Latest news of the domain name industry

Recent Posts

Governments still want new TLD morality veto

Kevin Murphy, November 23, 2010, Domain Registries

ICANN’s Governmental Advisory Committee still wants to block “controversial” new top-level domains on morality grounds.

In a letter to ICANN chairman Peter Dengate Thrush, a copy of which I have obtained, the GAC makes it clearer than ever that it wants national laws to play a part in approving new TLDs.

It also suggests that national governments should be able to pre-screen strings before applications are filed, to give applicants “early warning” that they are stepping into controversial waters.

The letter draws the battle lines for what could be some heated debate at ICANN’s meeting in Cartagena next month.

Given that the letter does not appear to have been published by ICANN yet, I will quote liberally.

Under the heading “Universal Resolvability of the DNS”, GAC interim chair Heather Dryden, the Canadian representative on the committee, wrote:

Due to uncertainties regarding the effectiveness of ICANN’s review and objections procedures, a country may feel compelled to block a new gTLD at the national level that it considers either objectionable or that raises national sensitivities.

To date, there do not appear to be controversial top level domains that have resulted in significant or sustained blocking by countries.

The GAC believes it is imperative that the impact on the continued security, stability and universal resolvability of the domain name systems of the potential blocking at the national level of the new gTLD strings that are considered to be objectionable or that raise national sensitivities be assessed prior to introducing new gTLDs.

The letter carries on to say that the GAC will “seek advice from the technical community” on the issue.

Dryden wrote that there should be a “prior review” process that would be able to identify strings that are “contrary to national law, policy or regulation” or “refer to religions, ethnicity, languages or other cultural identifiers that might raise national sensitivities”.

It sounds like the GAC envisions a pre-screening process, before new TLD applications are officially filed, similar to the “expressions of interest” concept that ICANN abandoned in March.

What TLDs this process would capture is unclear. The GAC letter notes by way of example that “several governments restrict the registration of certain terms in their ccTLDs”.

In practical terms, this would raise question marks over TLDs such as “.gay”, which would quite clearly run contrary to the policies of many national governments.

(As I reported earlier this month, the recently relaunched .so registry currently bans “gay”, “lesbian” and related terms at the second level.)

There’s more to be reported on the the implications of this letter, particularly with regards the work of ICANN’s “morality and public order” policy working group and the GAC’s relationship with ICANN in general.

Watch this space.

ICANN told to ban .bank or get sued

Kevin Murphy, November 21, 2010, Domain Registries

A major financial services lobby group has threatened to sue ICANN unless it puts strict limitations on “.bank” top-level domains.

BITS, the technology policy arm of the Financial Services Roundtable, said financial domains should be banned from the first round of new TLDs, until rules governing security are developed.

In a November 4 letter to ICANN chief executive Rod Beckstrom, BITS said:

If these critical issues are not fully resolved and ICANN chooses not to defer financial TLD delegation, BITS, its members and its partners are prepared to employ all available legislative, regulatory, administrative and judicial mechanisms.

BITS counts all the major US banks among its membership, as well as many large insurance companies and share-trading services.

The organization is concerned that TLDs such as .bank could lead to consumer confusion and an increase in fraud online if delegated into the wrong hands.

While BITS said that it “prefer[s] a prudent solution”, it has threatened to file “legal complaints in one or more jurisdictions” and to lobby the US Congress for legislation.

It noted that ICANN’s IANA contract, which gives it the power to create new TLDs, expires next August, and said that it may lobby Congress for legislation mandating better security as a condition of the renewal.

BITS and other financial groups have already written to members of Congress, in September, expressing disappointment with the absence of a high-security TLD policy from ICANN and adding:

In recognition of the need for higher levels of security and stability in financial services gTLDs than in gTLDs generally, we urge you to support inclusion of language in cyber security legislation language that prevents ICANN from adding financial services gTLDs to the root zone unless the IANA contract specifies higher levels of security for such gTLDs.

The Federal Deposit Insurance Corporation, the US government body responsible for insuring banks, has also written to the Department of Commerce, expressing its concerns about the possible introduction of a .bank TLD.

Currently, I’m not aware of any public initiative to apply for .bank, but it’s possible that restrictions on financial services TLDs could capture the recently launched German “.insurance” project.

The BITS correspondence was published (pdf) as an attachment to an ongoing Reconsideration Request lodged by Michael Palage, chair of the High Security Top Level Domain Verification Program Advisory Group.

The HSTLD group has been working on a set of technological policy specifications for registries managing high-security TLDs.

Palage is annoyed that ICANN’s board seems to have distanced itself from the HSTLD concept before the group has even finished its work, by resolving in September that:

ICANN will not endorse or govern the program, and does not wish to be liable for issues arising from the use or non-use of the standard.

The HSTLD group, by contrast, has a “clear majority in support of ICANN retaining a continued oversight role”, according to Palage. He wrote:

The ICANN Board’s unilateral actions also have a chilling effect on future bottom up consensus efforts because participants have no basis to know when the ICANN Board will take such unilateral actions in the future.

He’s not alone in worrying about recent top-level ICANN decisions that appear to put corporate legal liability ahead of the wishes of the community. I reported on the issue last week.

Some new TLDs will have traffic from day one

Kevin Murphy, November 19, 2010, Domain Registries

Some non-existent top-level domains already receive so much traffic that they would risk being overwhelmed if delegated under ICANN’s new TLD program.

That’s one of the takeaways from a new report from ICANN’s Security and Stability Advisory Committee, published this week (pdf).

Amazingly, the SSAC found that the top 10 non-existent TLDs already account for a whopping 10% of traffic at the DNS root servers, with some strings receiving many millions of lookups every day.

Over a quarter of the TLD resolutions handled by the roots result in errors, it found.

Most of these invalid lookups are the result of configuration errors on networking gear.

The word “local” is responsible for about 5% of all TLD lookups, the report says. The terms “corp”, “lan”, “home” and “belkin” also account for big slices of traffic.

This presents potentially serious security problems, as you might imagine.

Imagine that “.lan” is approved as a TLD. Previously unresolveable domains would start working, and badly configured gear could start sending private LAN data out into the cloud.

It would also put an big load on the .lan TLD operator from day one.

The SSAC said:

The .lan TLD registry operator – and generally, any TLD registry operator that chooses a string that has been queried with meaningful frequency at the root – potentially inherits millions of queries per day. These queries represent data that can be mined or utilized by the registry operator.

The report recommends that ICANN add certain highly trafficked strings from to its list of prohibited TLDs, and also that it warns applicants for TLDs that already have traffic.

We recommend that ICANN inform new TLD applicants of the problems that can arise when a previously seen string is added to the root zone as a TLD label and that ICANN should coordinate with the community to identify principles that can serve as the basis for prohibiting the delegation of strings that may introduce security or stability problems at the root level of the DNS.

If endorsed by ICANN, the recommendation could make TLDs such as .home, .corp and .local verboten. It could also present Belkin with a problem if it planned to apply for a “.brand”.

(UPDATE: .local is actually already on the reserved list)

Vertical integration was not a slam dunk

Kevin Murphy, November 17, 2010, Domain Registries

Two members of ICANN’s board voted against the decision to allow registrars and registries to own each other, according to a preliminary report from its November 5 meeting.

The decision was a surprise when it was announced last week, as it was diametrically opposed to the board’s previous stance essentially opposing vertical integration.

The new position, already incorporated in the Applicant Guidebook, allows registrars to apply to run new top-level domains, subject to a code of conduct.

From the board of directors’ meeting report:

Eleven Board members voted in favor of the Resolution. Two Board members were opposed to the Resolution. Two Board members did not participate in the discussion or the vote on the Resolution due to conflicts of interest. The Resolution carried.

I believe Bruce Tonkin was one of the people who recused themselves from the vote. I’m not certain who the other was.

We won’t discover who the dissenting opinions belonged to, or what they were, until the minutes are published, probably not long after the Cartagena meeting next month.

Is ICANN too scared of lawsuits?

Kevin Murphy, November 17, 2010, Domain Registries

Arguments about the new top-level domain Applicant Guidebook kicked off with a jolt this week, when ICANN was accused of abdicating its responsibilities and being too risk-averse.

In what I think was the first case of a top ICANN staff member publicly discussing the AGB, senior veep Kurt Pritz fielded questions about “morality and public order objections” on a packed and occasionally passionate conference call (mp3).

On the call, Robin Gross of IPJustice accused ICANN’s of shirking its duties by proposing to “fob off” decisions on whether to reject controversial TLDs onto third-party experts.

She said:

I’m concerned that there’s a new policy goal – a new primary policy goal – which is the risk mitigation strategy for ICANN. I don’t remember us ever deciding that that was going to be a policy goal. But it seems that now what is in the best interest for the Internet is irrelevant. The policy goal that rules is what is in the best interest for ICANN the corporation

A cross-constituency working group (CWG) had said that controversial TLDs should be rejected only after a final nod from the ICANN board, rather than leaving the decision entirely in the hands of outside dispute resolution providers.

There was a concern that third parties would be less accountable than the ICANN board, and possibly more open to abuse or capture.

But ICANN rejected that recommendation, and others, on “risk mitigation” grounds. Explanatory notes accompanying the new AGB (pdf) say:

Independent dispute resolution is a cornerstone of the risk mitigation strategy. Without outside dispute resolution, ICANN would have to re-evaluate risks and program costs overall.

Almost a third of every new TLD application fee – $60,000 of every $185,000 – will go into a pool set aside for ICANN’s “risk costs”.

These costs were based on an estimate that there will be 500 applications, and that ICANN will need $30 million to cover risks.

These are often thought to be primarily risks relating to litigation.

There’s a fear, I suspect, that ICANN could become embroiled in more interminable .xxx-style disputes if it allows the board to make subjective calls on TLD applications, rather than hiring independent experts to make decisions based on uniform criteria.

On Monday’s conference call, Gross said that ICANN’s treatment of the CWG’s recommendations was a “really big shock”. She added:

clearly here this is just a fobbing off of that responsibility, trying to again avoid litigation, avoid responsibility rather than take responsibility and take accountability

But ICANN says that the risk mitigation strategy benefits TLD applicants by removing uncertainty from the program, as well making ICANN more credible.

Pritz said on the call:

the risk to the program is in creating a process or procedure that isn’t transparent and predictable for applicants. By what standard can a TLD be kicked out? It’s got to be: here’s the standards, here’s the decision maker and here’s the process.

When I talk about risk, it’s risk to this process.

If this process attracts a lot of litigation, and ICANN published the process and then did not follow it, or that the process wasn’t clear so that the applicant had no way of predicting what was going to happen to its application, the risk is then litigation would halt the process and undermine the ICANN model.

So it doesn’t really have anything to do with the people that are the directors or the people that are the staff; it has to do with the credibility of ICANN as a model for Internet governance.

In other words, if TLD applicants pay their fees and go into the process knowing what the rules are, and knowing that there’s little chance of being jerked around by the ICANN board, there’s less chance of the program as whole being disrupted by lawsuits.

Seems fair enough, no?

Happy 10th birthday new TLDs!

Kevin Murphy, November 15, 2010, Domain Registries

With all the excitement about ICANN’s weekend publication of the new top-level domain Applicant Guidebook, it’s easy to forget that “new” TLDs have been around for a decade.

Tomorrow, November 16, is the 10th anniversary of the ICANN meeting at which the first wave of new gTLDs, seven in total, were approved.

The recording of the 2000 Marina Del Rey meeting may look a little odd to any relative newcomers to ICANN.

The open board meeting at which the successful new registries were selected took well over six hours, with the directors essentially making up their selection policies on the spot, in the spotlight.

It was a far cry from the public rubber-stamping exercises you’re more likely to witness nowadays.

Take this exchange from the November 2000 meeting, which seems particularly relevant in light of last week’s news about registry/registrar vertical integration.

About an hour into the meeting, chairman Esther Dyson tackled the VI idea head on, embracing it:

the notion of a registry with a single registrar might be offensive on its own, but in a competitive world I don’t see any problem with it and I certainly wouldn’t dismiss it out of hand

To which director Vint Cerf, Dyson’s eventual successor, responded, “not wishing to be combative”:

The choices that we make do set some precedents. One of the things I’m concerned about is the protection of users who register in these various top-level domains… If you have exactly one registrar per registry, the failure of either the registrar or the registry is a serious matter those who people who registered there. Having the ability to support multiple registrars, the demonstrated ability to support multiple registrars, gives some protection for those who are registering in that domain.

Odd to think that this ad-hoc decision took ten years to reverse.

It was a rather tense event.

The audience, packed with TLD applicants, had already pitched their bids earlier in the week, but during the board meeting itself they were obliged to remain silent, unable to even correct or clarify the misapprehensions of the directors and staff.

As a rookie reporter in the audience, the big news for me that day was the competition between the three registries that had applied to run “.web” as a generic TLD.

Afilias and NeuStar both had bids in, but they were competing with Image Online Design, a company that had been running .web in an alternate root for a number of years.

Cerf looked like he was going to back the IOD bid for a while, due to his “sympathy for pioneers”, but other board members were not as enthusiastic.

I was sitting immediately behind company CEO Christopher Ambler at the time, and the tension was palpable. It got more tense when the discussion turned to whether to grant .web to Afilias instead.

Afilias was ultimately granted .info, largely due to IOD’s existing claim on .web. NeuStar’s application was not approved, but its joint-venture bid for .biz was of course successful.

This was the meat of the resolution:

RESOLVED [00.89], the Board selects the following proposals for negotiations toward appropriate agreements between ICANN and the registry operator or sponsoring organization, or both: JVTeam (.biz), Afilias (.info), Global Name Registry (.name), RegistryPro (.pro), Museum Domain Management Association (.museum), Société Internationale de Télécommunications Aéronautiques (.aero), Cooperative League of the USA dba National Cooperative Business Association (.coop);

If any of this nostalgia sounds interesting, and you want to watch seven hours of heavily pixelated wonks talking about “putting TLDs into nested baskets”, you can find the video (.rm format, that’s how old it is) of the MDR board meeting buried in an open directory here.

New TLD guidebook bans domain front-running

Kevin Murphy, November 15, 2010, Domain Registries

ICANN’s newly published Applicant Guidebook for new top-level domain operators contains a draft Code of Conduct for registries that, among other things, bans “front-running”.

The code, which I think is probably going to be one of the most talked-about parts of the AGB in the run-up to ICANN’s Cartagena meeting next month, is designed to address problems that could arise when registrars are allowed to run registries and vice versa.

Front-running is the name given to a scenario in which registrars use insider information – their customers’ domain availability lookups – to determine which high-value domains to register to themselves.

While there’s plenty of anecdotal evidence that such practices have occurred in the past, a study carried out last year by researcher Ben Edelman found no evidence that it still goes on.

Front-running was however held up as one reason why registrars and registries should not be allowed to vertically integrate, so the AGB’s code of conduct explicitly bans it.

It also bans registries accessing data generated by affiliated registrars, or from buying any domains for its own use, unless they’re needed for the management of the TLD.

Integrated registries will have to keep separate accounts for their registrar arms, and there will have to be a technological Chinese wall stopping registry and registrar data from cross-pollinating.

Registries will also have to submit a self-audit to ICANN, certifying their compliance with the code of conduct, before January 20 every year.

The code is currently a six-point plan, which, given the past “ingenuity” of domain name companies, may prove a little on the light side.

There’s lots more discussion to be had on this count, no doubt.

Another reason why Go Daddy might not become a registry

Kevin Murphy, November 14, 2010, Domain Registrars

Domain name registries and registrars will soon be able to own each other, but there are plenty of good reasons why many of them, including the largest, may not.

George Kirikos and Mike Berkens are asking very interesting questions today, based on earlier investigative reporting by DomainNameWire, about whether Go Daddy would or should be barred from owning a registry on cybersquatting grounds.

But that’s not the only reason why Go Daddy may have problems applying for a new top-level domain.

I reported back in March, when only my mother was reading this blog, that Go Daddy may have gotten too big to be allowed into the registry market.

If you think Go Daddy wants to apply to ICANN to manage a new TLD registry or two, ask yourself: why did Go Daddy spend most of the year opposing vertical integration?

I have no inside knowledge into this, but I have a theory.

In 2008, CRA International produced an economic study for ICANN that, broadly speaking, recommended the relaxation of the rules separating registries and registrars.

In December that year, less than two years ago, Go Daddy filed its very much pro-VI comments on the study:

Go Daddy has and continues to be an advocate for eliminating the existing limits on registry/registrar cross-ownership.

The arguments that have been presented in favor of maintaining the status quo simply do not hold water. Current and past examples of cross-ownership already serve as test cases that demonstrate cross-ownership can and does work, and it can be successfully monitored.

Over the course of the next 12 months, the company’s official position on VI mellowed, and by this year it had made a 180-degree turn on the issue.

Its comments to the VI working group, filed in April 2010, say:

Go Daddy’s position on the vertical integration (VI) issue has changed over time. When VI discussions first began our position was very much to the left (if left is full, unqualified VI), but it has moved steadily to the right (if right is maintaining the so-called status quo). At this point, we are nearly fully on the right.

The company cited concerns about security, stability and consumer protection as the reasons for its shift. While I’ve no doubt that’s part of the story, I doubt it paints a full picture.

The decision may also have something to do with another economic study, produced for ICANN in February this year, this time by economics experts Steven Salop and Joshua Wright. It was published in March.

This study, crucially I think, suggested that where cross-ownership was to take place and the larger of the two companies had market power, that the deal should be referred to government competition regulators. Salop & Wright said:

We recommend that ICANN choose a market share threshold in the 40-60% range (the market share measured would be that of the acquiring company). The lower end is the market share at which U.S. competition authorities begin to be concerned about market power.

Guess which is the only registrar that falls into this market share window?

In January this year, Go Daddy put out a press release, when it registered its 40 millionth domain, which claimed:

Go Daddy now holds a near 50 percent market share of all active new domains registered in the world and is more than three times the size of its closest competitor.

Correlation does not equal causation, of course, so there’s no reason the second economic study and Go Daddy’s policy U-turn are necessarily linked, but I’d be surprised if the market power issue did not play a role.

The newly published Applicant Guidebook appears to have taken on board a key Salop & Wright recommendation, one that may be relevant:

ICANN-accredited registrars are eligible to apply for a gTLD… ICANN reserves the right to refer any application to the appropriate competition authority relative to any cross-ownership issues.

It seems to me that Go Daddy may be one of the few companies such a provision applies to. The company may find it has a harder time applying to become a registry than its competitors.

In the interests of sanity, I should point of that the AGB has been out for less than 48 hours, and that anything written about its possible consequences at this point is pure speculation.

Could vertical integration kill registrar parking?

Kevin Murphy, November 14, 2010, Domain Registries

Will ICANN’s decision to allow registrars and registries to own each other help reduce the practice of registrars parking unused or expiring domain names?

A reading of the new top-level domain Applicant Guidebook in light of the recent “vertical integration” ruling it incorporates certainly raises this kind of question.

The AGB includes a policy called the Trademark Post-Delegation Dispute Resolution Procedure, or PDDRP, which allows trademark owners to seek remedies against cybersquatting registries.

The policy is quite clear that registries cannot be held accountable for cybersquatting by third parties in their TLD, unless they have, for example, actively encouraged the squatters.

But another example of infringement is given thus:

where a registry operator has a pattern or practice of acting as the registrant or beneficial user of infringing registrations, to monetize and profit in bad faith.

Now, this wouldn’t be a cause for concern in the current vertically separated market.

Most registries are only generally able to register domain names in their own TLD by going through an accredited registrar. Proving bad faith intent in that situation would be trivial.

But what of an integrated registry/registrar that also automatically parks recently registered or expiring domains in order to profit from pay-per-click advertising?

This is common practice nowadays. It’s been used to prove a registrant’s bad faith during many recent UDRP proceedings and one registrar is even being sued by Verizon for doing it.

Would a registrar parking an expired, trademark-infringing domain constitute it acting as a “beneficial user” of the domain “to monetize and profit in bad faith”?

Text added to the PDDRP section of the AGB in its most recent revision strongly suggests that “the registrar did it” would not be a defence for a vertically integrated company:

For purposes of these standards, “registry operator” shall include entities directly or indirectly controlling, controlled by or under common control with a registry operator

The PDDRP allows complainants to seek remedies such as injunctions, as well as the suspension of new registrations in a TLD and, exceptionally, the full revocation of their registry contract.

With that in mind, would an integrated registry/registrar want to risk any practice that puts their TLD at risk?

What does ICANN say about terrorism?

Kevin Murphy, November 14, 2010, Domain Registries

While it’s true that ICANN has excised specific references to terrorism from its new top-level domain Applicant Guidebook, don’t expect any such groups to be awarded TLDs.

As I reported in September, the AGB no longer contains the explicit mention of “terrorism”, which had caused complaints to be filed by a few members of the community.

But it does contain text that makes it abundantly clear that any group or nation the US considers a supporter of terrorism will have an extremely hard time finding approval.

Under a new section entitled “Legal Compliance”, ICANN notes that it “must comply with all U.S. Laws, rules, and regulations” including the sanctions program overseen by the US Office of Foreign Assets Control.

OFAC administers a List of Specially Designated Nationals and Blocked Persons. If you’re on the SDN list, American companies cannot do business with you without a license.

While ICANN has applied for exemption licenses in the past, in order to be able to deal with organizations in US-unfriendly nations (on ccTLD matters, presumably), the AGB now states:

ICANN generally will not seek a license to provide goods or services to an individual or entity on the SDN List. In the past, when ICANN has been requested to provide services to individuals or entities that are not SDNs, but are residents of sanctioned countries, ICANN has sought and been granted licenses as required. In any given case, however, OFAC could decide not to issue a requested license.

If you’ve never seen this list before, it can be downloaded here. It’s currently 475 pages long, and while it’s certainly a globally inclusive document, parts of it do read like the Baghdad phone book.

(Interestingly, many of the listed a.k.a’s are actually domain names)

Anybody who wanted ICANN to replace the amorphous term “terrorism” with something a little more specific have had their wishes granted.

No more hypothetical debate is required about whether Hamas, for example, is a terrorist group or a movement of freedom fighters. It’s in the book, so it’s probably not getting a TLD.