Latest news of the domain name industry

Recent Posts

New gTLDs: the next round just got real

Kevin Murphy, January 30, 2023, Domain Policy

It seems ICANN can multi-task, after all.

Its board of directors has yet to formally approve the next application round, but staff have started looking for a company to build the application system, regardless.

Org has published an RFI (pdf) for potential developers of a “gTLD Application Lifecycle System” that ICANN, applicants and third-party contractors will be able to use to manage bids from application to delegation.

The document details the 18 system services outlined in the Operational Design Assessment ICANN completed in December.

The deadline for submitting responses is February 24 and there’ll be a follow-up, invitation-only RFP in April. Companies have to respond to the RFI to have a chance at joining the RFP.

By ICANN’s recent standards, this is a pretty ambitious timetable, and will no doubt raise the spirits of those in the GNSO who have been calling for the Org to get a move on after the lengthy and disappointing ODA.

It may also please those worried about ICANN’s apparent inability to operate in anything other that a serial manner — it’s setting the ball rolling now, before the board has approved the program.

It may also give a hint at which way the board is leaning. It met eight days ago to discuss the next round and the ODA but did not formally pass any resolutions or provide any color on the nature of the talks.

Guy wants to be ICANN CEO and turn off 1.5 million Iranian domains

Kevin Murphy, January 25, 2023, Domain Policy

With the role of ICANN CEO opening up for applicants following the resignation of Göran Marby in December, the CEO of VPN.com appears to have thrown his hat in the ring.

In an unusual and ambiguous press release, “VPN.com CEO Reviews ICANN CEO Opening”, Michael Gargiulo strongly suggests he’s thinking about applying for the gig, currently filled on an interim basis by Sally Costerton.

“Stepping away from VPN.com to lead a global organization like ICANN that aligns with our mission of freedom and a secure Internet for all is something I have considered before, but the timing was not right,” he writes.

“ICANN does not need an empty suit filling this position; it needs someone with vision, ability to address lingering problems that ICANN has faced for extended periods of time, and the guts to stand up to countries like Russia,” he writes.

VPN.com is an strange hybrid of VPN review site and domain brokerage, formed after Gargiulo bought the domain for $1 million in 2017.

The press release is odd in that Gargiulo not only gets a couple of basic facts about ICANN wrong, but also draws attention to an occasion in 2019 when he called for Marby and President Trump to delete Iran’s .ir ccTLD from the DNS root in protest at the country’s human rights violations

The release refers to ICANN’s chair as Maarten Botterman, which hasn’t been true since September, and its headcount of “140 employees”, which is about 260 short of the actual number.

But it’s the opinion that Iran’s human rights violations, surely more acutely felt today than in 2019, should lead to the suspension of .ir’s 1.5 million domain names is surely a disqualifying position for a would-be ICANN CEO.

When Russia invaded Ukraine last year, ICANN faced calls to punish Putin by turning off .ru, which it resisted to broad community support.

Gargiulo did not respond to a request for clarification.

ICANN kicks the can on .org price cap defeat

Kevin Murphy, January 25, 2023, Domain Policy

ICANN has deferred action on its recent Independent Review Process defeat over price caps on .org and .info, instead referring the decision to one of its committees.

The IRP panel ruled in late December that ICANN broke its own bylaws when it approved the removal of price caps from the .org and .info registry contracts in 2019. It recommended that ICANN look into ways to restore the caps.

The ICANN board of directors at the weekend voted to ask its Board Accountability Mechanisms Committee (BAMC) to “review, consider, and evaluate” the IRP decision and recommend next steps.

The IRP was fought by the registrar Namecheap.

No masks required at ICANN Cancun

Kevin Murphy, January 25, 2023, Domain Policy

ICANN is considerably loosening up its Covid-19 restrictions for its next meeting, due to take place in Cancun, Mexico, in March.

The Org said last night that face masks will no longer be compulsory inside the venue, though they will still be provided for free and are “strongly recommended”. Testing kits will also be handed out.

It also won’t need to see your vaccination papers any more. You’ll merely need to check a box confirming that you’re fully up-to-date on your shots at time of registration.

Also gone are proof-of-vaccination wrist-bands, though the color-coded lanyard system, which allows people to indicate their comfort level with social proximity, will remain in place.

The meeting will take place from March 10 at the Cancun Center, but you have to register online before March 8. You can’t just rock up on the day and register on the door like you could pre-pandemic.

ICANN to be told to stop pussyfooting on new gTLDs

Kevin Murphy, January 18, 2023, Domain Policy

The GNSO Council is expected to tell ICANN’s board of directors that it needs to stop lollygagging and set the wheels in motion for the next round of new gTLDs.

The Council plans to send a letter to the board ahead of its retreat this weekend, urging it to approve the GNSO’s new gTLD policy recommendations — the so-called SubPro Final Report — which turn two years old today.

There may also be some harsh critique of ICANN’s Operational Design Assessment for the program, which put an unexpectedly enormous price tag and years-long runway on the next round.

An early draft of the letter urges the board to approve the SubPro report “as soon as practicable” and “quickly” form an Implementation Review Team, which is the next stage of turning policy recommendations into systems and processes.

The ODA had provided two options for the next round. One would take five years and cost $125 million before a single application fee is collected. The second would cost about half as much and take 18 months.

The key differences were that Option 1 would see a lot of automation, with ICANN scratch-building systems for handling applications, objections, contention resolution and such, whereas Option 2 would cut some corners and rely more on manual processing.

But the GNSO, at least judging by the early draft of its letter, seems to regard this as a false dichotomy, instead proposing a third way, leaning on configurable third-party software and existing ICANN systems.

Option 1 is “overly aggressive… overly complex, time and resource intensive, and much more expensive than is necessary”, the draft letter says.

There wasn’t enough information in the ODA for the Council to figure out exactly how the two options differ, it says.

The letter is expected to tell the board that it doesn’t need to pick between the two options. Rather, it should just approve the SubPro’s recommendations and leave it to the ICANN staff and community members on the IRT to work out the details.

While the letter doesn’t come out and say it outright, the subtext I infer is that the ODA, which took a year and cost $9 million, was a waste of time and money. If the Council can’t figure out what it means, how is the board (its intended audience) supposed to?

The Council also expresses bafflement that the proposed Registry Services Providers Pre-Evaluation program, which was meant to streamline the program by accrediting RSPs in advance of the application window opening, is predicted by the ODA to be incredibly expensive and time-consuming, the exact opposite of its intended purpose.

The letter was composed by a “small team” subset of the Council and is likely to be edited over the next few days as other members weigh in. The Council is expected to discuss it at its monthly meeting tomorrow and send it to the board before it discusses the ODA on Sunday.

New ICANN boss makes encouraging noises on new gTLDs

Kevin Murphy, January 16, 2023, Domain Policy

ICANN’s new interim CEO Sally Costerton addressed the community in her new role for what I believe was the first time last Thursday, in a call with the GNSO Council.

The hour-long call was meant to discuss the outcomes of the Council’s Strategic Planning Session a month ago, but it also served as a Q&A between councilors and Costerton.

The last 15 minutes are of particular interest, especially if you’re one of the people concerned about ICANN’s devolution into a “do-nothing” organization over the last several years.

At that mark, Thomas Rickert of the trade group eco addressed the issue in a lengthy comment in which he pointed out that ICANN has been moving so slowly of late that even lumbering governmental institutions such as the European Union have come to realize that it’s faster to legislate on issues such as Whois than to wait for ICANN to sort it out.

He also pointed to the community’s pain of waiting a year for the recent Operational Design Assessment for the next round of new gTLDs, and its shock that the ODA pointed to an even more-expensive round that could take five years or more to come to fruition.

“I’ve heard many in the community say that the operational design reports come up with a level of complexity and diligence that stands in the way of being efficient,” he said. “So maybe the perfect is the enemy of the good.”

ICANN should be brave, dig its heels in, and get stuff done, he remarked.

Costerton seemed to enjoy the critique, suggesting that the recording of Rickert’s comments should be circulated to other ICANN staff.

She described herself as a “pragmatist rather than an ideologue”.

“I so want to say you’re absolutely right, Thomas, I completely agree with you 100%, we should just get it done,” she said. “Good is good enough. Perfect is the enemy of the good — I like that expression, I think it very often is.”

But.

Costerton said she has to balance getting stuff done with threats from governments and the risk of being “overwhelmed by aggressive litigation”. She said that ICANN needs “a framework around us that protects us”.

Getting that balance right is the tricky bit, she indicated.

Costerton, who took her new role at the end of last year following Göran Marby’s unexpected resignation, did not tip her hand on whether she plans to apply to have the “interim” removed from her job title. It is known that she has applied at least once before.

Wanted: a gTLD to ban

Kevin Murphy, January 16, 2023, Domain Policy

ICANN may have failed so far to deliver a way for the world to create any more gTLDs, but it’s about to pick a string that it will resolve to never, ever delegate.

It’s going to designate an official “private use” string, designed for organizations to use behind their own firewalls, and promise that the chosen string will never make it to the DNS root.

IP lawyers and new gTLD consultants might want to keep an eye on this one.

The move comes at the prompting of the Security and Stability Advisory Committee, which called for ICANN to pick a private-use TLD in a September 2020 document (pdf).

ICANN hasn’t picked a string yet, but it has published its criteria for public comment:

1. It is a valid DNS label.
2. It is not already delegated in the root zone.
3. It is not confusingly similar to another TLD in existence.
4. It is relatively short, memorable, and meaningful.

The obvious thing to do would be to pick one of the 42 strings ICANN banned in the 2012 new gTLD round, which includes .example, .test and .invalid, or one of the three strings it subsequently decided were too risky to go in the root due to their extensive use on private networks — .corp, .mail and .home.

The SSAC notes in its document that ICANN’s two root server constellations receive about 854 million requests a day for .home — the most-used invalid TLD — presumably due to leaks from corporate networks and home routers.

But .homes (plural) is currently in use — XYZ.com manages the registry — so would .home fail the “confusingly similar” test? Given that it’s already established ICANN policy that plurals should be banned in the next round, .home could be ruled out.

ICANN’s consultation doesn’t make mention of whether gTLDs applied for in subsequent rounds would be tested for confusing similarity against this currently theoretical private-use string, but it seems likely.

Anyone considering applying for a gTLD in future will want to make sure the string ICANN picks isn’t too close to their brands or gTLD string ideas. Its eventual choice of string will also be open for public comment.

There don’t seem to be a massive amount of real-world benefits to designating a single private-use TLD string.

Nobody would be obliged to use it in their kit or on their networks, even if they know it exists, and ICANN’s track record of reaching out to the broader tech sector isn’t exactly stellar (see: universal acceptance). And even if everyone currently using a different TLD in their products were to switch to ICANN’s choice, it would presumably take many years for currently deployed gear to cycle out of usage.

IRP panel tells ICANN to stop being so secretive, again

Kevin Murphy, January 9, 2023, Domain Policy

ICANN’s dismal record of adverse Independent Review Process decisions continued last week, with a panel of arbitrators telling the Org to shape up its transparency and decision-making processes.

The panel has essentially ruled that ICANN did everything it could to be a secretive as possible when it decided to remove price controls from its .org and .info registry contracts in 2019.

This violated its bylaws commitments to transparency, the IRP panel found, at the end of a legal campaign by Namecheap commenced over three years ago.

Namecheap wanted the agreements with the two registries “annulled”, but the panel did not go that far, instead merely recommending that ICANN review its decision and possibly enter talks to put the price caps back.

But the decision contains some scathing criticisms of ICANN’s practice of operating without sufficient public scrutiny.

Namecheap had argued that ICANN broke its bylaws by not only not applying its policies in a non-discriminatory manner, but also by failing to adequately consult with the community and explain its decision-making.

The registrar failed on the first count, with the IRP panel ruling that ICANN had treated registry contract renegotiations consistently over the last 10 years — basically trying to push legacy gTLDs onto the 2012-round base Registry Agreement.

But Namecheap succeeded on the second count.

The panel ruled that ICANN overused attorney-client privilege to avoid scrutiny, failed to explain why it ignored thousands of negative public comments, and let the Org make the price cap decision to avoid the transparency obligations of a board vote.

Notably, the panel unanimously found that: “ICANN appears to be overusing the attorney-client privilege to shield its internal communications and deliberations.”

As one example, senior staffers would copy in the legal team on internal communications about the price cap decision in order to trigger privilege, meaning the messages could not be disclosed in future, the decision says.

ICANN created “numerous documents” about the thinking that went in to the price cap decision, but disclosed “almost none” of them to the IRP due to its “overly aggressive” assertion of privilege, the panel says.

As another example, staffers discussed cutting back ICANN’s explanation of price caps when it opened the subject to public comment, in order to not give too much attention to what they feared was a “hot” and “sensitive” topic.

ICANN’s failure to provide an open and transparent explanation of its reasons for rejecting public comments opposing the removal of price controls was exacerbated by ICANN’s assertion of attorney-client privilege with respect to most of the documents evidencing ICANN’s deliberations…

ICANN provided a fairly detailed summary of the key concerns about removing price caps, but then failed to explain why ICANN decided to remove price caps despite those concerns. Instead, ICANN essentially repeated the explanation it gave before receiving the public comments.

The panel, which found similar criticisms in the earlier IRP of Dot Registry v ICANN, nevertheless decided against instructing ICANN to check its privilege (to coin a phrase) in future, so the Org will presumably be free to carry on being as secretive as normal in future.

Namecheap also claimed that ICANN deliberately avoided scrutiny by allowing Org to remove the price caps without a formal board of directors resolution, and the panel agreed.

The Panel finds that of the removal of price controls for .ORG, .INFO, and .BIZ was not a routine matter of “day-to-day operations,” as ICANN has asserted. The Price Cap Decision was a policy matter that required Board action.

The panel notes that prior to the renewal of .org, .info and .biz in 2019, all other legacy gTLD contracts that had been renewed — including .pro, which also removed price caps — had been subject to a board vote.

“ICANN’s action transitioning a legacy gTLD, especially one of the three original gTLDs (.ORG), pursuant to staff action without a Board resolution was unprecedented,” the panel writes.

Quite why the board never made a formal resolution on the .org contract is a bit of a mystery, even to the IRP panel, which cites lots of evidence that ICANN Org was expecting the deal to go before the board as late as May 13, 2019, a month before the anticipated board vote.

The .org contract was ultimately signed June 30, without a formal board resolution.

(Probably just a coincidence, but Ethos Capital — which went on unsuccessfully to try to acquire .org registry Public Interest Registry from ISOC later that year — was formed May 14, 2019.)

The IRP panel notes that by avoiding a formal board vote, ICANN avoided the associated transparency requirements such as a published rationale and meeting minutes.

The panel in conclusion issued a series of “recommendations” to ICANN.

It says the ICANN board should “analyze and discuss what steps to take to remedy both the specific violations found by the Panel, and to improve its overall decisionmaking process to ensure that similar violations do not occur in the future”.

The board “should consider creating and implementing a process to conduct further analysis of whether including price caps in the Registry Agreements for .ORG and .INFO is in the global public interest”

Part of that process should involve an independent expert report into whether price caps are appropriate in .info and especially .org.

If it concludes that price controls are good, ICANN should try to amend the two registry agreements to restore the caps. If it does not conduct the study, it should ask the two registries if they want to voluntarily restore them.

Finally, the panel wrote:

the Panel recommends that the Board consider revisions to ICANN’s decision-making process to reduce the risk of similar procedural violations in the future. For example, the Board could adopt guidelines for determining what decisions involve policy matters for the Board to decide, or what are the issues on which public comments should be obtained.

ICANN is on the hook to pay the panel’s fees of $841,894.76.

ICANN said in a statement that it is “is in the process of reviewing and evaluating” the decision and that the board “will consider the final declaration as soon as feasible”.

UDRPs up in 2022, firm says

Kevin Murphy, December 28, 2022, Domain Policy

The World Intellectual Property Organization saw an increase in cybersquatting disputes this year, according to WIPO data compiled by VPN maker AtlasVPN.

There were 5,616 UDRP complaints filed with WIPO, up almost 10% from 2021, the company said.

The report does not appear to include data from the several other UDRP providers, so may not reflect the state of the system as a whole.

WIPO has processed 61,284 UDRP cases since the system was founded over two decades ago, the company said.

More details on ICANN’s CEO handover

Kevin Murphy, December 28, 2022, Domain Policy

ICANN has published more information on its change of CEO, which saw Göran Marby’s shock resignation last week.

Interim CEO Sally Costerton has been employed on an automatically renewing six-month contract that will only end if she quits, is fired, or a permanent replacement is found.

The ICANN board of directors has approved a “monthly stipend”, a bonus payment while she holds the interim position, but the amount, based on advice from compensation consultancy Willis Towers Watson, was not disclosed.

In fact, Costerton’s salary has never been disclosed in the decade she has worked for the Org. It is assumed that she is paid via the UK-based company she set up with her husband around the same time she was hired by ICANN.

That company, Sally Costerton Advisory Ltd, had about £1.3 million ($1.6 million) in net assets as of March, company records, which include no income statement, show. ICANN’s tax returns, which report executive salaries, do not reflect any payments to the company.

The board’s resolutions also confirm that Marby, who will stay as a consultant until May 2024, has will have his contract renegotiated, but the terms were redacted.