Latest news of the domain name industry

Recent Posts

Pirate Bay founder says ICANN won’t let him be a registrar

Peter Sunde, co-founder of the controversial Pirate Bay file-sharing web service, says ICANN is unfairly refusing him a registrar accreditation and he’s not happy about it.

Sunde told DI at the weekend that his application for his new registrar, Sarek.fi, to obtain accreditation was recently denied after over 18 months on the grounds that he lied about his criminal convictions on his application form.

He denies this, saying that his crimes were not of the type ICANN vets for, and in any event they happened over a decade ago.

He thinks ICANN is scared about doing business with a disruptive and “annoying” “pain in the ass” with a history of criticizing the intellectual property industry.

Would-be registrars have to select “Yes” or “No” to the question of whether any officer or major shareholder of the company has:

within the past ten (10) years, has been convicted of a felony or of a misdemeanor related to financial activities, or has been judged by a court to have committed fraud or breach of fiduciary duty, or has been the subject of a judicial determination that is similar or related to any of these;

Sunde was convicted by a Swedish court of enabling copyright infringement via the Pirate Bay in 2009, and was sentenced to a year in prison — later reduced to eight months on appeal — and hundreds of thousands of dollars of fines.

The Pirate Bay was a web site that collected links to BitTorrent files, largely copyrighted movies and music.

Because he was not based in Sweden, Sunde avoided jail for several years despite an Interpol arrest warrant.

He eventually served five months of his sentence after being arrested in 2014.

He checked “No” on his registrar accreditation application form, on the basis that he had not been convicted of fraud or any of the other listed financial crimes, and certainly not within the last 10 years.

But ICANN took a broader interpretation, and refused him accreditation due to the Pirate Bay conviction and his Interpol status in 2014, he says.

Since then, the Org, including CEO Göran Marby (with whom he had a brief email exchange) have been ignoring his emails, he says.

Sarek.fi has already been accredited to sell ccTLD domains by the likes of Nominet, Verisign and Donuts, but ICANN’s rejection means the company won’t be able to sell gTLD names.

Sunde says he’s now faced with the likelihood of having to leave his own company in order to secure accrediation, though he’s not ruled out pursuing ICANN through its own appeals process.

He says he suspects ICANN just doesn’t want to do business with him due to his reputation as a disrupter. He’s attended ICANN meetings in the past but wants to get more involved in the policy process.

“it’s really a way for ICANN to make sure that an annoying person with media influence and with a dislike for centralised organisations and monopolies to be there to raise concerns — that they just proved valid,” he told DI in an email.

I take quite an offence to their denial. Not just on the basis of their interpretation of the law (copyright infringement is not fraud, i would have been convicted of fraud then…) Not just because it seems that it’s ok to be a murderer the past 10 years. Or a wife beater. Or a neonazi. These things that are a bit worse than being an internet activist, caring about the free and open internet. The biggest offence I take is to their obligation to the general public to have a broader membership than what they allow today.

Sarek.fi’s business model is to charge a flat fee above wholesale cost for every domain registered.

It’s Sunde’s second domain business. He launched Njalla, a Tucows reseller with a focus on protecting the privacy of registrants, in 2017.

ICANN finally cans Net 4 India

iCANN has terminated Net 4 India’s registrar accreditation, after many months of criticism and foot-dragging and a recent sharp uptick in customer complaints.

The move comes after an unprecedented four concurrent public breach notices over 20 months, almost four years after the company entered insolvency proceedings — grounds for termination which ICANN became aware of almost two years ago.

ICANN has received over 2,600 customer complaints over the last year, and almost 1,000 of these were submitted in February alone, according to the organization.

“The termination of the RAA is due to Net 4 India’s repeated and consistent breaches of the RAA and failure to cure such breaches despite multiple notices from ICANN and opportunity to cure,” ICANN said in its ginormous 59-page execution warrant (pdf).

Among the charges ICANN levels at Net4 is its failure to operate a functioning Whois service, something it’s warned the company about 30 times since November.

This hindered ICANN’s ability to investigate the more serious charges — that Net4 transferred some of its customers’ domains to a different registrar, OpenProvider, without their knowledge or consent, in violation of ICANN transfer policies.

The registrar also failed to enable its customers to renew their expired domains or transfer them to other registrars, also in violation of binding policy, ICANN said.

ICANN said:

Currently, more than 400 cases remain unresolved; and hundreds of complaints are still under review, which, once vetted, will become more new cases. In addition, ICANN Contractual Compliance continues to receive more than 20 new complaints each day. And it is not known how many more complaints are pending with Net 4 India that have not yet been brought to ICANN’s attention.

The termination notice contains 10 pages of complaints from Net4 customers, saying their domains could not be renewed or transferred. Some came from non-profits and hospitals. One registrant said he was contemplating suicide.

Net4’s customer service was non-responsive in each of these cases, the complainants said.

While some of Net4’s problems could be chalked down to coronavirus-related restrictions, the company has been in trouble for much longer.

It entered insolvency proceedings in 2017 after a debt recovery company called Edelweiss bought roughly $28 million of unpaid debt from the State Bank of India and took Net4 to court.

ICANN did not find out about this until April 2019 — it’s probably not a coincidence that this was the same month Net4 was late paying its first ICANN invoice — and it issued its first public breach notice in June that year.

Insolvency is grounds for termination in itself under the Registrar Accreditation Agreement.

It’s never been clearly stated why ICANN did not escalate at that time. Had it done so, it could have saved Net4’s customers from a world of hurt.

The Indian insolvency court admitted last month that it had no jurisdiction over ICANN or the Registrar Accreditation Agreement, both of which are governed primarily by California law.

Nevertheless, the court asked ICANN to not terminate Net4’s contract until after April 25, to give the company time to get its house in order.

But the termination notice, issued on Friday, will see the RAA cut off March 13. ICANN notes that it hasn’t heard from the court-appointed resolution professional, to whom previous breach notices were addressed, since mid-January.

Affected domains — there are still thousands under Net4’s accreditation — will be moved to another registrar under ICANN’s De-Accredited Registrar Transition Procedure.

Net4 could have a say in where its domains wind up. It’s already an OpenProvider reseller so that’s a possibility. Otherwise, ICANN will pick a beneficiary from a queue of qualified candidates.

ICANN declares coronavirus a “natural disaster” to protect expired domains

Registrants unable to renew their domain names when they expire may not lose them, following a decree from ICANN today.

The organization has declared the coronavirus a “natural disaster” and invoked part of the Registrar Accreditation Agreement that permits registrars to keep hold of domains that have come to the end of their post-expiration renewal period.

Under the RAA, registrars have to delete domains a maximum of 45 days after the reg period expires, unless there are “extenuating circumstances” such as an ongoing UDRP case, lawsuit or technical stability dangers.

There’s no accounting for natural disasters in the contract, but ICANN has the discretion to name any “other circumstance as approved specifically by ICANN” an extenuating circumstance. That’s what it’s done here.

It’s invoked this provision once before, following Hurricane Maria in late 2017.

ICANN said that policies to specifically protect domains in the event of natural disasters should be considered.

The new coronavirus exception applies to all registrars in all gTLDs, although implementation will vary by registrar.

The announcement follows Verisign’s announcement last week that it is waiving its registry-level restore fee for .com and .net domains until June 1.

ICANN enters talks to kill off Whois for good

Kevin Murphy, October 23, 2019, Domain Tech

Whois’ days are numbered.

ICANN is to soon enter talks with accredited registrars and contracted gTLD registries with the aim of naming a date to finally “sunset” the aging protocol.

It wants to negotiate amendments to the Registrar Accreditation Agreement and Registry Agreement with a view to replacing obligations to publish Whois with obligations to publish Registration Data Access Protocol data.

In letters to the chairs of its registrar and registry constituencies this week, ICANN CEO Göran Marby wrote:

The primary focus of the amendment is to incorporate contractual requirements for the Registration Data Access Protocol (RDAP) into the Registration Data Directory Services. This should include definition of the plan and provisions to sunset the obligations related to the WHOIS protocol as we transition Registration Data Services to RDAP.

For avoidance of doubt, people will still be able to look up the contact information for domain name owners after the change, but the data they see (very likely redacted for privacy reasons nowadays) will be delivered over a different protocol.

The contract amendment processes involve both registry and registrar constituencies to nominate a few people to engage in talks with ICANN negotiators, which is expected to conclude within 90 days.

When they come up with mutually acceptable language, the amendments will be open for both public comment and a vote of registries and registrars, before going to the ICANN board of directors for final approval.

The voting process is complex, designed to avoid capture by the largest registrars, and based on a balance of the number of voting registrars and the number of domains they collectively manage.

The contractual changes will come as no surprise to contracted parties, which have been on-notice for years that Whois is on its way out in favor of RDAP.

Most registrars already operate an RDAP server in parallel to their old Whois service, following an ICANN deadline in August.

We could be looking at the death of Whois within a year.

Spam is not our problem, major domain firms say ahead of ICANN 66

Kevin Murphy, October 21, 2019, Domain Policy

Eleven of the largest domain name registries and registrars have denied that spam is something they should have to deal with, unless it’s used to proliferate other types of abuse such as phishing or malware.

In a newly published “Framework to Address Abuse” (pdf), the companies attempt to define the term “DNS abuse” narrowly to capture only five (arguably only four and a half) specific types of online threat.

That abuse comprises malware, phishing, botnets, pharming and spam.

The companies agree that these are activities which registrars and registries “must” act upon.

But the document notes that not all spam is its responsibility, stating:

While Spam alone is not DNS Abuse, we include it in the five key forms of DNS Abuse when it is used as a delivery mechanism for the other four forms of DNS Abuse. In other words, generic unsolicited e-mail alone does not constitute DNS Abuse, but it would constitute DNS Abuse if that e-mail is part of a phishing scheme.

In other words, registrars and registries should not feel responsible for the billions of spams sent every day using their domains, unless the spam runs further malware, phishing, pharming or botnet abuse.

The signatories of the framework are Public Interest Registry, GoDaddy, Donuts, Tucows, Amazon Registry Services, Blacknight, Afilias, Name.com, Amazon Registrar, Neustar, and Nominet UK.

It may seem like they’ve presented a surprisingly narrow definition, but it’s in line with what current ICANN contracts dictate.

Neither the standard Registry Agreement nor Registrar Accreditation Agreement mention spam at all. Six years ago, ICANN specifically said that spam is “outside of ICANN’s scope and authority”.

Under the RA, registries have to oblige their registrars to ban registrants from “distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law”.

They also have to maintain statistical reports on the amount of “pharming, phishing, malware, and botnets” in their zones, and provide those reports to ICANN upon demand. A recent audit found that 5% of registries, mainly dot-brands, were not doing this.

However, ICANN’s Domain Abuse Activity Reporting system, an effort to provide some transparency into how gTLDs are being abused, does in fact track spam. It does not track pharming, which is a fairly obscure and little-used form of DNS attack.

The DAAR report for September shows that spam constituted 73% of all tracked abuse.

The ICANN board of directors today identified DAAR as one of a few dozen priorities for the coming year.

Similarly, the cross-community working group known as the CCT Review Team, which was tasked with looking into how the new gTLD program has impacted competition and consumer trust, had harsh words for spam-friendly registries, and provided a definition of “DNS Security Abuse” that specifically included “high volume spam”.

The review recommended that ICANN introduce more measures to force contracted parties to deal with this type of abuse. This could include incentives for registries to clean up their zones and abuse volume thresholds that would automatically trigger compliance actions.

The new framework document comes in the context of an ongoing debate within the ICANN community about what “DNS abuse” is.

Two partners at Interisle, a security consultancy that often works for ICANN, recently guest-posted on DI to say that this term has become meaningless and should be abandoned in favor of “security threat”.

They argued that the definition should include not only spam, but also stuff like IP infringement, election interference, and terrorism.

But the main threat to contracted parties probably comes from the Governmental Advisory Committee, backed by law enforcement, which is pushing for stronger rules covering abusive content.

During a webinar last week, the US Federal Trade Commission, the FBI, and Europol argued that registries and registrars should be obliged to do more to combat abuse, specifically including spam.

“Whether or not you call it phishing or spam or whether it has a malware payload or not, ultimately it’s all email, and email remains the most common tool of cybercriminals to ensnare their victims, and that’s why we in law enforcement care about the domains used to send emails,” said Gabriel Andrews of the FBI’s Cyber Initiative Resource Fusion Unit, on the call.

Registries and registrars countered, using the same language found in the new framework, that generic spam is a content issue, and outside of their remit.

The two sides are set to clash again at ICANN’s annual general meeting in Montreal next month, in a November 6 face-to-face session.

While 11 entities signed the new framework, it’s arguably only nine companies. Name.com is owned by Donuts and both Amazon firms obviously have the same parent.

But it does include the two largest registrars, and registries responsible for running several hundred commercial gTLDs, dot-brands and ccTLDs.

While none of the signatories of the framework have a particular reputation for being spam-friendly, other companies in the industry — particularly some of the newest and cheapest new gTLDs — tend to attract spammers like flies to a turd.

Some of the signatories are perhaps surprising, given their past or ongoing behavior to tackle content-based abuse in their own zones.

Nominet, notably, takes down tens of thousands of domains ever year based on little more than police assurances that the domains are being used to sell counterfeit merchandise or infringe copyright.

The .uk registry also preemptively suspends domains based on algorithms that guess whether they’re likely to be seen as encouraging sexual violence or could be used in phishing attacks.

Donuts also has a trusted notifier relationship with the movie and music industries that has seen it take down dozens of names being used for mass copyright infringement.

PIR has previous endorsed, then unendorsed, the principal of a “UDRP for copyright”, a method of giving Big Content a way of going through due process to have domains taken or suspended.

Outside the spam issue, while the new registry-registrar framework says that registries and registrars should not get involved in matters related to web site content, it also says they nevertheless “should” (as opposed, one assumes based on the jargon usually found in internet standards, to “must”) suspend domains when they’re being used to distribute:

(1) child sexual abuse materials (“CSAM”); (2) illegal distribution of opioids online; (3) human trafficking; and (4) specific and credible incitements to violence.

These are exceptions because they constitute “the physical and often irreversible threat to human life”, the framework says.

Ultimately, this all boils down to a religious debate about where the line is drawn between “DNS” and “content”, it seems to me.

The contracted parties draw the line at threats to human life, whereas others want action on other forms of abuse largely because registries and registrars are in the best position to help.

After .org price outrage, ICANN says it has NOT scrapped public comments

Kevin Murphy, October 11, 2019, Domain Policy

ICANN this evening said that it will continue to open up gTLD registry contract amendments for public comment periods, despite posting information yesterday suggesting that it would stop doing so.

The organization recently formalized what it calls “internal guidelines” on when public comment periods are required, and provided a summary in a blog post yesterday.

It was very easy to infer from the wording of the post that ICANN, in the wake of the controversy over the renegotiation of Public Interest Registry’s .org contract, had decided to no longer ask for public comments on future legacy gTLD contract amendments.

I inferred as much, as did another domain news blogger and a few other interested parties I pinged today.

I asked ICANN if that was a correct inference and Cyrus Namazi, head of ICANN’s Global Domains Division, replied:

No, that is not correct. All Registry contract amendments will continue to be posted for public comment same as before.

He went on to say that contract changes that come about as a result of Registry Service Evaluation Process requests or stuff like change of ownership will continue to not be subject to full public comment periods (though RSEP does have its own, less-publicized comment system).

The ICANN blog post lists several scenarios in which ICANN is required to open a public comment period. On the list is this:

ICANN org base agreements with registry operators and registrars.

The word “base” raised at least eight eyebrows of people who read the post, including my two.

The “base” agreements ICANN has with registries and registrars are the 2013 Registrar Accreditation Agreement and the 2012/2017 Registry Agreement.

The RAA applies to all accredited registrars and the base RA applies to all new gTLD registries that applied in the 2012 round.

Registries that applied for, or were already running, gTLDs prior to 2012 all have bespoke contracts that have been gradually brought more — but not necessarily fully — into line with the 2012/17 RA in renewal renegotiations over the last several years.

In all cases, the renegotiated legacy contracts have been subject to public comment, but in no cases have the comments had any meaningful impact on their ultimate approval by ICANN.

The most recent such renewal was Public Interest Registry’s .org contract.

Among the changes were the introduction of the Uniform Rapid Suspension anti-cybersquatting policy, and the removal of price caps that had limited PIR to a 10% increase per year.

The comment period on this contract attracted over 3,200 comments, almost all of which objected to the price regulation changes or the URS.

But the contract was signed regardless, unaffected by the comments, which caused one registrar, NameCheap, to describe the process as a “sham”.

With this apparently specific reference to “base” agreements coming so soon thereafter, it’s easy to see how we could have assumed ICANN had decided to cut off public comment on these contentious issues altogether, but that appears to not be the case.

What this seems to mean is that when .com next comes up for renewal, it will be open for comment.

ICANN confirms GoDaddy Whois probe

ICANN is looking into claims that GoDaddy is in breach of its registrar accreditation contract.

The organization last week told IP lawyer Brian Winterfeldt that his complaint about the market-leading registrar throttling and censoring Whois queries over port 43 is being looked at by its compliance department.

The brief note (pdf) says that Compliance is “in receipt of the correspondence and will address it under its process”.

Winterfeldt is annoyed that GoDaddy has starting removing contact information from its port 43 Whois responses, in what the company says is an anti-spam measure.

It’s also started throttling port 43 queries, causing no end of problems at companies such as DomainTools.

Winterfeldt wrote last month “nothing in their contract permits GoDaddy to mask data elements, and evidence of illegality must be obtained before GoDaddy is permitted to throttle or deny port 43 Whois access to any particular IP address”.

It’s worth saying that ICANN is not giving any formal credibility to the complaint merely by looking into it.

But while it’s usual for ICANN to publish its responses to correspondence it has received and published, it’s rather less common for it to disclose the existence of a compliance investigation before it has progressed to a formal breach notice.

It could all turn out to be moot anyway, given the damage GDPR is likely to do to Whois across the industry in a matter of weeks.

Zero registrars pass ICANN audit

Some of the biggest names in the registrar game were among a bewildering 100% that failed an ICANN first-pass audit in the latest round of random compliance checks.

Of the 55 registrars picked to participate in the audit, a resounding 0 passed the initial audit, according to data released today.

Among them were recognizable names including Tucows, Register.com, 1&1, Google and Xin Net.

ICANN found 86% of the registrars had three or more “deficiencies” in their compliance with the 2013 Registrar Accreditation Agreement.

By far the most problematic area was compliance with sections 3.7.7.1 to 3.7.7.12 of the RAA, which specifies what terms registrars must put in their registration agreements and how they verify the contact details of their customers.

A full three quarters of audited registrars failed on that count, according to ICANN’s report (pdf).

More than half of tested registrars failed to live up to their commitments to respond to reports of abuse, where they’re obliged among other things to have a 24/7 contact number available.

There was one breach notice to a registrar as a result of the audit, but none of the failures were serious enough for ICANN to terminate the deficient registrar’s contract. Two registrars self-terminated during the process.

ICANN’s audit program is ongoing and operates in rounds.

In the current round, registrars were selected from those which either hadn’t had an audit in a couple of years, were found lacking in previous rounds, or had veered dangerously close to formal breach notices.

The round kicked off last September with requests for documents. The initial audit, which all registrars failed, was followed by a remediation phase from January to May.

Over the remediation phase, only one third of the registrars successfully resolved all the issues highlight by the audit. The remainder issued remediation plans and will be followed up on in future rounds.

The 0% pass rate is not unprecedented. It’s the same as the immediately prior audit (pdf), which ran from May to October 2016.

Registrar accused of pimping prescription penis pills

Kevin Murphy, October 14, 2016, Domain Registrars

ICANN has implicated a Chinese domain name registrar in the online selling of medications, including Viagra and Cialis, without the required prescription.

The organization’s Compliance department filed a contract breach notice with Nanjing Imperiosus, which does business as DomainersChoice.com, today.

The move follows an allegation from pharmacy watchdog LegitScript in the US Congress that DomainersChoice is “rogue internet pharmacy operator”.

Because ICANN has no authority to police online pharmacies, it’s gone after the registrar based on an obscure part of the Registrar Accreditation Agreement.

Section 3.7.7 of the 2013 RAA says that domains must be registered to a third party, unless they’re used by the registrar in the course of providing its registrar services.

According to ICANN, DomainersChoice has refused to provide evidence that many of its domains are not in fact registered to itself and CEO Stefan Hansmann, in violation of this clause.

It cites 5mg-cialis20mg.com, acheterdutadalafil.com, viagra-100mgbestprice.net and 100mgviagralowestprice.net as examples of domains apparently registered to Hansmann and his company.

Historical Whois records show Hansmann and Nanjing Imperiosus as the registrant of these names until recently.

The domains all refer to erectile dysfunction medicines, which are usually only available in the US with a prescription.

A reverse Whois lookup reveals Hansmann’s name in the records for many more pharmaceuticals-related domains, some of which are for more serious medical conditions.

Several of the domains contain the words “without prescription” or similar, where the drug in question requires a prescription in the US.

Some of the domains do not currently resolve or no longer provide current Whois records and others have been recently transferred, but some resolve to apparently active e-commerce sites.

ICANN’s breach notice (pdf) doesn’t allege any illegal activity.

The same cannot be said for LegitScript CEO John Horton, who lumped DomainersChoice in with a few other registrars he believes are operating “illegal online pharmacies”.

Horton testified (pdf) before Congress last month that the registrar was playing host to 2,300 such sites.

The testimony was filed September 14, the same day ICANN began its compliance investigation.

ICANN’s notice, which alleges a handful of other relatively trivial breaches, asks that Hansmann provide a full list of domains registered in his and his company’s name via DomainersChoice.

It also demands evidence that the domains were either used to provide registrar services or were registered to a third party.

It wants all that by November 2, after which it may start to terminate the company’s RAA.

European privacy ruling could add to registrars’ costs

Kevin Murphy, November 6, 2015, Domain Registrars

European domain registrars say they are facing increased costs of doing business due to a recent court ruling on privacy protection.

As a result, US data escrow giant Iron Mountain is likely to lose a lot of its ICANN business, as EU registrars defect to local alternatives such as UK-based NCC Group.

The ruling in question deals with the so-called “safe harbor” principles, under which European companies were able to transfer customers’ private data to US companies as long as the recipient promised to abide by EU privacy protection rules.

However, former spy Edward Snowden’s revelations of widespread privacy violations by the US government seemed to show that many US tech giants were complicit in handing over such data to US spooks.

And now the European Court of Justice has ruled the safe habor principles invalid.

This affects registrars because, under their ICANN contracts, they have to escrow registrant data on a weekly basis. That’s to prevent registrants losing their domains when registrars go out of business or turn out to be crooks.

While registrars have a choice of escrow agents, pretty much all of them use Iron Mountain, because ICANN subsidizes the service down to $0.

However, with the ECJ ruling, Euro-registrars have told ICANN that it would now be “illegal” to continue to use Iron Mountain.

In a recent letter (pdf) to ICANN, about 20 EU-based registrars said that non-European registrars would get a competitive advantage unless ICANN does something about it.

They want ICANN to start subsidizing one or more EU-based escrow agents, enabling them to switch without adding to costs.

the service fees of those [alternative] providers are not being supported by ICANN. Thus, the only solution for EU based registrars to comply with their local laws is to support this extra cost.

We are sure, you will agree this clearly constitutes an unfair disadvantage to a given category of a registrars.

This is why we ask ICANN to offer the same terms as it currently does to Iron Mountain to other RDE [Registrar Data Escrow] providers established in the European Economical Area to ensure a level playing field for registrars globally.

According to the registrars, they have until January to switch, so ICANN may have to move quickly to avoid unrest.