Latest news of the domain name industry

Recent Posts

ICANN tells Congressmen to chillax

Kevin Murphy, January 25, 2012, Domain Policy

ICANN senior vice president Kurt Pritz has replied in writing to great big list of questions posed by US Congressmen following the two hearings into new gTLDs last month.

The answers do what the format of the Congressional hearings made impossible – provide a detailed explanation, with links, of why ICANN is doing what it’s doing.

The 27-page letter (pdf), which addresses questions posed by Reps. Waxman, Eshoo and Dingell, goes over some ground you may find very familiar, if you’ve been paying attention.

These are some of the questions and answers I found particularly interesting.

Why are you doing this?

Pritz gives an overview of the convoluted ICANN process responsible for conceiving, creating and honing the new gTLD program over the last few years.

It explains, for example, that the original GNSO Council vote, which set the wheels in motion back in late 2007, was 19-1 in favor of introducing new gTLDs.

The “lone dissenting vote”, Pritz notes, was cast by a Non-Commercial Users Constituency member – it was Robin Gross of IP Justice – who felt the program had too many restrictions.

The letter does not mention that three Council members – one from the Intellectual Property Constituency and two more from the NCUC – abstained from the vote.

Why aren’t the trademark protection mechanisms finished yet?

The main concern here is the Trademark Clearinghouse.

New gTLD applicants will not find out how the Clearinghouse will operate until March at the earliest, which is cutting it fine considering the deadline for registering as an applicant is March 29.

Pritz, however, tells the Congressmen that applicants have known all they need to know about the Clearinghouse since ICANN approved the program’s launch last June.

The Clearinghouse is a detail that ideally should have been sorted out before the program launched, but I don’t believe it’s the foremost concern for most applicants or trademark owners.

The unresolved detail nobody seems to be asking about is the cost of a Uniform Rapid Suspension complaint, the mechanism to quickly take down infringing second-level domain names.

ICANN has said that it expects the price of URS – which involves paying an intellectual property lawyer to preside over the case – to be $300 to $500, but I don’t know anyone who believes that this will be possible.

Indeed, one of the questions asked by Rep. Waxman starts with the premise “Leading providers under Uniform Dispute Resolution Policy (UDRP) have complained that current fees collected are inadequate to cover the costs of retaining qualified trademark attorneys.”

UDRP fees usually start at around $1,000, double what ICANN expects the URS – which I don’t think is going to be a heck of a lot simpler for arbitration panels to process – to cost trademark owners.

Why isn’t the Trademark Claims service permanent?

The Trademark Claims service is a mandatory trademark protection mechanism. One of its functions is to alert trademark holders when somebody tries to register their mark in a new gTLD.

It’s only mandatory for the first 60 days following the launch of a new gTLD, but I’m in agreement with the IP community here – in an ideal world, it would be permanent.

However, commercial services already exist that do pretty much the same thing, and ICANN doesn’t want to anoint a monopoly provider to start competing with its stakeholders. As Pritz put it:

“IP Watch” services are already provided by private firms, and it was not necessary for the rights protection mechanisms specific to the New gTLD Program to compete with those ongoing watch services already available.

In other words, brands are going to have to carry on paying if they want the ongoing benefits of an infringement notification service in new gTLDs.

When’s the second round?

Nothing new here. Pritz explains why the date for the second round has not been named yet.

Essentially, it’s a combination of not knowing how big the first round is going to be and not knowing how long it will take to conduct the two (or three) post-first-round reviews that ICANN has promised to the Governmental Advisory Committee.

I tackle the issue of second-round timing in considerable detail on DomainIncite PRO. My feeling is 2015.

On Whois verification

Pritz reiterates what ICANN CEO Rod Beckstrom told the Department of Commerce last week: ICANN expects that many registrars will start to verify their customers’ Whois data this year.

ICANN is currently talking to registrars about a new Registrar Accreditation Agreement that would mandate some unspecified degree of Whois verification.

This issue is at the top of the law enforcement wish list, and it was taken up with gusto by the Governmental Advisory Committee at the Dakar meeting in October.

Pritz wrote:

ICANN is currently in negotiations with its accredited registrars over amendments to the Registrar Accreditation Agreement. ICANN is negotiating amendments regarding to the verification of Whois data, and expects its accredited registrars to take action to meet the rising call for verification of data. ICANN expects that the RAA will incorporate – for the first time – Registrar commitments to verify Whois data.

He said ICANN expects to post the amendments for comment before the Costa Rica meeting in mid-March, and the measures would be in place before the first new gTLDs launch in 2013.

I’ve heard from a few registrars with knowledge of these talks that Whois verification mandates may be far from a dead-cert in the new RAA.

But by publicly stating to government, twice now, that Whois verification is expected, the registrars are under increased pressure to make it happen.

IF Whois verification is not among the RAA amendments, expect the registrars to get another dressing down from the GAC at the Costa Rica meeting this March.

On the other hand, ICANN has arguably handed them some negotiating leverage when it comes to extracting concessions, such as reduced fees.

The registrars were prodded into these talks with the GAC stick, the big question now is what kind of carrots they will be offered to adopt an RAA that will certainly raise their costs.

ICANN expects to post the proposed RAA changes for public comment by February 20.

Whois verification rules coming this year

Kevin Murphy, January 11, 2012, Domain Policy

No more Donald Duck in the Whois?

Registrars could be obliged to verify their customers’ identities when they sell domain names under new rules proposed for later this year, according to ICANN president Rod Beckstrom.

He told National Telecommunications and Information Administration boss Larry Strickling today that the new provisions could make it into the new Registrar Accreditation Agreement by March.

Beckstrom wrote:

ICANN expects that the RAA will incorporate – for the first time – Registrar commitments to verify WHOIS data. ICANN is actively considering incentives for Registrars to adopt the anticipated amendments to the RAA prior to the rollout of the first TLD in 2013.

The RAA is currently being renegotiated by ICANN and the registrar community, following governmental outrage about the RAA at its meeting in Dakar last October.

If new Whois rules are added to the RAA, it will be up to registrars to decide whether to implement them immediately or wait until their existing ICANN contracts expire — hence the need for “incentives”.

Documents ICANN has been posting following its RAA meetings have been less than illuminating, so the letter to Strickling today is the first public insight into what the new contract may contain.

Whois verification, which is often found at the top of the wish-lists of intellectual property and law enforcement communities, is of course hugely controversial.

Civil rights advocates believe that checking registrant identities will infringe on rights to privacy and free speech, while not helping to prevent crime. Actual criminals will of course not hand over their true identities when registering domain names.

The process of verifying Whois data may also wind up making domain names more expensive, due to the costs registrars will incur implementing or subscribing to automated verification systems.

Nevertheless, the anti-new-gTLDs campaign in Washington DC led by the Association of National Advertisers recently led to Whois – a separate issue – being placed firmly on the new gTLDs agenda.

The chairman of the Federal Trade Commission, as well as Strickling, both wrote to ICANN to express concern about the lack of progress on strengthening Whois over the last few years.

Beckstrom’s letter to Strickling can be read here. His reply to FTC chairman Leibowitz – which also schools him in why new gTLDs probably won’t increase fraud – can be read here.

Fight brewing over thick .com Whois

Kevin Murphy, January 3, 2012, Domain Policy

This year is likely to see a new fight over whether Verisign should be forced to create a “thick” Whois database for .com and its other generic top-level domains.

While Verisign has taken a deliberately ambivalent position on whether ICANN policy talks should kick off, the community is otherwise split on whether a mandatory thick Whois is a good idea.

Currently, only .com, .net, .name and .jobs – which are all managed on Verisign’s registry back-end – use a thin Whois model, in which domain name registrars store their customers’ data.

Other gTLDs all store registrant data centrally. Some “sponsored” gTLD registries have an even closer relationship with Whois data — ICM Registry for example verifies .xxx registrants’ identities.

But in a Preliminary Issue Report published in November, ICANN asked whether it should kick off a formal Policy Development Process that could make thick Whois a requirement in all gTLDs.

In comments filed with ICANN last week, Verisign said:

As the only existing registry services provider impacted by any future PDP on Thick Whois, Verisign will neither advocate for nor against the initiation of a PDP.

Verisign believes the current Whois model for .com, .net, .name and .jobs is effective and that the proper repository of registrant data is with registrars — the entities with direct connection to their customers. However, if the community, including our customers, determines through a PDP that “going thick” is now the best approach, we will respect and implement the policy decision.

Thick Whois services make it easier to find out who owns domain names. Currently, a Whois look-up for a .com domain can require multiple queries at different web sites.

While Whois aggregation services such as DomainTools can simplify searches today, they still face the risk of being blocked by dominant registrars.

The thin Whois model can also make domain transfers trickier, as we witnessed just last week when NameCheap ran into problems processing inbound transfers from Go Daddy.

ICANN’s Intellectual Property Constituency supports the transition to a thick Whois. It said in its comments:

Simplifying access to this information through thick Whois will help prevent abuses of intellectual property, and will protect the public in many ways, including by reducing the level of consumer confusion and consumer fraud in the Internet marketplace. Thick Whois enables quicker response and resolution when domain names are used for illegal, fraudulent or malicious purposes.

However, Verisign noted that a thicker Whois does not mean a more accurate Whois database – registrars will still be responsible for collecting and filing customer contact records.

There are also concerns that a thick Whois could have implications for registrant privacy. Wendy Seltzer of the Non-Commercial Users Constituency told ICANN:

Moving all data to the registry could facilitate invasion of privacy and decrease the jurisdictional control registrants have through their choice of registrar. Individual registrants in particular may be concerned that the aggregation of data in a thick WHOIS makes it more attractive to data miners and harder to confirm compliance with their local privacy laws.

This concern was echoed to an extent by Verisign, which noted that transitioning to a thick Whois would mean the transfer of large amounts of data between legal jurisdictions.

European registrars, for example, could face a problem under EU data protection laws if they transfer their customer data in bulk to US-based Verisign.

Verisign also noted that a transition to a thick Whois would dilute the longstanding notion that registrars “own” their customer relationships. It said in its comments:

As recently as the June 2011 ICANN meeting in Singapore, Verisign heard from several registrars that they are still not comfortable with Verisign holding their customers’ data. Other registrars have noted no concern with such a transition

ICANN staff will now incorporate these and other comments into its final Issue Report, which will then be sent to the GNSO Council to decide whether a PDP is required.

If the Council votes in favor of a PDP, it would be many months, if at all, before a policy binding on Verisign was created.

Whois throttling returns to bite Go Daddy on the ass

Kevin Murphy, December 26, 2011, Domain Registrars

Go Daddy has been accused by a competitor of “thwarting” domain name transfers in violation of ICANN rules. (Note: story has been updated, see below).

The problem has reared its head due to the ongoing SOPA-related boycott of the company’s services, and appears to be related to Go Daddy’s decision earlier this year to throttle Whois queries.

NameCheap, one of the registrars that has been offering discounts to Go Daddy customers outraged by its recently recanted support of the controversial Stop Online Piracy Act, blogged today:

As many customers have recently complained of transfer issues, we suspect that this competitor [Go Daddy] is thwarting efforts to transfer domains away from them.

Specifically, GoDaddy appears to be returning incomplete WHOIS information to Namecheap, delaying the transfer process. This practice is against ICANN rules.

We at Namecheap believe that this action speaks volumes about the impact that informed customers are having on GoDaddy’s business.

It’s a shame that GoDaddy feels they have to block their (former) customers from voting with their dollars. We can only guess that at GoDaddy, desperate times call for desperate measures.

Part of transferring a domain from Go Daddy to NameCheap involves checking the identity of the registrant against Whois records.

Judging by a number of complaints made by Reddit readers today, it appears that NameCheap and other registrars are attempting to automatically query Go Daddy’s Whois database on port 43 at sufficient volume to trigger whatever throttling algorithm Go Daddy has in place to prevent the “harvesting” of contact data.

Go Daddy caused a similar ruckus earlier this year when it started blocking DomainTools and other Whois aggregation services from collecting full Whois records.

The registrar giant claimed then that it was trying to protect its customers by preventing the inappropriate use of their contact data.

However, while blocking a third-party information tool is merely annoying and disturbing, interfering with legitimate inter-registrar transfers could get Go Daddy into hot water, even if it is inadvertent.

NameCheap says it is doing the required Whois look-ups manually for now, and that it will honor each transfer request.

Giving Go Daddy the benefit of the doubt, I assume that this problem is ongoing largely due to the Christmas holiday, and that it will be rectified as soon as the appropriate people become aware of it.

Add this to your list of reasons .com and .net need a thick Whois.

UPDATE: All registrars have access to an ICANN service called RADAR, which enables them to specify the IP addresses they use to query competitors’ Whois databases.

Whitelisting IP addresses in this way could prevent a registrar’s queries being throttled, but not all registrars use the service.

According to this screenshot, NameCheap has not whitelisted any IP addresses in RADAR, which may be the reason it is having problems transferring Go Daddy customers’ domains to itself.

DomainIncite

Go Daddy bans DNS harvesting

Kevin Murphy, November 9, 2011, Domain Tech

Go Daddy is blocking companies from harvesting its DNS records, the company has confirmed.

CTO Dave Koopman denied that Go Daddy has a “DNS Blackouts” policy, but confirmed that it has banned certain IP addresses from doing DNS queries for its customers’ domains. He wrote:

The rumor about “DNS Blackouts” was started by someone using Go Daddy servers to cache all Go Daddy DNS records on his personal servers for financial gain.

Back to our previous example of 100 queries a day. Instead of one person accessing 100 domain names, this individual was attempting to download tens of millions of Go Daddy DNS records – twice daily. While his behavior did not cause any system issues, we felt it best to revoke access to the offending IPs.

If Go Daddy finds unwanted activity in our network, Go Daddy takes actions to stop it.

That appears to be a reference to a blog post from DNSstuff.com founder R Scott Perry, who complained in early September about what he called a “Selective DNS Blackouts” policy.

Perry suggested that Go Daddy was trying to drum up interest in its Premium DNS service by providing poor DNS service to regular customers.

Blocking DNS queries from selected IP addresses draws to mind Go Daddy’s policy of banning DomainTools and other companies from harvesting Whois records in bulk.

In January, the company confirmed, that it was blocking commercial Whois aggregators including DomainTools. The ban appears to still be in affect for non-paying DomainTools users.

Like DomainTools, DNSstuff.com offers DNS monitoring and alerts for premium fees.