Recent Posts
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
- $2 million Christmas bonus for ICANN
- Another VW car dot-brand crashes out
- Largest back-end switch EVER as GoDaddy loses deal
- Yeah, we got phished, ICANN admits after crypto hack
- ICANN hacked to promote crypto scam
- Super Bowl a bit of a dud for .com?
- More gloom predicted for .com
- These are the .gov domains Trump has deleted so far
- Did Trump just create the world’s next ccTLD?
- $3,000 to do a Whois lookup?
- PIR to join GlobalBlock, but its crown jewel won’t
- LA wildfire victims get domain deletes delay
- .free domains to finally arrive as Amazon reveals three gTLD launches
- Six more gTLDs shown the door, five may be auctioned
- Registrar terminated after ignoring Whois transition
- $10 million ICANN giveaway winners picked
- Whois officially died today
- Typo left MasterCard open to hackers for years
- Could ICANN approve an R-word gTLD?
- These are the TLD growers and shrinkers of 2024 (part two)
- GoDaddy ordered to stop lying about crappy security
- These are the TLD growers and shrinkers of 2024 (part one)
- Dead terrorist domains for sale, just without the hyphens
- ICANN eyes more price hikes as it predicts dismal year for industry
- Meet the six people battling to join ICANN’s board
- New gTLD use cases not much use
- Defensive dot-brands are renewing, making ICANN millions
- Identity Digital offers free domain trials through LinkedIn
- Antisemitic remarks cost registrar dearly
- ICANN lawyers want to keep their clients secret
- Facebook cybersquatter asks ICANN to overturn UDRP ruling
- .xxx founder Stuart Lawley has died
- The new gTLD Next Round is really happening as two ICANN programs go live
- Verisign has much to be thankful for as .com contract renewed
- Another 40,000 .ai domains registered
- RDRS usage hits new low
- A dot-brand that was actually used is shutting down
- .id joins the million-domain club
- GoDaddy’s .xxx contract renewed
- Twitter clone Bluesky has one feature domain people should like
- ICANN confirms two bans on new gTLD gaming
- eBay slogan domain no longer has a BIN price
- Will Donald Trump be .io’s white knight?
- As customers flee legacy gTLDs, .org tops 11 million names
- Company accidentally puts porn domain on kids’ toys
- eBay’s new slogan looks like a $75,000 domain it doesn’t own
- Americans are deserting .com
- Weak Q3 for the domain universe, Verisign reports
Governments erect bulk-reg barrier to new gTLD next round
No new gTLDs should be added to the internet until ICANN develops policies addressing the abuse of bulk domain name registrations, according to the Governmental Advisory Committee.
The GAC this afternoon drafted formal Advice for the ICANN board stating that policy work on bulk regs should get underway before ICANN 84, which takes place in Muscat, Oman in late October.
While the wording still may change before it is sent to ICANN, the current draft advice reads:
The GAC advises the board: To urge the GNSO Council to undertake all necessary preparation prior to ICANN84 towards enabling targeted and narrowly scoped Policy Development Processes (PDPs) on DNS Abuse issues, prioritizing the following: to address bulk registration of malicious domain names; and the responsibility of registrars to investigate domains associated with registrar accounts that are the subject of actionable reports of DNS Abuse.
The advice on bulk regs is fairly self-explanatory: the GAC has become aware that spammers typically shop around for the cheapest TLDs then register huge amounts of domains on the assumption that some will start getting blocked quite quickly.
The second part of the advice probably needs some explanation: under the current ICANN contracts, registrars have to deal with abuse reports concerning domains they sponsor, but they’re under no obligation to investigate other domains belonging to the registrants of those domains.
So, if a scumbag registers 100 domains for a spam campaign and only one of them is reported as abusive, the registrar can comply with its contract by simply suspending that one domain. The GAC thinks it should be obliged to proactively investigate the other 99 names too.
The advice seems to have been inspired by two sources: NetBeacon’s recent Proposal for PDPs on DNS Abuse (pdf) and data from Interisle Consulting.
Both pieces of advice obviously could have an impact on registrars’ top and bottom lines. They could lose revenue if they currently make a lot of money from bulk regs, and their costs could be increased with new obligations to investigate abuse.
An added wrinkle comes in the GAC’s rationale for its advice, which suggests that dealing with bulk regs and abuse probes should be a gating factor for the next round of new gTLDs going ahead. It reads:
Before new strings are added to the DNS as a result of the next round, further work on DNS Abuse is needed to stem the increasing cost to the public of phishing, malware, botnets, and other forms of DNS Abuse.
The core text of the advice was compiled in furtive huddles on the edges of sessions at ICANN 83, and I believe Switzerland held the pen, but it seems the US government was the driving force behind the push to make abuse a barrier to the next round.
As I reported on Monday, the US GAC rep said that “in light of the global phishing problem… and similar concerns the United States is of the view that we should not expand the DNS too broadly”.
If you find this post or this blog useful or interestjng, please support Domain Incite, the independent source of news, analysis and opinion for the domain name industry and ICANN community.
Before we can have a PDP on bulk regs, we need to see some conclusive evidence that bulk regs actually need regulation. So far, all we have seen is some correlation, no causation.
As there are loads of legitimate uses of bulk registered domains, we need to be careful not to throw out the kids with the bath water.
Speaking from the point of a long time registrar owner and operator, adding some protective measures won’t hurt nor stop the use of legitimate bulk registrations. By default, registrars should put in speed bumps to slow down bulk registrations as the first step to narrow the ingress.
Bulk registrations are then only allowed for verified accounts (something registrars should be doing anyways). Easy and practical, while so helping rid the world of spammers, fraud and phishing.
While I agree that some registrars don’t do enough to address DNS abuses (fortunately, they are a very small minority), a registrar shouldn’t be requested to investigate a domain name the registrar has nothing to do with, including when the registrant is also a customer of that registrar. Not to mention that the technical possibility for a registrar to investigate a domain name that is registered via another registrar would be very limited (unless the registrar is acting as a reseller of the concerned domain name).
This seems like one of those things which sounds easy, but just causes more work and still won’t solve the problem.
We already have scammers making tons of separate accounts with different details… so how far do we go?
Check everything in every account with the same IP? – what about CGNAT, university campuses etc?
How many is ‘bulk’? 3? 5? 100?
This all adds cost, and it’s a very competitive industry… they’ll just go to whoever sells dirt cheap and does the absolute minimum and everyone else ends up losing money on domains needing huge teams handling all the reports and then tracking down potentially thousands of domains off 1 report!
The importance of GAC advice is only defined in Bylaws. I expect the Board will find a way around that if they want to and can claim enough people want them to.
Sometimes legit TM owners make bulk registrations in the wake of a launch of some new product or service. Domain resellers tend to pack the requests of their customers in bulk sets (like several different customers’ requests will look like a single bulk registration attempt).