Latest news of the domain name industry

Recent Posts

Whois verification rules coming this year

Kevin Murphy, January 11, 2012, Domain Policy

No more Donald Duck in the Whois?

Registrars could be obliged to verify their customers’ identities when they sell domain names under new rules proposed for later this year, according to ICANN president Rod Beckstrom.

He told National Telecommunications and Information Administration boss Larry Strickling today that the new provisions could make it into the new Registrar Accreditation Agreement by March.

Beckstrom wrote:

ICANN expects that the RAA will incorporate – for the first time – Registrar commitments to verify WHOIS data. ICANN is actively considering incentives for Registrars to adopt the anticipated amendments to the RAA prior to the rollout of the first TLD in 2013.

The RAA is currently being renegotiated by ICANN and the registrar community, following governmental outrage about the RAA at its meeting in Dakar last October.

If new Whois rules are added to the RAA, it will be up to registrars to decide whether to implement them immediately or wait until their existing ICANN contracts expire — hence the need for “incentives”.

Documents ICANN has been posting following its RAA meetings have been less than illuminating, so the letter to Strickling today is the first public insight into what the new contract may contain.

Whois verification, which is often found at the top of the wish-lists of intellectual property and law enforcement communities, is of course hugely controversial.

Civil rights advocates believe that checking registrant identities will infringe on rights to privacy and free speech, while not helping to prevent crime. Actual criminals will of course not hand over their true identities when registering domain names.

The process of verifying Whois data may also wind up making domain names more expensive, due to the costs registrars will incur implementing or subscribing to automated verification systems.

Nevertheless, the anti-new-gTLDs campaign in Washington DC led by the Association of National Advertisers recently led to Whois – a separate issue – being placed firmly on the new gTLDs agenda.

The chairman of the Federal Trade Commission, as well as Strickling, both wrote to ICANN to express concern about the lack of progress on strengthening Whois over the last few years.

Beckstrom’s letter to Strickling can be read here. His reply to FTC chairman Leibowitz – which also schools him in why new gTLDs probably won’t increase fraud – can be read here.

Fight brewing over thick .com Whois

Kevin Murphy, January 3, 2012, Domain Policy

This year is likely to see a new fight over whether Verisign should be forced to create a “thick” Whois database for .com and its other generic top-level domains.

While Verisign has taken a deliberately ambivalent position on whether ICANN policy talks should kick off, the community is otherwise split on whether a mandatory thick Whois is a good idea.

Currently, only .com, .net, .name and .jobs – which are all managed on Verisign’s registry back-end – use a thin Whois model, in which domain name registrars store their customers’ data.

Other gTLDs all store registrant data centrally. Some “sponsored” gTLD registries have an even closer relationship with Whois data — ICM Registry for example verifies .xxx registrants’ identities.

But in a Preliminary Issue Report published in November, ICANN asked whether it should kick off a formal Policy Development Process that could make thick Whois a requirement in all gTLDs.

In comments filed with ICANN last week, Verisign said:

As the only existing registry services provider impacted by any future PDP on Thick Whois, Verisign will neither advocate for nor against the initiation of a PDP.

Verisign believes the current Whois model for .com, .net, .name and .jobs is effective and that the proper repository of registrant data is with registrars — the entities with direct connection to their customers. However, if the community, including our customers, determines through a PDP that “going thick” is now the best approach, we will respect and implement the policy decision.

Thick Whois services make it easier to find out who owns domain names. Currently, a Whois look-up for a .com domain can require multiple queries at different web sites.

While Whois aggregation services such as DomainTools can simplify searches today, they still face the risk of being blocked by dominant registrars.

The thin Whois model can also make domain transfers trickier, as we witnessed just last week when NameCheap ran into problems processing inbound transfers from Go Daddy.

ICANN’s Intellectual Property Constituency supports the transition to a thick Whois. It said in its comments:

Simplifying access to this information through thick Whois will help prevent abuses of intellectual property, and will protect the public in many ways, including by reducing the level of consumer confusion and consumer fraud in the Internet marketplace. Thick Whois enables quicker response and resolution when domain names are used for illegal, fraudulent or malicious purposes.

However, Verisign noted that a thicker Whois does not mean a more accurate Whois database – registrars will still be responsible for collecting and filing customer contact records.

There are also concerns that a thick Whois could have implications for registrant privacy. Wendy Seltzer of the Non-Commercial Users Constituency told ICANN:

Moving all data to the registry could facilitate invasion of privacy and decrease the jurisdictional control registrants have through their choice of registrar. Individual registrants in particular may be concerned that the aggregation of data in a thick WHOIS makes it more attractive to data miners and harder to confirm compliance with their local privacy laws.

This concern was echoed to an extent by Verisign, which noted that transitioning to a thick Whois would mean the transfer of large amounts of data between legal jurisdictions.

European registrars, for example, could face a problem under EU data protection laws if they transfer their customer data in bulk to US-based Verisign.

Verisign also noted that a transition to a thick Whois would dilute the longstanding notion that registrars “own” their customer relationships. It said in its comments:

As recently as the June 2011 ICANN meeting in Singapore, Verisign heard from several registrars that they are still not comfortable with Verisign holding their customers’ data. Other registrars have noted no concern with such a transition

ICANN staff will now incorporate these and other comments into its final Issue Report, which will then be sent to the GNSO Council to decide whether a PDP is required.

If the Council votes in favor of a PDP, it would be many months, if at all, before a policy binding on Verisign was created.

Whois throttling returns to bite Go Daddy on the ass

Kevin Murphy, December 26, 2011, Domain Registrars

Go Daddy has been accused by a competitor of “thwarting” domain name transfers in violation of ICANN rules. (Note: story has been updated, see below).

The problem has reared its head due to the ongoing SOPA-related boycott of the company’s services, and appears to be related to Go Daddy’s decision earlier this year to throttle Whois queries.

NameCheap, one of the registrars that has been offering discounts to Go Daddy customers outraged by its recently recanted support of the controversial Stop Online Piracy Act, blogged today:

As many customers have recently complained of transfer issues, we suspect that this competitor [Go Daddy] is thwarting efforts to transfer domains away from them.

Specifically, GoDaddy appears to be returning incomplete WHOIS information to Namecheap, delaying the transfer process. This practice is against ICANN rules.

We at Namecheap believe that this action speaks volumes about the impact that informed customers are having on GoDaddy’s business.

It’s a shame that GoDaddy feels they have to block their (former) customers from voting with their dollars. We can only guess that at GoDaddy, desperate times call for desperate measures.

Part of transferring a domain from Go Daddy to NameCheap involves checking the identity of the registrant against Whois records.

Judging by a number of complaints made by Reddit readers today, it appears that NameCheap and other registrars are attempting to automatically query Go Daddy’s Whois database on port 43 at sufficient volume to trigger whatever throttling algorithm Go Daddy has in place to prevent the “harvesting” of contact data.

Go Daddy caused a similar ruckus earlier this year when it started blocking DomainTools and other Whois aggregation services from collecting full Whois records.

The registrar giant claimed then that it was trying to protect its customers by preventing the inappropriate use of their contact data.

However, while blocking a third-party information tool is merely annoying and disturbing, interfering with legitimate inter-registrar transfers could get Go Daddy into hot water, even if it is inadvertent.

NameCheap says it is doing the required Whois look-ups manually for now, and that it will honor each transfer request.

Giving Go Daddy the benefit of the doubt, I assume that this problem is ongoing largely due to the Christmas holiday, and that it will be rectified as soon as the appropriate people become aware of it.

Add this to your list of reasons .com and .net need a thick Whois.

UPDATE: All registrars have access to an ICANN service called RADAR, which enables them to specify the IP addresses they use to query competitors’ Whois databases.

Whitelisting IP addresses in this way could prevent a registrar’s queries being throttled, but not all registrars use the service.

According to this screenshot, NameCheap has not whitelisted any IP addresses in RADAR, which may be the reason it is having problems transferring Go Daddy customers’ domains to itself.

DomainIncite

Go Daddy bans DNS harvesting

Kevin Murphy, November 9, 2011, Domain Tech

Go Daddy is blocking companies from harvesting its DNS records, the company has confirmed.

CTO Dave Koopman denied that Go Daddy has a “DNS Blackouts” policy, but confirmed that it has banned certain IP addresses from doing DNS queries for its customers’ domains. He wrote:

The rumor about “DNS Blackouts” was started by someone using Go Daddy servers to cache all Go Daddy DNS records on his personal servers for financial gain.

Back to our previous example of 100 queries a day. Instead of one person accessing 100 domain names, this individual was attempting to download tens of millions of Go Daddy DNS records – twice daily. While his behavior did not cause any system issues, we felt it best to revoke access to the offending IPs.

If Go Daddy finds unwanted activity in our network, Go Daddy takes actions to stop it.

That appears to be a reference to a blog post from DNSstuff.com founder R Scott Perry, who complained in early September about what he called a “Selective DNS Blackouts” policy.

Perry suggested that Go Daddy was trying to drum up interest in its Premium DNS service by providing poor DNS service to regular customers.

Blocking DNS queries from selected IP addresses draws to mind Go Daddy’s policy of banning DomainTools and other companies from harvesting Whois records in bulk.

In January, the company confirmed, that it was blocking commercial Whois aggregators including DomainTools. The ban appears to still be in affect for non-paying DomainTools users.

Like DomainTools, DNSstuff.com offers DNS monitoring and alerts for premium fees.

Should .com get a thick Whois?

Kevin Murphy, September 23, 2011, Domain Registries

The ICANN community has taken another baby step towards pushing VeriSign into implementing a “thick” Whois database for .com and .net domain names.

The GNSO Council yesterday voted to ask ICANN to prepare an Issue Report exploring whether to require “all incumbent gTLDs” to operate a thick Whois. Basically, that means VeriSign.

The .com and .net registries currently run on a “thin” model, whereby each accredited registrar manages their own Whois databases.

Most other gTLDs today run thick registries, as will all registries approved by ICANN under its forthcoming new gTLDs program.

The thinness of .com can cause problems during inter-registrar transfers, when gaining and losing registrars have no central authoritative database of registrant contact details to rely upon.

In fact, yesterday’s GNSO vote followed the recommendations of a working group that decided after much deliberation that a thick .com registry may help reduce bogus or contested transfers.

Trusting registrars to manage their own Whois is also a frequent source of frustration for law enforcement, trademark interests and anti-spam firms.

Failure to maintain a functional web-based or port 43 Whois interface is an often-cited problem when ICANN’s compliance department terminates rogue registrars.

Now that an Issue Report has been requested by the GNSO, the idea of a thick .com moves closer to a possible Policy Development Process, which in turn can create binding ICANN consensus policies.

There’s already a clause in VeriSign’s .com registry agreement that gives ICANN the right to demand that it creates a centralized Whois database.

Switching to a thick model would presumably not only transfer responsibility to VeriSign, but also cost and liability, which is presumably why the company seems to be resisting the move.

Don’t expect the changes to come any time soon.

Writing the Issue Report is not expected to be a priority for ICANN staff, due to their ongoing chronic resource problems, and any subsequent PDP could take years.

The alternative – for ICANN and VeriSign to come to a bilateral agreement when the .com contract comes up for renewal next year – seems unlikely given that ICANN did not make a similar requirement when .net was renegotiated earlier this year.