Latest news of the domain name industry

Recent Posts

US and EU call for Whois to stay alive

Kevin Murphy, January 31, 2018, Domain Policy

Government officials from both sides of the Atlantic have this week called on ICANN to preserve Whois as it currently is, in the face of incoming EU privacy law, at least for a select few users.

The European Commission wrote to ICANN to ask for a “pragmatic and workable solution” to the apparent conflict between the General Data Protection Regulation and the desire of some folks to continue to access Whois as usual.

Three commissioners said in a letter (pdf) that special consideration should be given to “public interests” including “ensuring cybersecurity and the stability of the internet, preventing and fighting crime, protecting intellectual property and copyright, or enforcing consumer protection measures”.

David Redl, the new head of the US National Telecommunications and Information Administration, echoed these concerns in a speech at the State of the Net conference in Washington DC on Monday.

Redl said that the “preservation of the Whois service” is one of NTIA’s top two priorities at the moment. The other priority is pressing for US interests in the International Telecommunications Union, he said.

Calling Whois “a cornerstone of trust and accountability for the Internet”, Redl said the service “can, and should, retain its essential character while complying with national privacy laws, including the GDPR.”

“It is in the interests of all Internet stakeholders that it does,” he said. “And for anyone here in the US who may be persuaded by arguments calling for drastic change, please know that the US government expects this information to continue to be made easily available through the Whois service.”

He directly referred to the ability of regular internet users to access Whois for consumer protection purposes in his speech.

The European Commission appears to be looking at a more restrictive approach, but it did offer some concrete suggestions as to how GDPR compliance might be achieved.

For example, the commissioners’ letter appears to give tacit approval to the idea of “gated” access to Whois, but called for access by law enforcement to be streamlined and centralized.

It also suggests throttling as a mechanism to reduce abuse of Whois data, and makes it clear that registrants should always be clearly informed how their personal data will be used.

The deadline for GDPR compliance is May this year. That’s when the ability of EU countries to start to levy fines against non-compliant companies, which could run into millions of euros, kicks in.

While ICANN has been criticized by registries and registrars for moving too slowly to give them clarity on how to be GDPR-compliant while also sticking to the Whois provisions of their contracts, its pace has been picking up recently.

Two weeks ago it called for comments on three possible Whois models that could be used from May.

That comment period ended on Monday, and ICANN is expected to publish the model upon which further discussions will be based today.

Research finds homograph attacks on big brands rife

Kevin Murphy, January 22, 2018, Domain Tech

Apparent domain name homograph attacks against major brands are a “significant” problem, according to research from Farsight Security.

The company said last week that it scanned for such attacks against 125 well-known brands over the three months to January 10 and found 116,113 domains — almost 1,000 per brand.

Homographs are domains that look like other domains, often indistinguishable from the original. They’re usually used to phish for passwords to bank accounts, retailers, cryptocurrency exchanges, and so on.

They most often use internationalized domain names, mixing together ASCII and non-ASCII characters when displayed in browsers.

To the naked eye, they can look very similar to the original ASCII-only domains, but under the hood they’re actually encoded with Punycode with the xn-- prefix.

Examples highlighted by Farsight include baŋkofamerica.com, amazoṇ.com and fàcebook.com

Displayed as ASCII, those domains are actually xn--bakofamerica-qfc.com, xn--amazo-7l1b.com and xn--fcebook-8va.com.

Farsight gave examples including and excluding the www. subdomain in a blog post last week, but I’m not sure if it double-counted to get to its 116,113-domain total.

As you might imagine, almost all of this abuse is concentrated in .com and other TLDs that were around before 2012, judging by Farsight’s examples. That’s because the big brands are not using new gTLDs for their primary sites yet.

Farsight gave a caveat that it had not generally investigated the ownership of the homograph domains it found. It’s possible some of them are defensive registrations by brands that are already fully aware of the security risk they could present.

Big changes at DomainTools as privacy law looms

Kevin Murphy, January 11, 2018, Domain Services

Regular users of DomainTools should expect significant changes to their service, possibly unwelcome, as the impact of incoming European Union privacy law begins to be felt.

Professional users such as domain investors are most likely to be impacted by the changes.

The company hopes to announce how its services will be rejiggered to comply with the General Data Protection Regulation in the next few weeks, probably in February, but CEO Tim Chen spoke to DI yesterday in general terms about the law’s possible impact.

“There will be changes to the levels of service we offer currently, especially to any users of DomainTools that are not enterprises,” Chen said.

GDPR governs how personal data on EU citizens is captured, shared and processed. It deals with issues such as customer consent, the length of time such data may be stored, and the purposes for which it may be processed.

Given that DomainTools’ entire business model is based on capturing domain registrants’ contact information without their explicit consent, then storing, processing and sharing that data indefinitely, it doesn’t take a genius to work out that the new law represents a possibly existential threat.

But while Chen says he’s “very concerned” about GDPR, he expects the use cases of his enterprise customers to be protected.

DomainTools no longer considers itself a Whois company, Chen said, it’s a security services company now. Only about 20% of its revenue now comes from the $99-a-month customers who pay to access services such as reverse Whois and historical Whois queries.

The rest comes from the 500-odd enterprise customers it has, which use the company’s data for purposes such as tracking down network abuse and intellectual property theft.

DomainTools is very much aligned here with the governments and IP lawyers that are pressing ICANN and European data protection authorities to come up with a way Whois data can still be made available for these “legitimate purposes”.

“We’re very focused on our most-important goal of making sure the cyber security and network security use cases for Whois data are represented in the final discussions on how this legislation is really going to land,” he said.

“There needs to be some level of access that is retained for uses that are very consistent with protecting the very constituents that this legislation is trying to protect from a privacy perspective,” he said.

The two big issues pressing on Chen’s mind from a GDPR perspective are the ability of the company to continue to aggregate Whois records from hundreds of TLDs and thousands of registrars, and its ability to continue to provide historical, archived Whois records — the company’s most-popular product after vanilla Whois..

These are both critical for customers responding to security issues or trying to hunt down serial cybersquatters and copyright infringers, Chen said.

“[Customers are] very concerned, because their ability to use this data as part of their incident response is critical, and the removal of the data from that process really does injure their ability to do their jobs,” he said.

How far these use cases will be protected under GDPR is still an open question, one largely to be determined by European DPAs, and DomainTools, like ICANN the rest of the domain industry, is still largely in discussion mode.

“Part of what we need to help DPAs understand is: how long is long enough?” Chen said. “Answering how long this data can be archived is very important.”

ICANN was recently advised by its lawyers to take its case for maintaining Whois in as recognizable form as possible to the DPAs and other European privacy bodies.

And governments, via the Governmental Advisory Committee, recently urged ICANN to continue to permit Whois access for “legitimate purposes”.

DomainTools is in a different position to most of the rest of the industry. In terms of its core service, it’s not a contracted party with ICANN, so perhaps will have to rely on hoping whatever the registries and registrars work out will also apply to its own offerings.

It’s also different in that it has no direct customer relationship with the registrants whose data it processes, nor does it have a contractual relationship with the companies that do have these customer relationships.

This could make the issue of consent — the right of registrant to have a say in how their data is processed and when it is deleted — tricky.

“We’re not in a position to get consent from domain owners to do what we do,” Chen said. “I think where we need to be more thoughtful is whether DomainTools needs to have a process where people can opt out of having their data processed.”

“When I think about consent, it’s not on the way in, because we just don’t have a way to do that, it’s allowing a way out… a mechanism where people can object to their data being processed,” he said.

How DomainTools’ non-enterprise customers and users will be affected should become clear when the company outlines its plans in the coming weeks.

But Chen suggested that most casual users should not see too much impact.

“The ability of anyone who has an interest in using Whois data, who needs it every now and then, for looking up a Whois record of a domain because they want to buy it as a domain investor for example, that should still be very possible after GDPR,” he said.

“I don’t think GDPR is aimed at individual, one-at-a-time use cases for data, I think it’s aimed at scalable abuse of the data for bad purposes,” he said.

“If you’re running a business in domain names and you need to get Whois at significant scale, and you need to evaluate that many domains for some reason, that’s where the impact may be,” he said.

Disclosure: I share a complimentary DomainTools account with several other domain industry bloggers.

XYZ relaunches .storage with $2,200 price tag

Kevin Murphy, November 8, 2017, Domain Registries

XYZ.com has reopened .storage to registrations with a new, much higher price tag.

A confusingly named “Trademark Holder Landrush” started yesterday and will run for three weeks.

It’s not a sunrise period — .storage already had its ICANN-mandated sunrise under its previous management — and it appears that it’s not actually restricted to trademark holders.

The .storage web site states that “neither registrars nor XYZ will validate trademarks during this period”. The registry says that all strings, including generic words, are available.

It basically appears to be just a way to squeeze a little extra cash out of larger companies and anyone else desperate for a good name.

There are not many registrars carrying the TLD right now, just five brand protection registrars and 101domain.

101domain prices the names at $699.99 with a $1,500 application fee during the trademark landrush.

XYZ says that the regular suggested retail price for .storage will be $79.99 per month which seems to be a roundabout way of saying $948 per year. There’s no option to register for less than a year.

.storage is designed for companies in the data storage and physical storage industries, so adopting a high-price, low-volume business model is probably a smart move by the registry.

It’s a similar model to that XYZ employs in its car-related gTLDs operated in partnership with Uniregistry.

XYZ does not appear to be relying entirely on defensive registrations to make its coin, however.

It’s offering a “complimentary” web site migration service, usually priced at $10,000, that it says can help early registrants switch to .storage in as little as 72 hours with no loss of search engine juice.

.storage was originally owned by Extra Storage Space, a physical storage company, but XYZ acquired the contract for an undisclosed sum in May.

The trademark landrush will be immediately followed by an Early Access Period, during which there will also be a sliding-scale fee (day one will be a whopping $55,000 at 101domain!), before general available starts a month from now.

Former MarkMonitor execs join new brand protection registrar

Kevin Murphy, August 30, 2017, Domain Registrars

Two former MarkMonitor executives have teamed up with a Fairwinds co-founder to launch a new “next generation” brand protection registrar.

The new company is Brandsight. It was set up by CEO Phil Lodico, who left brand consultancy Fairwinds about a year ago, and was accredited by ICANN earlier this month.

The first two hires are Matt Serlin, who until a couple months ago was VP of client services at MarkMonitor, and Elisa Cooper, who joins after being VP of marketing at the intellectual property management company Lecorpio.

Cooper, who also worked for MarkMonitor in the same position until a couple of years ago, will be Brandsight’s head of marketing and policy. Serlin will head up operations and client services.

The two told me yesterday that Brandsight will attempt to differentiate itself from its alma maters through a combination of better technology, expertise and use of data.

Both have many years experience in the domain industry and ICANN and, one imagines, thick contacts books of potential clients.

The Brandsight site, which went live today, will feature improved workflow via a streamlined user interface, they said.

The company also hopes “better leverage big data to help companies make better decisions and streamline processes around domain management”, Cooper said.

“Legacy registrars haven’t been focused on building new technology, some for almost 10 years,” she said.

It looks like it’s going to be a boutique operation at first — I believe Lodico, Serlin and Cooper are the only three employees right now — but Cooper said the plan is to staff up over the remainder of the year in areas such as sales.

The idea is to be a company that is purely focused on corporate domain services as its core competency, as opposed to what they called the “legacy” larger registrars that have domains as just one service among many, Cooper and Serlin said.

Brandsight is based in New York state and funded by private investors.

.storage to have pricey second sunrise

The .storage gTLD is to get a second sunrise period after being acquired and repurposed by XYZ.com.

The registry will operate a “Trademark Landrush Period” for three weeks from November 7 as the first stage of .storage’s reboot as an open-to-all gTLD.

It’s not technically a “sunrise” period under ICANN rules — that phase was already completed under previous owner Extra Space Storage — nor is it restricted to trademark owners.

Basically anyone with the money will be able to buy a .storage domain during the period, but at a price.

One registrar is reporting that registrants will have to pay a $1,500 application fee on top of the soon-to-be-standard higher $699-per-year registration fee.

That’s considerably more than most new gTLDs charge during their regular sunrise phases.

There’s no need to own a matching trademark, so neither the registry, registrars or Trademark Clearinghouse have any trademark verification costs to bear.

But that also means anyone can pick up any generic, dictionary .storage domain they want without the need for paperwork. XYZ has previously said that all domains will be available at the same price, regardless of their previous “premium” status.

I can see some intellectual property interests being uneasy with how this relaunch is handling trademarks.

Under its former management, .storage was set to be tightly restricted to the physical and data storage industries, reducing the chance of cybersquatting, so some brands may have avoided the sunrise period.

After the relaunch — general availability starts December 5 — there will be no such restrictions. However, the high price of standard registrations is likely to deter all but the richest or dumbest cybersquatters.

XYZ.com acquired .storage for an undisclosed sum in May. There are currently about 800 domains in the .storage zone file.

EFF recommends against new gTLDs

Kevin Murphy, July 28, 2017, Domain Policy

The Electronic Frontier Foundation has recommended that domain registrants concerned about intellectual property “bullies” steer clear of new gTLDs.

The view is expressed in a new EFF report today that is particularly critical of policies in place at new gTLD portfolio registries Donuts and Radix.

The report (pdf) also expresses strong support for .onion, the pseudo-TLD available only to users of the Tor browser and routing network, which the EFF is a long-term supporter of.

The report makes TLD recommendations for “security against trademark bullies”, “security against identity theft and marketing”, “security against overseas speech regulators” and “security against copyright bullies”.

It notes that no one TLD is “best” on all counts, so presents a table explaining which TLD registries — a broad mix of the most popular gTLD and ccTLD registries — have which relevant policies.

For those afraid of trademark “bullies”, the EFF recommends against 2012-round new gTLDs on the basis that they all have the Uniform Rapid Suspension service. It singles out Donuts for special concern due to its Domain Protected Marks List, which adds an extra layer of protection for trademark owners.

On copyright, the report singles out Donuts and Radix for their respective “trusted notifier” schemes, which give the movie and music industries a hotline to report large-scale piracy web sites.

These are both well-known EFF positions that the organization has expressed in previous publications.

On the other two issues, the report recommends examining ccTLDs for those which don’t have to kowtow to local government speech regulations or publicly accessible Whois policies.

In each of the four areas of concern, the report suggests taking a look at .onion, while acknowledging that the pseudo-gTLD would be a poor choice if you actually want people to be able to easily access your web site.

While the opinions expressed in the report may not be surprising, the research that has gone into comparing the policies of 40-odd TLD registries covering hundreds of TLDs appears on the face of it to be solid and possibly the report’s biggest draw.

You can read it here (pdf).

GNSO faces off with governments over IGO cybersquatting

Kevin Murphy, January 27, 2017, Domain Policy

A defiant ICANN working group looking at cybersquatting rules for intergovernmental organizations is sticking to its guns in an ongoing face-off with the Governmental Advisory Committee.

In a report published for public comment this week, the GNSO working group recommended that IGOs should be given the right to use the UDRP and URS rights protection mechanisms, despite not being trademark owners.

But the recommendations conflict with the advice of the GAC, which wants ICANN to create entirely new mechanisms to deal with IGO rights.

I explored a lot of the back story of this argument in two posts a few months ago, which I will not rehash here.

The latest development is the publication of the proposed initial report of the GNSO IGO-INGO Access to Curative Rights Protection Mechanisms Initial Report (pdf) for comment.

The WG was tasked with deciding whether changes should be made to UDRP and URS to help protect the names and acronyms of IGOs and INGOs (international non-governmental organizations).

For INGOs, including the special cases of the International Olympic Committee and the Red Cross/Red Crescent, it decided no changes and no new mechanisms are required, concluding:

Many INGOs already have, and do, enforce their trademark rights. There is no perceivable barrier to other INGOs obtaining trademark rights in their names and/or acronyms and subsequently utilizing those rights as the basis for standing in the existing dispute resolution procedures (DRPs) created and offered by ICANN as a faster and lower cost alternative to litigation. For UDRP and URS purposes they have the same standing as any other private party.

The case with IGOs is different, because using UDRP and URS requires complainants to agree that the panel’s decisions can be challenge in court, and IGOs by their nature have a special legal status that allows them to claim jurisdictional immunity.

The WG recommends that these groups should be allowed access to UDRP and URS if they have protection under Article 6ter of the Paris Convention, a longstanding international intellectual property treaty.

This rule would actually extend UDRP and URS to hundreds more IGO names and acronyms than the GAC has requested protection for, which is just a few hundred. WIPO’s 6ter database by contrast currently lists 925 names and 399 abbreviations.

To deal with the jurisdictional immunity problem, the WG report recommends that IGOs should be allowed to file cybersquatting complaints via a third-party “assignee, agent or licensee”.

It further recommends that if an IGO manages to persuade a court it has special jurisdictional immunity, having been sued by a UDRP-losing registrant, that the UDRP decision be either disregarded or sent back to the arbitration for another decision.

The recommendations with regard IGOs are in conflict with the recommendations (pdf) of the so-called “small group” — a collection of governments, IGOs, INGOs and ICANN directors that worked quietly and controversially in parallel with the WG to come up with alternative solutions.

The small group wants ICANN to create separate but “functionally equivalent” copies of the UDRP and URS to deal with cybersquatting on IGO name and acronyms.

These copied processes would be free for IGOs to use and, to account for the immunity issue, would not be founded in trademark law.

The WG recommendations are now open for public comment and are expected to be the subject of some debate at the March ICANN meeting in Copenhagen.

The biggest dot-brand in the world has 50,000 domains, but are they legit?

Kevin Murphy, January 19, 2017, Domain Registries

The biggest dot-brand gTLD active today has about 50,000 domains under management, but the vast majority of them may not be compliant with ICANN rules.

Real Estate Domains LLC runs .realtor in partnership with the National Association of Realtors, a US-based real estate agent membership organization.

RED/NAR has an ICANN policy exemption that means it does not have to open .realtor to competition between registrars, but it does not appear to be sticking to the promises it made when it asked for that exemption.

RED has told DI that it believes it is fully compliant with its contractual obligations.

The .realtor gTLD is highly unusual, possibly even unique, in the market.

It is, by most comparisons, a thriving new gTLD. It has tens of thousands of domain names and thousands of active web sites.

It’s the 59th-biggest 2012-round gTLD, according to zone file counts. It has more names than .blog, .webcam and .ninja.

It currently has about 48,000 names in its zone file, a bit less than half of its November 2015 peak of 110,000. It’s been offering a free first-year name to NAR members since launch, which may account for the first-year peak and second-year trough.

It’s arguably a “dot-brand”, but its domains are primarily used by fee-paying third parties, which is not the case for the over 500 other dot-brands out there today.

The string “realtor” is in fact an trademark, fiercely guarded by the NAR and apparently at genuine risk of genericide.

To call yourself a realtor, you have to pay NAR local and national membership fees that can run into hundreds of dollars a year.

To register a .realtor domain, you have to be an NAR member. So, even though the price of a .realtor domain is only around $40 at Name Share (the only approved .realtor registrar), the cost of eligibility is much higher.

I think that the way the NAR is selling its names to third-party realtors is very possibly a breach of ICANN rules, but explaining why I think that will get a bit complicated.

To begin with, whether a gTLD is a “dot-brand” depends to a great extent on your definition of the term.

I usually take “dot-brand” to mean any new gTLD that has Specification 13 — which allows registries to ignore ICANN policies such as the otherwise mandatory Sunrise period — in its Registry Agreement.

There are 463 gTLDs that have Spec 13 so far. They’re being used to a greater or lesser extent by the respective registries to promote their own brands.

Some have set up a bunch of domains with redirects to specific URLs on their .com or ccTLD site. Others have built a modest number of custom sites to promote various products, services, offers or marketing campaigns.

A small number have been using their domains to help business partners. Spanish car maker Seat points scores of .seat domains to cookie-cutter sites promoting local car dealerships, but I’ve seen no evidence these dealers have any control over these domains.

Almost all of the time, the only entity actually using the domain is the registry — that is, the brand owner — itself.

There’s also another definition of dot-brand — any gTLD that does not have Spec 13, but does have an exemption to Specification 9 of the standard ICANN Registry Agreement.

Spec 9, also called the “Code of Conduct”, is the part of the RA that requires registries to give equal, non-discriminatory access to all ICANN-accredited registrars.

It’s there to stop registries favoring registrars they have close relationships with and therefore to keep the market competitive.

Every Spec 13 dot-brand has a Spec 9 exemption, but not every TLD with a Spec 9 exemption has signed Spec 13.

There are 66 gTLDs that have the Spec 9 exemption but do not have Spec 13 in their contracts. Almost all of these have fewer than 100 domains in their zone file today.

The Spec 9 exemption was created to avoid the stupid and undesirable situation where a big-name company has to open access to its dot-brand back-end registry to multiple registrars, even though it is the only registrant permitted to register names there.

The Code of Conduct is there to protect registrants. When there is only one registrant, there’s no need for protection. With multiple registrants, competition needs to be enforced.

To get the Spec 9 exemption, dot-brands have to send a letter to ICANN promising three things:

  1. All domain name registrations in the TLD are registered to, and maintained by, Registry Operator for the exclusive use of Registry Operator or its Affiliates (as defined in the Registry Agreement);
  2. Registry Operator does not sell, distribute or transfer control or use of any registrations in the TLD to any third party that is not an Affiliate of Registry Operator; and
  3. Application of the Code of Conduct to the TLD is not necessary to protect the public interest

Those bullets are copied from the March 2014 .realtor letter (pdf), but they’re all basically the same.

The first bullet says that domains have to be registered to the registry operator. In the case of .realtor, that’s RED/NAR.

And in fact, as far as I can tell, every .realtor domain has the RED/NAR listed in the “Registrant” field of its Whois record. The registry owns the lot.

But that bullet also says that .realtor domains have to be “maintained by” and “for the exclusive use of” the registry operator (in this case, the NAR) and its “Affiliates”.

The second bullet says that the registry cannot give “control or use” of any .realtor domain to a third party that is not an “Affiliate” of the registry.

The term “Affiliate” is important here. The Spec 9 exemption states that it is defined by the RA, and the RA defines it like this:

For the purposes of this Agreement: (i) “Affiliate” means a person or entity that, directly or indirectly, through one or more intermediaries, or in combination with one or more other persons or entities, controls, is controlled by, or is under common control with, the person or entity specified, and (ii) “control” (including the terms “controlled by” and “under common control with”) means the possession, directly or indirectly, of the power to direct or cause the direction of the management or policies of a person or entity, whether through the ownership of securities, as trustee or executor, by serving as an employee or a member of a board of directors or equivalent governing body, by contract, by credit arrangement or otherwise.

My reading of this is that an Affiliate is an entity that is controlled, in a corporate sense, by the registry. The definition came about as a way to stop domain companies trying to avoid policy obligations by hiding behind shell companies.

However, in my opinion, the vast majority of .realtor domains today are in fact being controlled and used by third parties that are not registry Affiliates by the RA definition.

The first giveaway is Whois. While RED/NAR is listed as the “Registrant” of pretty much all .realtor domains, in most cases the “Administrative” contact is listed as the person or company who caused the name to be registered. Third-party realtors, in other words.

Realtor screenSecond, the registry’s web site states plainly that NAR member realtors can “get” and “use” .realtor domains and goes on to specify that they can use the names to build a web site, set up an email address, and even redirect the domain to an existing site.

Doing a Google search for .realtor sites, you’ll find that realtors are in fact using .realtor domains for these permitted purposes.

This seems to be a case of thousands of non-registry parties paying for “control” and “use” of domains that are supposed to be restricted to the registry’s control and use.

It seems to be true that they don’t “own” the domains that they “use”, but they nevertheless do “use” them in much the same way as I expect a significant majority of non-domainer registrants in other TLDs “use” their domains.

NAR/RED is of course fully aware of its RA obligations, and has written its own terms to accommodate them.

On a .realtor registry web site, its registration agreement, or “License Agreement”, states:

You represent, warrant and agree that you are a REALTOR®, an NAR member, the Canadian Real Estate Association (“CREA”), a member of CREA, an NAR or CREA member Board or Association, an NAR affiliate, an NAR licensee, or otherwise in a contractual relationship with NAR relating to use of NAR’s REALTOR® mark and that, in such capacity, you are deemed an “Affiliate” of RED as such is defined in the Registry Agreement, including as specifically set forth in the Code of Conduct Exemption.

The NAR is basically asking its members to affirm, via the small print of their registration agreement (that the majority won’t read) and the .realtor RA (which I’m sure none of them will read), that the NAR has some kind of corporate control over them.

That’s clearly not the case, in my understanding. The NAR’s members are generally fully independent sole traders or limited companies.

Realtors causing .realtor domains to be registered on their behalf are no more “Affiliates” of RED or the NAR than I would be an Affiliate of Facebook if, perchance, there’s a similar clause in the Facebook terms of service.

While I’ve been asking industry experts about this for the last couple of weeks, it was suggested to me that the fact that .realtor registrants have a “contract” with the registry (to license the Realtor trademark) is enough to satisfy the “Affiliate” definition.

I don’t buy it. Every registrant in every TLD signs a contract whenever they register a domain name. If a contract were sufficient for a Spec 9 opt-out, every gTLD would have the opt-out.

At this point you may be wondering what the harm of this business model is. I wondered the same thing myself.

The main harm, as far as I can see it, is that it sets a precedent for other gTLDs to avoid contractual obligations.

The other is that .realtor registrants (for want of a better term) are locked into the one approved registrar, Name Share, forever. If Name Share were to raise its prices, they would not have the option to move to another registrar.

Name Share, part of the EnCirca registrar family, specializes in niche TLDs and currently charges a not-unreasonable $39.95 per year for a .realtor domain.

There’s also the fact that gTLDs themed around real estate are thin on the ground right now.

RED/NAR also controls the new gTLD .realestate, but it has yet to launch for unknown reasons.

.realtor went from delegation to general availability in less than three months back in mid-2014 — a fast launch — but .realestate was delegated in April 2016 and hasn’t even set out its launch plan yet.

It’s a fully generic, non-brand gTLD but it hasn’t told ICANN when its sunrise, trademark claims or GA dates are yet. It hasn’t even launched its nic.realestate web site yet, which is a contractual obligation also in the RA.

I don’t know why RED/NAR has not started to launch .realestate yet. When I asked RED’s top brass I did not get a reply.

But I do know that a real estate agent in North America today who wants to get a domain in a semantically valuable TLD has one fewer option due to the absence of .realestate from the market.

Another option, buying a .realty domain from Top Level Spectrum, is not possible either because, 18 months after delegation, it also has not launched.

Then there’s .homes, a restricted gTLD operated by Dominion Enterprises, but that has virtually no registrar support and fewer than 100 names in its zone eight months after general availability started.

The only real option right now (other than using an unrelated TLD) is to buy a .realtor domain, but they’d have to pay hundreds of dollars to NAR for membership and then would not have a choice of registrars through which to register.

I put all of my questions about the business model and the Spec 9 exemption to RED last week.

“We believe we are in full compliance with the Spec 9 exemption as granted by ICANN based on our request and posted publicly here,” CEO Matthew Embrescia said in an email (link in original).

Brian Johnson, general counsel for RED, said in a separate email:

our position is that RED is in full compliance as such relates to Spec 9 for .REALTOR. In fact, we think .REALTOR is a very successful example of a TLD with a legitimate business model which incorporates a Spec 9 exemption.

I also pushed Johnson and Embrescia for specific explanations of why I might be wrong in my interpretation of the Spec 9 exemption and how RED is applying it, but I did not get any replies.

A senior ICANN staffer, while declining to comment on the specifics of any TLD or any compliance investigation, told me that my understanding of the Spec 9 exemption is correct.

I gather that all Spec 9-exempt registries are obliged to submit an annual report about their exemption compliance, and that the 2016 report is due tomorrow.

However, I believe .realtor’s business model is well over one year old already, so it’s debateble whether ICANN has been paying attention.

Donuts extends DPML Plus and delays price hike

Kevin Murphy, December 28, 2016, Domain Registries

Donuts has delayed the price increases coming to its trademark-blocking service and extended availability of the “plus” version for three more months.

Domain Protected Marks List Plus, which lets companies block brands and variations such as typos and brand+keywords across Donuts stable of 200ish TLDs, will now be available until March 31.

The price hike for vanilla DPML, which does not include the variant-blocking, has also been delayed until the end of January, the registry said.

Both deadlines were previously December 31.

DPML Plus, which grants 10-year blocks on one trademark and three variants in every Donuts TLD, has a recommended retail price of $9,999.

Fully exploited, that amounted at the September launch to $1.26 per blocked domain per year, but Donuts’ portfolio has grown since then.

Retail prices for the plain DPML are reportedly going up from $2,500 per string to $4,400 for a five-year block at one registrar when the price rise kicks in. That’s a 76% increase.