How a company hacked the .eu sunrise to register generic domains

An Austrian company exploited a loophole in EurID’s .eu sunrise period to register dozens of generic .eu domain names, according to the European Court of Justice.
An outfit by the name of Internetportal und Marketing GmbH noticed back in 2005 that European Union regulations covering the .eu launch said that trademarks containing “special characters” could be claimed under the .eu sunrise.
If your trademark contained characters not compatible with normal DNS, such as $ or #, you could ignore those characters when you applied for your trademark as a .eu sunrise period domain.
So, with ingenuity I have to grudgingly admire, Internetportal registered 33 trademarks in Sweden that comprised generic dictionary terms interspersed with those special characters.
By applying under the sunrise period, rather than during the landrush or open registration periods, the company could eliminate most of its competitors for the domain.
Crafty.
The ECJ case concerned the domain reifen.eu – meaning “tyre” “or “tire” in German – but the company apparently also applied to register 180 other generic domains using the same method.
Internetportal registered the trademark “&R&E&I&F&E&N&”, knowing that the ampersands would be ignored by EurID’s policy when it applied for reifen.eu.
It did in fact win the domain, and others, during the sunrise, on the back of its Swedish trademarks.
Unfortunately, a man named Richard Schlicht who held a (later) Benelux trademark on the term “reifen” filed a Alternative Dispute Resolution procedure over the registration in 2006 and won.
Internetportal appealed, and it eventually made its way to ECJ. But Europe’s highest court decided last week that reifen.eu had indeed been registered in bad faith and in violation of the rules.
There’s loads of stuff in the ruling to excite IP lawyers, but as far as I can tell it boils down to one basic common-sense precedent: if you register a trademark purely for the purposes of securing a domain name in a sunrise period, you’re out of luck, at least in Europe.
Given that pretty much all the dictionary terms under .eu have already gone, and that the sunrise period ended years ago, I doubt the finding will have a great deal of immediate practical impact.
But a more general point holds, for those considering applying for a new TLD: if there are loopholes in your sunrise period rules, you can guarantee they will be exploited.

ICANN’s Draft Applicant Guidebook v4 – first reactions

As you probably already know, ICANN late yesterday released version 4 of its Draft Applicant Guidebook, the bible for new top-level domain registry wannabes.
Having spent some time today skimming through the novel-length tome, I can’t say I’ve spotted anything especially surprising in there.
IP interests and governments get more of the protections they asked for, a placeholder banning registries and registrars from owning each other makes its first appearance, and ICANN beefs up the text detailing the influence of public comment periods.
There are also clarifications on the kinds of background checks ICANN will run on applicants, and a modified fee structure that gets prospective registries into the system for $5,000.
DNSSEC, security extensions for the DNS protocol, also gets a firmer mandate, with ICANN now making it clearer that new TLDs will be expected to implement DNSSEC from launch.
It’s still early days, but a number of commentators have already given their early reactions.
Perennial first-off-the-block ICANN watcher George Kirikos quickly took issue with the fact that DAG v4 still does not include “hard price caps” for registrations

[The DAG] demonstrates once again that ICANN has no interests in protecting consumers, but is merely in cahoots with registrars and registries, acting against the interests of the public… registry operators would be open to charge $1000/yr per domain or $1 million/yr per domain, for example, to maximize their profits.

Andrew Allemann of Domain Name Wire reckons ICANN should impose a filter on its newly emphasised comment periods in order to reduce the number of form letters, such as those seen during the recent .xxx consultation.
I can’t say I agree. ICANN could save itself a few headaches but it would immediately open itself up to accusations of avoiding its openness and transparency commitments.
The Internet Governance Project’s Milton Mueller noted that the “Draconian” text banning the cross-ownership of registries and registrars is basically a way to force the GNSO to hammer out a consensus policy on the matter.

Everyone knows this is a silly policy. The reason this is being put forward is that the VI Working Group has not succeeded in coming up with a policy toward cross-ownership and vertical integration that most of the parties can agree on.

I basically agree. It’s been clear since Nairobi that this was the case, but I doubt anybody expected the working group to come to any consensus before the new DAG was drafted, so I wouldn’t really count its work as a failure just yet.
That said, the way it’s looking at the moment, with participants still squabbling about basic definitions and terms of reference, I doubt that a fully comprehensive consensus on vertical integration will emerge before Brussels.
Mueller lays the blame squarely with Afilias and Go Daddy for stalling these talks, so I’m guessing he’s basing his views on more information than is available on the public record.
Antony Van Couvering of prospective registry Minds + Machines has the most comprehensive commentary so far, touching on several issues raised by the new DAG.
He’s not happy about the VI issue either, but his review concludes with a generally ambivalent comment:

Overall, this version of the Draft Applicant Guidebook differs from the previous version by adding some incremental changes and extra back doors for fidgety governments and the IP interests who lobby them. None of the changes are unexpected or especially egregious.

DAG v4 is 312 pages long, 367 pages if you’re reading the redlined version. I expect it will take a few days before we see any more substantial critiques.
One thing is certain: Brussels is going to be fun.

Mail-order wife site silences critic with UDRP

A dating service has failed in a second attempt to hijack a domain name on the basis that the corresponding web site uses its “hot Russian brides” trademark in its directory structure.
Romantic Tours, which runs hotrussianbrides.com, filed a UDRP claim against agencyscams.com, claiming its URL agencyscams.com/why/hotrussianbrides infringed its trademark.
It lost the case, with the National Arbitration Forum arbitrator quite reasonably noting that “proceedings under the UDRP may be applied only to domain names”.
As noted over at Domain Name Wire, Romantic Tours tried the same ballsy tactic with jimslists.com, and was similarly unsuccessful.
Jimslists.com and and agencyscams.com are run by the same person. They’re basically gripe sites naming and shaming allegedly dodgy dating agencies and the allegedly dodgy women who use them.
While Romantic Tours may have lost its UDRP case, it appears to have got what it wanted anyway.
The offending URLs are no longer active on either site, and detailed references to hotrussianbrides.com appear to have been yanked, resulting in 404s.

Cheaters’ dating site wins 101 typo domains

You’d think a web site that enables married people to cheat on their partners would have difficulty taking the moral high ground on any issue. Apparently not.
AshleyMadison.com, which offers an “Affairs Guaranteed” promise, has just won 101 typo domain names under a mass UDRP claim against a single respondent.
The disputed domains included everything from zashleymadison.com to aeshleymadison.com. Two were PPC pages, the remainder apparently remained unused.
Judging from the National Arbitration Forum decision, this was an open-and-shut case of typosquatting.
The registrant was hiding behind a Bahamas-based privacy service that declined to close his true identity.
He did not respond to the UDRP filing.

ICANN closes .xxx forum after 14,000 comments

ICANN has finally shut down the latest public comment period on the proposed .xxx TLD, and now faces the task of finding the few dozen grains of wheat in about 14,000 pieces of chaff.
It’s general counsel John Jeffrey’s task to provide the round-up on this, possibly record-breaking, public comment period, although I understand ICM Registry may also provide its own, alternative, summary document.
I had a quick chat with Jeffrey yesterday. He told me comments were kept open beyond the advertized Monday shutdown because ICANN staffers are allowed to use their discretion when forums are seeing a lot of activity.
He also noted that the comment period was not a referendum on the merits of .xxx; ICANN had solicited feedback on a specific set of process options on how to handle .xxx.
It’s my impression that the 10,000+ identical form emails from the American Family Association may, rightly, wind up being considered as a single comment.

The top ten dumbest .xxx public comment subject lines

The American Family Association is now responsible for something approaching 10,000 emails urging ICANN to can ICM Registry’s .xxx proposal.
On Thursday, the AFA asked its membership to email ICANN’s public comment forum in support of “Option #3”, which would allow it to ignore the Independent Review Panel ruling and kill .xxx for good.
It thoughtfully included suggested text for the body of the email, but encouraged its members to “(Please enter your own subject line)”.
I don’t doubt that plenty of AFA members know what it was they were commenting on, but it’s clear from their chosen subject lines that plenty more had absolutely no idea.
Here’s a Letterman-style rundown of the top-ten least-clueful subject lines I’ve come across so far.

10. How much more sin will God allow?????????????
9. Judgment day is coming
8. Dear Sir!
7. stop the cause of all of the sex crimes commited today!
6. Registered Sex Offenders — You may be next, Please proceed with caution!
5. Don’t let an ADULT bookstore enter my computer! Support option #3.
4. P*rn Channel Explosion – Option #3
3. XXX.com
2. No more porn on TV!
1. (Please enter your own subject line.)

Have you seen any better/crazier ones? Let me know.
The public comment period ends, thankfully, tomorrow.

Christians try new strategy in anti-.xxx campaign

(UPDATED) Anti-porn protesters have changed tack in their campaign to get ICANN to kill the .xxx top-level domain.
The followers of crusading PornHarms.com founder Pat Trueman are currently lobbying ICANN’s public comment forums with messages that make them look a little like the pornographers themselves:

The .XXX sponsor, ICM, never satisfied the sponsorship requirements and criteria for a sponsored Top Level Domain. The ICANN Board denied ICM’s application for the .XXX sTLD on the merits in an open and transparent forum.

The copy-paste letter paraphrases text from ICANN’s process options report in much the same way as the pro-porn Free Speech Coalition’s Diane Duke did.
Trueman’s previous effort centered on the charge that pornography is intrinsically harmful, a subject well outside ICANN’s remit.
The fact that the new campaign is orchestrated by Trueman is revealed by Trueman himself and this comment from a supporter.
So… a vehemently anti-porn group is demanding ICANN rejects .xxx on the basis that it is not supported by the porn industry?
You’ve got to admire the chutzpah.
UPDATE: Another Christian group, the American Family Association, has opened the anti-.xxx floodgates, adding hundreds of new comments to ICANN’s forums in the last couple of hours.
The American Family Association is an unabashed “champion of Christian activism” whose mantra is “We believe the Bible to be the inspired, the only infallible, authoritative Word of God.”
Not really the kind of people you’d want to be stuck in an elevator with, never mind dictating internet policy.

Did Michael Dell just back ICANN’s DNS-CERT?

Michael Dell may have just backed ICANN’s call for a global DNS Computer Emergency Response Center, in a speech at a security conference.
Techworld is reporting that Dell and/or his CIO, Jim Stikeleather, referred to ICANN’s role in security during an address at the EastWest Institute Worldwide Cybersecurity Summit.
It’s not entirely clear whether the following quote is attributable to Stikeleather or Dell himself; my guess is Stikeleather:

ICANN manages the assignment of domain names and IP addresses, headquartered in California, is heavily US centric. There is a need to have more global participation on domain management as well as the future planning and next generation infrastructure needed to address the changes that will affect the Internet usage in years to come.

On the surface, it looks like a criticism of ICANN, but it could quite easily be interpreted as backing ICANN chief Rod Beckstrom’s recent call for the establishment of a global DNS-CERT to coordinate threats to the domain name system.
The quote immediately preceding it in the Techworld article is starkly reminiscent of Hot Rod’s controversial comments at the Governmental Advisory Committee at the Nairobi meeting in March.
“There is a preponderance of evidence that indicates cybercriminals could inflict major outages to portions of our critical infrastructure with minimal effort,” Jim Stikeleather reportedly said.
He was speaking at a session entitled “How do we build international cybersecurity consensus?”, which is a question Beckstrom has been asking in relation to the DNS-CERT idea.
A public comment forum on the DNS-CERT business case ICANN had presented ended a couple of weeks ago.
If I were to go out on a limb, I would say that a rough consensus emerged that such an entity was probably a good idea, and that ICANN could play a role, but that other bodies, such as DNS-OARC, might do a better job of coordinating it.

UDRP of the day: how-to-roll-a-blunt-with-a-swisher-sweet.info

This is mildly amusing. Somebody, presumably the cigar company, has filed a UDRP claim against the owner of how-to-roll-a-blunt-with-a-swisher-sweet.info.
The domain name was registered last month and, sadly, does not appear to have any content yet. It’s registered to “Gregory Bong”.
In the US, a “Swisher Sweet” is your basic bog-standard convenience store panatela cigar.
A “blunt” is what the registrant was probably smoking.
The .com version of the domain is, unsurprisingly, available, so I can only assume price was a big factor in Bong’s choice of TLD.

ICANN picks Colombia for December meeting

ICANN chief Rod Beckstrom has just confirmed via Twitter that Cartagena, Colombia has been picked for the organization’s December meeting.
Judging from US State Department reports, the country is nowadays not nearly as scary as it was when Joan Wilder made a flying visit to rescue her sister in 1984.
Still, I’m guessing we’ll still see a little bit of that nervousness and paranoia that usually rears its head when ICANN heads for cities with a reputation for violent crime.
Terrorism concerns in Kenya caused many US stakeholders to stay at home and brave unreasonably early mornings participating remotely.
Even the choice of Mexico City caused a bit of a stir last year.
Personally, I’d love to see ICANN hold a meeting in Oakland or Baltimore, just to see what the security advisory looks like.