Latest news of the domain name industry

Recent Posts

Identity checks coming to Whois

Kevin Murphy, September 25, 2012, Domain Registrars

Pretty soon, if you want to register a domain name in a gTLD you’ll have to verify your email address and/or phone number or risk having your domain turned off.

That’s the latest to come out of talks between registrars, ICANN, governments and law enforcement agencies, which met last week in Washington DC to thrash out a new Registrar Accreditation Agreement.

While a new draft RAA has not yet been published, ICANN has reported some significant breakthroughs since the Prague meeting in June.

Notably, the registrars have agreed for the first time to do some minimal registrant identity checks — phone number and/or email address — at the point of registration.

Verification of mailing addresses and other data points — feared by registrars for massively adding to the cost of registrations — appears to be no longer under discussion.

The registrars have also managed to win another concession: newly registered domain names will be able to go live before identities have been verified, rather than only after.

The sticking point is in the “and/or”. Registrars think they should be able to choose which check to carry out, while ICANN and law enforcement negotiators think they should do both.

According to a memo released for discussion by ICANN last night:

It is our current understanding that law enforcement representatives are willing to accept post-­‐resolution verification of registrant Whois data, with a requirement to suspend the registration if verification is not successful within a specified time period. However, law enforcement recommends that if registrant Whois data is verified after the domain name resolves (as opposed to before), two points of data (a phone number and an email address) should be verified.

Among the other big changes is an agreement by registrars to an ICANN-run Whois privacy service accreditation system. Work is already underway on an accreditation framework.

After it launches, registrars will only be able to accept private registrations made via accredited privacy and proxy services.

Registrars have also agreed to some of law enforcement’s data retention demands, which has been a bone of contention due to worries about varying national privacy laws.

Under the new RAA, they would keep some registrant transaction data for six months after a domain is registered and other data for two years. It’s not yet clear which data falls into which category.

These and other issues outlined in ICANN’s latest update are expected to be talking points in Toronto next month.

It looks like a lot of progress has been made since Prague — no doubt helped by the fact that law enforcement has actually been at the table — and I’d be surprised if we don’t see a draft RAA by Beijing next April.

How long it takes to be adopted ICANN’s hundreds of accredited registrars is another matter.

ICANN apologizes for gTLD privacy snafu

ICANN’s top brass have sent personal apologies to the people whose home addresses were exposed when it published their new gTLD applications last week.

The organization blamed “human error” and said it is now conducting an “investigation” to figure out what went wrong.

The note, which is signed by CEO Rod Beckstrom, chairman Steve Crocker, and COO Akram Atallah, reads:

Dear [name of the affected executive],

On behalf of ICANN, we want to personally apologize for our error in exposing your postal address on the TLD Application website. This was a human error, and we have corrected it. We are conducting an internal investigation in order to learn from this mistake and to ensure that it does not happen again.

In the meantime, please be assured that the New Generic Top-level Domain Program remains on track. We are moving ahead with the screening and evaluation of applications, and returning to our shared goal of bringing competition and choice to the Internet’s domain name space.

We are committed to serving you to the very best of our ability and to ensuring the integrity of the New gTLD Program. If you have questions or concerns, please don’t hesitate to reach out to us directly.

Sincerely,

ICANN

As I blogged last week, ICANN accidentally neglected to redact the home addresses of many applicants’ named primary and secondary contacts when it published all 1,930 applications last week.

It has since removed the offending information.

ICANN takes down gTLD apps after revealing applicants’ home addresses

Kevin Murphy, June 14, 2012, Domain Policy

ICANN has temporarily blocked access to its newly revealed new gTLD applications after accidentally publishing the home addresses of many applicants.

Some applicants noticed today that the personal contact information of their named primary and secondary contacts had been published during yesterday’s Big Reveal.

In many cases this included these employees’ home addresses, despite the fact that the Applicant Guidebook specifically states that this information would not be published.

After being notified of the snafu by DI, ICANN confirmed that the addresses were published by mistake.

It’s taken down all the applications and will republish them later with the private data removed.

“This was an oversight and the files have been pulled down,” ICANN’s manager of gTLD communications Michele Jourdan said. “We are working on bringing them back up again without this information.”

It’s another big data leakage embarrassment for ICANN, following the recent outage caused by the TLD Application System bug.

It’s not likely to win ICANN any friends in the dot-brand community, where ICANN’s demands for background information on applicants’ directors caused huge procedural problems for many companies.

For applicants for controversial gTLDs, the revelation of this private data may carry its own set of risks.

Newbie domain registrant discovers Whois, has Twitter meltdown

Kevin Murphy, April 26, 2012, Domain Tech

The need for the domain name industry to enforce accurate Whois is often cited by law enforcement and intellectual property interests as a consumer protection measure.

But most regular internet users haven’t got a clue that Whois even exists, let alone what data it contains or how to use it.

A study (pdf) carried out for ICANN’s Whois Review Team last year found that only 24% of consumers know what Whois is.

This stream of tweets I chanced across this afternoon, from what appears to be a first-time domain registrant, is probably more representative of consumer attitudes to Whois.

UPDATE (April 27): I’ve removed the tweets per the request of the Twitter user in question.

Go Daddy offers Whois privacy for .co domains

Kevin Murphy, December 22, 2010, Domain Registrars

.CO Internet has started allowing registrars to offer Whois privacy services for .co domains, according to Go Daddy.

In a blog post, Go Daddy’s “RachelH”, wrote:

When the Internet Corporation for Assigned Names and Numbers (ICANN) and .CO Internet S.A.S. drafted the .co policy earlier this year, they decided to hold off on private registration to prevent wrongful use of the new ccTLD — especially during the landrush. Now that .co has carved its place among popular TLDs, you can add private registration to your .co domain names.

Unless I’m mistaken, ICANN had no involvement in the creation of .co’s policies, but I don’t think that’s relevant to the news that .co domains can now be made private.

During its first several months, .CO Internet has been quite careful about appearing respectable, which is why its domains are relatively expensive, why its trademark protections were fairly stringent at launch, and why it has created new domain takedown policies.

It may be a sign that the company feels confident that its brand is fairly well-established now that it has decided to allow Whois privacy, which is quite often associated with cybersquatting (at least in some parts of the domain name community).

It could of course also be a sign that it wants to give its registrars some love – by my estimates a private registration would likely double their gross margin on a .co registration.