Latest news of the domain name industry

Recent Posts

Fight brewing over thick .com Whois

Kevin Murphy, January 3, 2012, Domain Policy

This year is likely to see a new fight over whether Verisign should be forced to create a “thick” Whois database for .com and its other generic top-level domains.

While Verisign has taken a deliberately ambivalent position on whether ICANN policy talks should kick off, the community is otherwise split on whether a mandatory thick Whois is a good idea.

Currently, only .com, .net, .name and .jobs – which are all managed on Verisign’s registry back-end – use a thin Whois model, in which domain name registrars store their customers’ data.

Other gTLDs all store registrant data centrally. Some “sponsored” gTLD registries have an even closer relationship with Whois data — ICM Registry for example verifies .xxx registrants’ identities.

But in a Preliminary Issue Report published in November, ICANN asked whether it should kick off a formal Policy Development Process that could make thick Whois a requirement in all gTLDs.

In comments filed with ICANN last week, Verisign said:

As the only existing registry services provider impacted by any future PDP on Thick Whois, Verisign will neither advocate for nor against the initiation of a PDP.

Verisign believes the current Whois model for .com, .net, .name and .jobs is effective and that the proper repository of registrant data is with registrars — the entities with direct connection to their customers. However, if the community, including our customers, determines through a PDP that “going thick” is now the best approach, we will respect and implement the policy decision.

Thick Whois services make it easier to find out who owns domain names. Currently, a Whois look-up for a .com domain can require multiple queries at different web sites.

While Whois aggregation services such as DomainTools can simplify searches today, they still face the risk of being blocked by dominant registrars.

The thin Whois model can also make domain transfers trickier, as we witnessed just last week when NameCheap ran into problems processing inbound transfers from Go Daddy.

ICANN’s Intellectual Property Constituency supports the transition to a thick Whois. It said in its comments:

Simplifying access to this information through thick Whois will help prevent abuses of intellectual property, and will protect the public in many ways, including by reducing the level of consumer confusion and consumer fraud in the Internet marketplace. Thick Whois enables quicker response and resolution when domain names are used for illegal, fraudulent or malicious purposes.

However, Verisign noted that a thicker Whois does not mean a more accurate Whois database – registrars will still be responsible for collecting and filing customer contact records.

There are also concerns that a thick Whois could have implications for registrant privacy. Wendy Seltzer of the Non-Commercial Users Constituency told ICANN:

Moving all data to the registry could facilitate invasion of privacy and decrease the jurisdictional control registrants have through their choice of registrar. Individual registrants in particular may be concerned that the aggregation of data in a thick WHOIS makes it more attractive to data miners and harder to confirm compliance with their local privacy laws.

This concern was echoed to an extent by Verisign, which noted that transitioning to a thick Whois would mean the transfer of large amounts of data between legal jurisdictions.

European registrars, for example, could face a problem under EU data protection laws if they transfer their customer data in bulk to US-based Verisign.

Verisign also noted that a transition to a thick Whois would dilute the longstanding notion that registrars “own” their customer relationships. It said in its comments:

As recently as the June 2011 ICANN meeting in Singapore, Verisign heard from several registrars that they are still not comfortable with Verisign holding their customers’ data. Other registrars have noted no concern with such a transition

ICANN staff will now incorporate these and other comments into its final Issue Report, which will then be sent to the GNSO Council to decide whether a PDP is required.

If the Council votes in favor of a PDP, it would be many months, if at all, before a policy binding on Verisign was created.

Whois throttling returns to bite Go Daddy on the ass

Kevin Murphy, December 26, 2011, Domain Registrars

Go Daddy has been accused by a competitor of “thwarting” domain name transfers in violation of ICANN rules. (Note: story has been updated, see below).

The problem has reared its head due to the ongoing SOPA-related boycott of the company’s services, and appears to be related to Go Daddy’s decision earlier this year to throttle Whois queries.

NameCheap, one of the registrars that has been offering discounts to Go Daddy customers outraged by its recently recanted support of the controversial Stop Online Piracy Act, blogged today:

As many customers have recently complained of transfer issues, we suspect that this competitor [Go Daddy] is thwarting efforts to transfer domains away from them.

Specifically, GoDaddy appears to be returning incomplete WHOIS information to Namecheap, delaying the transfer process. This practice is against ICANN rules.

We at Namecheap believe that this action speaks volumes about the impact that informed customers are having on GoDaddy’s business.

It’s a shame that GoDaddy feels they have to block their (former) customers from voting with their dollars. We can only guess that at GoDaddy, desperate times call for desperate measures.

Part of transferring a domain from Go Daddy to NameCheap involves checking the identity of the registrant against Whois records.

Judging by a number of complaints made by Reddit readers today, it appears that NameCheap and other registrars are attempting to automatically query Go Daddy’s Whois database on port 43 at sufficient volume to trigger whatever throttling algorithm Go Daddy has in place to prevent the “harvesting” of contact data.

Go Daddy caused a similar ruckus earlier this year when it started blocking DomainTools and other Whois aggregation services from collecting full Whois records.

The registrar giant claimed then that it was trying to protect its customers by preventing the inappropriate use of their contact data.

However, while blocking a third-party information tool is merely annoying and disturbing, interfering with legitimate inter-registrar transfers could get Go Daddy into hot water, even if it is inadvertent.

NameCheap says it is doing the required Whois look-ups manually for now, and that it will honor each transfer request.

Giving Go Daddy the benefit of the doubt, I assume that this problem is ongoing largely due to the Christmas holiday, and that it will be rectified as soon as the appropriate people become aware of it.

Add this to your list of reasons .com and .net need a thick Whois.

UPDATE: All registrars have access to an ICANN service called RADAR, which enables them to specify the IP addresses they use to query competitors’ Whois databases.

Whitelisting IP addresses in this way could prevent a registrar’s queries being throttled, but not all registrars use the service.

According to this screenshot, NameCheap has not whitelisted any IP addresses in RADAR, which may be the reason it is having problems transferring Go Daddy customers’ domains to itself.

DomainIncite

Go Daddy bans DNS harvesting

Kevin Murphy, November 9, 2011, Domain Tech

Go Daddy is blocking companies from harvesting its DNS records, the company has confirmed.

CTO Dave Koopman denied that Go Daddy has a “DNS Blackouts” policy, but confirmed that it has banned certain IP addresses from doing DNS queries for its customers’ domains. He wrote:

The rumor about “DNS Blackouts” was started by someone using Go Daddy servers to cache all Go Daddy DNS records on his personal servers for financial gain.

Back to our previous example of 100 queries a day. Instead of one person accessing 100 domain names, this individual was attempting to download tens of millions of Go Daddy DNS records – twice daily. While his behavior did not cause any system issues, we felt it best to revoke access to the offending IPs.

If Go Daddy finds unwanted activity in our network, Go Daddy takes actions to stop it.

That appears to be a reference to a blog post from DNSstuff.com founder R Scott Perry, who complained in early September about what he called a “Selective DNS Blackouts” policy.

Perry suggested that Go Daddy was trying to drum up interest in its Premium DNS service by providing poor DNS service to regular customers.

Blocking DNS queries from selected IP addresses draws to mind Go Daddy’s policy of banning DomainTools and other companies from harvesting Whois records in bulk.

In January, the company confirmed, that it was blocking commercial Whois aggregators including DomainTools. The ban appears to still be in affect for non-paying DomainTools users.

Like DomainTools, DNSstuff.com offers DNS monitoring and alerts for premium fees.

Should .com get a thick Whois?

Kevin Murphy, September 23, 2011, Domain Registries

The ICANN community has taken another baby step towards pushing VeriSign into implementing a “thick” Whois database for .com and .net domain names.

The GNSO Council yesterday voted to ask ICANN to prepare an Issue Report exploring whether to require “all incumbent gTLDs” to operate a thick Whois. Basically, that means VeriSign.

The .com and .net registries currently run on a “thin” model, whereby each accredited registrar manages their own Whois databases.

Most other gTLDs today run thick registries, as will all registries approved by ICANN under its forthcoming new gTLDs program.

The thinness of .com can cause problems during inter-registrar transfers, when gaining and losing registrars have no central authoritative database of registrant contact details to rely upon.

In fact, yesterday’s GNSO vote followed the recommendations of a working group that decided after much deliberation that a thick .com registry may help reduce bogus or contested transfers.

Trusting registrars to manage their own Whois is also a frequent source of frustration for law enforcement, trademark interests and anti-spam firms.

Failure to maintain a functional web-based or port 43 Whois interface is an often-cited problem when ICANN’s compliance department terminates rogue registrars.

Now that an Issue Report has been requested by the GNSO, the idea of a thick .com moves closer to a possible Policy Development Process, which in turn can create binding ICANN consensus policies.

There’s already a clause in VeriSign’s .com registry agreement that gives ICANN the right to demand that it creates a centralized Whois database.

Switching to a thick model would presumably not only transfer responsibility to VeriSign, but also cost and liability, which is presumably why the company seems to be resisting the move.

Don’t expect the changes to come any time soon.

Writing the Issue Report is not expected to be a priority for ICANN staff, due to their ongoing chronic resource problems, and any subsequent PDP could take years.

The alternative – for ICANN and VeriSign to come to a bilateral agreement when the .com contract comes up for renewal next year – seems unlikely given that ICANN did not make a similar requirement when .net was renegotiated earlier this year.

Hot topics for ICANN Singapore

Kevin Murphy, June 17, 2011, Domain Policy

ICANN’s 41st public meeting kicks off in Singapore on Monday, and as usual there are a whole array of controversial topics set to be debated.

As is becoming customary, the US government has filed its eleventh-hour saber-rattling surprises, undermining ICANN’s authority before its delegates’ feet have even touched the tarmac.

Here’s a high-level overview of what’s going down.

The new gTLD program

ICANN and the Governmental Advisory Committee are meeting on Sunday to see if they can reach some kind of agreement on the stickiest parts of the Applicant Guidebook.

They will fail to do so, and ICANN’s board will be forced into discussing an unfinished Guidebook, which does not have full GAC backing, during its Monday-morning special meeting.

It’s Peter Dengate Thrush’s final meeting as chairman, and many observers believe he will push through some kind of new gTLDs resolution to act as his “legacy”, as well as to fulfill the promise he made in San Francisco of a big party in Singapore.

My guess is that the resolution will approve the program in general, lay down some kind of timetable for its launch, and acknowledge that the Guidebook needs more work before it is rubber-stamped.

I think it’s likely that the days of seemingly endless cycles of redrafting and comment are over for good, however, which will come as a relief to many.

Developing nations

A big sticking point for the GAC is the price that new gTLD applicants from developing nations will have to pay – it wants eligible, needy applicants to get a 76% discount, from $185,000 to $44,000.

The GAC has called this issue something that needs sorting out “as a matter of urgency”, but ICANN’s policy is currently a flimsy draft in desperate need of work.

The so-called JAS working group, tasked with creating the policy, currently wants governmental entities excluded from the support program, which has made the GAC, predictably, unhappy.

The JAS has proven controversial in other quarters too, particularly the GNSO Council.

Most recently, ICANN director Katim Touray, who’s from Gambia, said the Council had been “rather slow” to approve the JAS’s latest milestone report, which, he said:

might well be construed by many as an effort by the GNSO to scuttle the entire process of seeking ways and means to provide support to needy new gTLD applicants

This irked Council chair Stephane Van Gelder, who rattled off a response pointing out that the GNSO had painstakingly followed its procedures as required under the ICANN bylaws.

Watch out for friction there.

Simply, there’s no way this matter can be put to bed in Singapore, but it will be the topic of intense discussions because the new gTLD program cannot sensibly launch without it.

The IANA contract

The US National Telecommunications and Information Administration wants to beef up the IANA contract to make ICANN more accountable to the NTIA and, implicitly, the GAC.

Basically, IANA is being leveraged as a way to make sure that .porn and .gay (and any other TLD not acceptable to the world’s most miserable regimes) never make it onto the internet.

If at least one person does not stand up during the public forum on Thursday to complain that ICANN is nothing more than a lackey of the United States, I’d be surprised. My money’s on Khaled Fattal.

Vertical integration

The eleventh hour surprise I referred to earlier.

The US Department of Justice, Antitrust Division, informed ICANN this week that its plan to allow gTLD registries such as VeriSign, Neustar and Afilias to own affiliated registrars was “misguided”.

I found the letter (pdf) utterly baffling. It seems to say that the DoJ would not be able to advise ICANN on competition matters, despite the fact that the letter itself contains a whole bunch of such advice.

The letter has basically scuppered VeriSign’s chances of ever buying a registrar, but I don’t think anybody thought that would happen anyway.

Neustar is likely to be the most publicly annoyed by this, given how vocally it has pursued its vertical integration plans, but I expect Afilias and others will be bugged by this development too.

The DoJ’s position is likely to be backed up by Europe, now that the NTIA’s Larry Strickling and European Commissioner Neelie Kroes are BFFs.

Cybercrime

Cybercrime is huge at the moment, what with governments arming themselves with legions of hackers and groups such as LulzSec and Anonymous knocking down sites like dominoes.

The DNS abuse forum during ICANN meetings, slated for Monday, is usually populated by pissed-off cops demanding stricter enforcement of Whois accuracy.

They’ve been getting louder during recent meetings, a trend I expect to continue until somebody listens.

This is known as “engaging”.

Geek stuff

IPv6, DNSSEC and Internationalized Domain Names, in other words. There are sessions on all three of these important topics, but they rarely gather much attention from the policy wonks.

With IPv6 and DNSSEC, we’re basically looking at problems of adoption. With IDNs, there’s impenetrably technical stuff to discuss relating to code tables and variant strings.

The DNSSEC session is usually worth a listen if you’re into that kind of thing.

The board meeting

Unusually, the board’s discussion of the Guidebook has been bounced to Monday, leading to a Friday board meeting with not very much to excite.

VeriSign will get its .net contract renewed, no doubt.

The report from the GAC-board joint working group, which may reveal how the two can work together less painfully in future, also could be interesting.

Anyway…

Enough of this blather, I’ve got a plane to catch.