Latest news of the domain name industry

Recent Posts

KnujOn scores a win as BizCN gets first breach notice

The Chinese registrar BizCN has received its first breach notice from ICANN’s compliance department, following a sustained campaign by anti-abuse activist KnujOn.

The notice concerns Whois accuracy, specifically for the domain names rapetube.org and onlinepharmacy4.org, and a bunch of other peripheral breaches of the Registrar Accreditation Agreement.

The “porn” site rapetube.org was the subject of a Washington Post article last December, in which KnujOn’s Garth Bruen said he feared the site might contain footage of actual crimes.

Bruen has been chasing BizCN about Whois inaccuracy, and specifically the rapetube.org domain, since 2011.

He said in a September 2013 CircleID post that he’s filed Whois inaccuracy complaints about the domain with ICANN “multiple times”.

His campaign against ICANN Compliance led to an Ombudsman complaint (which was rejected) last year.

Now Compliance appears to be taking the case more seriously. ICANN, according to the breach notice, has been on BizCN’s case about rapetube.org’s Whois since March 24 this year.

At that time, the name was registered to a Vietnamese name with a French address and phone number and a contact email address at privacy-protect.cn.

According to Bruen’s interview with the Post, this email address bounced and nobody answered the phone number. The privacy-protect.cn domain does not appear to currently resolve.

ICANN evidently has some unspecified “information” that shows the email “does not appear to be a valid functioning email address”.

But BizCN told ICANN April 2 that it had verified the registrant’s contact information with the registrant, and provided ICANN with correspondence it said demonstrated that.

ICANN says the correspondence it provided actually predated KnujOn’s latest complaint by six months.

In addition, when BizCN forwarded a scanned copy of the registrant’s ID card, ICANN suspected it to be a fake. The notice says:

Registrar provided copies of correspondence between the reseller and registrant. The response included the same email address that was still invalid according to information available to ICANN, and included a copy of a government identification card to confirm the registrant’s address. According to information available to ICANN, the identification card did not conform to any current or previous form of government identification for that jurisdiction.

Despite repeated follow-up calls, ICANN said it still has not received an adequate response from BizCN, so its accreditation is now in jeopardy.

BizCN has something like 450,000 gTLD names under management and is in the top 50 registrars by volume.

As for rapetube.org, it’s still registered with BizCN, but its Whois changed to a Russian company “Privat Line LLP”, at privatlinellp.me, on or about April 17.

That change is not going to help BizCN, however, which is being asked to provide evidence that it took “reasonable steps to investigate and reasonable steps to correct the Whois inaccuracy claims”.

It has until May 29 to sort out the breaches or face termination. Read the breach notice here.

ICANN cans “Spam King” registrar

Kevin Murphy, November 26, 2013, Domain Registrars

ICANN has terminated the registrar accreditation of Dynamic Dolphin, which it turned out was owned by self-professed “Spam King” Scott Richter.

The company has until December 20 to take down its ICANN logo and cease acting as a registrar.

ICANN, in its termination notice (pdf) late last week, said that it only became aware earlier this month that Richter was the 100% owner of Dynamic Dolphin.

Richter grew to fame a decade ago for being one of the world’s highest-profile spammers. He was sued for spamming by Microsoft and Myspace and was featured on the popular TV program The Daily Show.

As well as being a thoroughly unpleasant chap, he has a 2003 conviction for grand larceny, which should disqualify him from being the director of an ICANN-accredited registrar.

He removed himself as an officer on October 9 in response to ICANN’s persistent inquiries, according to ICANN’s compliance notice.

But he was much too late. ICANN has terminated the accreditation due to the “material misrepresentation, material inaccuracy, or materially misleading statement in its application”.

The question now has to be asked: why didn’t ICANN get to this sooner? In fact, why was Dynamic Dolphin allowed to get an accreditation in the first place?

Former Washington Post security reporter Brian Krebs has been all over this story for five years.

Back in 2008, with a little help from anti-spam outfit KnujOn, he outed Richter’s links to Dynamic Dolphin when it was just a Directi reseller.

Yesterday, Krebs wrote a piece on his blog going into a lot of the background.

Another question now is: which registrar is going to risk taking over Dynamic Dolphin’s registrations?

As of the last registry reports, Dynamic Dolphin had fewer than 25,000 gTLD domains under management.

According to ICANN’s termination notice, 13,280 of these use the company’s in-house privacy service, and 9,933 of those belong to just three individuals.

According to DomainTools, “Dynamic Dolphin Inc” is listed as the registrant for about 23,000 names.

According to KnujOn’s research and Krebs’s reporting, the registrar was once among the most spam-friendly on the market.

ICANN compliance not broken, Ombudsman rules

Kevin Murphy, October 28, 2013, Domain Policy

Ombudsman Chris LaHatte has rejected a complaint from spam research firm KnujOn — and 173 of its supporters — claiming that ICANN’s compliance department is failing consumers.

In a ruling posted online today, LaHatte said there was “no substance” to complaints that a small number of “bad” registrars, notably BizCN, have been allowed to run wild.

KnujOn’s Garth Bruen is a regular and vocal critic of ICANN compliance, often claiming that it ignores complaints about bad Whois data and fails to enforce the Registrar Accreditation Agreement, enabling fake pharma spamming operations to run from domains sponsored by ICANN-accredited registrars.

This CircleID blog post should give you a flavor.

The gist of the complaint was that ICANN regularly fails to enforce the RAA when registrars allow bad actors to own domain names using plainly fake contact data.

But LaHatte ruled, based on a close reading of the contracts, that the Bruen and KnujOn’s supporters have overestimated registrars’ responsibilities under the RAA. He wrote:

the problem is that the complainants have overstated the duties of the registrar, the registrant and the role of compliance in this matrix.

He further decided that allegations about ICANN compliance staff being fired for raising similar issues were unfounded.

It’s a detailed decision. Read the whole thing here.

ICANN will not attend White House drugs meeting

Kevin Murphy, September 28, 2010, Domain Policy

ICANN has declined an invitation from the Obama administration to attend a meeting tomorrow to discuss ways to crack down on counterfeit drugs web sites.

The meeting, first reported by Brian Krebs, was called with an August 13 invitation to “registries, registrars and ICANN” to meet at the White House to talk about “voluntary protocols to address the illegal sale of counterfeit non-controlled prescription medications on-line.”

The meeting is reportedly part of the administration’s Joint Strategic Plan to Combat Intellectual Property Theft, which was announced in June.

It also follows a series of reports from security firms that called into question domain name registrars’ willingness to block domains that are used to sell fake pharma.

ICANN tells me that, following talks with White House Intellectual Property Enforcement Coordinator Victoria Espinel, it was agreed that it would “not be appropriate” for ICANN to attend.

The decision was based on the fact that ICANN’s job is to make policy covering internet names and addresses, and not to regulate the content of web sites.

ICANN’s vice president of government affairs for the Americas, Jamie Hedlund, said the meeting was “outside the scope of our role as the technical coordinator of the Internet’s unique identifiers.”

I suspect it also would not have looked great on the global stage if ICANN appeared to be taking its policy cues directly from the US government rather than through its Governmental Advisory Committee.

Demand Media-owned registrar eNom, which has took the brunt of the recent criticism of registrars, recently signed up to a service that will help it more easily identify and terminate domains used to sell counterfeit medicines.

eNom to crack down on fake pharma sites

Kevin Murphy, September 17, 2010, Domain Registrars

Demand Media is to tighten security at its domain registrar arm, eNom, after bad press blighted its recent IPO announcement.

The company has signed a deal with fake pharmacy watchdog LegitScript, following allegations that eNom sometimes turns a blind eye to illegal activity on its customers’ domains.

The news emerged in the company’s amended S-1 registration statement (large HTML file), filed with the US Securities and Exchange Commission yesterday. New text reads:

We recently entered into an agreement with LegitScript, LLC, an Internet pharmacy verification and monitoring service recognized by the National Association of Boards of Pharmacy, to assist us in identifying customers who are violating our terms of service by operating online pharmacies in violation of U.S. state or federal law.

LegitScript will provide eNom with a regularly updated list of domain names selling fake pharma, so the registrar can more efficiently turn them off. The companies have also agreed to work together on research into illegal online pharmacies.

Surrounding text has also been modified to clarify that eNom is not required, under ICANN rules, to turn off domains that are being used to conduct illegal activity.

This is a bit of a PR win for the small security outfits KnuJon and HostExploit, firms which had used the occasion of Demand’s S-1 filing to give eNom a good kicking in the tech and financial press.

HostExploit reported last month that eNom was statistically the “worst” registrar as far as illegal content goes.

ICANN executives are reportedly going to be hauled to Washington DC at the end of the month to explain the problem of fake pharma to the White House.

Registries and registrars have also been invited, and I’d be surprised if eNom is not among them.

eNom called world’s most “abusive” registrar

Kevin Murphy, August 11, 2010, Domain Registrars

A small security firm has singled out eNom as the domain name registrar and web host with the most criminal activity on its network.

HostExploit released a report today claiming the concentration of “badware” on the network belonging to eNom and its soon-to-be-public parent Demand Media is “exceptionally high”.

The claim is based on the proportion of dodgy sites on eNom’s network relative to its size, rather than the actual quantity.

The report says the Demand-owned autonomous system AS21740 has the fifth-highest amount of badware and the sixth-highest number of botnet command and control servers.

It goes on to say that the four or five AS’s with larger amounts of malware are themselves between 10 and 7,500 larger than eNom, as measured by address space.

The report, which I’m guessing HostExploit released to coincide with the hype around Demand Media’s upcoming IPO, draws heavily on existing research, such as this recent KnuJon registrar report (pdf).

It also uses stats from Google-backed StopBadware.org to demonstrate that eNom hosts a disproportionately large number of malware-serving URLs.

According to StopBadware, Go Daddy actually hosts more bad URLs than eNom – 10,797 versus 7,429 – but Go Daddy’s market share is of course over three times larger.

According to WebHosting.info, eNom currently has 9.5 million domains under management, compared to Go Daddy’s 35.2 million.

In Demand Media’s IPO registration statement, filed last Friday, the company acknowledges that it sometimes gets bad publicity but says it’s caught between a rock and a hard place.

We do not monitor or review the appropriateness of the domain names we register for our customers or the content of our network of customer websites, and we have no control over the activities in which our customers engage.

While we have policies in place to terminate domain names if presented with a court order or governmental injunction, we have in the past been publicly criticized for not being more proactive in this area by consumer watchdogs and we may encounter similar criticism in the future. This criticism could harm our reputation.

Conversely, were we to terminate a domain name registration in the absence of legal compulsion, we could be criticized for prematurely and improperly terminating a domain name registered by a customer.

McAfee calls for ICANN spam crackdown

Kevin Murphy, August 10, 2010, Domain Tech

The security company McAfee has claimed that ICANN needs to try harder in the fight against spam by cracking down on rogue registrars.

In a report released today, the company makes the bold assertion that ICANN “holds the trump card to the spam problem” and that it should step up its compliance efforts.

Although ICANN cannot stop spam itself and does not link spammers to the Internet, it does accredit the registrars that sell the domains that cybercriminals use to fill our inboxes with advertisements and malware

McAfee notes that ICANN has previously de-accredited spammer-friendly registrars such as the notorious EstDomains, but that it needs to do more.

ICANN needs to continue this trend against registrars that knowingly provide domain services to cybercriminals. The organization also needs to harden its policies that define under what circumstances an accreditation can be revoked, so that it can take quicker action against rogue registrars.

The claims come in a report entitled “Security Takes The Offensive”, available here.

The report does not lay all the blame for spam at ICANN’s door, of course. The author also goes after ISPs and the SMTP protocol itself.

The report does not point out that there are 250-odd TLDs over which ICANN has no registrar accreditation powers whatsoever.

Despite my best efforts with Google, I’ve been unable to find a single instance of McAfee publicly participating in ICANN policy-making, so I have to wonder how serious it is.

At least guys like KnuJon are not afraid to show up at meetings and stir things up a bit.

Round-up of the ICANN new TLDs comment period

Today is the deadline to file comments on version four of ICANN’s Draft Applicant Guidebook for prospective new top-level domain registries.

Of the few dozen comments filed, the majority involve special pleading in one way or another – everybody has something to lose or gain from the contents of the DAG.

That said, I’ve read all the comments filed so far (so you don’t have to) and lots of good points are raised. It’s clear that whatever the final Applicant Guidebook contains, not everybody will get what they want.

Here’s a non-comprehensive round-up, organized by topic.

Trademark Protection

Trademark holders were among the first to file comments on DAG v4. As I’ve previously reported, Lego was first off the mark with an attempt to convince ICANN that the concerns of the IP lobby have not yet been resolved.

Since then, a few more of the usual suspects from the IP constituency, such as Verizon and InterContinental Hotels, have filed comments.

The concerns are very similar: the Universal Rapid Suspension process for trademark infringements is too slow and expensive, the Trademark Clearinghouse does not remove cost or prevent typosquatting, not enough is done to prevent deadbeat registries.

Verizon, a long-time opponent of the new TLD program and a rigorous enforcer of its trademarks, used its letter to raise the issue of cybercrime and hit on pressure points relating to compliance.

It brings up the KnujOn report (pdf) released in Brussels, which accused ICANN registrars of being willfully blind to customer abuses, and the fact that ICANN compliance head David Giza recently quit.

Two IP-focused registrars also weighed in on trademark protection.

Com Laude’s Nick Wood filed a very good point-by-point breakdown of why the URS process has become too bloated to be considered “rapid” in the eyes of trademark holders.

Fred Felman of MarkMonitor covers the same ground on rights protection mechanisms, but also questions more fundamentally whether ICANN has shown that the new TLD round is even economically desirable.

Felman has doubts that new gTLDs will do anything to create competition in the domain name market, writing:

the vast majority of gTLDs currently being proposed in this round are gTLDs that hide traditional domain registration models behind a veil of purported innovation and creativity

Well, I guess somebody had to say it.

Fees

There are concerns from the developing world that $185,000, along with all the associated costs of applying for a TLD, is too steep a price to pay.

The “African ICANN Community” filed a comment a month ago asking ICANN to consider reducing or waiving certain fees in order to make the program more accessible for African applicants.

Several potential TLD registries also think it’s unfair that applicants have to pay $185,000 for each TLD they want to run, even if it’s basically the same word in multiple scripts.

Constantine Roussos, who intends to apply for .music, reiterated the points he brought up during the ICANN board public forum in Brussels last month.

Roussos believes that applicants should not have to pay the full $185,000 for each non-ASCII internationalized domain name variant of their primary TLD.

He wrote that he intends to apply for about six IDN versions of .music, along with some non-English Latin-script variants such as .musique.

Antony Van Couvering of registry consultant Minds + Machines and .bayern bidder Bayern Connect both echo this point, noting that many geographical names have multiple IDN variants – Cologne//Koeln/Köln, for example.

Roussos also notes, wisely I think, that it appears to be a waste of money paying consultants to evaluate back-end registry providers for applicants who choose to go with an recognized incumbent such as VeriSign, NeuStar or Afilias.

Another request for lower fees comes from the Japan Internet Domain Name Council, which thinks geographical TLD applications from small cities should receive a discount, as well as a waiver of any fees usually required to object to a third-party application.

Contended Strings and Front-Running

Of the known proposed TLDs, there are several strings that will very likely be contended by multiple bidders. This has led to maneuvering by some applicants designed to increase their chances of winning.

Roussos suggested that applicants such as his own .music bid, which have made their plans public for years, should be awarded bonus points during evaluation.

This would help prevent last-minute con artists stepping in with “copy-paste” bids for widely publicized TLDs, in the hope of being paid off by the original applicant, he indicated.

Roussos thinks the amount of work his .music has done in raising community awareness around new TLDs has earned the company extra credit.

It’s a thought echoed by Markus Bahmann, dotBayern’s chairman, and his counterpart at dotHamburg.

The opposing view is put forward by rival .bayern bidder Bayern Connect’s Caspar von Veltheim. He reckons such a system would put “insiders” at an unfair advantage.

M+M’s Van Couvering also said he opposes any applicant getting special treatment and added that M+M wants an explicit ban on trademark front-running included in the DAG.

Front-running is the practice of registering a TLD as a trademark in order to gain some special advantage in the new TLD evaluation process or in court afterward.

(M+M’s owner, Top Level Domain Holdings, has reportedly been front-running itself – attempting to defensively register trademarks in the likes of .kids, .books and .poker, while simultaneously trying to fight off similar attempts from potential rivals.)

Roussos of .music responded directly to M+M this afternoon, presenting the opposite view and promising to use its trademarks to defend itself (I’m assuming he means in court) if another .music applicant prevails.

Rest assured that if we, as .MUSIC are faced with the possibility of being gamed and abused in a manner that we find illegal, we will use our trademarks and other means necessary to do what we have to do to protect ourselves and our respective community.

He said .music is trademarked in 20 countries.

Morality and Public Order

This was a hot topic in Brussels, after the ICANN Governmental Advisory Committee agreed that it did not like the “MOPO” objection provisions of DAG v4, but could not think of a better replacement.

MOPO would give a way for governments to scupper bids if they do not like the morality implications. Anybody applying for .gay, for example, would have to deal with this kind of nonsense.

Jacob Malthouse of BigRoom, one of the would-be .eco bidders, reckons ICANN should treat the GAC the same as it treated the GNSO on the issue of vertical integration – remove MOPO from the DAG entirely in order to force the GAC to come up with something better.

The GAC had previously said it would address the MOPO issue in its comments on DAGv4, but its filing has not yet appeared on the ICANN site.

There’s a GNSO working group over here, but M+M’s Van Couvering notes that no GAC members have got involved post-Brussels.

Terrorism

Two commentators objected to the idea that an applicant could be rejected for involvement in “terrorism”, a term that DAGv4 does not define.

I reported on this a few days ago, but since then Khaled Fattal of the Multilingual Internet Group has filed a surprising rant that seems to indicate he has way more beef than really necessary.

Here’s a few quotes mined from the full comment:

it will alienate many in the international community who will choose not to take part in future ICANN processes including its New gTLDs, distrusting ICANN’s motives, or actively choosing to boycotting it, and causing many to seriously start re-considering alternatives.

as a Syrian born Arab American would I pass the IvCANN terrorism verification check as they are? After all Syria, my country of birth, is on the U.S. Government list of states sponsor of terrorism? And I admit, I do know an “Osama”, does that disqualify me? I Forgot to add, “Osama Fattal” a cousin. So would I pass or fail this check?

The arbitrary inclusion of terrorism as a measuring stick without any internationally recognized laws or standards is wrong and offensive to many around the world. If acted upon, it will be seen by millions of Muslims and Arabs as racist, prejudicial and profiling and would clearly indicate that ICANN has gone far beyond its mandate.

Vertical Integration and .brand TLDs

The issue of whether registries and registrars should be allowed to own each other is a thorny one, but there’s barely any mention at all of it in the DAGv4 comments filed so far.

The DAGv4 language on VI, which effectively bans it, is a place-holder for whatever consensus policy the GNSO comes up with (in the unlikely event that its working group ever gets its act together).

Most efforts on VI are therefore currently focused in the GNSO. Nevertheless, some commentators do mention VI in their filings.

Roussos of .music wants .music to be able to vertically integrate.

Abdulaziz Al-Zoman of SaudiNIC said VI limits should be removed to help applicants who need to turn to third-party infrastructure providers.

From the IP lobby, Celia Ullman of cigarette maker Philip Morris notes that there’s nothing in DAGv4 about single-registrant .brand TLDs. She writes:

would this mean that trademark owners owning a gTLD would need to open the registration procedure to second-level domain names applied for to third unrelated parties? In this case, what would be the incentive of actually registering and operating such a gTLD?

Clearly, the idea that a .brand would have to be open to all ICANN registrars on a non-discriminatory basis is enough to make any trademark attorney choke on their caviare.

JPNIC, the .jp ccTLD operator, also points out that DAGv4 says next to nothing about .brand TLDs and strongly suggests that the final Applicant Guidebook spells out just what a registry is allowed to do with its namespace (lawsuits are mentioned)

Disclaimer

I’ve paraphrased almost everybody in this article, and I’ve done it rather quickly. Despite my best efforts, some important nuance may have been lost in the act.

If you want to know what the commentators I’ve cited think, in their own words, I’ve linked to their comments individually throughout.

I may update this post as further comments are filed.

ICANN registrar’s domain listed for sale on Sedo

When selecting a domain name registrar there are often clues you can use to determine broadly whether a firm is entirely reliable, but this one is new to me.

Vivid Domains, a small-time, seven-year-old ICANN-accredited registrar, currently has its primary domain, vividdomains.com, listed for sale on Sedo.

It’s listed as a “domain without content” too, which looks even more peculiar.

According to DotAndCo, the company recently relocated from Florida to Grand Cayman.

WebHosting.info notes that, having chugged along for some time with only a few hundred domains under management, Vivid’s registration base has leapt from about 400 to over 1,900 in the last two weeks.

KnujOn’s registrar audit report (pdf), released at ICANN Brussels last week, notes that the anti-spam company was unable to locate a business registration for Vivid.

I’m not suggesting Vivid is dodgy, but these are the kind of clues I would use when deciding whether to give a registrar a wide berth.