Latest news of the domain name industry

Recent Posts

Identity checks coming to Whois

Kevin Murphy, September 25, 2012, Domain Registrars

Pretty soon, if you want to register a domain name in a gTLD you’ll have to verify your email address and/or phone number or risk having your domain turned off.

That’s the latest to come out of talks between registrars, ICANN, governments and law enforcement agencies, which met last week in Washington DC to thrash out a new Registrar Accreditation Agreement.

While a new draft RAA has not yet been published, ICANN has reported some significant breakthroughs since the Prague meeting in June.

Notably, the registrars have agreed for the first time to do some minimal registrant identity checks — phone number and/or email address — at the point of registration.

Verification of mailing addresses and other data points — feared by registrars for massively adding to the cost of registrations — appears to be no longer under discussion.

The registrars have also managed to win another concession: newly registered domain names will be able to go live before identities have been verified, rather than only after.

The sticking point is in the “and/or”. Registrars think they should be able to choose which check to carry out, while ICANN and law enforcement negotiators think they should do both.

According to a memo released for discussion by ICANN last night:

It is our current understanding that law enforcement representatives are willing to accept post-­‐resolution verification of registrant Whois data, with a requirement to suspend the registration if verification is not successful within a specified time period. However, law enforcement recommends that if registrant Whois data is verified after the domain name resolves (as opposed to before), two points of data (a phone number and an email address) should be verified.

Among the other big changes is an agreement by registrars to an ICANN-run Whois privacy service accreditation system. Work is already underway on an accreditation framework.

After it launches, registrars will only be able to accept private registrations made via accredited privacy and proxy services.

Registrars have also agreed to some of law enforcement’s data retention demands, which has been a bone of contention due to worries about varying national privacy laws.

Under the new RAA, they would keep some registrant transaction data for six months after a domain is registered and other data for two years. It’s not yet clear which data falls into which category.

These and other issues outlined in ICANN’s latest update are expected to be talking points in Toronto next month.

It looks like a lot of progress has been made since Prague — no doubt helped by the fact that law enforcement has actually been at the table — and I’d be surprised if we don’t see a draft RAA by Beijing next April.

How long it takes to be adopted ICANN’s hundreds of accredited registrars is another matter.

Tiny Russian registrar gets canned

Kevin Murphy, August 8, 2012, Domain Registrars

ICANN is to terminate a Russian registrar’s accreditation.

Name For Name Inc, which was given a breach notice last month, is being shut down for basically failing to act as a registrar.

Verisign had already cut off its .com/.net registrar contract and the company was not managing names, providing Whois, or doing any of the other things registrars are supposed to.

Under normal circumstances, a termination sees a mass transfer of all the domains under management to a nominated registrar, but in Name For Name’s case I can’t see that happening.

The company only had five gTLD domain names under management, according to the latest count.

Its accreditation will be terminated September 6.

ICANN also this week issued a breach notice to Visesh Infotecnics (Signdomains.com), apparently as the result of a badly handled domain name hijacking.

Verisign demands 24/7 domain hijacking support

Kevin Murphy, August 6, 2012, Domain Registrars

Verisign is causing a bit of a commotion among its registrar channel by demanding 24/7 support for customers whose .com domains have been hijacked.

The changes, we understand, are among a few being introduced into Verisign’s new registry-registrar agreement for .com, which coincides with the renewal of its registry agreement with ICANN.

New text in the RRA states that: “Registrar shall, consistent with ICANN policy, provide to Registered Name Holders emergency contact or 24/7 support information for critical situations such as domain name hijacking.”

From the perspective of registrants, this sounds like a pretty welcome move: who wouldn’t want 24/7 support?

While providing around the clock support might not be a problem for the Go Daddies of the world, some smaller registrars are annoyed.

For a registrar with a small headcount, perhaps servicing a single time zone, 24/7 support would probably mean needing to hire more staff.

Their annoyance has been magnified by the fact that Verisign seems to be asking for these new support commitments without a firm basis in ICANN policy, we hear.

The recently updated transfers policy calls for a 24/7 Transfer Emergency Action Contact — in many cases just a staff member who doesn’t mind being hassled about work at 2am — but that’s meant to be reserved for use by registrars, registries and ICANN.

Domain hijack leads to registrar shutdown threat

Kevin Murphy, April 12, 2012, Domain Registrars

ICANN has threatened to terminate Chinese domain name registrar eName Technology after the domain 1111.com was allegedly hijacked.

According to ICANN’s notice of breach (pdf), eName has refused to hand over data documenting the transfer of 1111.com as required by the Registrar Accreditation Agreement.

ICANN claims that when it tried to get eName’s help investigating a hijacking complaint, the company did not return its calls or emails.

The registrar now has 15 days to provide the transfer records as called for by the Inter-Registrar Transfer Policy.

According to historical Whois records, 1111.com was transferred to eName between February 12 and 16 this year. After a complaint, ICANN started chasing eName for the data on February 28.

The domain appears to have been owned by at least four different parties and three different registrars – Network Solutions, then Joker, then eName – since the start of 2012.

It’s the second time that ICANN has sent a breach notice to a registrar over an alleged mishandling of a domain name hijacking, and the first time it’s actually named the domain in question.

In February, the organization threatened Turkish registrar Alantron with the suspension of its contract over the botched handling of pricewire.com.

Rogue registrar suspended over “stolen” domain

Kevin Murphy, February 20, 2012, Domain Registrars

ICANN has told Turkish domain name registrar Alantron that its accreditation will be suspended for a month due to its shoddy record-keeping.

The suspension, which will become effective March 8, follows an investigation into allegations of double-selling.

ICANN issued the suspension last Thursday after trying unsuccessfully for almost three months to get its hands on Alantron’s registration records.

The company now has until March 28 to sort out its compliance problems or face losing its accreditation entirely.

I understand the investigation was prompted by complaints filed by an American named Roger Rainwater over the potentially valuable domain name pricewire.com.

Pricewire.com spent a couple of years under Whois privacy but was grabbed last August by Turkish registrant Altan Tanriverdi, according to historical Whois records.

Rainwater, who says he had been monitoring it for three or four years, subsequently paid Tanriverdi an undisclosed sum for the domain, signing up for an Alantron account so it could be pushed.

Rainwater showed up in the Whois for pricewire.com on September 7 last year. But he says he was unable to change his name servers and 48 hours later the name disappeared from his account.

He says he was told by Alantron that it had put the domain in Tanriverdi’s account “by mistake” and that it was sold to SnapNames as part of a batch of dropping domains.

According to emails sent to Rainwater, seen by DI, Alantron said that pricewire.com was “registered via a partner company called Directi for a company called Snapnames”.

SnapNames had already auctioned the name – apparently there were more than 40 bidders – and the name has since been transferred to one Sammy Katz of Philadelphia.

However, given that Whois reliability is at question here, it’s not entirely clear who owns it. It’s currently parked at InternetTraffic.com.

Tanriverdi, who appears to be equally aggrieved, has published an extensive history of the dispute, along with screenshots, here (in Turkish).

In short: Alantron stands accused of double-selling pricewire.com.

ICANN’s compliance team has been unable to get its hands on the underlying transaction data despite repeated attempts because Alantron apparently doesn’t have it.

Its suspension notice alleges that Alantron was running two registration systems in parallel and that they weren’t talking to each other, resulting in the same name being sold to two parties.

Read ICANN’s suspension notice in PDF format here.