Latest news of the domain name industry

Recent Posts

More on my reg

Kevin Murphy, December 21, 2015, Domain Registries

If you were reading on Friday, you’ll know that I brought about the registration of the domain and took charge of a web site hosted at that address.

I hinted that there was a little more to the story, but couldn’t get into it.

The first part of the story is here.

What I didn’t mention was that was in my account for probably less than 10 minutes before I removed it.

I have no beef with Twitter and no particular desire to moderate a .sucks discussion forum.

After removing from my account, I noticed that again gave me the option to “register” a free .sucks domain.

So I experimentally “registered” too.

Again, the domain started resolving, showed up in Whois, and the associated WordPress site went live within seconds.

At this point, I discovered that I had admin privileges for both and sites simultaneously.

Suspecting that I may have found a bug that would allow anyone to register an essentially unlimited number of free and potentially trademark-matching .sucks domains, I informed of my findings in the interest of responsible bug disclosure and ended my blog post prematurely.

Late Friday, spokesperson Phil Armstrong told me that it wasn’t a bug after all.

He said that the company allows one “do-over”. So if you register a name for free, then delete it, you get another one for free.

He also said that WordPress admin privileges for domains removed from user accounts expire after a period (I had admin rights for the web site for roughly 48 hours after I deleted it from my account.)

Right now, the domain still exists, registered to as before, as does the associated web site. I have no idea if another user has taken over its administration or if it’s in some kind of limbo state.

All I know is that it’s nothing to do with me any more.

How I just registered for free in just five clicks

Kevin Murphy, December 18, 2015, Domain Registries

This morning, I caused the registration of and was given control of a web site at

I didn’t pay a thing, though I did — by checking a box linked to hidden terms and conditions — promise to pay $10,000 if I was later determined to be working for Twitter.

Ordinarily, registering a .sucks domain would have cost me over $200.

The controversial service (which may share ownership with .sucks registry Vox Populi) has gone live and is giving out 10,000 .sucks web sites for free.

Users, who can sign up merely by connecting their Facebook or LinkedIn accounts, are able to cause to register names on their behalf.

They are then immediately given limited control over a WordPress blog hosted at that domain, though not to the associated name servers or Whois records.

It’s actually quite a slick, streamlined service, that could quite easily dramatically increase the number of active .sucks site overnight.

But it’s going to cause no end of headaches for trademark owners.

Earlier this week, you may recall DI reporting that seemed to have registered the .sucks names matching the brands of Twitter, Adobe, Goldman Sachs and Justin Timberlake.

It seems that this may have been a test of the service, as I was tipped off last night that was no longer registered.

Here’s how I got control over the web site in just FIVE clicks. has a domain availability query box, just like a regular registrar. I looked up “twitter”: 1

Seeing that the domain was available, I went through the two-click process of allowing to use my Facebook login credentials. 2

Obviously, while I used a genuine Facebook account, I see no reason why I couldn’t have used a fake one.

After connecting, I was bounced back to and was given the ability to register in a single click. 3

I also had to check a box confirming:

I’m a free-thinking individual, not a corporate yes-man. I agree to the terms and conditions and any penalties which may apply.

Clicking either of the T&C links, or hovering over the question mark, will introduce you to the concept of a $10,000 penalty. 4

That’s right — by causing to register a .sucks domain, you agree to pay $10,000 if the company decides, in its “sole discretion” that you are affiliated with the matching trademark owner. The terms state:

Site Runners on must be individuals who have no affiliation with the subject matter of the Site. You can’t be running the Site on behalf of a company, entity or anyone who is the subject of the Site.

As a Site Runner you agree that if you are found by, in our sole discretion, to be in violation of this principal, that a $10,000 USD payment to will immediately become due and payable. You will also no longer be a Site Runner with us. Your Site may also be given to a different Site Runner to run.

If you think a Site is being run by someone acting on behalf of the subject of the Site, please email us at

Given that Twitter’s lawyers are probably going to hate me for doing this, I felt pretty confident in accepting this risk.

In addition, at this point has not asked me for any payment information. If they want $10,000 off of me, they can take a hike, I figure.

So I clicked the “Register Now” button.

Bam! In under 10 seconds the domain name existed in DNS, in Whois, and there was a simple WordPress web site there that I, to a significant extent, controlled.

The domain is registered to, which makes it clear on its web site FAQ that its users — or “Site Runners” — do not actually own the domains they cause to be registered. 6

As administrator of the WordPress site, I am able to create and update blog posts as well as change the appearance by switching between a limited selection of themes. I can also edit and delete comments and manage registered users.

There’s a little bit more to my story — which I cannot get into for now.

For the moment, it must suffice to say that this is a whole new world for famous brand owners.

They can either pay the roughly $2,000 required to defensively register their brand in .sucks, or they can try to sneak through a free (or $0.99 per month) registration at at the risk of being billed $10,000 if they get rumbled.

Should brands get a new gTLD round to themselves? Twitter thinks so

Kevin Murphy, October 20, 2015, Domain Policy

Twitter wants to get its hands on some new gTLDs but doesn’t want to wait.

Having missed the first round of new gTLD applications back in 2012, the company is now keen on getting .twitter and other strings both branded and generic.

“We’re interest in round two,” Twitter trademark counsel Stephen Coates said as ICANN’s business constituencies met the board of directors today.

“We have several interesting opportunities to develop around that space,” he said. “We are interested in both brands and generics.”

The problem for Twitter, and every other would-be gTLD applicant, is that ICANN isn’t even talking in broad terms about when the next round will be.

The absolute minimum that must happen is that ICANN must complete a review of round one, focusing on “Competition, Consumer Trust and Consumer Choice”. This CCT review is mandated by ICANN’s Affirmation of Commitments with the US government.

Almost three years after the first round opened, the volunteer team that will carry out the CCT review has not even been assembled yet.

There are a number of other factors that may or may not wind up on the critical path — such as reviews of rights protection mechanisms and security and stability at the DNS root.

Coates said he would like a “bifurcated” review process leading to two separate second application rounds.

“I would advocate for bifurcating the review process, which I think is very important, especially around RPMs,” he said. “But also bifurcating the round process, treating dot-brands differently than generic names.”

I think this outcome is unlikely.

Application rules that give preference to one type of application over another invite exploitation. It happened in the 2003 sponsored TLD round and it’s happening with “community” and “Specification 13” applications in the current round too.

Time for .bloomberg after Twitter hoax?

Could the fake Bloomberg story about Twitter being acquired act as an impetus for the company to activate its mostly dormant dot-brand gTLD?

Twitter shares yesterday reportedly spiked as much as 8% on the “news” that it was the target of a $31 buyout bid.

The story was published on, a cybersquatted domain hosting a mirror of the real Bloomberg web site.

While it was reportedly quite sloppily written, it nevertheless managed to convince at least one US cable news network to run with it, one reporter even tweeting the bogus link to his followers.

The story was quickly outed as a fake and within a few hours Rightside, the .market registry as well as owner of its registrar, eNom, suspended the domain for breaching its terms of service.

Rightside wrote in a blog post:

it pains us so greatly that, in the early stages when so many people are forming their first impressions of the new TLD program, these numerous positive examples are sometimes overshadowed by the malicious practices and behaviors of a very small group of people.

Bloomberg’s not at fault here, of course. No company should be expected to defensively register its trademark in every one of the 1,000+ TLDs out there right now.

But could the hoax persuade it to do something of substance with its .bloomberg gTLD, perhaps taking a leaf out of the BNP Paribas playbook?

Bloomberg has been populating its dot-brand with hundreds of domains since May — both the names of its products and keywords related to industries it’s known for covering — but currently they all seem to redirect to existing web sites in .com or .net.

It’s long been suggested by proponents of new gTLDs that dot-brands can act as a signal of legitimacy on the web, and that’s the attitude banks such as Barclays and BNP Paribas seem to be taking right now.

Could .bloomberg be next?

Turkey blocks Google DNS in Twitter crackdown

Kevin Murphy, March 23, 2014, Domain Policy

The Turkish government has reportedly blocked access to Google’s public DNS service from with its borders, as part of its recently instituted censorship of Twitter.

According to local reports, the IP addresses and — Google’s public DNS servers — were banned after they became widely used to circumnavigate blocks on Twitter’s domain names.

Turkish prime minister Recep Tayyip Erdogan last week vowed to “wipe out” Twitter, after the company refused to take down tweets criticizing his government over corruption allegations ahead of an election next week.

Twitter is encouraging Turkish users to use SMS to send tweets instead. Many Turks are also turning to VPNs to evade this bizarre piece of Draconian censorship.