Latest news of the domain name industry

Recent Posts

Does Obama endorse Whois privacy?

Kevin Murphy, May 17, 2011, Domain Policy

The US government today released its latest International Strategy For Cyberspace, and it seems to acknowledge privacy rights in domain name registration.

The 30-page document (pdf) envisions a future of the internet that is “open, interoperable, secure, and reliable” and “supports international trade and commerce, strengthens international security, and fosters free expression and innovation”.

It calls for the US and its international partners to set norms that value free speech, security, privacy, respect for intellectual property and (because this is America, remember) the right to self-defense.

Domain names get a mention, in a statement that could be read, without much of a stretch of the imagination, as support in principle for private Whois records:

In this future, individuals and businesses can quickly and easily obtain the tools necessary to set up their own presence online; domain names and addresses are available, secure, and properly maintained, without onerous licenses or unreasonable disclosures of personal information.

That’s open to interpretation, of course – you could debate for years about what is “unreasonable” – but I’m surprised Whois privacy merited even an oblique reference.

Most government and law enforcement statements on the topic tend to pull in the opposite direction.

The new strategy also seems to give ICANN – or at least the ICANN model – the Administration’s support, in a paragraph worth quoting in full:

Preserve global network security and stability, including the domain name system (DNS). Given the Internet’s importance to the world’s economy, it is essential that this network of networks and its underlying infrastructure, the DNS, remain stable and secure. To ensure this continued stability and security, it is imperative that we and the rest of the world continue to recognize the contributions of its full range of stakeholders, particularly those organizations and technical experts vital to the technical operation of the Internet. The United States recognizes that the effective coordination of these resources has facilitated the Internet’s success, and will continue to support those effective, multi-stakeholder processes.

.xxx introduces the 48-hour UDRP

Kevin Murphy, March 30, 2011, Domain Registries

The forthcoming .xxx top-level domain will have some of the strictest abuse policies yet, including a super-fast alternative to the UDRP for cybersquatting cases.

With ICM Registry likely to sign its registry contract with ICANN soon, I thought I’d take another look at some of its planned policies.

I’d almost forgotten how tight they were.

Don’t expect much privacy

ICM plans to verify your identity before you register a .xxx domain.

While the details of how this will be carried out have not yet been revealed, I expect the company to turn to third-party sources to verify that the details entered into the Whois match a real person.

Registrants will also have to verify their email addresses and have their IP addresses recorded.

Whois privacy/proxy services offered by registrars will have to be pre-approved by ICM, “limited to services that have demonstrated responsible and responsive business practices”.

Registrants using such services will still have their full verified details stored by the registry, in contrast to TLDs such as .com, where the true identity of a registrant is only known to the proxy service.

None of these measures are foolproof, of course, but they would raise barriers to cybersquatting not found in other TLDs.

Really rapid suspension

The .xxx domain will of course abide by the UDRP when it comes to cybersquatting complaints, but it is planning another, far more Draconian suspension policy called Rapid Takedown.

Noting that “the majority of UDRP cases involve obvious variants of well-known trademarks”, ICM says it “does not believe that the clearest cases of abusive domain registration require the expense and time involved in traditional UDRP filings.”

The Rapid Takedown policy is modeled on the Digital Millennium Copyright Act. Trademark holders will be able to make a cybersquatting complaint and have it heard within 48 hours.

Complaints will comprise a “simple statement of a claim involving a well-known or otherwise inherently distinctive mark and a domain name for which no conceivable good faith basis exists”.

A “response team” of UDRP panelists will decide on that basis whether to suspend the domain, although it does not appear that ownership will be transferred as a result.

X strikes and you’re out

ICM plans to disqualify repeat cybersquatters from holding any .xxx domains, whether all their domains infringe trademarks or not.

The policy is not fully fleshed out, so it’s not yet clear how many infringing domains you’d have to own before you lose your .xxx privileges.

High-volume domain investors would therefore be advised to make sure they have clean portfolios, or risk losing their whole investment.

Gaming restrictions

ICM plans to allow IP rights holders to buy long-term, deep-discount registrations for non-resolving .xxx domains. As I’ve written before, Disney doesn’t necessarily want disney.xxx to point anywhere.

That would obviously appeal to volume speculators who don’t fancy the $60-a-year registry fee, so the company plans to create a policy stating that non-resolving domains will not be able to convert to normal domains.

There’s also going to be something called the Charter Eligibility Dispute Resolution Process, which which “will be available to challenge any resolving registration to an entity that is not qualified to register a resolving name in the .xxx TLD”.

This seems to suggest that somebody (think: a well-funded church) who does not identify as a member of the porn industry would be at risk of losing their .xxx domains.

The CEDRP, like most of the abuse policies the registry is planning, has not yet been fully fleshed out.

I’m told ICM is working on that at the moment. In the meantime, its policy plans are outlined in this PDF.

DomainTools doubles prices, relaunches site

Kevin Murphy, February 16, 2011, Domain Registrars

Whois specialist DomainTools has revamped its web site and raised the price of its services.

The price increase is quite substantial. The cheapest paid-for tier appears to be the $30-a-month Standard Membership, a 100% increase on the old $15 basic package.

Existing members have been grandfathered in at their current rates. DomainTools said that it’s the first price increase in five years.

It does appear that subscribers may get more bang for their buck under the new tiers. At least, my subscription appears to be buying me more services than it was before the relaunch.

But that may be because I was never entirely clear what I was paying for. The confusing old “unit”-based pricing has gone, and the new site is a lot clearer about what you get for the money.

Many of the other changes appear to be cosmetic. The site does look a bit slicker than before, while retaining its familiar look-and-feel.

The company also appears to have sorted out its dispute with Go Daddy, which recently started blocking Whois aggregators including DomainTools.

A few test look-ups I did for domains registered at Go Daddy returned full Whois results, not the stubs it was delivering following the block.

Given that registrars are allowed to charge $10,000 a year for access to bulk Whois records, I’m tempted to draw a connection between the Go Daddy situation and the price increase, but I have no hard information to support that conclusion.

UPDATE: I’ve heard from DomainTools that the Go Daddy situation has not yet been resolved.

DomainTools subscribers currently see full Whois records when they search for domains registered at Go Daddy. In order to throttle the vast majority of the traffic the site sends to Go Daddy’s servers, non-subscribers are still receiving incomplete data.

The dispute is evidently more complex than a simple $10k shakedown.

Go Daddy offers Whois privacy for .co domains

Kevin Murphy, December 22, 2010, Domain Registrars

.CO Internet has started allowing registrars to offer Whois privacy services for .co domains, according to Go Daddy.

In a blog post, Go Daddy’s “RachelH”, wrote:

When the Internet Corporation for Assigned Names and Numbers (ICANN) and .CO Internet S.A.S. drafted the .co policy earlier this year, they decided to hold off on private registration to prevent wrongful use of the new ccTLD — especially during the landrush. Now that .co has carved its place among popular TLDs, you can add private registration to your .co domain names.

Unless I’m mistaken, ICANN had no involvement in the creation of .co’s policies, but I don’t think that’s relevant to the news that .co domains can now be made private.

During its first several months, .CO Internet has been quite careful about appearing respectable, which is why its domains are relatively expensive, why its trademark protections were fairly stringent at launch, and why it has created new domain takedown policies.

It may be a sign that the company feels confident that its brand is fairly well-established now that it has decided to allow Whois privacy, which is quite often associated with cybersquatting (at least in some parts of the domain name community).

It could of course also be a sign that it wants to give its registrars some love – by my estimates a private registration would likely double their gross margin on a .co registration.

One in five domains use a privacy service

Kevin Murphy, September 14, 2010, Domain Policy

As many as 20 million domain names are registered via Whois privacy or proxy services, an ICANN-sponsored study has found.

The study, conducted by the National Opinion Research Center, looked at a sample of 2,400 domains registered in .com, .org, .net, .info and .biz.

It found that 18% of these names used a privacy/proxy service to hide the contact details of the true registrant. Its margin of error means the actual number could be between 16% and 20%.

Extrapolating to the universe of 101 million domains registered in these five TLDs at the time the sample was taken in January 2009, NORC estimates that between 17.7 million and 18.4 million domains used a proxy.

NORC also estimates that the current number of private registrations could be “substantially higher” today, due to increased market traction for such services.

This, combined with the growth in registration numbers to over 115 million domain names as of January 2010, means that the actual number of privacy/proxy registrations among the top five gTLDs is likely to be substantially higher than 18 million.

When you consider that some privacy services charge as much as $10 a year for private registrations, that adds up to quite a healthy market.

Aussie registrar trademarks “Whois”

An Australian domain name registrar has secured a trademark on the word “Whois”.

Whois Pty Ltd, which runs whois.com.au, said it has been granted an Australian trademark on the word in the class of “business consulting and information services”.

It looks rather like the company is using the award as a way to promote its own trademark protection services.

I shudder to think what could happen if the firm decided to try to enforce the mark against other registrars.

Or, come to think of it, what would happen if it tried to secure “whois” in a new TLD sunrise period.

I’m not a lawyer, but I imagine that the fact that the word “Whois” has been in use for almost 30 years, pre-dating the creation of the DNS itself, might prove a useful defense.

RFC 812, published in March 1982, is the first use of the word I’m aware of.

It does not appear that there are currently any live US trademarks on the term.

ICANN Brussels – some of my coverage

Kevin Murphy, June 26, 2010, Domain Policy

As you may have noticed from my relatively light posting week, it really is a lot easier to cover ICANN meetings remotely.

The only drawback is, of course, that you don’t get to meet, greet, debate, argue and inevitably get into drunken fist-fights with any of the lovely people who show up to these things.

So, on balance, I think I prefer to be on-site rather than off.

I was not entirely lazy in Brussels this week, however. Here are links to a few pieces I filed with The Register.

Cyber cops want stronger domain rules

International police have called for stricter rules on domain name registration, to help them track down online crooks, warning the industry that if it does not self-regulate, governments could legislate.

.XXX to get ICANN nod

ICANN plans to give conditional approval to .xxx, the controversial top-level internet domain just for porn, 10 years after it was first proposed.

Governments mull net censorship grab

Governments working within ICANN are pondering asking for a right of veto on new internet top-level domains, a move that would almost certainly spell doom for politically or sexually controversial TLDs.

Council of Europe wants ICANN role

Kevin Murphy, June 7, 2010, Domain Policy

The Council of Europe has decided it wants to play a more hands-on role in ICANN, voting recently to try to get itself an observer’s seat on the Governmental Advisory Committee.

The Council, which comprises ministers from 47 member states, said it “could encourage due consideration of fundamental rights and freedoms in ICANN policy-making processes”.

ICANN’s ostensibly technical mission may at first seem a bit narrow for considerations as lofty as human rights, until you consider areas where it has arguably failed in the past, such as freedom of expression (its clumsy rejection of .xxx) and privacy (currently one-sided Whois policies).

The Council voted to encourage its members to take a more active role in the GAC, and to “make arrangements” for itself to sit as an observer on its meetings.

It also voted to explore ways to help with the creation of a permanent GAC secretariat to replace the current ad hoc provisions.

The resolution was passed in late May and first reported today by IP Watch.

The Council of Europe is a separate entity to the European Union, comprising more countries. Its biggest achievement was the creation of the European Court of Human Rights.

Registrars responsible for proxy cybersquatters

Domain name registrars can be liable when their customers break the law, if those customers use a privacy service, according to new ICANN guidance.

The ICANN advisory clarifies the most recent Registrar Accreditation Agreement, and seems primarily pertinent to UDRP cases where the registrar refuses to cooperate with the arbitrator’s request for proper Whois records.

The advisory says:

a Registered Name Holder licensing the use of a domain is liable for harm caused by the wrongful use of the domain unless the Registered Name Holder promptly identifies the licensee to a party providing the Registered Name Holder with reasonable evidence of actionable harm

In other words, if a domain gets hit with a UDRP claim or trademark infringement lawsuit, as far as the RAA is concerned the proxy service is the legal registrant unless the registrar quickly hands over its customer’s details.

Law enforcement and intellectual property interests have been complaining about registrars refusing to do so for years, most recently in comments on ICANN’s Whois accuracy study.

ICANN offers a definition of the word “promptly” as “within five business days” and “reasonable evidence” as trademark ownership and evidence of infringement.

I don’t think this ICANN guidance will have much of an impact on privacy services offered by the big registrars, which generally seem quite happy to hand over customer identities on demand.

Instead, this looks like it could be the start of a broader ICANN crackdown on certain non-US registrars offering “bulletproof” registrations to cybersquatters and other ne’er-do-wells.

I wouldn’t be surprised to find the number of ICANN de-accreditations citing refusal to cooperate with UDRP claims increasing in future.

The new ICANN document is a draft, and you can comment on it here.

Go Daddy feature tallies Whois queries on your domain

Kevin Murphy, April 22, 2010, Domain Registrars

I may be a bit late off the blocks, but I just learned about a rather nifty little feature buried within Go Daddy that lets you see when somebody has done a Whois lookup on one of your domains.

Log in to your Domain Manager, click Tools, click Exportable Lists, click Add New Export, then check the relevant boxes in the wizard.

The feature exports a .csv file telling you how many Whois searches have been run against each of your domain names in the last day, week, month and year.

I imagine this could provide a few useful data points when deciding how much interest there is in a domain you’re planning to sell.

I also found it quite interesting that more people executed Whois queries on domainincite.com in March than bothered to click the About tab at the top of the page.

Domain people are an odd bunch.