Latest news of the domain name industry

Recent Posts

Registrars and ICANN hit impasse on new RAA

ICANN and its accredited domain name registrars have hit a brick wall in their long-running contract negotiations, after ICANN demanded the right to unilaterally amend the deal in future.

Documents published by ICANN this morning reveal that the two sides have reached agreement on almost all of their previous sticking points — including the extremely thorny issue of Whois verification — but have run into some fundamental, eleventh-hour disagreements.

As we’ve been reporting for the last couple of weeks, the big unresolved issue is ICANN’s unilateral right to amend the Registrar Accreditation Agreement in future, which registrars absolutely hate.

Death of the GNSO? Again?

The text of that proposed change has today been revealed to be identical to the text ICANN wants to insert into the Registry Agreement that all new gTLD registries must sign.

It gives ICANN’s board of directors the right, by two-thirds majority, to make essentially any changes they want to the RA and RAA in future, with minimal justification.

Registrars are just as livid about this as new gTLD applicants are.

The proposed change appears to be one of those introduced last month that ICANN said “[stems] from the call by ICANN’s CEO, Fadi Chehadé, to work to improve the image of the domain industry and to protect registrants”.

Chehadé has been on the road for the last couple of months trying to raise ICANN’s profile in various stakeholder groups in the private and public sectors around the world.

One of the memes he’s impressed upon contracted parties and others is that people don’t trust the domain name industry. Part of ICANN’s solution, it seems, is to grant its board more powers over registries and registrars.

But the Registrars Stakeholder Group reckons unilateral amendments would torpedo the multistakeholder process by emasculating the Generic Names Supporting Organization. It said:

The effect of such a clause in the primary agreements between ICANN and its commercial stakeholders would be devastating to the bottom-up, multi-stakeholder model.

First, it will effectively mean the end of the GNSO’s PDP [Policy Development Process], as the Board will become the central arena for all controversial issues, not the community.

Second, it creates an imbalance of authority in the ICANN model, with no limits on the scope or frequency of unilateral amendments, and no protections for registrars and more important registrants.

That’s the biggest barrier to an agreement right now, and it’s one shared by the entire contracted parties constituency of ICANN. Expect fireworks in Beijing next month.

Friction over new gTLDs

Registrars and registries are also angry about the fact that ICANN wants to force registrars to adopt the 2013 RAA, even if their 2009 or 2001 deals are still active, if they want to sell new gTLDs.

RrSG secretary Michele Neylon of Blacknight told DI today that it looks like ICANN is trying to “drive a wedge” between registrars and registries.

Here’s why:

ICANN is trying desperately to stick to its new gTLD program timetable, which will see it start signing Registry Agreements with new gTLD applicants in late April.

But it wants the base RA to include a clause obliging registries to only sell via registrars on the 2013 RAA.

Because the 2013 RAA is not yet finalized, registrars could potentially hold up the approval and delegation of new gTLDs if they don’t quickly agree to the changes ICANN wants.

According to Neylon, the documents released today have been published prematurely; with a little more time agreement could be reached on some of the remaining differences.

Again: expect fireworks in Beijing.

Whois records will be verified

But the new RAA is not all friction.

ICANN and registrars have finally come to agreement on important topics where there was previously sharp divergence.

Registrars have agreed to a new Whois Accuracy Program Specification that is a lot weaker than ICANN had, working from a blueprint laid out by governments and law enforcement agencies, first asked for.

Under the 2013 RAA signed-up registrars will have to start verifying certain elements of the contact information submitted by their registrants.

Notably, there’ll be a challenge-response mechanism for first-time registrants. Registrars will ask their customers to verify their email address or enter a code that has been sent to them via SMS text message or phone.

Note the “or” in that sentence. ICANN and law enforcement wanted registrars to do email “and” phone verification, but ICANN appears to have relented after months of registrars yapping about costs.

In future practice, because email verification is far easier and cheaper to implement, I’d be surprised if phone verification is used in anything but the rarest of cases.

Other data points will also be verified, but only to see that they conform to the correct formats.

Registrars will have to make sure that mailing addresses meet the Universal Postal Union standards, and that phone numbers conform to International Telecommunications Union formatting, for example.

They’ll also have to verify that the street address exists (if they have access to that data) but there will be no obligation to make sure that address and phone number actually belong to the registrant.

Registrants that provide patently false information that fails registrar verification will get 15 days to correct it or face the suspension of their domains.

ICANN wants registrars to also verify their customer records (which are usually different to the Whois records and, anecdotally, more accurate anyway) too, but registrars have so far not agreed to do so.

Taken as a whole, at first reading it’s difficult to see how the new Whois verification spec will do anything to prevent fast-turnover abuse such as phishing, but it may go a small way to help law enforcement investigate longer-term scams such as counterfeit goods sites.

The proposed 2013 RAA, along with more explanatory documents than you could possibly read in a coffee break is now open for public comment, with the reply period closing shortly after the Beijing meeting.

ICANN to publish unfinished RAA tomorrow

ICANN will tomorrow publish for public comment a version of the 2013 Registrar Accreditation Agreement that accredited registrars have not yet agreed to.

CEO Fadi Chehade told a conference call of registries and new gTLD applicants as much this afternoon, causing the Registrars Stakeholder Group to immediately state that talks have not finished yet.

However, ICANN subsequently confirmed the plan to DI, clarifying that the documents it will publish tomorrow will highlight ongoing points of divergence between ICANN and the RrSG.

The posting will comprise documents with “competing text identified that shows the similarities and differences in position between ICANN and the Registrar [Negotiating Team”, ICANN said.

I believe that the publication has been set for tomorrow to allow ICANN to hit its public comment deadlines for the big Beijing public meeting next month.

The posting was apparently agreed to at a meeting between the registrars and ICANN on Friday.

While the two sides have come to agreement on most of the changes to the RAA, sticking points remain despite now-daily talks.

I understand that a proposed unilateral right of amendment in ICANN’s favor is currently a big barrier to final agreement.

ICANN to reveal Registrant Rights & Responsibilities (and here’s a draft copy)

Kevin Murphy, February 28, 2013, Domain Registrars

ICANN is set to publish and start promoting a new Registrant Rights & Responsibilities charter at some point over the next couple of days, we hear.

The one-page document is set to become an important part of CEO Fadi Chehade’s plan to make the domain name industry appear more trustworthy and likable in the eyes of the internet-using public.

He first revealed the idea during a meeting with registries and registrars in Amsterdam last month.

An ICANN-commissioned study showed that people have a very low opinion of the industry, he told them.

The new document is designed to address some of those concerns.

While the charter may be presented as originating in the industry, it was first drafted by ICANN and we hear that some registrars have been somewhat reluctant to agree to it.

“It’s like when you’re a kid and your dad gives you a birthday card to sign for your mom,” one registrar told us.

The legalese-stricken document that ICANN originally presented to them over-stretched and could have carried legal exposure, they added.

DI has been sent of copy of what we’re told is a close-to-final draft of the document, which we understand is more agreeable to most registrars. We’ve pasted it below in full.

Registrants’ Rights and Responsibilities

Domain Name Registrants’ Rights:

  1. Your domain name registration and any privacy services you may use in conjunction with it must be subject to a Registration Agreement with an ICANN Accredited Registrar.
    • You are entitled to review this Registration Agreement at any time, and download a copy for your records.
  2. You are entitled to accurate and accessible information about:
    • The identity of your ICANN Accredited Registrar;
    • The identity of any privacy service provider affiliated with your Registrar;
    • Your Registrar’s terms and conditions, including pricing information, applicable to domain name registrations;
    • The terms and conditions, including pricing information, applicable to any privacy services offered by your Registrar;
    • The customer support services offered by your Registrar and the privacy services provider, and how to access them;
    • How to raise concerns and resolve disputes with your Registrar and any privacy services offered by them; and
    • Instructions that explain your Registrar’s processes for registering, managing, transferring, renewing, and restoring your domain name registrations, including through any privacy services made available by your Registrar.
  3. You shall not be subject to false advertising or deceptive practices by your Registrar or though any privacy services made available by your Registrar. This includes deceptive notices, hidden fees, and any practices that are illegal under the consumer protection law of your residence.

Domain Name Registrants’ Responsibilities:

  1. You must comply with the terms and conditions posted by your Registrar, including applicable policies from your Registrar, the Registry and ICANN.
  2. You must review your Registrar’s current Registration Agreement, along with any updates.
  3. You will assume sole responsibility for the registration and use of your domain name.
  4. You must provide accurate information for publication in directories such as WHOIS, and promptly update this to reflect any changes.
  5. You must respond to inquiries from your Registrar within fifteen (15) days, and keep your Registrar account data current. If you choose to have your domain name registration renew automatically, you must also keep your payment information current.

It draws on changes ICANN and registrars have agreed to in the 2013 (hopefully) Registrar Accreditation Agreement, such as registrar commitments to provide basic information about themselves.

As for the 2013 RAA itself, we hear that ICANN wants to present a final version to its board of directors for approval during its public meeting in Beijing in early April.

That would mean opening it up for public comment next week, but registrars and ICANN have not yet agreed to a final draft for publication, despite now-daily negotiation meetings.

The major sticking point, we gather, is an amendment that would give ICANN a unilateral right to change the contract in future — similar to the proposed gTLD Registry Agreement provision currently causing a shitstorm in the new gTLD applicant community.

There’s also controversy about the fact that ICANN wants to restrict new gTLDs to only registrars that sign the new RAA, which is designed to be a carrot to get them to sign up even if their 2009/2001 RAAs are still active.

Ten registrars spanked for ignoring ICANN audit

Kevin Murphy, January 14, 2013, Domain Registrars

ICANN has sent breach notices to 10 domain name registrars for failing to respond to its ongoing contract compliance audit.

The 10 registrars with breach notices are: Crosscert, Mat Bao, DomainsToBeSeen.com, USA Webhost, Internet NAYANA Inc, Cheapies.com, Domainmonger.com, Lime Labs, Namevault.com, and Power Brand Center.

According to ICANN, these registrars failed to provide the requested documentation as required by their Registrar Accreditation Agreement.

The Contractual Compliance Audit Program is a proactive three-year effort to check that all registries and registrars are abiding by the terms of their agreements.

ICANN selected 317 registrars at random for the first year of the program. As of January 4, 22 had not responded to these notices.

Only registrars signed up to the 2009 version of the RAA are contractually obliged to respond.

Verisign, which was one of six gTLD registries selected to participate this year, has controversially refused to let ICANN audit .net, saying it is not obliged to do so.

While the .net contract does have some audit requirements, we understand they’re not as wide-ranging as ICANN’s audit envisages.

The 10 registrars have been given until February 1 to provide ICANN with the necessary information or risk losing their accreditations.

Crocker sees new gTLDs going live “towards the end of the year”

Kevin Murphy, January 10, 2013, Domain Policy

Not exactly the news that new gTLD applicants wanted to hear.

ICANN chairman Steve Crocker has put a tentative date of “towards the end of the year” for the first approval and delegation of new gTLDs, months later than some applicants were expecting.

In a video interview with ICANN media affairs chief Brad White, reviewing the organization’s goals for the year, Crocker said:

We will see some strings towards the end of the year I think actually approved and perhaps delegated into the root and so it will be interesting to see the how all that comes out what kinds of moves are made.

That time-frame is later than most industry experts speaking to Bloomberg BNA for a recent briefing paper had predicted. Some expected new gTLDs to start hitting the root as early as April.

Better news for applicants came in Crocker’s response to a question about whether ICANN was wedded to its 1,000 delegations-per-year limit, which could artificially throttle some applicants’ plans. He said:

I do not want to suggest that there will be a change, but I suspect there is plenty of capacity to increase that somewhat if it were necessary to do so.

The interview also discusses ICANN’s investment strategy for its new gTLD funds, its meetings strategy for the next few years, and the Registrar Accreditation Agreement (which Crocker said is “nearing completion”).

Watch the whole thing here: