Latest news of the domain name industry

Recent Posts

Registrars not happy with VeriSign abuse plans

Kevin Murphy, October 12, 2011, Domain Registrars

VeriSign has been talking quietly to domain name registrars about its newly revealed anti-abuse policies for several months, but some are still not happy about its plans for .com malware scans.

The company yesterday revealed a two-pronged attack on domain name abuse, designed to counteract a perception that .com is not as secure a space as it should be.

One prong, dealing with law enforcement requests to seize domains, I covered yesterday. It’s already received criticism from the Electronic Frontier Foundation and American Civil Liberties Union.

The other is an attempt to introduce automatic malware scanning into the .com, .net and .name spaces, rather like ICM Registry has said it will do with all .xxx domains.

Unlike the daily ICM/McAfee service, VeriSign’s free scans will be quarterly, but the company intends to also offer a paid-for upgrade that would search domains for malware more frequently.

On the face of it, it doesn’t seem like a bad idea.

But some registrars are worried about the fading line between registrars, which today “own” the customer relationship, and the registries, which for the most part are hidden away in the cloud.

Go Daddy director of network abuse Ben Butler, asked about both of yesterday’s VeriSign proposals, said in a statement that they have “some merit”, but sounded several notes of caution:

This is going to make all registrars responsible for remediation efforts and negative customer-service clean up. The registrar at this point becomes the “middle man,” dealing with customers whose livelihood is being negatively impacted. As mentioned in their report, the majority of sites infected with malware were not created by the “bad guys.”

While there is an appeal process mentioned, it could take some time to get issues resolved, potentially leaving a customer’s website down for an extended period.

This could also create a dangerous situation, allowing registries to gain further control over registrars’ operations – as registrars have the relationship with the registrant, the registrar should be responsible for enforcing policies and facilitating remediation.

It has also emerged that VeriSign unilaterally introduced the malware scanning service as a mandatory feature of .cc and .tv domains – which are not regulated by ICANN – earlier this year.

The changes appear to have been introduced without fanfare, but are clearly reflected in today’s .tv registration policies, which are likely to form the basis of the .com policies.

Some registrars weren’t happy about that either.

Six European registrars wrote to VeriSign last month to complain that they were “extremely displeased” with the way the scanning service was introduced. They told VeriSign:

These changes mark the beginning of a substantive shift in the roles of registries regarding the monitoring and controlling of content and may lead to an increase of responsibility and liability of registries and registrars for content hosted elsewhere. As domain name registrars, we hold the position that the responsibilities for hosted content and the registration of a domain name are substantially different, and this view has been upheld in European court decisions numerous times. In this case, Verisign is assuming an up-front responsibility that surpasses even the responsibilities of a web hoster, and therefore opens the door to added responsibilities and legal liability for any form of abuse.

In the end, the registrar community will have to face the registrant backlash and criticism, waste countless hours of support time to explain this policy to the registrants and again every time they notice downtimes or loss of performance. These changes are entirely for the benefit of Verisign, but the costs are delegated to the registrants, the registrars and the hosting service providers.

The registrars were concerned that scanning could cause hosting performance hits, but VeriSign says the quarterly scan uses a virtual browser and is roughly equivalent to a single user visit.

They were also worried that the scans, which would presumably ignore robots.txt prohibitions on spidering, would be “intrusive” enough to potentially violate European Union data privacy laws.

VeriSign now plans to give all registrars an opt-out, which could enable them to avoid this problem.

It looks like VeriSign’s plans to amend the Registry-Registrar Agreement are heading for ICANN-overseen talks, so registrars may just be digging into a negotiating position, of course.

But it’s clear that there is some unease in the industry about the blurring of the lines between registries and registrars, which is only likely to increase as new gTLDs are introduced.

In the era of new gTLDs, and the liberalization of ICANN’s vertical integration prohibitions, we’re likely to see more registries having hands-on relationships with customers.

ANA finds SEO more effective than Facebook

Kevin Murphy, October 10, 2011, Domain Tech

Advertisers are “beginning to question the effectiveness” of social media marketing, but they’re still mostly sold on the benefits of search engine optimization.

That’s according to a new study from the Association of National Advertisers, the results of which have just been published.

The ANA’s survey of 92 marketers gave SEO an “effectiveness rating” of 52%, the highest rating given to any of the six categories respondents were asked to comment on.

However, that represented a decline of three percentage points from a similar survey in 2009.

Social networking sites (presumably including Facebook, although names were not named) received an effectiveness rating of 28%, up from 17% two years ago, ANA reported.

SEO and social sites were used in marketing by 88% and 89% of respondents respectively.

ANA president Bob Liodice said in a press release:

While marketers have substantially increased their use of newer media platforms over the past few years, they are beginning to question the effectiveness of some of these vehicles. The ANA survey indicates a strong willingness by marketers to integrate innovative new approaches into their marketing mix; however, this enthusiasm is tempered by concerns regarding the return-on-investment of these emerging options.

While it’s all speculation at this point, SEO improvements are often pointed to as a potential (and I stress: potential) benefit of new dot-brand or category-killer top-level domains.

The ANA is the current opponent-in-chief of ICANN’s new gTLD program.

Corsica seeks new gTLD registry operator

Kevin Murphy, October 10, 2011, Domain Registries

The local government of the French island of Corsica is looking for contractors to apply for and manage a .corsica top-level domain.

The Executive Council of the Collectivité Territoriale de Corse issued an RFP in late September. The deadline for responses is October 17, a week from now.

The desired string appears to be the Anglicized .corsica, rather than the French .corse.

Corsica, situated in the Mediterranean, is one of France’s 22 official regions. According to Wikipedia, it has slightly more political power than its mainland counterparts.

Under ICANN’s new gTLD application rules, geographical strings need the approval of the relevant local government before they can be accepted.

I expect any .corsica application would need a letter of support or non-objection from the French national government as well as the Corsican executive, before it is approved.

(via Jean Guillon)

ICANN hunts for anti-cybersquatting database provider

Kevin Murphy, October 10, 2011, Domain Policy

ICANN is in the process of looking for an operator for the Trademark Clearinghouse that will play a crucial brand protection role in new top-level domains.

An RFI published last week says that ICANN is looking for an exclusive contractor, but that it may consider splitting the deal between two companies — one to provide trademark validation services and the other to manage the database.

The TMCH is basically a big database of validated trademarks that registrars/registries will have to integrate with. It will be an integral part of any new gTLD launch.

Registries are obliged by ICANN rules to hold a sunrise period and a Trademark Claims service when they go live, both of which leverage the clearinghouse’s services.

Rather than having to submit proof of trademark rights to each gTLD operator, brand owners will only have to be validated by the TMCH in order to be pre-validated by all gTLDs.

I estimate that the contract is worth a few million dollars a year, minimum.

If the ongoing .xxx sunrise period is any guide, we might be looking at a database of some 30,000 to 40,000 trademark registrations in the first year of the TMCH.

One potential TMCH provider currently charges $100 for the initial first-year validation and a recurring $70 for re-validation in subsequent years.

ICANN has not ruled out the successful TMCH provider selling add-on services too.

But the organization also seems to be at pains to ensure that the clearinghouse is not seen as another gouge on the trademark industry.

The RFI contains questions such as: “How can it be assured that you will not maximize your registrations at the expense of security, quality, and technical and operational excellence?”

The two providers that immediately spring to mind as RFI respondents are IProta and the Clearinghouse for Intellectual Property (CHIP).

Belgium-based CHIP arguably has the most institutional experience. It’s handled sunrise periods for Somalia’s .so, the .asia IDN sunrise, a few pseudo-gTLD initiatives from the likes of CentralNIC (de.com, us.org, etc), and is signed up to do the same for .sx.

Its chief architect, Bart Lieben of the law firm Crowell & Moring, is also well-known in the industry for his work on several sunrise period policies.

IProta is a newer company, founded in London this year by Jonathan Robinson, an industry veteran best known for co-founding corporate domain registrar Group NBT.

The company is currently managing the .xxx sunrise period, which is believed to be the highest-volume launch since .eu in late 2005.

“IPRota is very well positioned on the basis of our recent and past experience so I think we almost certainly will go ahead and respond,” Robinson confirmed to DI.

Domain name registries and registrars could conceivably also apply, based on their experience handling high-volume transactional databases and their familiarity with the EPP protocol.

ICANN sees the potential for conflicts of interest — its RFI anticipates that any already-contracted party applying to run the TMCH will have to impose a Chinese wall to reduce that risk.

The RFI is open for responses until November 25. ICANN intends to name its selected provider February 14, a month after it starts accepting new gTLD applications.

This is another reason, in my view, why submitting an application in January may not be the smartest move in the world.

BITS may apply for six financial gTLDs

Kevin Murphy, October 5, 2011, Domain Registries

BITS, the technology policy wing of the Financial Services Roundtable, may apply to ICANN for as many as six financially-focused new top-level domains.

The organization is pondering bids for .bank, .banking, .insure, .insurance, .invest and .investment, according to Craig Schwartz, who’s heading the project as general manager for registry programs.

(UPDATE: To clarify, these are the six strings BITS is considering. It does not expect to apply for all six. Three is a more likely number.)

Schwartz, until recently ICANN’s chief gTLD registry liaison, told DI that the application(s) will be filed by a yet-to-be-formed LLC, which will have the FSR and the American Bankers Association as its founding members.

It will be a community-designated bid, which means the company may be able to avoid an ICANN auction in the event that its chosen gTLD strings are contested by other applicants.

“We’ve looked at the scoring, and while it may not come into play at all we do believe we can meet the requisite score [for a successful Community Priority Evaluation],” Schwartz said. “But we’re certainly mindful of what’s happening in the space, there’s always the possibility of contention.”

There’s no relationship between BITS and CORE, the Council of European Registrars, which is apparently looking into applying for its own set of financially-oriented gTLDs, Schwartz said.

It’s not a big-money commercial play, but the new venture would be structured as a for-profit entity, he said.

“It’s relatively analogous to what’s happened in the .coop space, where after 10 years they have only about 7,000 registrations,” Schwartz said.

It sounds like pricing might be in the $100+ range. Smaller financial institutions lacking the resources to apply for their own .brand gTLDs would be a likely target customer base.

Interestingly, .bank may begin life as a business-to-business play, used primarily for secure inter-bank transactions, before it becomes a consumer-facing proposition, Schwartz said.

He added that it would likely partner with a small number of ICANN-accredited registrars – those that are able to meet its security requirements – to get the domains into the hands of banks.

VeriSign has already signed up to provide the secure back-end registry services for the bid.