idn to .internet — something that would no doubt have cause a deal of consternation among potential objectors and other applicants.

By flunking the company on the applicant support criteria, ICANN has luckily avoided having to make that difficult call.

Two more gTLD bids kicked out of the program, but .kids gets ICANN funding

Kevin Murphy, March 12, 2013, Domain Services

Two more applications have been rejected from the new gTLD program, after they tried and failed to have their application fees subsidized by ICANN’s Applicant Support Program.

Three gTLDs were submitted for financial assistance, but ICANN’s Support Application Review Panel, delivering its results (pdf) today, decided that only one of them qualified for a cheapo bid.

DotKids Foundation Ltd, which is applying for .kids, is the lucky recipient of $138,000 worth of waived application fees. Its application now enters Initial Evaluation.

The applicants for .ummah (Ummah Digital Ltd) and .idn (NameShop), on the other hand, have been given a refund of the $47,000 application fee they paid and politely shown the door.

ICANN said: “applications that did not meet the threshold criteria for financial assistance will be excluded from further participation in this round of the New gTLD Program”.

That rule was introduced to prevent gaming — companies that asked for cheaper applications risked losing their applications if they failed to meet the requirements for support.

It doesn’t mean there was anything wrong with their gTLD applications, however.

The approval of funding for the DotKids Foundation is goodish news for people uncomfortable with Amazon’s closed gTLD land-grab — the retailer is the only other applicant for .kids.

While the .kids contention set remains, is pretty safe to say that Amazon will be able to utterly crucify its competition if the TLD goes to auction.

Google junks three of its new gTLD applications

Kevin Murphy, September 6, 2012, Domain Registries

The identities of the first four new gTLD applications to be withdrawn have been revealed by ICANN.

Google has, as predicted, dropped its bids for .and, .are and .est, because they’re protected three-letter country-codes listed in the ISO 3166 alpha-3 standard.

An application for .ksb, by the KSB, a German maker of “pumps, valves and related liquid transportation systems”, has also been withdrawn, though the reasons are less clear.

KSB is not a protected geographic string, nor has .ksb received any negative public comments. I’m guessing the application was an unnecessary defensive move.

With Google expected to lose 30% of its application fees for the three withdrawn applications ($165,000) I can’t help but wonder why ICANN allowed it to apply for the strings in the first place.

The ban on ISO 3166 alpha-3 codes in the Applicant Guidebook appears to be hard and non-negotiable. The strings essentially enjoy the same degree of exact-match protection as Reserved Names such as .iana and .example.

However, while the TLD Application System was hard-coded to reject attempts to apply for Reserved Names, banned geographic strings did not get the same safeguards.

There’s one other application for an ISO 3166 alpha-3 string — .idn — which does not appear to have been withdrawn yet.

There are at least 16 other applications for protected geographic words that may require government support — but are not outright prohibited — according to our DI PRO study.

According to ICANN, six applications have been withdrawn to date. The change in status only shows up on ICANN’s web site after the refunds have been processed, however.

Google, which applied as Charleston Road Registry, has 98 new gTLD applications remaining.

Three Google gTLD applications doomed to fail

Kevin Murphy, July 3, 2012, Domain Policy

Google has applied for three new generic top-level domains that will almost certainly be rejected because they are on ICANN’s list of banned geographic strings.

I reported the story for The Register yesterday.

The applications for .and, .are and .est are affected by the rule that prohibits the delegation of three-letter country codes appearing on the ISO 3166-1 alpha-3 list.

A fourth application by a different company, for .idn, is also impacted by the same rule.

Based on DI’s analysis, there are at least another 16 new gTLD applications that are not currently self-designated geographic but which are also protected (but not banned) as geographic terms.

English dictionary words, brands and acronyms are affected.

DI PRO subscribers can read the full analysis here.

  • Page 1 of 2
  • 1
  • 2
  • >