Latest news of the domain name industry

Recent Posts

Verisign demands 24/7 domain hijacking support

Kevin Murphy, August 6, 2012, Domain Registrars

Verisign is causing a bit of a commotion among its registrar channel by demanding 24/7 support for customers whose .com domains have been hijacked.

The changes, we understand, are among a few being introduced into Verisign’s new registry-registrar agreement for .com, which coincides with the renewal of its registry agreement with ICANN.

New text in the RRA states that: “Registrar shall, consistent with ICANN policy, provide to Registered Name Holders emergency contact or 24/7 support information for critical situations such as domain name hijacking.”

From the perspective of registrants, this sounds like a pretty welcome move: who wouldn’t want 24/7 support?

While providing around the clock support might not be a problem for the Go Daddies of the world, some smaller registrars are annoyed.

For a registrar with a small headcount, perhaps servicing a single time zone, 24/7 support would probably mean needing to hire more staff.

Their annoyance has been magnified by the fact that Verisign seems to be asking for these new support commitments without a firm basis in ICANN policy, we hear.

The recently updated transfers policy calls for a 24/7 Transfer Emergency Action Contact — in many cases just a staff member who doesn’t mind being hassled about work at 2am — but that’s meant to be reserved for use by registrars, registries and ICANN.

Domain hijack leads to registrar shutdown threat

Kevin Murphy, April 12, 2012, Domain Registrars

ICANN has threatened to terminate Chinese domain name registrar eName Technology after the domain 1111.com was allegedly hijacked.

According to ICANN’s notice of breach (pdf), eName has refused to hand over data documenting the transfer of 1111.com as required by the Registrar Accreditation Agreement.

ICANN claims that when it tried to get eName’s help investigating a hijacking complaint, the company did not return its calls or emails.

The registrar now has 15 days to provide the transfer records as called for by the Inter-Registrar Transfer Policy.

According to historical Whois records, 1111.com was transferred to eName between February 12 and 16 this year. After a complaint, ICANN started chasing eName for the data on February 28.

The domain appears to have been owned by at least four different parties and three different registrars – Network Solutions, then Joker, then eName – since the start of 2012.

It’s the second time that ICANN has sent a breach notice to a registrar over an alleged mishandling of a domain name hijacking, and the first time it’s actually named the domain in question.

In February, the organization threatened Turkish registrar Alantron with the suspension of its contract over the botched handling of pricewire.com.

Rogue registrar suspended over “stolen” domain

Kevin Murphy, February 20, 2012, Domain Registrars

ICANN has told Turkish domain name registrar Alantron that its accreditation will be suspended for a month due to its shoddy record-keeping.

The suspension, which will become effective March 8, follows an investigation into allegations of double-selling.

ICANN issued the suspension last Thursday after trying unsuccessfully for almost three months to get its hands on Alantron’s registration records.

The company now has until March 28 to sort out its compliance problems or face losing its accreditation entirely.

I understand the investigation was prompted by complaints filed by an American named Roger Rainwater over the potentially valuable domain name pricewire.com.

Pricewire.com spent a couple of years under Whois privacy but was grabbed last August by Turkish registrant Altan Tanriverdi, according to historical Whois records.

Rainwater, who says he had been monitoring it for three or four years, subsequently paid Tanriverdi an undisclosed sum for the domain, signing up for an Alantron account so it could be pushed.

Rainwater showed up in the Whois for pricewire.com on September 7 last year. But he says he was unable to change his name servers and 48 hours later the name disappeared from his account.

He says he was told by Alantron that it had put the domain in Tanriverdi’s account “by mistake” and that it was sold to SnapNames as part of a batch of dropping domains.

According to emails sent to Rainwater, seen by DI, Alantron said that pricewire.com was “registered via a partner company called Directi for a company called Snapnames”.

SnapNames had already auctioned the name – apparently there were more than 40 bidders – and the name has since been transferred to one Sammy Katz of Philadelphia.

However, given that Whois reliability is at question here, it’s not entirely clear who owns it. It’s currently parked at InternetTraffic.com.

Tanriverdi, who appears to be equally aggrieved, has published an extensive history of the dispute, along with screenshots, here (in Turkish).

In short: Alantron stands accused of double-selling pricewire.com.

ICANN’s compliance team has been unable to get its hands on the underlying transaction data despite repeated attempts because Alantron apparently doesn’t have it.

Its suspension notice alleges that Alantron was running two registration systems in parallel and that they weren’t talking to each other, resulting in the same name being sold to two parties.

Read ICANN’s suspension notice in PDF format here.

ICANN tells Congressmen to chillax

Kevin Murphy, January 25, 2012, Domain Policy

ICANN senior vice president Kurt Pritz has replied in writing to great big list of questions posed by US Congressmen following the two hearings into new gTLDs last month.

The answers do what the format of the Congressional hearings made impossible – provide a detailed explanation, with links, of why ICANN is doing what it’s doing.

The 27-page letter (pdf), which addresses questions posed by Reps. Waxman, Eshoo and Dingell, goes over some ground you may find very familiar, if you’ve been paying attention.

These are some of the questions and answers I found particularly interesting.

Why are you doing this?

Pritz gives an overview of the convoluted ICANN process responsible for conceiving, creating and honing the new gTLD program over the last few years.

It explains, for example, that the original GNSO Council vote, which set the wheels in motion back in late 2007, was 19-1 in favor of introducing new gTLDs.

The “lone dissenting vote”, Pritz notes, was cast by a Non-Commercial Users Constituency member – it was Robin Gross of IP Justice – who felt the program had too many restrictions.

The letter does not mention that three Council members – one from the Intellectual Property Constituency and two more from the NCUC – abstained from the vote.

Why aren’t the trademark protection mechanisms finished yet?

The main concern here is the Trademark Clearinghouse.

New gTLD applicants will not find out how the Clearinghouse will operate until March at the earliest, which is cutting it fine considering the deadline for registering as an applicant is March 29.

Pritz, however, tells the Congressmen that applicants have known all they need to know about the Clearinghouse since ICANN approved the program’s launch last June.

The Clearinghouse is a detail that ideally should have been sorted out before the program launched, but I don’t believe it’s the foremost concern for most applicants or trademark owners.

The unresolved detail nobody seems to be asking about is the cost of a Uniform Rapid Suspension complaint, the mechanism to quickly take down infringing second-level domain names.

ICANN has said that it expects the price of URS – which involves paying an intellectual property lawyer to preside over the case – to be $300 to $500, but I don’t know anyone who believes that this will be possible.

Indeed, one of the questions asked by Rep. Waxman starts with the premise “Leading providers under Uniform Dispute Resolution Policy (UDRP) have complained that current fees collected are inadequate to cover the costs of retaining qualified trademark attorneys.”

UDRP fees usually start at around $1,000, double what ICANN expects the URS – which I don’t think is going to be a heck of a lot simpler for arbitration panels to process – to cost trademark owners.

Why isn’t the Trademark Claims service permanent?

The Trademark Claims service is a mandatory trademark protection mechanism. One of its functions is to alert trademark holders when somebody tries to register their mark in a new gTLD.

It’s only mandatory for the first 60 days following the launch of a new gTLD, but I’m in agreement with the IP community here – in an ideal world, it would be permanent.

However, commercial services already exist that do pretty much the same thing, and ICANN doesn’t want to anoint a monopoly provider to start competing with its stakeholders. As Pritz put it:

“IP Watch” services are already provided by private firms, and it was not necessary for the rights protection mechanisms specific to the New gTLD Program to compete with those ongoing watch services already available.

In other words, brands are going to have to carry on paying if they want the ongoing benefits of an infringement notification service in new gTLDs.

When’s the second round?

Nothing new here. Pritz explains why the date for the second round has not been named yet.

Essentially, it’s a combination of not knowing how big the first round is going to be and not knowing how long it will take to conduct the two (or three) post-first-round reviews that ICANN has promised to the Governmental Advisory Committee.

I tackle the issue of second-round timing in considerable detail on DomainIncite PRO. My feeling is 2015.

On Whois verification

Pritz reiterates what ICANN CEO Rod Beckstrom told the Department of Commerce last week: ICANN expects that many registrars will start to verify their customers’ Whois data this year.

ICANN is currently talking to registrars about a new Registrar Accreditation Agreement that would mandate some unspecified degree of Whois verification.

This issue is at the top of the law enforcement wish list, and it was taken up with gusto by the Governmental Advisory Committee at the Dakar meeting in October.

Pritz wrote:

ICANN is currently in negotiations with its accredited registrars over amendments to the Registrar Accreditation Agreement. ICANN is negotiating amendments regarding to the verification of Whois data, and expects its accredited registrars to take action to meet the rising call for verification of data. ICANN expects that the RAA will incorporate – for the first time – Registrar commitments to verify Whois data.

He said ICANN expects to post the amendments for comment before the Costa Rica meeting in mid-March, and the measures would be in place before the first new gTLDs launch in 2013.

I’ve heard from a few registrars with knowledge of these talks that Whois verification mandates may be far from a dead-cert in the new RAA.

But by publicly stating to government, twice now, that Whois verification is expected, the registrars are under increased pressure to make it happen.

IF Whois verification is not among the RAA amendments, expect the registrars to get another dressing down from the GAC at the Costa Rica meeting this March.

On the other hand, ICANN has arguably handed them some negotiating leverage when it comes to extracting concessions, such as reduced fees.

The registrars were prodded into these talks with the GAC stick, the big question now is what kind of carrots they will be offered to adopt an RAA that will certainly raise their costs.

ICANN expects to post the proposed RAA changes for public comment by February 20.

Domain registrars pressured into huge shakeup

Kevin Murphy, October 26, 2011, Domain Registrars

Domain name registrars have agreed to negotiate big changes to their standard contract with ICANN, after getting a verbal kicking from the US and other governments.

While the decision to revamp the Registrar Accreditation Agreement was welcomed by intellectual property interests, it was criticized by non-commercial users worried about diluting privacy rights.

The ICANN registrar constituency said in a statement today that it will enter into talks with ICANN staff in an effort to get a new RAA agreed by March next year.

It’s an ambitious deadline, but registrars have come under fire this week over the perception that they have been using ICANN’s arcane processes to stonewall progress.

So, what’s going to change?

The registrars said that the negotiations will focus on 12 areas, originally put forward by international law enforcement agencies, that have been identified as “high priority”.

They cover items such as an obligation to disclose the names of registrants using privacy services, to work with law enforcement, and to tighten up relationships with resellers.

Here’s a list of all 12, taken from a recent ICANN summary report (pdf).

Prohibition on registrar cybersquatting
Malicious conduct – registrar duty to investigate
Designation and publication of technically competent point of contact on malicious conduct issues, available on 24/7 basis
Registrar disclosure of privacy/proxy services made available in connection with registration; and responsibility of registrar for compliance by such services
Obligations of privacy/proxy services made available in connection with registration re data escrow; Relay function; Reveal function
Registrar responsibility for cancellation under appropriate circumstances of registrations made by other privacy/proxy services for noncompliance with Relay and Reveal
Define circumstances under which registrar is required to cancel registration for false Whois data and set reasonable time limits for registrar action
Require PCI compliance in registration process
Define “reseller” and clarify registrar responsibility for reseller compliance
Require greater disclosure of registrar affiliates/multiple accreditations
Require greater disclosure of registrar contact information, information on form of business organization, officers, etc.
Clarification of registrar responsibilities in connection with UDRP proceedings

The changes were first suggested two years ago, and ICANN’s increasingly powerful Governmental Advisory Committee this week expressed impatience with the lack of progress.

There’s a US-EU cybercrime summit coming up next month, and GAC members wanted to be able to report back to their superiors that they’ve got something done.

As I reported earlier in the week, the GAC gave the registrars a hard time at the ICANN meeting in Dakar on Sunday, and it took its concerns to the ICANN board yesterday.

“We are looking for immediate visible and credible action to mitigate criminal activity using the domain name system,” US GAC representative Suzanne Radell told the board.

She won support from Steve Crocker who, in his first meeting as ICANN’s chairman, has shown a less combative style than his predecessor when talking with governments.

He seemed to agree that progress on RAA amendments through the usual channels – namely the Generic Names Supporting Organization – had not met expectations.

“One of the things that is our responsibility at the board level is not only to oversee the process, not only to make sure rules are followed and that everything is fair, but at the end of the day, that it’s effective,” he said.

“If all we have is process, process, process, and it gets gamed or it’s ineffective just because it’s not structured right, then we have failed totally in our duty and our mission,” he said.

An immediate result of the registrars’ decision to get straight into talks was the removal of an Intellectual Property Constituency motion from today’s GNSO Council meeting.

The IPC had proposed that the RAA should be revised in a trilateral way, between the registrars, ICANN, and everyone else via the GNSO.

Yanking the motion, IPC representative Kristina Rosette warned that the IPC would bring it back to the table if the RAA talks do not address the 12 high-priority items.

It would be unlikely to pass – registrars and registries vote against anything that would allow outside interests to meddle in their contracts, and they have the voting power to block such motions.

The ideas in the motion nevertheless stirred some passionate debate.

Tucows CEO Elliot Noss described the GAC’s heavy-handed criticisms as “kabuki theater” and “an attempt to bring politics as usual into the multi-stakeholder process” and said the RAA is not the best way to add protections to the DNS.

“Getting enforcement-type provisions, be they law enforcement or IP protections, into the RAA accomplishes only one thing. It turns the ICANN compliance department into a police department,” he said.

Wendy Seltzer, representing the Non-Commercial Users Constituency, said the changes proposed to the RAA “would reduce the privacy of registrants” and put them at increased risk of domain take-downs.

A broader issue is that even after a new RAA is negotiated registrars will be under no obligation to sign up to it until their current contracts expire.

Because many leading registrars signed their last contract after it was revised in 2009, it could be three or four years before the new RAA has any impact.

I’m not sure it’s going to be enough to fully satisfy the GAC.

Radell, for example, said yesterday that some items – such as the registrar obligation to publish an abuse contact – should be brought in through a voluntary code of conduct in the short term.

She also called for the 20% of registrars deemed to be bad actors (not a scientifically arrived-at number) should be de-accredited by ICANN.

UPDATE (October 27): Mason Cole of the registrars constituency has been in touch to say that the RAA talks will not only look at the 12 “high priority” or law enforcement recommendations.

Rather, he said, “there will be consideration of a broader range of issues.”

This appears to be consistent with the registrars’ original statement, which was linked to in the above post:

The negotiations are in response to the development of a list of recommendations made by law enforcement agencies and the broader Internet community to provide increased protections for registrants and greater security overall.