Latest news of the domain name industry

Recent Posts

Donuts bought .reise

Donuts has been confirmed by a German news site as the new owner of .reise, which was auctioned by its previous owner last week.

It was the first time a live gTLD had been sold at auction.

The deal, which is believed to have cost Donuts at least $400,000, means the company now owns .reise and .reisen.

Both mean “.travel”. According to my GCSE German skillz, last exercised 22 years ago, .reisen is a verb and .reise is a noun, but .reisen is also the plural of the noun .reise.

I believe this means that Donuts is the first company to own both the plural and singular forms of a new gTLD string.

Heise Online reports that former registry Dotreise was forced to sell up due to competition from Donuts.

Donuts’ .reisen has over 4,000 names in its zone file, compared to .reise’s 1,300. It’s a small market so far, but Donuts has the lion’s share.

The article notes that Donuts got a better position in ICANN’s prioritization draw in late 2012, meaning it got to market slightly earlier. Donuts also sells for a much lower price.

I doubt time to market was as much of a factor as price.

But it might be interesting to note that while Donuts’ advantage was just six days in terms of contract-signing, that lead had been extended to six weeks by the time .reise was delegated.

Donuts, which has more experience than any other company when it comes to the transition to delegation process, managed to hit general availability two weeks sooner than .reise, even though Donuts’ sunrise period was twice as long.

ICANN wins .hotels/.hoteis confusion appeal but has to pay up anyway

Kevin Murphy, March 5, 2015, Domain Policy

The proposed new gTLDs .hotels and .hoteis are too confusingly similar to coexist on the internet.

That’s the result of an Independent Review Process decision this week, which denied .hotels applicant Booking.com’s demand to have ICANN’s string confusion decision overturned.

But the IRP panel, while handing ICANN a decisive victory, characterized the string confusion and IRP processes as flawed and said ICANN should have to pay half of the panel’s $163,000 costs.

Booking.com filed the IRP a year ago, after the new gTLD program’s String Similarity Panel said in February 2013 that .hotels was too similar to rival Despegar Online’s proposed .hoteis.

.hoteis is the Portuguese translation of .hotels. Neither string was contested, so both would have been delegated to the DNS root had it not been for the confusion decision.

In my view, the String Similarity Panel’s decision was pretty sound.

With an upper-case i, .hoteIs is virtually indistinguishable from .hotels in browsers’ default sans-serif fonts, potentially increasing the ease of phishing attacks.

But Booking.com, eager to avoid a potentially costly auction, disagrees with me and, after spending a year exhausting its other avenues of appeal, filed an IRP in March 2013.

The IRP decision was handed down on Tuesday, denying Booking.com’s appeal.

The company had appealed based not on the merits of the SSP decision, but on whether the ICANN board of directors had acted outside of its bylaws in establishing an “arbitrary” and opaque SSP process.

That’s because the IRP process as established in the ICANN bylaws does not allow appellants to changed a decision on the merits. IRP panels are limited to:

comparing contested actions of the Board to the Articles of Incorporation and Bylaws, and with declaring whether the Board has acted consistently with the provisions of those Articles of Incorporation and Bylaws.

The IRP panel agreed that the SSP process could have been fairer and more transparent, by perhaps allowing applicants to submit evidence to the panel and appeal its decisions, saying:

There is no question but that that process lacks certain elements of transparency and certain practices that are widely associated with requirements of fairness.

But the IRP panel said Booking.com was unable to show that the ICANN board acted outside of its bylaws, highlighting the limits of the IRP as an appeals process:

In launching this IRP, Booking.com no doubt realized that it faced an uphill battle. The very limited nature of the IRP proceedings is such that any IRP applicant will face significant obstacles in establishing that the ICANN Board acted inconsistently with ICANN’s Articles of Incorporation or Bylaws. In fact, Booking.com acknowledges those obstacles, albeit inconsistently and at times indirectly.

Booking.com has failed to overcome the very obstacles it recognizes exist.

The IRP panel quoted members of ICANN’s New gTLD Program Committee extensively, highlighting comments which questioned the fairness of the SSP process.

In contrast to usual practice, where the losing party in an IRP bears the costs of the case, this panel said the $163,000 costs and $4,600 filing fee should be split equally between ICANN and Booking.com:

we can — and we do — acknowledge certain legitimate concerns regarding the string similarity review process raised by Booking.com, discussed above, which are evidently shared by a number of prominent and experienced ICANN NGPC members.

In view of the circumstances, each party shall bear one-half of the costs of the IRP provider

Booking.com and Despegar will now have to fight it out for their chosen strings at auction.

The full decision can be read in PDF format here. Other documents in the case can be found here.

The TL;DR version: ICANN wins because it has stacked the appeals deck in its favor and the IRP process is pretty much useless, so we’re going to make them pay up for being dicks.

Live gTLD .reise sold at auction

Kevin Murphy, March 3, 2015, Domain Sales

The first auction of a live new gTLD resulted in a sale, I can reveal.

Dotreise’s .reise, which is German for “.travel”, changed hands in an auction managed by Applicant Auction last Friday.

Unfortunately, I haven’t been able to identify the winning bidder or the winning bid, but the winner’s identity will inevitably be revealed sooner or later.

Applicant Auction had said there was to be a $400,000 starting bid on the gTLD.

.reise has been general availability since August but has only about 1,300 names in its zone file. It retails for up to $180 a year.

If the TLD’s new owner is not Donuts, the company will find itself competing with Donuts’ much cheaper and more popular .reisen.

Tucows and Namecheap exit $14m .online deal

Tucows and Namecheap have both pulled out of their joint venture with Radix to run the .online registry.

Tucows revealed the move, which will see Radix run .online solo, in a press release yesterday.

Both Tucows and Namecheap are registrars, whereas Radix is pretty much focused on being a registry nowadays.

While financial terms have not been disclosed, Tucows CEO Elliot Noss had previously said that each of the three companies had funded the new venture to the tune of $4 million to $5 million.

I estimate that this puts the total investment in the deal — which includes the price of winning .online at auction — at $13 million to $14 million.

Noss has also hinted that the gTLD sold for much more than the $6.8 million paid for .tech.

.online has not yet been delegated.

More security issues prang ICANN site

Kevin Murphy, March 3, 2015, Domain Tech

ICANN has revealed details of a security problem on its web site that could have allowed new gTLD registries to view data belonging to their competitors.

The bug affected its Global Domains Division customer relationship management portal, which registries use to communicate with ICANN on issues related to delegation and launch.

ICANN took GDD down for three days, from when it was reported February 27 until last night, while it closed the hole.

The vulnerability would have enabled authenticated users to see information from other users’ accounts.

ICANN tells me the issue was caused because it had misconfigured some third-party software — I’m guessing the Salesforce.com platform upon which GDD runs.

A spokesperson said that the bug was reported by a user.

No third parties would have been able to exploit it, but ICANN has been coy about whether any it believes any registries used the bug to access their competitors’ accounts.

ICANN has ‘fessed up to about half a dozen crippling security problems in its systems since the launch of the new gTLD program.

Just in the last year, several systems have seen downtime due to vulnerabilities or attacks.

A similar kind of privilege escalation bug took down the Centralized Zone Data Service last April.

The RADAR service for registrars was offline for two weeks after being hacked last May.

A phishing attack against ICANN staff in December enabled hackers to view information not normally available to the public.