Latest news of the domain name industry

Recent Posts

.feedback regs Fox trademark to itself during sunrise

Kevin Murphy, November 12, 2015, Domain Registries

Top Level Spectrum, the new .feedback registry, has painted a second gigantic target on itself by registering to itself a .feedback domain matching one of the world’s largest media brands.

The company has registered and put up a web site soliciting comment on Fox Broadcasting Company.

This has happened whilst .feedback is still in its sunrise period.

The intellectual property community is, I gather, not particularly happy about the move.

The domain points to a web site that uses TLS’ standard feedback platform, enabling visitors to rate and comment on Fox.

The site has a footnote: “Disclaimer: This site is provided to facilitate free speech regarding fox. No direct endorsement or association should be conferred.”

Fox had no involvement with the registration, which Whois records show is registered to Top Level Spectrum itself.

Registry CEO Jay Westerdal said that the domain is one of the 100 “promotional” domains that new gTLD registries are allowed to set aside for their own use under the terms of their ICANN contracts.

Registries usually register names like “buy.example” or “go.example”, along with the names of early adopter anchor tenant registrants, using this mechanism.

I’m not aware of any case where a registry has consciously registered a famous brand, without permission, as part of its promotional allotment.

“The website is hosted automatically by the Feedback platform,” Westerdal said. “Fox Television Network has raised no concerns and has not applied for the domain during sunrise. We are testing out promotion of the TLD with the domain as per our ICANN contract.”

Fox may still be able to buy the domain during sunrise, he said.

“This is a Registry Operation name. During sunrise, If we receive an application from a sunrise-eligible rights holders during sunrise for a Registry Operations name we may release the name for registration,” he said.

Fox’s usual registrar is MarkMonitor. Matt Serlin, VP there, said in an email that the TLS move could be raised with ICANN Compliance:

I find it curious that this branded domain name would have been registered to the registry prior to the sunrise period which is restricted to the 100 registry promotional names. The fact that the domain is actually resolving to a live site soliciting feedback for The Fox Broadcasting Company is even more troubling. MarkMonitor may look to raise this to ICANN Compliance once the registry is able to confirm how this domain was registered seemingly outside of the required process.

The IP community originally fought the introduction of the 100-domain pre-sunrise exception, saying unscrupulous registries would use it to stop trademark owners registering their brands.

While there have been some grumblings about registries reserving dictionary terms that match trademarks, this may be the first case of a registry unambiguously targeting a brand.

Top Level Spectrum courted controversy with the trademark community last week when it told DI that it plans to sell 5,000-brand match domains to a third party company after .feedback goes into general availability in January.

Westerdal told us this is not “cybersquatting”, as the sites contain disclaimers and are there to facilitate free speech.

What do you think about this use of brands as “promotional” domains?

It’s indisputably pushing the envelope of what is acceptable, but is it fair? Should registries be allowed to do this?

Forget .sucks, .feedback will drive trademark owners nuts all over again

Kevin Murphy, November 4, 2015, Domain Registries

Top Level Spectrum, the new gTLD registry behind .feedback, plans to give sell domains matching 5,000 of the world’s top brands to a third party that does not own the trademarks.

That’s one novel element of a .feedback business model that is guaranteed to drive the intellectual property community crazy in much the same way as .sucks did earlier this year.

The other piece of ‘innovation’ will see all .feedback domains — including the 5,000 brands — point by default to a hosted service that facilitates comment and criticism.

An example of such a site can be seen at The registry’s CEO, Jay Westerdal, has a .feedback site at

If you agree to use the hosted service with your domain, the domain and service combined will cost a minimum of just $20 per year.

However, if you want to turn off the hosted service and use your .feedback like a regular domain, pointing to the web site of your choice, the price will ratchet up to $50 a month, or $620 a year.

Those are the wholesale prices. Both services will be offered through registrars, where some markup is to be expected.

The hosted service is being offered by Feedback SAAS LLC, a company that, judging by its web site, appears to share ownership with Top Level Spectrum, though Westerdal says the two firms have different employees.

It’s not dissimilar to the model employed by .tel, where name servers by default point to a registry-hosted service.

Unlike .tel, .feedback registrants will be able to opt out of using the SAAS service and point their domains to whatever name servers they want.

Westerdal told DI that .feedback is in the process of making a deal with a “third party” he could not yet name to have 5,000 branded .feedback domains deployed during the Early Access Period of the .feedback launch. That’s scheduled to start January 6.

“We are striking a deal to get feedback sites out there. We want everything to have feedback,” he said. “We are signing an agreement to get the ball rolling by doing a founders program to get names out there. Your favorite shoe, your pizza place, your everything.”

“The sites are all geared towards free speech and giving reviews,” he said. He said:

No trademark infringement will occur though, the sites are all geared towards free speech and giving reviews. Confusing the public that the brand is running the site will not happen, each site has a disclaimer and makes it clear the brand is not running the site.

Asked whether we were talking about a genuine third party or a shell set up by the registry, he said: “A real third party. I am not playing games.”

He said the higher pricing for the naked domain registration is intended to discourage companies from turning off the domains matching their brands.

The whole point of .feedback is to solicit feedback.

The as-yet unspecified third-party taking possession of the 5,000 brand names would not be prevented from selling the domains to the matching brand owner, or to any third parties, he said, though he would not be in favor of such a move.

He said that $20 a year to run a configurable .feedback site, with moderator privileges, is a “great deal” compared to the $300-a-month service he said consumer review site Yelp offers.

The SAAS service will make additional revenue by selling added features, suitable for enterprises, he said.

.feedback went into its sunrise period last week with a $2,000 wholesale fee — the same high price that attracted criticism for .sucks.

The original Registry Service Evaluation Process for the .feedback service hit ICANN over a year ago (pdf).

I missed it then. Sorry.

I noticed it today after corporate registrar MarkMonitor blogged about it.

Matt Serlin, VP of MarkMonitor, who blogged his opinion on .feedback’s strategy earlier today, said in an email that the .feedback strategy was “more objectionable” than he had thought, and that “[W]e would most likely look to raise to ICANN if that is his stated intent.”

Registrars open floodgate of Whois privacy outrage

Kevin Murphy, June 26, 2015, Domain Policy

A letter-writing campaign orchestrated by the leading domain registrars has resulted in ICANN getting hit with over 8,000 pro-privacy comments in less than a week.

It’s the largest volume of comments received by ICANN on an issue since right-wing Christian activists deluged ICANN with protests about .xxx, back in 2010.

The comments — the vast majority of them unedited template letters — were filed in response to the GNSO Privacy & Proxy Services Accreditation Issues (PPSAI) Working Group Initial Report.

That report attempts to bring privacy and proxy services, currently unregulated by ICANN, under ICANN’s contractual wing.

There are two problematic areas, as far as the registrars are concerned.

The first is the ability of trademark and copyright owners to, under certain circumstances, have the registrant of a privately registered name unmasked.

Upon receiving such a request, privacy services would have 15 days to obtain a response from their customer. They’d then have to make a call as to whether to reveal their contact information to the IP owner or not.

Possibly the most controversial aspect of this is described here:

Disclosure cannot be refused solely for lack of any of the following: (i) a court order; (ii) a subpoena; (iii) a pending civil action; or (iv) a UDRP or URS proceeding; nor can refusal to disclose be solely based on the fact that the request is founded on alleged intellectual property infringement in content on a website associated with the domain name.

In other words, the privacy services (in most cases, also the registrar) would be forced make a judgement on whether web site content is illegal, in the absence of a court order, before removing Whois privacy on a domain.

The second problematic area is an “additional statement” on domains used for commercial activity, appended to the PPSAI report, penned by MarkMonitor on behalf of Facebook, LegitScript, DomainTools, IP attorneys Smith, Gambreall & Russell, and itself.

Those companies believe it should be against the rules for anyone who commercially transacts via their web site to use Whois privacy.

Running ads on a blog, say, would be fine. But asking for, for example, credit card details in order to transact would preclude you from using privacy services.

The PPSAI working group didn’t even approach consensus on this topic, and it’s not a formal recommendation in its report.

Regardless, it’s one of the lynchpins of the current registrar letter-writing campaigns.

A page at — the site backed by dozens of registrars big and small — describes circumstances under which somebody would need privacy even though they engage in e-commerce.

Home-based businesses, shelters for domestic abuse victims that accept donations, and political activists are all offered up as examples.

Visitors to the site are (or were — the site appears to be down right now (UPDATE: it’s back up)) invited to send a comment to ICANN supporting:

The legitimate use of privacy or proxy services to keep personal information private, protect physical safety, and prevent identity theft

The use of privacy services by all, for all legal purposes, regardless of whether the website is “commercial”

That privacy providers should not be forced to reveal my private information without verifiable evidence of wrongdoing

The content of the site was the subject of a sharp disagreement between MarkMonitor and Tucows executives last Saturday during ICANN 53. I’d tell you exactly what was said, but the recording of the relevant part of the GNSO Saturday session has not yet been published by ICANN.

Another site, which seems to be responsible for the majority of the 8,000+ comments received this week, is backed by the registrar NameCheap and the digital civil rights groups the Electronic Frontier Foundation and Fight For The Future.

NameCheap appears to be trying to build on the reputation it started to create for itself when it opposed the Stop Online Piracy Act a few years ago, going to so far as to link the Whois privacy reforms to SOPA on the campaign web site, which says:

Your privacy provider could be forced to publish your contact data in WHOIS or even give it out to anyone who complains about your website, without due process. Why should a small business owner have to publicize her home address just to have a website?

We think your privacy should be protected, regardless of whether your website is personal or commercial, and your confidential info should not be revealed without due process. If you agree, it’s time to tell ICANN.

The EFF’s involvement seems to have grabbed the attention of many reporters in the general tech press, generating dozens of headlines this week.

The public comment period on the PPSAI initial report ends July 7.

If it continues to attract attention, it could wind up being ICANN’s most-subscribed comment period ever.

Do geeks care about privacy more than Christians care about porn? We’ll find out in a week and a half.

Fight over ICANN’s $400,000 Hollywood party

Kevin Murphy, September 22, 2014, Gossip

Corporate sponsors raised $250,000 to fund a $400,000 showbiz gala for ICANN 51 next month, but ICANN pulled the plug after deciding against making up the shortfall.

Sources tell DI that the lavish shindig was set to take place at Fox Studios in Los Angeles on October 15, but that ICANN reneged on a commitment to throw $150,000 into the pot.

Meanwhile, a senior ICANN source insists that there was no commitment and that a “misunderstanding” is to blame.

ICANN announced a week ago that its 51st public meeting would be the first in a while without a gala event. In a blog post, VP Christopher Mondini blamed a lack of sponsors and the large number of attendees, writing:

One change from past meetings is that there will not be an ICANN51 gala. Historically, the gala has been organized and supported by an outside sponsor. ICANN51 will not have such a sponsor, and therefore no gala. ICANN meetings have grown to around 3,000 attendees, and so have the challenges of finding a gala sponsor.

This explanation irked some of those involved in the aborted deal. They claim that the post was misleading.

Sources say that sponsors including Fox Studios, Neustar and MarkMonitor had contractually committed $250,000 to the event after ICANN promised to deliver the remaining $150,000.

But ICANN allegedly changed its mind about its own contribution and, the next day, published the Mondini post.

“The truth is there were sponsors, the truth is it wasn’t too big,” said a source who preferred not to be named. “There was enough money there for a gala.”

The venue was to be the Fox Studios backlot, which advertises itself as being able to handle receptions of up to 4,000 people — plenty of space for an ICANN gala.

I’ve confirmed with Neustar, operator of the .us ccTLD, that it had set aside $75,000 to partly sponsor the event.

But Mondini told DI that ICANN had not committed the $150,000, and that claims to the contrary were based on a “misunderstanding” — $150,000 was the amount ICANN spent on the Singapore gala (nominally sponsored by SGNIC), not how much it intended to spend on the LA event.

“There was no ICANN commitment to make up shortfall,” he said. “It was misheard as an ICANN commitment.”

More generally, ICANN’s top brass are of the opinion that “we shouldn’t be in the business of spending lots of money on galas”, Mondini added.

“ICANN paying for galas is the exception rather than the rule,” he said.

He added that he stood by his blog post, saying that a failure to find sponsors to cover the full $400,000 tab is in fact a failure to find sponsors.

MarkMonitor infiltrated by Syrian hackers targeting Facebook

Kevin Murphy, February 6, 2014, Domain Registrars

The corporate brand protection registrar MarkMonitor was reportedly hacked yesterday by the group calling itself the Syrian Electronic Army, in an unsuccessful attempt to take out Facebook.

While MarkMonitor refused to confirm or deny the claims, the SEA, which has been conducting a campaign against high-profile western web sites for the last couple of years, tweeted several revealing screenshots.

One was a screen capture of a DomainTools Whois lookup for, which does not appear to have been cached by DomainTools.

Another purported to be a cap of Facebook’s control panel at the registrar.

The SEA tweeted more caps purporting to show it had access to domains belonging to Amazon and Yahoo!.

In response to an inquiry, MarkMonitor rather amusingly told DI “we do not comment on our clients — including neither confirming nor denying whether or not a company is a client.”

This despite the fact that the company publishes a searchable database of its clients on its web site.

The attackers were unable to take down Facebook itself because the company has rather wisely chosen to set its domain to use Verisign’s Registry Lock anti-hijacking service.

Registry Lock prevents domains’ DNS settings being changed automatically via registrar control panels. Instead, registrants need to provide a security pass phrase over the phone.