Latest news of the domain name industry

Recent Posts

Registrars open floodgate of Whois privacy outrage

Kevin Murphy, June 26, 2015, Domain Policy

A letter-writing campaign orchestrated by the leading domain registrars has resulted in ICANN getting hit with over 8,000 pro-privacy comments in less than a week.

It’s the largest volume of comments received by ICANN on an issue since right-wing Christian activists deluged ICANN with protests about .xxx, back in 2010.

The comments — the vast majority of them unedited template letters — were filed in response to the GNSO Privacy & Proxy Services Accreditation Issues (PPSAI) Working Group Initial Report.

That report attempts to bring privacy and proxy services, currently unregulated by ICANN, under ICANN’s contractual wing.

There are two problematic areas, as far as the registrars are concerned.

The first is the ability of trademark and copyright owners to, under certain circumstances, have the registrant of a privately registered name unmasked.

Upon receiving such a request, privacy services would have 15 days to obtain a response from their customer. They’d then have to make a call as to whether to reveal their contact information to the IP owner or not.

Possibly the most controversial aspect of this is described here:

Disclosure cannot be refused solely for lack of any of the following: (i) a court order; (ii) a subpoena; (iii) a pending civil action; or (iv) a UDRP or URS proceeding; nor can refusal to disclose be solely based on the fact that the request is founded on alleged intellectual property infringement in content on a website associated with the domain name.

In other words, the privacy services (in most cases, also the registrar) would be forced make a judgement on whether web site content is illegal, in the absence of a court order, before removing Whois privacy on a domain.

The second problematic area is an “additional statement” on domains used for commercial activity, appended to the PPSAI report, penned by MarkMonitor on behalf of Facebook, LegitScript, DomainTools, IP attorneys Smith, Gambreall & Russell, and itself.

Those companies believe it should be against the rules for anyone who commercially transacts via their web site to use Whois privacy.

Running ads on a blog, say, would be fine. But asking for, for example, credit card details in order to transact would preclude you from using privacy services.

The PPSAI working group didn’t even approach consensus on this topic, and it’s not a formal recommendation in its report.

Regardless, it’s one of the lynchpins of the current registrar letter-writing campaigns.

A page at — the site backed by dozens of registrars big and small — describes circumstances under which somebody would need privacy even though they engage in e-commerce.

Home-based businesses, shelters for domestic abuse victims that accept donations, and political activists are all offered up as examples.

Visitors to the site are (or were — the site appears to be down right now (UPDATE: it’s back up)) invited to send a comment to ICANN supporting:

The legitimate use of privacy or proxy services to keep personal information private, protect physical safety, and prevent identity theft

The use of privacy services by all, for all legal purposes, regardless of whether the website is “commercial”

That privacy providers should not be forced to reveal my private information without verifiable evidence of wrongdoing

The content of the site was the subject of a sharp disagreement between MarkMonitor and Tucows executives last Saturday during ICANN 53. I’d tell you exactly what was said, but the recording of the relevant part of the GNSO Saturday session has not yet been published by ICANN.

Another site, which seems to be responsible for the majority of the 8,000+ comments received this week, is backed by the registrar NameCheap and the digital civil rights groups the Electronic Frontier Foundation and Fight For The Future.

NameCheap appears to be trying to build on the reputation it started to create for itself when it opposed the Stop Online Piracy Act a few years ago, going to so far as to link the Whois privacy reforms to SOPA on the campaign web site, which says:

Your privacy provider could be forced to publish your contact data in WHOIS or even give it out to anyone who complains about your website, without due process. Why should a small business owner have to publicize her home address just to have a website?

We think your privacy should be protected, regardless of whether your website is personal or commercial, and your confidential info should not be revealed without due process. If you agree, it’s time to tell ICANN.

The EFF’s involvement seems to have grabbed the attention of many reporters in the general tech press, generating dozens of headlines this week.

The public comment period on the PPSAI initial report ends July 7.

If it continues to attract attention, it could wind up being ICANN’s most-subscribed comment period ever.

Do geeks care about privacy more than Christians care about porn? We’ll find out in a week and a half.

Fight over ICANN’s $400,000 Hollywood party

Kevin Murphy, September 22, 2014, Gossip

Corporate sponsors raised $250,000 to fund a $400,000 showbiz gala for ICANN 51 next month, but ICANN pulled the plug after deciding against making up the shortfall.

Sources tell DI that the lavish shindig was set to take place at Fox Studios in Los Angeles on October 15, but that ICANN reneged on a commitment to throw $150,000 into the pot.

Meanwhile, a senior ICANN source insists that there was no commitment and that a “misunderstanding” is to blame.

ICANN announced a week ago that its 51st public meeting would be the first in a while without a gala event. In a blog post, VP Christopher Mondini blamed a lack of sponsors and the large number of attendees, writing:

One change from past meetings is that there will not be an ICANN51 gala. Historically, the gala has been organized and supported by an outside sponsor. ICANN51 will not have such a sponsor, and therefore no gala. ICANN meetings have grown to around 3,000 attendees, and so have the challenges of finding a gala sponsor.

This explanation irked some of those involved in the aborted deal. They claim that the post was misleading.

Sources say that sponsors including Fox Studios, Neustar and MarkMonitor had contractually committed $250,000 to the event after ICANN promised to deliver the remaining $150,000.

But ICANN allegedly changed its mind about its own contribution and, the next day, published the Mondini post.

“The truth is there were sponsors, the truth is it wasn’t too big,” said a source who preferred not to be named. “There was enough money there for a gala.”

The venue was to be the Fox Studios backlot, which advertises itself as being able to handle receptions of up to 4,000 people — plenty of space for an ICANN gala.

I’ve confirmed with Neustar, operator of the .us ccTLD, that it had set aside $75,000 to partly sponsor the event.

But Mondini told DI that ICANN had not committed the $150,000, and that claims to the contrary were based on a “misunderstanding” — $150,000 was the amount ICANN spent on the Singapore gala (nominally sponsored by SGNIC), not how much it intended to spend on the LA event.

“There was no ICANN commitment to make up shortfall,” he said. “It was misheard as an ICANN commitment.”

More generally, ICANN’s top brass are of the opinion that “we shouldn’t be in the business of spending lots of money on galas”, Mondini added.

“ICANN paying for galas is the exception rather than the rule,” he said.

He added that he stood by his blog post, saying that a failure to find sponsors to cover the full $400,000 tab is in fact a failure to find sponsors.

MarkMonitor infiltrated by Syrian hackers targeting Facebook

Kevin Murphy, February 6, 2014, Domain Registrars

The corporate brand protection registrar MarkMonitor was reportedly hacked yesterday by the group calling itself the Syrian Electronic Army, in an unsuccessful attempt to take out Facebook.

While MarkMonitor refused to confirm or deny the claims, the SEA, which has been conducting a campaign against high-profile western web sites for the last couple of years, tweeted several revealing screenshots.

One was a screen capture of a DomainTools Whois lookup for, which does not appear to have been cached by DomainTools.

Another purported to be a cap of Facebook’s control panel at the registrar.

The SEA tweeted more caps purporting to show it had access to domains belonging to Amazon and Yahoo!.

In response to an inquiry, MarkMonitor rather amusingly told DI “we do not comment on our clients — including neither confirming nor denying whether or not a company is a client.”

This despite the fact that the company publishes a searchable database of its clients on its web site.

The attackers were unable to take down Facebook itself because the company has rather wisely chosen to set its domain to use Verisign’s Registry Lock anti-hijacking service.

Registry Lock prevents domains’ DNS settings being changed automatically via registrar control panels. Instead, registrants need to provide a security pass phrase over the phone.

First new gTLD contracts signed

Donuts, an ARI Registry Services subsdiary and CORE this morning became the first new gTLD applicants to sign registry contracts with ICANN.

The ceremonial signing took place live on stage at the opening ceremony of ICANN 47, the week-long public meeting in Durban, South Africa.

ARI CEO Adrian Kinderis signed on behalf of شبكة. applicant International Domain Registry. The string is Arabic for “.web” and transliterates as “.shabaka”. It is 3 in the program’s evaluation queue.

In an ARI press release, Go Daddy CEO Blake Irving confirmed that Go Daddy will carry .shabaka.

Donuts CEO Paul Stahura signed for .游戏, the Chinese-language “.games”, which had prioritization number 40.

It was not immediately clear which contracts Iliya Bazlyankov, chair of CORE’s executive committee, signed. CORE has applied for three internationalized domain name gTLDs with high priority numbers.

(UPDATE: Bazlyankov has been in touch to say: “We signed the .сайт (site) and .онлайн (online) contracts which had numbers 6 and 9 in the priority”.)

Representatives of Go Daddy, MarkMonitor, Momentous, Mailclub and African registrar also joined ICANN CEO Fadi Chehade on stage to sign the 2013 Registrar Accreditation Agreement.

The event marks the beginning of the contract signing phase of the new gTLD program, an important milestone.

For applicants without outstanding objections, contention or Governmental Advisory Committee advice, signing a contract means only pre-delegation testing and the final transition to delegation remains.

Melbourne IT gets out of brand protection with $157m sale to CSC

Kevin Murphy, March 12, 2013, Domain Registrars

Corporation Service Company has acquired Melbourne IT’s flagship digital brand management service for a ridiculously expensive AUD 152.5 million ($157m).

The shock news takes Melbourne out of the high-margin defensive registration and brand monitoring market, leaving it as a basic domain registrar focused on small businesses.

For CSC, the deal leaves it with a considerably strengthened hand in the DBS space, which is poised to benefit from the massive influx of new gTLDs over the next few years.

It also means that all of the over 100 new gTLD applications Melbourne was supporting as a consultant will now be managed by CSC.

The price of AUD 152.5 million is far more than Melbourne IT could have hoped to ask for, equal to almost its entire market capitalization of AUD 160 million.

Melbourne has had a rocky time on the markets of late, and had previously disclosed that it was looking to sell off some units in order to appease shareholders and rationalize its business.

But DBS was considered a core business, bigger now than Melbourne’s regular domains business, and likely not for sale. CSC’s high-premium offer was too good, it seems, to be responsibly refused.

“While this was not a business that we had specifically earmarked for sale, given the value creation provided by the transaction, this was an opportunity which could not be ignored,” CEO Theo Hnarakis, said in a statement.

The deal follows the sale of MarkMonitor, a key Melbourne competitor, to Thomson Reuters last July. When it comes to brand protection in the domain name space, it’s a big boy’s game nowadays.

Melbourne will remain a domain registrar with over four million names under management.

The DBS business was formed in 2008, largely as a result of Melbourne’s purchase of Verisign’s brand services division for $50 million.