Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
Cloudflare “bug” reveals hundreds of secret domain prices
The secret wholesale prices for hundreds of TLDs have been leaked, due to an alleged “bug” at a registrar.
The registry fees for some 259 TLDs, including those managed by Donuts, Verisign and Afilias, are currently publicly available online, after a programmer used what they called a “bug” in Cloudflare’s API to scrape together price lists without actually buying anything.
Cloudflare famously busted into the domain registrar market last September by announcing that it would sell domains at cost, thumbing its nose at other registrars by suggesting that all they’re doing is “pinging an API”.
But because most TLD registries have confidentiality clauses in their Registry-Registrar Agreements, accredited registrars are not actually allowed to reveal the wholesale prices.
That’s kind of a problem if you’re a registrar that has announced that you will never charge a markup, ever.
Cloudflare has tried to get around this by not listing its prices publicly.
Currently, it does not sell new registrations, instead only accepting inbound transfers from other registrars. Registry transaction reports reveal that it has had tens of thousands of names transferred in, but has not created a significant number of new domains.
(As an aside, it’s difficult to see how it could ever sell a new reg without first revealing its price and therefore breaking its NDAs.).
It appears that the only way to manually ascertain the wholesale prices of all of the TLDs it supports would be to buy one of each at a different registrar, then transfer them to Cloudflare, thereby revealing the “at cost” price.
This would cost over $9,500, at Cloudflare’s prices, and it’s difficult to see what the ROI would be.
However, one enterprising individual discovered via the Cloudflare API that the registrar was not actually checking whether they owned a domain before revealing its price.
They were therefore able to compile a list of Cloudflare’s prices and therefore the wholesale prices registries charge.
The list, and the script used to compile it, are both currently available on code repository Github.
The bulk of the list comprises Donuts’ vast portfolio, but most TLDs belonging to Afilias (including the ccTLD .io), XYZ.com and Radix are also on there.
It’s not possible for me to verify that all of the prices are correct, but the ones that are comparable to already public information (such as .com and .net) match, and the rest are all in the ballpark of what I’ve always assumed or have been privately told they were.
The data was last refreshed in April, so without updates its shelf life is likely limited. Donuts, for example, is introducing price increases across most of its portfolio this year.
DI implicated in .sucks “gag order” fight
Vox Populi, the .sucks registry, terminated Com Laude’s accreditation last week due to its belief that the brand protection registrar had leaked a “confidential” document to Domain Incite.
Vox Pop CEO John Berard tonight denied that the company he works for was carrying out a “grudge” against Com Laude, which in January led a charge against a Vox “gag order” on registrars.
As we reported on Friday, Vox terminated Com Laude‘s ability to sell .sucks domains directly, due to a then-unspecified alleged breach of the Registry-Registrar Agreement that binds all .sucks domain registrars.
It now turns out the “breach” was of the part of the .sucks RRA that states that Vox registrars “shall make no disclosures whatsoever” of “confidential informational”, where such confidential information is marked as such.
Berard told DI of the termination: “It was a specific act, violating a specific clause of the contract that had to do with breaching confidentiality, and that’s why the action was taken.”
The specific act was Com Laude allegedly sending DI — me, for avoidance of doubt — a confidential document.
“They have not said they didn’t do it,” Berard said.
He said that, given the amount of scrutiny Vox is under (due to the controversy it has created with its pricing and policies), “it would be crazy of us to ignore a contract breach”.
He declined to identify the document in question.
He said that Vox Pop deployed “forensic research” to discover the identity of the alleged leak.
“It was clear that something that was confidential was distributed, we wanted to know who distributed it,” he said. “We wanted to know who breached confidentiality.”
DI has only published one third-party document related to .sucks this year.
This is it (pdf). It’s a letter drafted by the Registrars Stakeholder Group and sent to ICANN. Here it is (pdf) as published on the ICANN web site.
DI has received other documents related to Vox Pop and .sucks from various parties that I have not published, but I’ve been unable to find any that contained the word “confidential” or that were marked as “confidential”.
According to the .sucks RRA (pdf), “confidential information” is documentation marked or identified “confidential”.
Everything I’ve ever written about .sucks can be found with this search.
.sucks terminates Com Laude as “gag order” row escalates
Vox Populi, the .sucks gTLD registry, has terminated the accreditation of brand protection registrar Com Laude as part of an ongoing dispute between the two companies.
Com Laude won’t be able to sell defensive .sucks registrations to its clients any more, at least not on its own accreditation, in other words.
The London-based registrar is transferring all of its .sucks domains to EnCirca as a result of the termination and says it is considering its options in how to proceed.
The shock move, which I believe to be unprecedented, is being linked to Com Laude’s long-time criticisms of Vox Populi’s pricing and policies.
The registrar today had some rather stern words for Vox Pop. Managing director Nick Wood said in a statement:
We have always been critical of this registry and particularly its sunrise pricing model which we regard as predatory. We have advised clients where possible to consider not registering such names. We hope that all brand owners will think twice before buying or renewing a .sucks domain. After all, it is not possible to block out every variation of a trademark under .sucks. In our view, fair criticism is preferable to dealing with Vox Populi.
Ouch!
The termination is believed to be linked to controversial changes to the .sucks Registry-Registrar Agreement, which Vox Pop managed to sneak past ICANN over Christmas.
One of the changes, some registrars believed, would prevent brand protection registrars from openly criticizing .sucks pricing and policies. They called it a “gag order”.
Com Laude SVP Jeff Neuman was one of the strongest critics. I believe he was a key influence on a Registrar Stakeholder Group letter (pdf) in January which essentially said registrars would boycott the new RRA.
That letter said:
It’s ironic for a Registry whose slogan is “Foster debate, Share opinions” has now essentially proposed implementing a gag order on the registrars that sell the .sucks TLD by preventing them from doing just that
While the RRA dispute was resolved more or less amicably following ICANN mediation, with Vox Pop backpedaling somewhat on its proposed changes, Com Laude now believes the registry has held a grudge.
Its statement does not say what part of the .sucks RRA it is alleged to have breached.
Vox Pop has not yet returned a request for comment. I’ll provide an update should I receive further information.
Com Laude said in a statement today:
Jeff Neuman, our SVP of our North American business, Com Laude USA, led the effort in the Registrar Stakeholder Group to quash proposed changes to Vox Populi’s registry-registrar agreement, in order to protect the interests of brand owners and the registrars who work with them. Since then, Vox Populi has accused Com Laude of breaching the terms of the registry-registrar agreement, a claim we take seriously and refute in its entirety. We are now considering our further options.
Wood added:
We have informed our clients of the action being taken and all have expressed their support for the manner in which we have handled it. We are pleased to have received messages of support from across the ICANN community including other registry operators. Clearly there is strong distaste at the practices of Vox Populi.
Strong stuff.
.sucks “gag order” dropped, approved
Vox Populi, the .sucks registry, has had controversial changes to its registrar contract approved after it softened language some had compared to a “gag order”.
ICANN approved changes to the .suck Registry-Registrar Agreement last week, after receiving no further complaints from registrar stakeholders.
Registrars had been upset by a proposed change that they said would prevent brand-protection registrars from publicly criticizing .sucks:
The purpose of this Agreement is to permit and promote the registration of domain names in the Vox Populi TLDs and to allow Registrar to offer the registration of the Vox Populi TLDs in partnership with Vox Populi. Neither party shall take action to frustrate or impair the purpose of this Agreement.
But Vox has now “clarified” the language to remove the requirement that registrars “promote” .sucks names. The new RRA will say “offer” instead.
Registrars had also complained that the new RRA would have allowed Vox to unilaterally impose new contractual terms with only 15 days notice.
Vox has amended that proposal too, to clarify that changes would come into effect 15 days after ICANN has given its approval.
Vox CEO John Berard told ICANN in a March 18 letter:
VoxPop’s intent was never to alter any material aspect of the Registry Registrar Agreement. Our intent was to clarify legal obligations that already exist in the Agreement, and conform the timeframes for any future amendments with those specified in our ICANN registry contract.
Registrars object to “unreasonable” .bank demands
Registrars are upset with fTLD Registry Services for trying to impose new rules on selling .bank domains that they say are “unreasonable”.
The Registrar Stakeholder Group formally relayed its concerns about a proposed revision of the .bank Registry-Registrar Agreement to ICANN at the weekend.
A key sticking point is fTLD’s demand that each registrar selling .bank domains have a dedicated .bank-branded web page.
Some registrars are not happy about this, saying it will “require extensive changes to the normal operation of the registrar.”
“Registrars should not be required to establish or maintain a “branded webpage” for any extension in order to offer said extension to its clients,” they told ICANN.
i gather that registrars without a full retail presence, such as corporate registrars that sell mainly offline, have a problem with this.
There’s also a slippery slope argument — if every gTLD required a branded web page, registrars would have hundreds of new storefronts to develop and maintain.
fTLD also wants registrars to more closely align their sales practices with its own, by submitting all registration requests from a single client in a single day via a bulk registration form, rather than live, or pay an extra $125 per-name fee.
This is to cut down on duplicate verification work at the registry, but registrars say it would put a “severe operational strain” on them.
There’s also a worry about a proposed change that would make registrars police the .bank namespace.
The new RRA says: “Registrar shall not enable, contribute to or willing aid any third party in violating Registry Operator’s standards, policies, procedures, or practices, and shall notify Registry Operator immediately upon becoming aware of any such violation.”
But registrars say this “will create a high liability risk for registrars” due to the possibility of accidentally overlooking abuse reports they receive.
The registrars’ complaints have been submitted to ICANN, which will have to decide whether fTLD is allowed to impose its new RRA or not.
The RrSG’s submission is not unanimously backed, however. One niche-specializing registrar, EnCirca, expressed strong support for the changes.
In a letter also sent to ICANN, it said that none of the proposed changes are “burdensome”, writing:
EnCirca fully supports the .BANK Registry’s efforts to ensure potential registrants are fully informed by Registrars of their obligations and limitations for .BANK. This helps avoid confusion and mis‐use by registrants, which can cause a loss of trust in the Registry’s stated mission and commitments to the banking community.
fTLD says the proposed changes would bring the .bank RRA in line with the RRA for .insurance, which it also operates.
The .insurance contract has already been signed by several registrars, it told ICANN.
Registrars boycotting “gag order” .sucks contract
Registrars are ignoring new provisions in their .sucks contracts that they say amount to a “gag order”.
In a letter (pdf) to ICANN from its Registrars Stakeholder Group, the registrars ask for ICANN to convene a face-to-face negotiation between themselves and .sucks registry Vox Populi, adding:
Until such time, the Registrars believe that the amendments are not yet in effect and will continue to operate under Vox Populi’s existing RRA.
That means they’re working on the assumption that the controversial changes to the .sucks Registry-Registrar Agreement, sent to ICANN by Vox in December, have not yet been approved.
Vox Pop, on the other hand, has told ICANN that the changes came into effect January 6.
As we reported at the weekend, the registry is taking ICANN to formal mediation, saying ICANN breached the .sucks Registry Agreement by failing to block the changes within the permitted 15-day window.
The registrars’ letter was sent January 20, one day before Vox Pop’s mediation demand. The Vox letter should probably be read in that context.
The registrars have a problem with two aspects of the changed RRA.
First, there’s a clause that allows Vox to change the contract unilaterally in future. Registrars say this makes it a contract of “adhesion”.
Second, there’s a clause forbidding registrars taking “action to frustrate or impair the purpose of this Agreement”. Registrars read this as a “gag order”, writing:
Many Registrars not only serve as retail outlets for the purchase of domain names, but also provide consultative services to their clients on TLD extensions and their domain name portfolios. In conjunction with the provision of those services, registrars often opine on new gTLD and ccTLD extensions, the TLDs policies, pricing methodologies, security provisions and overall utility. These provisions could easily be read to inhibit such activities and restrict a registrar’s ability to offer those valuable services.
That’s referring primarily to corporate registrars working in the brand protection space, which are kinda obliged to offer .sucks for their clients’ defensive purposes, but still want to be able to criticize its policies and pricing in public.
ICANN has yet to respond to the request for a sit-down meeting between the registry and registrars.
However, given that Vox has invoked its right to mediation, it seems likely that that process will be the focus for now.
Mediation lasts a maximum of 90 days, which means the problem could be sorted out before April 20.
.sucks sends in the lawyers in “gag order” fight
Vox Populi is taking ICANN to mediation over a row about what some of its registrars call a “gag order” against them.
Its lawyers have sent ICANN a letter demanding mediation and claiming ICANN has breached the .sucks Registry Agreement.
I believe it’s the first time a new gTLD registry has done such a thing.
The clash concerns changes that Vox Populi proposed for its Registry-Registrar Agreement late last year.
Some registrars believe that the changes unfairly give the registry the unilateral right to amend the RRA in future, and that they prevent registrars opposed to .sucks in principle from criticizing the gTLD in public.
I understand that a draft letter that characterizes the latter change as a “gag order” has picked up quite a bit of support among registrars.
ICANN has referred the amended draft of the .sucks RRA to its Registrars Stakeholder Group for comment.
But Vox Pop now claims that it’s too late, that the new RRA has already come into force, and that this is merely the latest example of “a pattern on ICANN’s part to attempt to frustrate the purpose and intent of its contract with Vox Populi, and to prevent Vox Populi from operating reasonably”.
The registry claims that the changes are just intended to provide “clarity”.
Some legal commentators have said there’s nothing unusual or controversial about the “gag” clauses.
But the conflict between Vox and ICANN all basically boils down to a matter of timing.
Under the standard Registry Agreement for new gTLDs, registries such as Vox Pop are allowed to submit proposed RRA changes to ICANN whenever they like.
ICANN then has 15 calendar days to determine whether those changes are “immaterial, potentially material or material in nature.”
Changes are deemed to be “immaterial” by default, if ICANN does not rule otherwise within those 15 days.
If they’re deemed “material” or “potentially material”, a process called the RRA Amendment Procedure (pdf) kicks in.
That process gives the registrars an extra 21 days to review and potentially object to the changes, while ICANN conducts its own internal review.
In this case, there seems to be little doubt that ICANN missed the 15-day deadline imposed by the RA, but probably did so because of some clever timing by Vox.
Vox Pop submitted its changes on Friday, December 18. That meant 15 calendar days expired Monday, January 3.
However, ICANN was essentially closed for business for the Christmas and New Year holidays between December 24 and January 3, meaning there were only three business days — December 21 to 23 — in which its lawyers and staff could scrutinize Vox’s request.
Vox Pop’s timing could just be coincidental.
But if it had wanted to reduce the contractual 15 calendar days to as few business days as possible, then December 18 would be the absolute best day of the year to submit its changes.
As it transpired, January 3 came and went with no response from ICANN, so as far as Vox is concerned the new RRA with its controversial changes came into effect January 6.
However, on January 8, ICANN submitted the red-lined RRA to the RrSG, invoking the RRA Amendment Procedure and telling registrars they have until January 29 to provide feedback.
Vox Pop’s lawyer, demanding mediation, says the company was told January 9, six days after ICANN’s 15-day window was up, that its changes were “deemed material”.
Mediation is basically the least-suey dispute resolution process a registry can invoke under the RA.
The two parties now have a maximum of 90 days — until April 20 — to work out their differences more or less amicably via a mediator. If they fail to do so, they proceed to a slightly more-suey binding arbitration process.
In my opinion, ICANN finds itself in this position due to a combination of a) Vox Pop trying to sneak what it suspected could be controversial changes past its staff over Christmas, and b) ICANN staff, in the holiday spirit or off work entirely, dropping the ball by failing to react quickly enough.
While I believe this is the first time a 2012-round gTLD registry has gone to dispute resolution with ICANN, Vox did threaten to sue last year when ICANN referred its controversially “predatory” launch plans to US and Canadian trade regulators.
That ultimately came to nothing. The US Federal Trade Commission waffled and its Canadian counterpart just basically shrugged.
.sucks “gagging” registrar critics?
.sucks may be all about freedom of speech, but some registrars reckon the registry is trying to ban them from criticizing the new gTLD in public.
Vox Populi is proposing a change to its standard registrar contract that some say is an attempt to gag them.
A version of the Registry-Registrar Agreement dated December 18, seen by DI, contains the new section 2.1:
The purpose of this Agreement is to permit and promote the registration of domain names in the Vox Populi TLDs and to allow Registrar to offer the registration of the Vox Populi TLDs in partnership with Vox Populi. Neither party shall take action to frustrate or impair the purpose of this Agreement.
It’s broad and somewhat vague, but some registrars are reading it like a gagging order.
While many retail registrars are no doubt happy to sell .sucks domains as part of their catalogs, there is of course a subset of the registrar market that focuses on brand protection.
Brand protection registrars have been quite vocal in their criticism of .sucks.
MarkMonitor, for example, last year wrote about how it would refuse to make a profit on .sucks names, and was not keen on promoting the TLD to its clients.
Asked about the new RRA language, Vox Pop CEO John Berard told DI that it was merely an attempt to clarify the agreement but provided no additional detail.
Registrars are also angry about a second substantial change to the contract, which would allow the registry to unilaterally make binding changes to the deal at will.
The new text in section 8.4 reads:
Vox Populi shall have the right, at any time and from time to time, to amend any or all terms and conditions of this Agreement. Any such amendment shall be binding and effective 15 days after Vox Populi gives notice of such amendment to the Registrar by email.
That’s the kind of thing that ICANN sometimes gets away with, but some registrars are saying that such a change would let Vox Pop do whatever the hell it likes and would therefore be legally unenforceable.
Verisign demands 24/7 domain hijacking support
Verisign is causing a bit of a commotion among its registrar channel by demanding 24/7 support for customers whose .com domains have been hijacked.
The changes, we understand, are among a few being introduced into Verisign’s new registry-registrar agreement for .com, which coincides with the renewal of its registry agreement with ICANN.
New text in the RRA states that: “Registrar shall, consistent with ICANN policy, provide to Registered Name Holders emergency contact or 24/7 support information for critical situations such as domain name hijacking.”
From the perspective of registrants, this sounds like a pretty welcome move: who wouldn’t want 24/7 support?
While providing around the clock support might not be a problem for the Go Daddies of the world, some smaller registrars are annoyed.
For a registrar with a small headcount, perhaps servicing a single time zone, 24/7 support would probably mean needing to hire more staff.
Their annoyance has been magnified by the fact that Verisign seems to be asking for these new support commitments without a firm basis in ICANN policy, we hear.
The recently updated transfers policy calls for a 24/7 Transfer Emergency Action Contact — in many cases just a staff member who doesn’t mind being hassled about work at 2am — but that’s meant to be reserved for use by registrars, registries and ICANN.
Recent Comments