Latest news of the domain name industry

Recent Posts

Nominet to give nod to .uk privacy services

Kevin Murphy, March 12, 2015, Domain Registries

Nominet plans to start accrediting proxy/privacy services in .uk domain names, and to make it easier to opt-out of having your full contact details published in Whois.

The proposed policy changes are outlined in a consultation opened this morning.

“We’ve never recognized privacy services,” director of policy Eleanor Bradley told DI. “If you’ve registered a .uk with a privacy service, we consider the privacy service to be the registrant of that domain name.”

“We’ve been pretending almost that they didn’t exist,” she said.

Under the proposed new regime, registrars would submit a customer’s full contact details to Nominet, but Nominet would publish the privacy service’s information in the domain’s Whois output.

Nominet, getting its hands on the customer data for the first time, would therefore start treating the end customer as the true registrant of the domain.

The company says that introducing the service would require minimal work and that it does not intend to charge registrars an additional fee.

Currently, use of privacy services in .uk is pretty low — just 0.7% of its domains, up from 0.09% a year ago.

Bradley said such services are becoming increasingly popular due to some large UK registrars beginning to offer them.

One of the reasons for low penetration is that quite a lot of privacy is already baked in to the .uk Whois database.

If you’re an individual, as opposed to a “trading” business, you’re allowed to opt-out of having any personal details other than your name published in Whois.

A second proposed reform would make that opt-out available to a broader spectrum of registrants, Nominet says.

“We’ve found over the last few years that it’s quite a hard distinction to draw,” Bradley said. “We’ve had some criticisms for our overly strict application of that.”

In future, the opt-out would be available according to these criteria:

i. The registrant must be an individual; and,
ii. The domain name must not be used:
a) to transact with customers (merchant websites);
b) to collect personal data from subjects (ie data controllers as defined in the Data Protection Act);
c) to primarily advertise or promote goods, services, or facilities.

The changes would allow an individual blogger to monetize her site with advertising without being considered a “trading” entity, according to Nominet.

But a line would be drawn where an individual collected personal data on users, such as email addresses for a mailing list, Bradley said.

Nominet says in its consultation documents:

Our continued commitment to Nominet’s role as the central register of data will enable us to properly protect registrants’ rights, release contact data where necessary under the existing exemptions, and maintain public confidence in the register. It acknowledges that some registrants may desire privacy, whilst prioritising the core function of the registry in holding accurate records.

The proposals are open for comments until June 3, which means they could potentially become policy later this year.

.uk suspension problems worse than I thought

Kevin Murphy, December 31, 2014, Domain Registrars

Problems validating the addresses of .uk domain registrants, which caused one registrar to dump the TLD entirely, are broader than I reported yesterday.

Cronon, which does business as Strato, announced last week that it has stopped selling .uk domain names because in more than a third of cases Nominet, the registry, is unable to validate the Whois data.

In many cases the domain is subsequently suspended, causing customer support headaches.

It now transpires that the problems are not limited to .uk second-level names, are not limited to UK registrants, and are not caused primarily by mailing address validation failures.

Michael Shohat, head of registrar services at Cronon, got in touch last night to clarify that most of its affected customers are in fact from its native Germany or from the Netherlands.

All of the affected names are .co.uk names, not .uk SLDs, he added.

And the validation is failing in the large majority of cases not due to Nominet’s inability to validate a mailing address, but rather its inability to validate the identity of the registrant.

“This is where the verification is failing. The database they are using can’t find many of our registrants’ company names,” Shohat said.

“So 30% of our registrations were being put on hold, almost all of them from [Germany] and [the Netherlands], and 90% of them because of the company name. We checked lots of them and in every single case the name of the company was correct, and the address as well,” he said.

Michele Neylon of the ICANN Registrar Stakeholders Group said that Cronon is not the only registrar to have been affected by these issues. Blacknight Solutions, the registrar Neylon runs, has been complaining about the problem since May.

According to Neylon, the Nominet policy causing the issue is its data quality policy, which covers all .uk and .co.uk (etc) names.

The policy itself is pretty vague — Nominet basically says it will work with each individual registrar to determine a baseline of what can be considered a “minimum proportion of valid data”, given the geographic makeup of the registrar’s customer base.

Domains that fail to meet these criteria have a “Data Quality Lock” imposed — essentially a suspension of the domain’s ability to resolve.

Earlier this year, Nominet did backtrack on plans to implement an automatic cancellation of the names after 30 days of non-compliance, following feedback from its registrars.

“It’s disappointing that Cronon have taken this step; we hope they will consider working with us to find a way to move forward,” a Nominet spokesperson added.

She said that the registry has over recent years moved to “more proactive enforcement” of Whois accuracy. She pointed out that Nominet takes on the “lion’s share of the work”, reducing the burden on registrars.

“However, our solution does not include non-UK data sets to cross-reference with, so it is possible that some false positives occur,” she said. “Registrars with a large non-UK registrant bases, who are not accredited channel partners, would be affected more than others.”

An Accredited Channel Partner is the top tier of the three Nominet offers to registrars. It has additional data validation requirements but additional benefits.

While .co.uk domains are not limited to UK-based registrants, all .uk SLD registrants do need to have a UK mailing address in their Whois for legal service.

The company’s inability to validate many non-UK business identities seems to mean .co.uk could also slowly become a UK-only space by the back door.

Big registrar dumps .uk — a glimpse of Christmas future?

Kevin Murphy, December 30, 2014, Domain Registrars

German registrar Cronon, which retails domains under the Strato brand, has stopped carrying .uk domains due to what it says are onerous Whois validation rules.

In a blog post, company spokesperson Christina Witt said that over one third of all .uk sales the registrar has been making are failing Nominet’s registry-end validation checks, which she said are “buggy”.

With the introduction of direct second-level registration under .uk, Nominet introduced a new requirement that all new domains must have a UK address in the Whois for legal service, even if the registrant is based overseas.

According to its web site, Nominet checks registrant addresses against the Royal Mail Postcode Address file, which contains over 29 million UK addresses, and does a confidence-based match.

If attempts to match the supplied address with a UK address in this file prove fruitless, and after outreach to the registrant, Nominet suspends the domain 30 days after registration and eventually deletes it.

It’s this policy of terminating domains that has caused Strato to despair and stop accepting new .uk registrations.

“Databases of street directories or company registers are often inaccurate and out of date,” Witt wrote (translated from the original German). “The result: addresses that are not wrong, in fact, are be found to be invalid.”

Nominet is throwing back over a third of all .uk names registered via Strato, according to the blog post, creating a customer support nightmare.

Its affected registrants are also confused about the verification emails they receive from Nominet, a foreign company of which they have often never heard, Witt wrote.

I don’t know how many .uk names the registrar has under management, but it’s reasonably large in the gTLD space, with roughly 650,000 domains under management at the last count.

If Strato’s claim that Nominet is rejecting a third of valid addresses (and how Strato could know they’re valid is open to question), that’s quite a scary statistic.

Nominet seems to be using an address database, from the Royal Mail, which is about as close to definitive as it gets. And it’s only verifying addresses from a single country.

I shudder to imagine what the false negative rate would be like for a gTLD registrar compelled to validate addresses across 200-odd countries and territories.

The latest version of the ICANN Registrar Accreditation Agreement requires registrars to partially validate addresses, such as checking whether the street and postal code exist in the given city, but there’s no requirement for domains to be suspended if these checks fail.

[UPDATE: Thanks to Michele Neylon of the Registrars Stakeholder Group for the reminder that this RAA requirement hasn’t actually come into force yet, and won’t until the RrSG and ICANN come to terms on its technical and commercial feasibility.]

Where the 2013 RAA does require suspension is when the registrant fails to verify their email address (or, less commonly, phone number), which as we’ve seen over the last year leads to hundreds of thousands of names being yanked for no good reason.

If Strato’s story about .uk is correct and its experience shared by other registrars, I expect that will become and important data point the next time law enforcement or other interests push for even stricter Whois rules in the ICANN world.

Eleven domains suspended under .uk anti-rape rules

Kevin Murphy, December 8, 2014, Domain Registries

Nominet has suspended and permanently blocked 11 “rape” domain names in .uk since introducing a controversial policy earlier this year.

The company today disclosed that nine pre-existing domains were suspended immediately following the introduction of the rules in May. Another two have been blocked since then.

The policy calls for Nominet to ban any domain name that seems to “promote or incite serious sexual offences”.

Examples of such domains given by Lord MacDonald, who compiled the review that led to the policy, included rapeme.co.uk, rapemyteacher.co.uk and rapeporn.co.uk.

Nominet now automatically scans all new .uk registrations for keywords that may be a cause for concern. These are then manually reviewed to weed out the false positives, which could include for example domains that contain the word “grape” or “therapist”.

The false positive level is very high. According to a Nominet report (pdf) this week, 1,029 domains have been automatically flagged since May, only two of which were then suspended.

The policy was introduced following articles in some of the UK’s right-wing tabloids and pressure from government ministers.

Nominet also disclosed this week that 948 domains have been suspended for “criminal activity” in the last six months.

Under Nominet rules, such domains are suspended merely upon notification by the law enforcement agencies that the domain in question is suspected of harboring criminal activity. Unlike elsewhere in the world, no court order is required.

“Criminal activity” means intellectual property infringement in the vast majority of cases.

Of those 948 suspended names, 839 were suspended after complaints from the Police Intellectual Property Crime Unit. Another 102 were yanked following notices from the Medicines and Healthcare Products Regulatory Agency. The remaining 7 complaints came from the National Fraud Intelligence Bureau.

Nominet hires venture capitalist as new CEO

Kevin Murphy, October 29, 2014, Domain Registries

Nominet has named Lesley Cowley’s replacement as CEO as Russell Haworth, a Thomson Reuters alum who’s spent much of 2014 working as a venture capitalist.

Russell was previously managing director of Thomson Reuters’ Middle East & Africa division.

Since January, he’s been a co-founder and partner at Saya Ventures, an investment company focused on early-stage technology companies.

“Russell will lead the organisation as it develops its core registry business, explores the potential of new technologies, and delivers on its commitment to ensuring the internet is a force for good,” Nominet said.

He’s set to join the .uk registry in January 2015.

He replaces Cowley, who resigned in May and earlier this month revealed several new jobs.

.uk launches with Stephen Fry as anchor tenant

Nominet has launched its controversial .uk service, enabling Brits and others to register directly at the second level for the first time.

It did so with an endorsement from quintessential uber-Brit, gadget nut, Apple slave and national treasure Stephen Fry and a marketing splash including a .uk domain apparently visible from 35,000 feet up.

This sign has been placed in one of the main flight paths into Heathrow. Readers flying in to London for ICANN 50 later this month might want to ask for a window seat.

Nominet

Actor/author/comedian Fry was the first to be given a .uk today. He’s switched from stephenfry.com to stephenfry.uk as a result — the .com is already redirecting to the .uk.

He said in a blog post:

It’s only three harmless key-presses, you may think. A year or so back I wrote that it seemed to me annoying and lax of the British internet authority (if such a body ever existed, which it didn’t and doesn’t) when domain names were being handed that they were so inattentive and their eyes so off the ball. How come Germany could have .de, France .fr, South Africa .za, Italy .it etc etc etc? And we poor British had to have the extra exhaustion of typing .co.uk. Three whole keystrokes. It doesn’t stack up to much when compared to other howling injustices in the world. The length of time poor students and tourists have to queue to get an Abercrombie and Fitch polo shirt for example, but nonetheless it has been a nuisance these twenty years or so.

His involvement has helped the news hit many of the major daily newspapers in the UK today.

This is how to launch a TLD.

Fry’s friend Prince Charles was given princeofwales.uk last December, among 69 domains previously under .gov.uk that the government requested receive special treatment.

While new .uk addresses are available to register now, you won’t be able to immediately register one that matches a .co.uk unless you’re the owner of that .co.uk.

All .co.uk registrants have been given five years to decide whether they want the .uk equivalent, which carries a £2.50-a-year fee ($4.20), assuming a multi-year registration.

That’s the same as a .co.uk. Assuming .uk gets good uptake and that most registrants will keep their .co.uk names for the foreseeable future, Nominet’s accounts could be in for a significant boost.

Owners of .org.uk or .me.uk names only get the free reservation if the matching .co.uk is not already registered. Otherwise, they have to wait five years like everyone else.

Cowley quits Nominet

Lesley Cowley has unexpectedly quit her job as Nominet’s longstanding CEO.

The .uk registry today announced that she will leave the company July 9, and that the remaining C-suite will manage the company until a replacement is found.

No reason for Cowley’s departure was given, beyond Cowley saying “it is now the right time to move on”.

It’s not known if she has a new gig already lined up. She’s believed to have applied for the ICANN CEO job a couple of times, but that spot isn’t currently vacant.

Cowley has been with Nominet for 15 years and was appointed CEO in 2002.

A small but vocal group of Nominet members has been trying to get her kicked out for the last few years, alleging among other things that she lied to members.

Nominet tells me Cowley’s resignation has nothing to do with that.

Nominet names the date for shorter .uk addresses

Kevin Murphy, January 31, 2014, Domain Registries

Nominet is to start selling .uk domain names at the second level for the first time on June 10 this year.

The controversial Direct.uk service will enable people to register example.uk names, rather than example.co.uk names.

If you already own a .co.uk name, you’ll get five years to register the matching .uk before it is released into the pool of available names.

Nominet has created a new web site to market the sea-change in how .uk names are administered.

Cartier sues Nominet hoping to set global domain name take-down precedent

Kevin Murphy, January 22, 2014, Domain Policy

Luxury watchmaker Cartier has taken .uk registry Nominet to court, hoping to set a precedent that would enable big brands to have domain names taken down at a whim.

The company sued Nominet in a London court in October, seeking an injunction to force the registry to take down 12 domain names that at the time led to sites allegedly selling counterfeit watches.

We’ve only become aware of the case today after Nominet revealed it has filed its defense documents.

Judging by documents attached to Nominet’s court filings, Cartier sees the suit as a test case that could allow it to bring similar suits against other “less cooperative” registries elsewhere in the world.

In a letter submitted as evidence as part of Nominet’s defense, Richard Graham, head of digital IP at Cartier parent company Richemont International, said that he was:

seeking to develop a range of tools that can be deployed quickly and efficiently to prevent Internet users accessing websites that offer counterfeit goods… [and] looking to establish a precedent that can be used to persuade courts in other jurisdictions where the registries are less cooperative.

It’s worth noting that Richemont has applied for 13 dot-brands under ICANN’s new gTLD program and that Graham is often the face of the applications at conferences and such.

Pretty soon Richemont will also be a domain name registry. We seem to be looking at two prongs of its brand protection strategy here.

According to the company’s suit, the 12 domains in question all had bogus Whois information and were all being used to sell bogus Cartier goods.

None of them used a Cartier trademark in the domain — this is explicitly about the contents of web sites, not their domains names — and Cartier says most appeared to be registered to people in China.

Rather than submitting a Whois inaccuracy complaint with Nominet — which could have led to the domains being suspended for a breach of the terms of service — Cartier decided to sue instead.

Graham actually gave Nominet’s lawyers over a week’s notice that the lawsuit was incoming, writing his letter (pdf) on October 22 and filing the complaint (pdf) with the courts November 4.

Cartier seems to have grown frustrated playing whack-a-mole with bootleggers who cannot be traced and just pop up somewhere else whenever their latest web host is persuaded to cut them off.

Graham’s letter, which comes across almost apologetic in its cordiality when compared to the usual legal threat, reads:

Cartier therefore believes the most cost effective and efficient way to disrupt access to the Counterfeiting Websites operating in the UK is to seek relief from you, as the body operating the registry of .uk domain names.

Armed with the foreknowledge provided by the letter, Nominet reviewed the Whois records of the domains in question, found them lacking, and suspended the lot.

Ten were suspended before Cartier sued, according to Nominet. Another expired before the suit was filed and was re-registered by a third party. A fourth, allegedly registered to a German whose scanned identity card was submitted as evidence by Nominet, was suspended earlier this month.

As such, much of Nominet’s defense (pdf) relies upon what seems to be a new and obscure legal guideline, the “Practice Direction on Pre-Action Conduct”, that encourages people to settle their differences without resorting to the courts.

Nominet’s basically saying that there was no need for Cartier to sue, because it already has procedures in place to deal with counterfeiters using fake Whois data.

Also offered in the defense are the facts that suspending a domain does not remove a web site, that Nominet does not operate web sites, and the following:

Nominet is not at liberty under its Terms and Conditions of Domain Name Registration to suspend .uk domain names summarily upon mere receipt of a demand from someone unconnected with the domain name registrant.

That seems to me to be among the most important parts of the defense.

If Cartier were to win this case, it may well set a precedent giving registries (in the UK at least, at first) good reason to cower when they receive dodgy take-down orders from multibillion-dollar brands.

Indeed, that seems to be what Cartier is going for here.

Unfortunately, Nominet has a track record of at least accelerating the takedown of domains based on nothing more than third-party “suspicion”. Its defense actually admits this fact, stating:

Inaccurate identity and contact information generally leads to the suspension of a domain within three weeks. Where suspicions of criminality are formally confirmed by a recognised law enforcement agency, suspension may be very significantly expedited.

I wonder if this lawsuit would have happened had Nominet not been so accommodating to unilateral third-party take-down notices in the past.

In a statement to members today, a copy of which was sent to DI, Nominet encouraged internet users to report counterfeiting web sites to the police if and when they find them.

Nominet bans rape domains

Kevin Murphy, January 15, 2014, Domain Policy

Nominet has banned “rape” domains from the .uk space, following an independent review spurred by a newspaper article.

The company announced today that it is to adopt the recommendations of Lord Macdonald (pdf), who said domains that “signal or encourage serious sexual offences” should be deleted.

The policy applies retroactively and at least a dozen domains have already been suspended.

Nominet CEO Lesley Cowley said in a statement:

Even though we are only talking about a handful of domain names, we agreed that we do not want those domain names on the register – regardless of whether there was an associated website or content.

Under the new policy, Nominet will review all new domain name registrations within the first 48 hours. It said it will:

Institute a system of post-registration domain name screening, within 48 hours of registration, for domain names that appear to signal or encourage serious sexual offences. Where examples that meet these criteria are discovered, they will be suspended or de-registered.

It’s pretty vague at the moment, both in terms of what constitutes a “signal” and how the oversight process will be carried out. Nominet said it will reveal implementation details at a later date.

Importantly, there will be no pre-screening of domains for potentially offensive substrings. It will still be possible to register names if you’re a “therapist” or enjoy “grapes”.

Macdonald said in his report:

any process of pre-registration scrutiny is likely to be slow, technologically blunt, and have minimal useful impact. It would likely damage the credibility of the .uk space in the market place and it would bring few discernible advantages.

He seems to be envisaging a system of manual review, aided by keyword searches, that looks only for domains that seem to be unambiguously “egregious”. He wrote:

it is precisely because of the inadequacies of the screening technology that Nominet has available to it, and the utmost importance of avoiding unnecessary or mistaken interference with free expression rights, that any post registration screening process should be strictly designed to target only the most egregious examples

Keywords under scrutiny are likely to include “rape”, “incest”, “bestiality”, “paedophilia” and derivatives.

Macdonald noted that Nominet gets 20 – 25 registrations containing these strings per week, but that the “vast majority” were false positives that should not trigger a suspension.

The Macdonald report gives examples of existing domains that would be likely to trigger Nominet action, including rapeme.co.uk, rapemyteacher.co.uk and rapeporn.co.uk.

According to Whois records, all of the domains listed in the report have already been suspended by Nominet.

Macdonald wrote:

it is difficult to see any reasonable basis whatsoever upon which the registration of a domain name such as rapemyteacher.co.uk could be consistent with any reasonable terms of business that Nominet might draw up.

It’s not clear from archives whether many of these domains even led to sites with content. An Archive.org capture of rapeporn.co.uk from 2009 contains a short essay (looks like a hasty attempt to justify the domain to me) on why rape fantasy and actual rape are different.

I suspect that “rapemyteacher.co.uk” was supposed to be a joke, a play on the popular site RateMyTeachers.com.

However, in Macdonald’s view, it’s easily possible for Nominet to suspend these names without infringing anyone’s free speech rights under the European Convention on Human Rights and UK law.

He said that in some cases the domain name itself may be illegal, if it encourages others to commitment crimes. Incitement is a crime, after all.

But his report seems to envisage that the use of the word “rape” may be justifiable when used in a figurative sense not related to actual sexual violence. It would also not be banned in positive contexts such as rape victim support services.

He recommended against instituting bans on swearwords and racist terms for similar reasons.

The one thing missing from the report, and Nominet’s response to it so far, is any requirement for Nominet to disclose which domain names it has suspended under the new policy.

That would be an important oversight mechanism, in my view.

If Nominet is going to be deleting names based on an as-yet-undisclosed review process, wouldn’t free speech be served by at least telling the public what has been censored?

What if rapemyteacher.co.uk was supposed to be a parody of RateMyTeachers.com? Did Nominet just suspend a humor site for no good reason and without telling anyone but the registrant?

The Macdonald report was commissioned following an outraged Sunday Times article based on a blog post by anti-porn crusader John Carr, who wanted a ban on “depraved or disgusting words”.

Neither Carr, the Sunday Times, Nominet or Macdonald have ever presented any examples of “egregious” .uk domain names leading to content encouraging or glorifying sexual violence, nor have they ever said that they’ve seen one with their own eyes.

It’s possible that such domains do not exist.

The review and the new Nominet policy, I think it’s fair to say, has probably not protected a single man, woman, child, corpse or sheep from unwelcome interference. It was, I suspect, a waste of time and resources.

But at first look the policy, properly implemented, does not appear to present a huge risk of infringing free speech rights or throwing up vast numbers of false positives.