Latest news of the domain name industry

Recent Posts

Belgium to crack down on fraud domains

Kevin Murphy, November 28, 2018, Domain Registries

DNS Belgium says it will shortly implement a new policy that will see it take down .be domains associated with fraud within 24 hours of discovering them.

The new scheme, which comes into effect December 1, essentially grants the Belgian government’s ministry of the economy — FPS Economy or Federal Public Service Economy in local parlance — a trusted notifier status when it comes to takedowns.

Previously, requests had to go through public prosecutors and took about two weeks, giving attackers a longer window to milk their victims.

Under the old regime, FPS Economy could only request a suspension in cases where the Whois data was inaccurate.

The registry said it will only suspend domains that are involved in “serious crimes”, including phishing and fraudulent web stores.

Registrants will have two weeks to appeal their suspensions. After six months, the domains will be deleted.

Several hundred .be domains per year are expected to be affected.

Donuts took down 11 domains for Hollywood last year

Kevin Murphy, February 28, 2017, Domain Policy

Donuts caused 11 domain names in its new gTLD portfolio to be taken down in the first 12 months of its deal with the US movie industry.

The company disclosed yesterday that the Motion Picture Association of America requested the suspension of 12 domains under their bilateral “Trusted Notifier” agreement, which came into effect last February.

The news follows the decisions by Public Interest Registry and the Domain Name Association not to pursue a “Copyright ADRP” process that would have made such Trusted Notifier systems unnecessary.

Of the 12 alleged piracy domains, seven were suspended by the sponsoring registrar, one was addressed by the hosting provider, and Donuts terminated three at the registry level.

For the remaining domain, “questions arose about the nexus between the site’s operators and the content that warranted further investigation”, Donuts said.

“In the end, after consultation with the registrar and the registrant, we elected against further action,” it said.

Trusted Notifier is supposed to address only clear-cut cases of copyright infringement, where domains are being using solely to commit mass piracy. Donuts said:

Of the eleven on which action was taken, each represented a clear violation of law—the key tenet of a referral. In some cases, sites simply were mirrors of other sites that were subject to US legal action. All were clearly and solely dedicated to pervasive illegal streaming of television and movie content. In a reflection of the further damage these types of sites can impart on Internet users, malware was detected on one of the sites.

Donuts also dismissed claims that Trusted Notifier mechanisms represent a slippery slope that will ultimately grant censorship powers to Big Content.

The company said “a mere handful of names have been impacted, and only those that clearly were devoted to illegal activity. And to Donuts’ knowledge, in no case did the registrant contest the suspension or seek reinstatement of the domain.”

It is of course impossible to verify these statements, because Donuts does not publish the names of the domains affected by the program.

Trusted Notifier, which is also in place at competing portfolio registry Radix, was this week criticized in an academic paper from professor Annemarie Bridy of the University of Idaho College of Law and Stanford University.

The paper, “Notice and Takedown in the Domain Name System: ICANN’s Ambivalent Drift into Online Content Regulation”, she argues that while Trusted Notifier may not by an ICANN policy, the organization has nevertheless “abetted the development and implementation of a potentially large-scale program of privately ordered online content regulation”.

Grogan hopeful of content policing clarity within “a few weeks”

ICANN may be able to provide registrars, intellectual property interests and others with clarity about when domain names should be suspended as early as next month, according to compliance chief Allen Grogan.

With ICANN 53 kicking off in Buenos Aires this weekend, Grogan said he intends to meet with a diverse set of constituents in order to figure out what the Registrar Accreditation Agreement requires registrars to do when they receive abuse complaints.

“I’m hopeful we can publish something in the next few weeks,” he told DI. “It depends to some extent on what direction the discussions take.”

The discussions center on whether registrars are doing enough to take down domains that are being used, for example, to host pirated content or to sell medicines across borders.

Specifically at issue is section 3.18 of the 2013 RAA.

It requires registrars to take “reasonable and prompt steps to investigate and respond appropriately” when they receive abuse reports.

The people who are noisiest about filing such reports — IP owners and pharmacy watchdogs such as LegitScript — reckon “appropriate action” means the domain in question should be suspended.

The US Congress heard these arguments in hearings last month, but there were no witnesses from the ICANN or registrar side to respond.

Registrars don’t think they should be put in the position of having to turn off what may be a perfectly legitimate web site due to a unilateral complaint that may be flawed or frivolous.

ICANN seems to be erring strongly towards the registrars’ view.

“Whatever the terms of the 2013 RAA mean, it can’t really be interpreted as a broad global commitment for ICANN to enforce all illegal activity or all laws on the internet,” Grogan told DI.

“I don’t think ICANN is capable of that, I don’t think we have the expertise or resources to do that, and I don’t think the ICANN multistakeholder community has ever had that discussion and delegated that authority to ICANN,” he said.

CEO Fadi Chehade recently told the Washington Post that it isn’t ICANN’s job to police web content, and Grogan has expanded on that view in a blog post last week.

Grogan notes that what kind of content violates the law varies wildly from country to country — some states will kill you for blasphemy, in some you can get jail time for denying the Holocaust, in others political dissent is a crime.

“Virtually everybody I’ve spoken with has said that is far outside the scope of ICANN’s remit,” he said.

However, he’s leaving some areas open for discussion,

“There are some constituents, including some participants in the [Congressional] hearing — from the intellectual property community and LegitScript — who think there’s a way to distinguish some kinds of illegal activities from others,” he said. “That’s a discussion I’m willing to have.”

The dividing line could be substantial risk to public health or activities that are broadly, globally deemed to be illegal. Child abuse material is the obvious one, but copyright infringement — where Grogan said treaties show “near unanimity” — could be too.

So is ICANN saying it’s not the content police except when it comes to pharmacies and intellectual property?

“No,” said Grogan. “I’m saying I’m willing to engage in that dialogue and have that conversation with the community to see if there’s consensus that some activities are different to others.”

“In a multistakeholder model I don’t think any one constituency should control,” he said.

In practical terms, this all boils down to 3.18 of the RAA, and what steps registrars must take to comply with it.

It’s a surprisingly tricky one even if, like Grogan, you’re talking about “minimum criteria” for compliance.

Should registrars, for example, be required to always check out the content of domains that are the subject of abuse reports? It seems like a no-brainer.

But Grogan points out that even though there could be broad consensus that child abuse material should be taken down immediately upon discovery, in many places it could be illegal for a registrar employee to even check the reported URL, lest they download unwanted child porn.

Similarly, it might seem obvious that abuse reports should be referred to the domain’s registrant for a response. But what of registrars owned by domain investors, where registrar and registrant are one and the same?

These and other topics will come up for discussion in various sessions next week, and Grogan said he’s hopeful that decisions can be made that do not need to involve formal policy development processes or ICANN board action.

An English new gTLD restricted to Germans?

Kevin Murphy, February 25, 2014, Domain Registries

Reading through the policies of new gTLD registries has given me cause to double-take several times, but .voting has to be one of the oddest yet.

Ostensibly an English-language gTLD, managed by a registry based in Switzerland, .voting domains will be essentially restricted to residents of Germany, according to its policies.

[UPDATE: The policy was actually submitted by mistake. See this story for an update.]

The Domain Name Registration Policy (pdf) submitted to ICANN by the registry, Valuetainment, states:

Registrants are obliged to supply an individual resident in the Federal Republic of Germany as contact person for all registered domains. This contact is generally described as the administrative contact (Admin-C). The registrant ca name himself as Admin-C.

My German isn’t great, and I’m aware that German speakers are very relaxed about adopting English words into common usage, but I’m pretty sure the language has its own verb for voting.

What makes the Germans-only admin contact policy weirder is that Valuetainment is Swiss and its policies state that the registration agreement is subject to Swiss law.

The .voting policy only states that the Administrative contact in Whois has to be German, which means that the main Registrant contact could technically be based in any country.

But if that registrant can’t name a German as an Administrative contact, technically they’ll be in violation of the rules.

It’s possible that registrars will be able to supply a local proxy in Germany, if they have one or want to go to the expense of setting one up, but it seems like a hassle.

There are a few other oddities in .voting’s policies.

Notably, Valuetainment is not just selling you a domain name, it’s granting you a license to use its “.voting” European Community trademark. Its Eligibility Policy (pdf) states:

For the duration of the registration, the Registry grants the user of a . VOTING domain a right of use with regard to the European Community Trade Mark No. 1111568 (. VOTING]. The license fees are included in the registration fee.

Registrants will be banned from charging for their services — .voting web sites must all be provided free of charge unless they’re providing “statistical voting evaluations”.

They’ll also be banned from offering directories of .voting sites, because Valuetainment intends to offer such a service and doesn’t want any competition.

Also, presumably so the registry can comply with local laws, any attempt to deny the Holocaust will cause your domain to be yanked under the company’s Rapid Takedown Policy (pdf).

Gripe sites and PPC banned in new gTLD

Kevin Murphy, January 24, 2014, Domain Registries

New gTLD registry Plan Bee expects to ban gripe sites in its forthcoming .build registry.

Its Acceptable Use and Takedown Policy (pdf), published this week, is among the strictest I’ve seen.

The gTLD was delegated last weekend. It’s going to be an open space targeted at the construction industry, but its AUP bans a lot of stuff.

As might be expected, any form of malicious hacking or spamming behavior is verboten, as is child abuse material.

Activities more often regulated today by registrar user agreements — such as piracy and counterfeiting — are also prohibited.

But the policy goes on to ban activities that are typically permitted in other TLDs, including “gripe sites” and “pay-per-click”. The AUP reads (I’ve emphasized some oddities):

Further abusive behaviors include, but are not limited to: cybersquatting, front-running, gripe sites, deceptive and⁄or offensive domain names, fake renewal notices, cross-gTLD registration scam, name spinning, pay-per-click, traffic diversion, false affiliation, domain kiting⁄tasting, fast-flux, 419 scams or if the domain name is being used in a manner that appears to threaten the stability, integrity or security of the Registry, or any of its Registrar partners and ⁄or that may put the safety and security of any registrant or user at risk.

Domains deemed abusive can be suspended or deleted by Plan Bee, under the policy.

I can see why a niche gTLD might want to build up loyalty in its associated industry by suspending gripe sites targeting construction companies, but banning “pay-per-click” is a baffling decision.

Will .build registrants be prohibited from using Google Adsense to support their sites?

The .build launch dates have not yet been revealed but it’s likely to be a matter of weeks.

  • Page 1 of 2
  • 1
  • 2
  • >