Latest news of the domain name industry

Recent Posts

Hackers break .mobi after Whois domain expires

Kevin Murphy, September 12, 2024, Domain Registries

It’s probably a bad idea to let a critical infrastructure domain expire, even if you don’t use it any more, as Identity Digital seems to be discovering this week.

White-hat hackers at WatchTowr today published research showing how they managed to undermine SSL security in the entire .mobi TLD, by registering an expired domain previously used as the registry’s Whois server.

Identity Digital, which now runs .mobi after a series of acquisitions, originally used whois.dotmobiregistry.net for its Whois server, but this later changed to whois.nic.mobi and the original domain expired last December.

WatchTowr spotted this, registered the name, and set up a Whois server there, which went on to receive 2.5 million queries from 135,000 systems in less than a week.

Sources of the queries included security tools such as VirusTotal and URLSCAN, which apparently hadn’t updated the hard-coded Whois URL list in their software, the researchers said.

GoDaddy and Domain.com were among the registrars whose Whois tools were sending queries to the outdated URL, WatchTowr found.

Incredibly, so was Name.com, which is owned by Identity Digital, the actual .mobi registry.

More worryingly, it seems some Certificate Authorities, responsible for issuing the digital certificates that make SSL work, were also using the old Whois address to verify domain ownership.

WatchTowr says it was possible to obtain a cert for microsoft.mobi by providing its own email address in a phony Whois record served up by its bogus Whois server.

“Effectively, we had inadvertently undermined the CA process for the entire .mobi TLD,” the researchers wrote.

They said they would have also been able to send malicious code payloads to vulnerable Whois clients.

While WatchTowr’s research doesn’t mention ICANN, it might be worth noting that the change from whois.dotmobiregistry.net to whois.nic.mobi is very probably a result of .mobi’s transition to a standardized gTLD registry contract, which requires all registries to use the whois.nic.[TLD] format for their Whois servers.

As a pre-2012 gTLD, .mobi did not have this requirement until it signed a new Registry Agreement in 2017. There are still some legacy gTLDs, such as .post, that have not migrated to the new standard URL format.

The WatchTowr research, with a plentiful side order of cockiness, can be read in full here.

1 Comment Tagged: , , , , , ,

The new gTLD next, next and next round

Kevin Murphy, September 12, 2024, Domain Policy

“The goal is for the next application round to begin within one year of the close of the application submission period for the initial round.”

Believe it or not, that sentence appears in the new gTLD program’s Applicant Guidebook that ICANN published in June 2012, 12 years of seemingly interminable review and revision ago.

Ah, 2012…

Obama was reelected for his second term. The final of the Euros took place in Kyiv. Gangnam Style topped the charts. Harvey Weinstein won an Emmy. Microsoft released Windows 8. Jedward sang for Ireland in Eurovision. Everyone had an opinion on Joseph Kony and Grumpy Cat.

Naturally enough, a lot of people aren’t very happy about the massive delay between the close of the last application window and the opening of the next one, currently penciled in for the second quarter of 2026.

So the community has done something about it, placing language in the draft of the next AGB that commits ICANN to open subsequent, post-2026 rounds without all the mindless navel-gazing and fannying around.

The intent is pretty clear — make application rounds more frequent and more predictable — but there’s still plenty of wiggle-room for ICANN to exploit if it wants to delay things yet again.

Here’s what the proposed AGB language (pdf) says:

ICANN works towards future rounds of new gTLDs taking place at regular and predictable intervals without indeterminable periods of review and, absent extraordinary circumstances, application procedures will take place without pause. A new round may be initiated even if steps related to application processing and delegation from previous application rounds have not been fully completed.

The ICANN Board will determine the timing of the initiation of a subsequent application round of the New gTLD Program as soon as feasible, but preferably not later than the second Board meeting after all the following conditions have been met:

1. The list of applied-for strings for the ongoing round has been confirmed and the window for string change requests has closed. This will provide applicants in a subsequent round with an understanding of which strings can be applied for.

2. ICANN org has not encountered significant barriers to its ability to receive and process a new batch of applications.

Absent extraordinary circumstances, future reviews and/or policy development processes, including the next Competition, Consumer Choice & Consumer Trust (CCT) Review, should take place independent of subsequent application rounds. In other words, future reviews and/or policy development processes must not stop or delay subsequent new gTLD rounds.

If the outputs of any reviews and/or policy development processes has, or could reasonably have, a material impact on the manner in which application procedures are conducted, such changes will apply to the opening of the application round subsequent to the adoption of the relevant recommendations by the ICANN Board. Once adopted by the Board, the implementation of that policy or review recommendation(s) will then become a dependency for the timing of that subsequent round of applications.

The language is among several draft sections of the 2026 AGB that ICANN this week opened for public comment.

An intriguing question now arises: will this commitment on subsequent round timing have any impact on the number of applications submitted in 2026?

People in the know tell us that there’s a decade-long backlog of wannabe applicants, particularly in the dot-brand world, but will any of them decide to slow down their ambitions if they know they only have an extra year or two to wait for another round?

Or will they trust ICANN’s record of delay over the somewhat flexible promises of the AGB?

It’s not just an academic question. How much applicants will ultimately pay ICANN in application fees, after rebates, will depend on how may applications are filed.

1 Comment Tagged: , , ,

Squarespace gets sweetened $7.2 billion takeover offer

Kevin Murphy, September 10, 2024, Domain Registrars

Squarespace looks set to be acquired by private equity firm Permira in a sweetened cash deal valuing the registrar at about $7.2 billion.

The new $46.50 per share offer is an improvement over Permira’s initial May offer of $44 and represents a 36.4% premium over Squarespace’s share price the day before the takeover way announced.

Squarespace said the deal, which values the company at about $300 million more than the May offer, has been approved by an independent committee of its board of directors and is Permira’s “best and final” offer.

Squarespace has about 10 million gTLD domains under management across two ICANN accreditations, one of which is the old Google Domains, but is perhaps best known for its web site building services.

The company has previously said that going private will help it compete better in the small business online presence market, where it sees its competition as the likes of GoDaddy and Wix.

Comment Tagged: , ,

ICANN hit by DDoS attack

Kevin Murphy, September 10, 2024, Domain Tech

If you noticed ICANN’s web site acting sluggishly or failing to respond at all last week, now you know why.

The site at icann.org was hit by a distributed denial of service attack on September 3 through September 4, according to a brief statement on the Org’s now-functional site.

ICANN identified a Distributed Denial of Service (DDoS) event that occurred on www.icann.org on 3 Sept. 2024. The situation was mitigated and service to ICANN’s website was restored on 4 Sept. 2024.

No additional information has yet been released on the size, duration or possible motivations behind the attack.

It’s the first security incident ICANN has judged significant enough to publicly disclose in over two years.

1 Comment Tagged: ,

Russia calls for ICANN to split from US

Kevin Murphy, September 9, 2024, Domain Policy

The Russian government has called on ICANN to further distance itself from US legal jurisdiction, complaining that the current war-related sanctions could prevent its companies from applying for new gTLDs.

In recent comments, Russia said that “no single state or group of states should have the right to interfere in the operation of critical Internet infrastructure and/or the activities of ICANN, including the mechanisms for legal regulation of ICANN’s operations”.

It added that it is “necessary… to prepare by the ICANN community and stakeholders proposals for measures or mechanisms that can make ICANN less dependent on one state”.

The call came in comments filed in ICANN’s public comment period on the terms and conditions of the new gTLD program’s Applicant Support Program and Registry Service Provider Evaluation Program.

The Ts&Cs contain a clause requiring applicants to abide by all US economic sanctions, such as those overseen by the Office of Foreign Assets Control, which has sanctioned Russian entities since the 2022 invasion of Ukraine.

Russia’s comment was filed late and has not been published or analysed by ICANN in the usual way. Instead, it was appended to the summary report (pdf) prepared by ICANN staff.

It’s not the only war-related beef Russia has with ICANN right now. The government has also complained (pdf) that about 400 domains registered by Russian entities, including airports and airlines, in the .aero gTLD have been suspended.

The .aero registry, aerospace industry IT service provider SITA, is headquartered in Switzerland but the contracting entity is a US-based subsidiary.

According to OFAC, domain registration services are exempt from the US sanctions. That has not stopped several domain registries and registrars ceasing business with Russians on moral grounds.

ICANN told Russia to file a complaint about SITA with its Compliance department. SITA has not yet responded to a request for comment.

Calls for ICANN to distance itself from the US have been coming for over two decades, usually from America’s opponents, and did not stop when the Org severed its formal ties with the 2016 IANA transition.

6 Comments Tagged: , , , , , ,

China loses over half a million domains

Kevin Murphy, September 6, 2024, Domain Registries

The Chinese ccTLD .cn shrunk by over half a million domains in the first half of the year, according to the latest semiannual report from the local registry.

There were 19,562,007 registered .cn names at the end of June, down from 20,125,764 at the end of 2023, a decline of 563,757 domains, according to the CNNIC report.

Despite the decline, .cn is still the largest ccTLD, ahead of the 17,703,602 that Germany’s DENIC (.de) reported June 30.

The dip is not surprising. Verisign has pointed to weakness in China as a reason .com’s volume has been tumbling in recent quarters.

The fact that .cn is going down too suggests the negative growth is in fact due to macroeconomic factors rather that Chinese .com registrants migrating to their local ccTLD.

Comment Tagged:

ICANN to be director light for months

Kevin Murphy, September 6, 2024, Domain Policy

ICANN’s board of directors will be down one person for six months or more after last month’s unexpected resignation of Katrina Sataki.

The ccNSO, which selected Sataki and is charged with picking her successor, does not expect to be able to name a new director until well into next year, and the vacant seat will stay vacant until then.

The ccNSO Council said it will open nominations for three weeks beginning September 10, but does not expect to hold the election until February 2025, “following the completion of due diligence on the nominee(s) by a professional firm”.

If the election is hotly contested, a second ballot could take place in March.

After the result is confirmed, it will need to be approved by ICANN’s sovereign Empowered Community before the new director can take their seat. Sataki’s seat could be empty for six or seven months.

The Council said that nominations from the Latin America and Caribbean region will not be accepted because the ccNSO’s other appointed director, Patricio Poblete, a Chilean, is from that region.

Sataki resigned with immediate effect August 23 citing personal reasons. Technically, her successor is to carry out her remaining term, which ends in November, but practically that is of course not possible.

Comment Tagged: ,

FBI seizes Russian fake news domains

Kevin Murphy, September 6, 2024, Domain Policy

The FBI has seized 32 domain names it says were being used by Russian-government-backed interests to peddle fake news to influence the war in Ukraine and the upcoming US presidential elections.

The agency named three sanctioned Russian companies as the owners of the domains, which it said “covertly spread Russian government propaganda with the aim of reducing international support for Ukraine, bolstering pro-Russian policies and interests, and influencing voters in U.S. and foreign elections, including the U.S. 2024 Presidential Election”.

The FBI called the Russian campaign, which used cybersquatted domains such as fox-news.in and washingtonpost.pm as well as original creations such as waronfakes.com and vip-news.org, “Doppelganger”.

Eight domain registrars and registries have been told by a US court to redirect the domains in question to the FBI’s name servers, where they currently serve either a seizure notice, a placeholder, or counter-propaganda presented as news.

Identity Digital was told to grab the most domains — 11 in total, across .info, .media, .ltd, .agency and .io. Verisign was told to redirect six .com and .net names. Namecheap, as registrar, had to take action on six, in .org, .press and .us.

GoDaddy was told to seize three, in .co (as registrar) and .work (as registry). Domains at NameSilo and Tucows were also affected.

In one case, the FBI went after the Palau-based registry for forward.pw, and in another it went after Finland-based Sarek, the registrar for washingtonpost.pm.

2 Comments Tagged: ,

Chinese registrars back in trouble after porn UDRP suspension

Kevin Murphy, September 5, 2024, Domain Registrars

A collection of six registrars in the XZ.com stable are back on the ICANN naughty step, facing more Compliance action just a couple of years after a sister company was suspended over UDRP failures.

ICANN has published breach notices against DotMedia and five other registrars under common ownership, claiming that they are failing to send their registration data to the correct escrow provider.

Since last year, registrars have been obliged to escrow their data to DENIC, which replaced NCC Group as ICANN’s sole provider. Escrow is important as it helps make sure registrants keep their domains if a registrar goes out of business.

The six DotMedia registrars have failed to make this transition despite months of hand-holding from ICANN, according to the breach notices. Compliance has been on their case since at least April.

The registrars are among 20 that appear to be under common management, almost all based in Hong Kong and using xz.com as their primary storefront, and it’s not clear why only six accreditations have been found in breach.

The whole group appears to be on the skids in terms of registration volume. The main accreditation, US-registered MAFF Inc, once had around 600,000 gTLD names under management, but that’s down to around 60,000 in the latest registry reports. The others have a few thousand each, having suffered similar percentage declines.

Another member of the group, ThreadAgent.com, was actually suspended for months in 2022 after it failed to transfer two domains lost in cybersquatting complaints under the UDRP to BMW and Lockheed Martin.

The six registrars have until September 25 to come back in compliance or face further action.

Comment Tagged: , , , , ,

Sataki quits ICANN board

Kevin Murphy, September 3, 2024, Domain Policy

Katrina Sataki has abruptly resigned from the ICANN board of directors.

In a letter last week to the ICANN brass and to the Country Code Names Supporting Organization, which elected her to the post three years ago, Sataki wrote:

I am writing to hand in my resignation as a member of the Board of Directors at ICANN, effective immediately for personal reasons. After careful consideration I regretfully see no other option and need to step down to allow another nominee from the ccNSO to fully commit to this work.

She apologized to the ccNSO for the suddenness of her departure.

Sataki, the CEO of Latvia’s .lv ccTLD registry, had served almost one full three-year term on the board, but had been reelected by the ccNSO for a second term due to begin this November.

The ccNSO is expected to open a call for nominations for her replacement this week.

The replacement would serve out Sataki’s remaining term, which has just over two months left on the clock, though it seems likely they would be appointed simultaneously also to serve a full term of their own.

For those keeping score on this kind of thing, the ICANN board now comprises five women and fourteen men (or 10 men if you only count the voting members), with CEO/director Sally Costerton also due to be replaced by a man in December.

2 Comments Tagged: , ,