Latest news of the domain name industry

Recent Posts

Emoji domains get a 👎 from security panel

Kevin Murphy, May 30, 2017, Domain Tech

The use of emojis in domain names has been discouraged by ICANN’s Security and Stability Advisory Committee.

In a paper late last week, SSAC told ICANN that emojis — aka emoticons or smileys — lack standardization, are barred by the relevant domain name technical standards, and could cause user confusion.

Emoji domains, while technically possible, are not particularly prevalent on the internet right now.

They’re implicitly banned in gTLDs due to the contractual requirement to adhere to the IDNA2008 standard, which restricts internationalized domain names to actual spoken human languages, and the only ccTLD I’m aware of actively marketing the names is Samoa’s .ws.

There was a notable example of Coca Cola registering 😀.ws (xn--h28h.ws) for a billboard marketing campaign in Puerto Rico a couple of years ago, but that name has since expired and been registered by an Australian photographer.

The SSAC said that emoji use should be banned in TLDs and discouraged at the second level for several reasons.

Mainly, the problem is that while emojis are described in the Unicode standards, there’s no standardization across devices and applications as to how they are displayed.

A certain degree of creative flair is permitted, meaning a smiling face in one app may look unlike the technically same emoji in another app. On smaller screens and with smaller fonts, technically different emojis may look alike.

This could lead to confusion, which could lead to security problems, SSAC warns:

It is generally difficult for people to figure out how to specify exactly what happy face they are trying to produce, and different systems represent the same emoji with different code points. The shape and color of emoji can change while a user is viewing them, and the user has no way of knowing whether what they are seeing is what the sender intended. As a result, the user is less likely to reach the intended resource and may instead be tricked by a phishing site or other intentional misrepresentation.

SSAC added that it:

strongly discourages the registration of any domain name that includes emoji in any of its labels. The SSAC also advises registrants of domain names with emoji that such domains may not function consistently or may not be universally accessible as expected

The brief paper can be read here (pdf).

Companies losing $10 BILLION by ignoring new gTLDs — report

Kevin Murphy, April 11, 2017, Domain Registries

The world economy is “conservatively” losing out on almost $10 billion of annual revenue due to a lack of support for new gTLDs and internationalized domain names, according to an ICANN-commissioned research report.

The report, conducted by Analysys Mason for the semi-independent Universal Acceptance Steering Group, calculated that patchy new gTLD support means $3.6 billion of activity is lost, with lack of IDN support costing $6.2 billion.

Despite “new” gTLDs being around for a decade and a half, there are still plenty of web sites and apps that incorrectly assume that all TLDs are either two or three characters. Others don’t support non-Latin scripts.

This leads to internet users abandoning transactions, the report says, when their email addresses are rejected as invalid.

Mason calculated the $3.6 billion number by multiplying the estimated number of email addresses using new gTLD domains (152 million) by the estimated average annual revenue generated per email address ($360), then calculating what portion of these transactions cannot happen due to incomplete TLD support.

Earlier research by .CLUB Domains suggests that 13% of sites do not support new gTLDs, so that’s the number Mason used. The researchers then cut the number in half, to account for the 50% of people it reckons would simply switch to an email address in a legacy TLD name.

That gets you to $3.6 billion of potential revenue lost for want of gTLD support.

Another, more cynical way to spin this would be to say that new gTLDs are causing $3.6 billion of economic damage. After all, if everyone were to use legacy TLDs there would be no problem.

For the IDN number, Mason calculated how many users of five major language groups (Russian, Chinese, Arabic, Vietnamese and Indian languages) are not currently online, then estimated how much revenue would be generated if just 5% of these users (17 million people) were persuaded online by the existences of IDN TLDs.

The report was commissioned in order to raise awareness of the financial benefits of universal acceptance.

The UASG has spent most of its efforts so far focusing on UA as a “bug fix” to be communicated to engineers, so the report is intended to broaden its message to catch the attention of the money people too.

The report, which goes into much more detail about how the numbers were arrived at, can be downloaded here.

Why you can’t register emojis in gTLDs

Kevin Murphy, February 25, 2015, Domain Tech

The popular “emoji” smiley faces are banned as gTLD domain names for technical reasons, according to ICANN.

Emojis are a form of emoticon that originated on Japanese mobile networks but are now used by 12-year-old girls worldwide due to their support on Android and iPhone operating systems.

CokeIt emerged last week that Coca-Cola has registered a bunch of smiley-face domain names under .ws, the Samoan ccTLD, for use in an billboard advertising campaign in Puerto Rico.

.ws was selected because it’s one of only a few TLDs that allow emojis to be registered. Coke is spinning its choice of TLD as an abbreviation for “We Smile”.

This got me thinking: would emojis be something new gTLD registries could start to offer in order to differentiate themselves?

Coke’s emoji domains, it turns out, are just a form of internationalized domain name, like Chinese or Arabic or Greek.

Emoji symbols are in the Unicode standard and could therefore be converted to the ASCII-based, DNS-compatible Punycode under the hood in web browsers and other software.

One of Coke’s (smiley-face).ws domain names is represented as xn--h28h.ws in the DNS.

Unfortunately for gTLD registries, ICANN told DI last night that emojis are not permitted in gTLDs.

“Emoticons cannot be used as IDNs as these code points are DISALLOWED under IDNA2008 protocol,” ICANN said in a statement.

IDNA2008 is the latest version of the IETF standard used to define what Unicode characters can and cannot appear in IDNs.

RFC 5892 specifies what can be included in an IDNA2008 domain name, eliminating thousands of letters and symbols that were permissible under the old IDNA2003 standard.

These characters were ostensibly banned due to the possibility of IDN homograph attacks — when bad guys set up spoof web sites on IDNs that look almost indistinguishable from a domain used by, for example, a bank or e-commerce site.

But Unicode, citing Google data, reckons symbols could only ever be responsible for 0.000016% of such attacks. Most homograph attacks are much simpler, relying on for example the visual similarity of I and l.

Regardless, because IDNA2008 only allows Unicode characters that are actually used in spoken human languages, and because gTLD registries are contractually obliged to adhere to the IDNA2008 technical standards, emojis are not permitted in gTLDs.

All new gTLDs have to provide ICANN with a list of the Unicode code points they plan to support as IDNs when they undergo pre-delegation testing. Asking to support characters incompatible with IDNA2008 would result in a failed test, ICANN tells us.

ICANN does not regulate ccTLDs, of course, so the .ws registry is free to offer whatever domains it wants.

However, ICANN said that emoji domains are only currently supported by software that has not implemented the newer IDN protocol:

Emoticon domains only work in software that has not implemented the latest IDNA standard. Only the older, deprecated version of the IDNA standard allowed emoticons, more or less by accident. Over time, these domains will increasingly not work correctly as software vendors update their implementations.

So Coke, while winning brownie points for novelty, may have registered a bunch of damp squibs.

ICANN also told us that, regardless of what the technical standards say, you’d never be able to apply for an emoticon as a gTLD due to the “letters only” principle, which already bans numbers in top-level strings.

New ccTLDs may have to block name collisions

Kevin Murphy, January 26, 2015, Domain Registries

ICANN is thinking about expanding its controversial policy on name collisions from new gTLDs to new ccTLDs.

The country code Names Supporting Organization has been put on notice (pdf) that ICANN’s board of directors plans to pass a resolution on the matter shortly.

The resolution would call on the ccNSO to “undertake a study to understand the implications of name collisions associated with the launch of new ccTLDs” including internationalized domain name ccTLDs, and would “recommend” that ccTLD managers implement the same risk mitigation plan as new gTLDs.

Because ICANN does not contract with ccTLDs, a recommendation and polite pressure is about as far as it can go.

Name collisions are domains in currently undelegated TLDs that nevertheless receive DNS root traffic. In some cases, that may be because the TLDs are in use on internal networks, raising the potential of data leakage or breakages if the TLDs are then delegated.

ICANN contracts require new gTLDs to block such names or wildcard their zones for 90 days after launch.

Some new gTLD registry executives have mockingly pointed to the name collisions issue whenever a new ccTLD has been delegated over the last year or so, asking why, if collisions are so important, the mitigation plan does not apply to ccTLDs.

If the intent was to persuade ICANN that the collisions management framework was unnecessary, the opposite result has been achieved.

Here’s how the new number two new gTLD got so big so quick

Kevin Murphy, January 13, 2015, Domain Registries

Attentive DI readers will recall my journalistic meltdown last week, when I tried to figure out how the Chinese new gTLD .网址 managed to hit #2 in the new gTLD zone file size league table, apparently shifting a quarter of a million names in a week.

Well, after conversations with well-placed sources here at NamesCon in Las Vegas this week, I’ve figured it out.

.网址 is the Chinese for “.url”.

Its rapid growth — hitting 352,000 names today — can be attributed primarily to two factors.

First, these weren’t regular sales. The registry, Knet, which acquired original applicant Hu Yi last year, operates a keyword-based navigation system in China that predates Chinese-script gTLDs.

The company has simply grandfathered its keyword customers into .网址, I’m told.

The keyword system allows Latin-script domains too, which explains the large number of western brands that appear in the .网址 zone.

The second reason for the huge bump is the fact that many of the domains are essentially duplicates.

Chinese script has “traditional” and “simplified” characters, and in many cases domains in .网址 are simply the traditional equivalents of the simplified versions.

I understand that these duplicates may account for something like 30% of the zone file.

I’ve been unable to figure out definitively why the .网址 Whois database appeared to be so borked.

As I noted last week, every domain in the .网址 space had a Knet email address listed in its registrant, admin and technical contact fields.

It seems that Knet was substituting the original email addresses with its own when Whois queries were made over port 43, rather than via its own web site.

Its own Whois site (which doesn’t work for me) returned the genuine email addresses, but third-party Whois services such as DomainTools and ICANN returned the bogus data.

Whether Knet did this by accident or design, I don’t know, but it would have almost certainly have been a violation of its contractual commitments under its ICANN Registry Agreement.

However, as of today, third-party Whois tools are now returning the genuine Whois records, so whatever the reason was, it appears to be no longer an issue.