Latest news of the domain name industry

Recent Posts

Identity checks coming to Whois

Kevin Murphy, September 25, 2012, Domain Registrars

Pretty soon, if you want to register a domain name in a gTLD you’ll have to verify your email address and/or phone number or risk having your domain turned off.

That’s the latest to come out of talks between registrars, ICANN, governments and law enforcement agencies, which met last week in Washington DC to thrash out a new Registrar Accreditation Agreement.

While a new draft RAA has not yet been published, ICANN has reported some significant breakthroughs since the Prague meeting in June.

Notably, the registrars have agreed for the first time to do some minimal registrant identity checks — phone number and/or email address — at the point of registration.

Verification of mailing addresses and other data points — feared by registrars for massively adding to the cost of registrations — appears to be no longer under discussion.

The registrars have also managed to win another concession: newly registered domain names will be able to go live before identities have been verified, rather than only after.

The sticking point is in the “and/or”. Registrars think they should be able to choose which check to carry out, while ICANN and law enforcement negotiators think they should do both.

According to a memo released for discussion by ICANN last night:

It is our current understanding that law enforcement representatives are willing to accept post-­‐resolution verification of registrant Whois data, with a requirement to suspend the registration if verification is not successful within a specified time period. However, law enforcement recommends that if registrant Whois data is verified after the domain name resolves (as opposed to before), two points of data (a phone number and an email address) should be verified.

Among the other big changes is an agreement by registrars to an ICANN-run Whois privacy service accreditation system. Work is already underway on an accreditation framework.

After it launches, registrars will only be able to accept private registrations made via accredited privacy and proxy services.

Registrars have also agreed to some of law enforcement’s data retention demands, which has been a bone of contention due to worries about varying national privacy laws.

Under the new RAA, they would keep some registrant transaction data for six months after a domain is registered and other data for two years. It’s not yet clear which data falls into which category.

These and other issues outlined in ICANN’s latest update are expected to be talking points in Toronto next month.

It looks like a lot of progress has been made since Prague — no doubt helped by the fact that law enforcement has actually been at the table — and I’d be surprised if we don’t see a draft RAA by Beijing next April.

How long it takes to be adopted ICANN’s hundreds of accredited registrars is another matter.

How Uniregistry wants to make Whois “two-way”

Kevin Murphy, June 11, 2012, Domain Services

If someone uses a Whois database to look up personal information such as your home address and phone number, wouldn’t it be nice to know a little something about them, too?

That’s the philosophy behind one of Uniregistry’s more interesting new gTLD policies, according to Frank Schilling, founder of the new new gTLD portfolio applicant.

Uniregistry has applied for dozens of gTLDs and says it has a “registrant-centered” outlook that extends to the mandatory thick Whois databases.

If its gTLDs are approved, the company will record the IP addresses of people doing Whois queries and make the records available to its registrants, Schilling said.

He suggested that Whois users may have to give up more info about themselves, in certain cases, too.

“To get certain pieces of information, you’ll have to agree to share some information about yourself,” Schilling said in an interview with DI yesterday.

Registrants would be able to view archived data about who’s been looking them up, which could help them during subsequent legal disputes about names, or during sales negotiations.

For domainers, this could be handy. Imagine you own the domain soft.drink and you receive a low-ball offer from a random stranger you suspect might be a proxy for a large corporation. Wouldn’t it be nice to know Coca-Cola has recently been checking out your Whois?

It’s going to be interesting to see how IP interests and law enforcement agencies – the two ICANN lobbies most deeply invested in Whois accuracy – react to Uniregistry turning the tables.

Newbie domain registrant discovers Whois, has Twitter meltdown

Kevin Murphy, April 26, 2012, Domain Tech

The need for the domain name industry to enforce accurate Whois is often cited by law enforcement and intellectual property interests as a consumer protection measure.

But most regular internet users haven’t got a clue that Whois even exists, let alone what data it contains or how to use it.

A study (pdf) carried out for ICANN’s Whois Review Team last year found that only 24% of consumers know what Whois is.

This stream of tweets I chanced across this afternoon, from what appears to be a first-time domain registrant, is probably more representative of consumer attitudes to Whois.

UPDATE (April 27): I’ve removed the tweets per the request of the Twitter user in question.

Big Content issues gTLD lock-down demands

Kevin Murphy, March 11, 2012, Domain Policy

Twenty members of the movie, music and games businesses have asked ICANN to impose strict anti-piracy rules on new top-level domains related to their industries.

In a position statement, “New gTLDs Targeting Creative Sectors: Enhanced Safeguards”, the groups say that such gTLDs are “fraught with serious risks” and should be controlled more rigorously than other gTLDs.

“If new gTLDs targeted to these sectors – e.g., .music, .movies, .games – are launched without adequate safeguards, they could become havens for continued and increased criminal and illegal activity,” the statement says.

It goes on to make seven demands for regulations covering Whois accuracy, enforced anti-piracy policies, and private requests for domain name take-downs.

The group also says that the content industries should be guaranteed “a seat at the table” when these new gTLD registries make their policies.

The statement is directed to ICANN, but it also appears to address the Governmental Advisory Committee, which has powers to object to new gTLD applications:

In evaluating applications for such content-focused gTLDs, ICANN must require registry operators (and the registrars with whom they contract) to implement enhanced safeguards to reduce these serious risks, while maximizing the potential benefits of such new domains.

Governments should use similar criteria in the exercise of their capability to issue Early Warnings, under the ICANN-approved process, with regard to new gTLD applications that are problematic from a public policy or security perspective.

The statement was sent to ICANN by the Coalition for Online Accountability, which counts the American Society of Composers, Authors and Publishers, the Motion Picture Association of America, the Recording Industry Association of America and Disney among its members.

It was separately signed by the many of the same groups that are supporting Far Further’s .music application, including the American Association for Independent Music and the International Federation of the Phonographic Industry.

Thick .com Whois policy delayed

Kevin Murphy, February 16, 2012, Domain Registries

ICANN’s GNSO Council has deferred a decision on whether Verisign should have to thicken up the Whois database for .com and its other gTLDs.

A motion to begin an official Policy Development Process on thick Whois was kicked down the road by councilors this afternoon at the request of the Non-Commercial Users Constituency.

It will now be discussed at the Council’s face-to-face meeting in Costa Rica in March. But there were also calls from registries to delay a decision for up to a year, calling the PDP a “distraction”.

Verisign’s .com registry contract and the standard Registrar Accreditation Agreement are currently being renegotiated by ICANN, both of which could address Whois in some way.

Today, all contracted gTLD registries have to operate a thick Whois, except Verisign with its .com, .net, .jobs, etc, where the registrars manage the bulk of the Whois data.