Recent Posts
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
ICANN plays tough over Amazon dot-brands
ICANN has given Amazon and the governments of the Amazon Cooperation Treaty Organization less than a month to sort out their long-running dispute over the .amazon gTLD.
The organization’s board of directors voted on Sunday to give ACTO and the e-commerce leviathan until April 7 to get their shit together or risk not getting what they want.
But both parties are going to have to come to an agreement without ICANN’s help, with the board noting that it “does not think that any further facilitation efforts by ICANN org will be fruitful”.
Attempts by ICANN to meet with ACTO over the last several months have been agreed to and then cancelled by ACTO on at least two separate occasions.
The eight ACTO governments think the string “Amazon” more rightfully belongs to them, due to it being the English name for the rain forest region they share.
Amazon the company has promised to safeguard culturally sensitive terms in .amazon, to assist with future efforts to secure .amazonas or similar for the Amazonian peoples, and to donate services and devices to the nations concerned.
Now, the two parties are going to have to bilaterally decide whether this deal is enough, whether it should be sweetened or rejected outright.
If they can’t come to a deal by ICANN’s deadline (which could be extended if Amazon and ACTO both ask for more time), ICANN will base its decision on whether to approve .amazon based on how Amazon unilaterally proposes to address ACTO’s concerns.
While a rejection of the .amazon application is still on the table, my read is that this is a bigger win for Amazon than it is for ACTO.
Data beats Merdinger to head universal acceptance group
Email entrepreneur and internationalized domain name expert Ajay Data has been named as the new chair of the group that is struggling to promote the universal acceptance of top-level domains across the internet.
Data, who replaces Afilias COO Ram Mohan after a four-year term, beat GoDaddy’s VP of domains Rich Merdinger in a secret ballot of the Universal Acceptance Steering Group this week.
The number of votes each candidate received were not disclosed.
India-based Data is founder and CEO of Xgenplus, a developer of enterprise email servers with a focus on support for non-Latin scripts and internationalized domain names.
He’s been intimately involved in all things IDN for many years.
The UASG is an independent group, which receives funding from ICANN, dedicated to reaching out to software and web site developers to ensure their systems can support domain names in all scripts, including IDNs, as well as raise awareness of new gTLDs.
Trademark posse fails to block Whois privacy policy
The ICANN community’s move to enshrine Whois privacy into formal consensus policy is moving forward, despite votes to block it by intellectual property interests.
During a special meeting yesterday, the GNSO Council voted to approve a set of recommendations that would (probably) bring ICANN’s Whois policy into compliance with the General Data Protection Regulation.
But four councilors — Paul McGrady and Flip Petillion of the Intellectual Property Constituency and Marie Pattullo and Scott McCormick of the Business Constituency — voted against the compromise deal.
Their downvotes were not enough to block it from passing, however. It has now been opened for a month of public comments before being handed to the ICANN board of directors for final approval, whereupon it will become ICANN’s newest consensus policy and binding on all contracted parties.
McGrady, an lawyer with Winston Strawn, claimed that the Expedited Policy Development Process working group that came up with the recommendations failed to reach the level of consensus that it had claimed.
“The consensus call was broken,” he said, adding that the EPDP’s final report “reflects consensus where there really wasn’t any.”
The GNSO was due to vote 10 days ago, but deferred the vote at the request of the IPC and BC. McGrady said that both groups had tried to muster up support in their communities for a “yes” vote in the meantime, but “just couldn’t get there”.
Speaking for the BC from a prepared statement, Pattullo (who works for European brand protection group AIM) told the Council:
The report is a step backwards for BC members’ interests compared to the Temp Spec, especially as the legitimate purposes for collecting and processing data are insufficiently precise, and do not include consumer protection, cybercrime, DNS abuse and IP protection.
The Temp Spec is the Temporary Specification currently governing how registries and registrars collect and publish Whois data. It was created as an emergency measure by the ICANN board and is due to expire in May, where it will very probably be replaced by something based on the EPDP recommendations.
In response to the IPC/BC votes, Michele Neylon of the Registrars Constituency and Ayden Férdeline of the Non-Commercial Stakeholders Group read statements claiming that trademark interests had been given substantial concessions during the EPDP talks.
Neylon in particular had some harsh words for the holdout constituencies, accusing them of “bad faith” and pointing out that the EPDP spent thousands of hours discussing its recommendations.
“Our members would want any number of obligations this report contains to be removed, but despite the objections we voiced our support for the final product as a sign of compromise and support for the entire multistakeholder model,” he said.
“Given the objections of certain parts of the community it’s unclear how we can ask this group to carry on with the next phase of its work at the same pace,” he said. “Given the unwillingness of others to participate and negotiate in good faith, how can we ask our reps to spend hours compromising on this work when it’s clear others will simply wait until the last minute and withdraw their consent for hard-fought compromise.”
The EPDP had a hard deadline due to the imminent expiration of the Temp Spec, but that’s not true of its “phase two” work, which will explore possible ways trademark enforcers could get access to redacted private Whois data.
Unfortunately for the IP lobby, there’s a very good chance that this work is going to proceed at a much slower pace than phase one, which wrapped up in basically six months.
During yesterday’s Council call, both Neylon and NCSG rep Tatiana Tropina said that the dedication required of volunteers in phase one — four to five hours of teleconferences a week and intensive mailing list discussions — will not be sustainable over phase two.
They simply won’t be able to round up enough people with enough time to spare, they said.
Coincidentally, neither the registrars nor the non-coms have any strong desire to see a unified access solution developed any time soon, so a more leisurely pace suits them politically too.
It will be up to the EPDP working group, and whoever turns out to be its new chair, to figure out the timetable for the phase two work.
Phishing still on the decline, despite Whois privacy
The number of detected phishing attacks almost halved last year, despite the fact that new Whois privacy rules have made it cheaper for attackers to hide their identities.
There were 138,328 attacks in the fourth quarter of 2018, according to the Anti-Phishing Working Group, down from 151,014 in Q3, 233,040 in Q2, and 263,538 in Q1.
That’s a huge decline from the start of the year, which does not seem to have been slowed up by the introduction in May of the General Data Protection Regulation and ICANN’s Temp Spec, which together force the redaction of most personal data from public Whois records.
The findings could be used by privacy advocates to demonstrate that Whois redaction has not lead to an increase in cybercrime, as their opponents had predicted.
But the data may be slightly misleading.
APWG notes that it can only count the attacks it can find, and that phishers are becoming increasingly sophisticated in how they attempt to avoid detection. The group said in a press release:
There is growing concern that the decline may be due to under-detection. The detection and documentation of some phishing URLs has been complicated by phishers obfuscating phishing URLs with techniques such as Web-spider deflection schemes – and by employing multiple redirects in spam-based phishing campaigns, which take users (and automated detectors) from an email lure through multiple URLs on multiple domains before depositing the potential victim at the actual phishing site.
It also speculates that criminals once involved in phishing may have moved on to “more specialized and lucrative forms of e-crime”.
The Q4 report (pdf) also breaks down phishing attacks by TLD, though comparisons here are difficult because APWG doesn’t always release this data.
The group found .com to still have the most phishing domains — 2,098 of the 4,485 unique domains used in attacks, or about 47%. According to Verisign’s own data, .com only has 40% market share of total registered domains.
But new, 2012-round gTLDs had phishing levels below their market share — 4.95% of phishing on a 6.83% share. This is actually up compared to the 3% recorded by APWG in Q3 2017, the most recent available data I could find.
Only two of the top 20 most-abused TLDs were new gTLDs — .xyz and .online, which had just 70 attack domains between them. That’s good news for .xyz, which in its early days saw 10 times as much phishing abuse.
After .com, the most-abused TLD was .pw, the ccTLD for Palau run by Radix as an unrestricted pseudo-gTLD. It had 374 attack domains in Q4, APWG said.
Other ccTLDs with relatively high numbers included several African zones run as freebies by Freenom, as well as the United Kingdom’s .uk and Brazil’s .br.
Phishing is only one form of cybercrime, of course, and ICANN’s own data shows that when you take into account spam, new gTLDs are actually hugely over-represented.
According to ICANN’s inaugural Domain Abuse Activity Reporting report (pdf), which covers January, over half of cybercrime domains are in the new gTLDs.
That’s almost entirely due to spam. One in 10 of the threats ICANN analyzed were spam, as identified by the likes of SpamHaus and SURBL. DAAR does not include ccTLD data.
The takeaway here appears to be that spammers love new gTLDs, but phishers are far less keen.
ICANN did not break down which gTLDs were the biggest offenders, but it did say that 52% of threats found in new gTLDs were found in just 10 new gTLDs.
This reluctance to name and shame the worst offenders prompted one APWG director, former ICANN senior security technologist Dave Piscitello, to harshly criticize his former employer in a personal blog post last month.
Registrars given six months to deploy Whois killer
ICANN has started the clock ticking on the mandatory industry-wide deployment of RDAP.
gTLD registries and registrars have until August 26 this year to roll out RDAP services, which will one day replace the age-old Whois spec, ICANN said this week.
Registration Data Access Protocol fulfills the same function as Whois, but it’s got better support for internationalization and, importantly given imminent work on Whois privacy, tiered access to data.
ICANN’s RDAP profile was created in conjunction with contracted parties and public comments. The registries and registrars knew it was coming and told ICANN this week that they’re happy for the 180-day implementation deadline to come into effect.
The profile basically specs out what registrars and registries have to show in their responses to Whois (or RDAP, if you’re being pedantic) queries.
It’s based on the current Temporary Specification for Whois, and will presumably have to be updated around May this year, when it is expected that the Temp Spec will be replaced by the spec created by the Whois EPDP.
ICANN pushes IANA under Conrad
ICANN chief technology officer David Conrad is now “overseeing” the IANA part of the organization, ICANN has announced.
It doesn’t appear to be a promotion or change of job titles as much as a reporting structure adjustment made in the wake of a change of management at the Global Domains Division.
Kim Davies is still vice president of IANA, and president of Public Technical Identifiers, as IANA is often referred to nowadays.
Previously, Davies reported to the president of GDD, now he’s reporting to Conrad.
After Akram Atallah left GDD to run Donuts, Conrad and Atallah’s eventual permanent replacement, Cyrus Namazi, split his duties on an interim basis.
It appears that the announcement of Conrad’s new duties merely formalizes that arrangement.
It makes a lot more sense to have the largely technical IANA functions under the jurisdiction of the CTO, rather than the gTLD-centric Global Domains Division, if you ask me.
UN ruling may put .io domains at risk
The future of .io domains may have been cast into doubt, following a ruling from the UN’s highest court.
The International Court of Justice this afternoon ruled (pdf) by a 13-1 majority that “the United Kingdom is under an obligation to bring to an end its administration of the Chagos Archipelago as rapidly as possible”.
The Chagos Archipelago is a cluster of islands that the UK calls the British Indian Ocean Territory.
It was originally part of Mauritius, but was retained by the UK shortly before Mauritius gained independence in 1968, so a strategic US military base could be built on Diego Garcia, one of the islands.
The native Chagossians were all forcibly relocated to Mauritius and the Seychelles over the next several years. Today, most everyone who lives there are British or American military.
But the ICJ ruled today, after decades of Mauritian outrage, that “the process of decolonization of Mauritius was not lawfully completed when that country acceded to independence in 1968, following the separation of the Chagos Archipelago”.
So BIOT, if the UK government follows the ruling, may cease to exist in the not-too-distant future.
BIOT’s ccTLD is .io, which has become popular with tech startups over the last few years and has over 270,000 domains.
It’s run by London-based Internet Computer Bureau Ltd, which Afilias bought for $70 million almost two years ago.
Could it soon become a ccTLD without a territory, leaving it open to retirement and removal from the DNS root?
It’s not impossible, but I’ll freely admit that I’m getting into heavy, early speculation here.
There are a lot of moving parts to consider, and at time of writing the UK government has not even stated how it will respond to the non-binding ICJ ruling.
Should the UK abide by the ruling and wind down BIOT, its IO reservation on the ISO 3166-1 alpha-2 list could then be removed by the International Standards Organisation.
That would mean .io no longer fits the ICANN criteria for being a ccTLD, leaving it subject to forced retirement.
Retired TLDs are removed from the DNS root, meaning all the second-level domains under them stop working, obviously.
It’s not entirely clear how this would happen. ICANN’s Country Code Names Supporting Organization has not finished work on its policy for the retirement of ccTLDs.
TLDs are certainly not retired overnight, without the chance of an orderly winding-down.
Judging by the current state of ccNSO discussions, it appears that ccTLDs could in future be retired with or without the consent of their registry, with a five-to-10-year clock starting from the string’s removal from the ISO 3166-1 list.
Under existing ICANN procedures, I’m aware of at least two ccTLDs that have been retired in recent years.
Timor-Leste was given .tl a few years after it rebranded from Portuguese Timor, and .tp was removed from the DNS a decade later. It took five years for .an to be retired after the Netherlands Antilles’ split into several distinct territories in 2010.
But there are also weird hangers-on, such as the Soviet Union’s .su, which has an “exceptional reservation” on the ISO list and is still active (and inexplicably popular) as a ccTLD.
As I say, I’m in heavy speculative territory when it comes to .io, but it strikes me that not many registrants will consider when buying their names that the territory their TLD represents may one day simple poof out of existence at the stroke of a pen.
Afilias declined to comment for this article.
Updated: More .amazon delay as governments cancel talks
The future of Amazon’s bid for .amazon has been cast into more doubt after South American governments cancelled talks with ICANN.
The new secretary general of the Amazon Cooperation Treaty Organization, Alexandra Moreira, wrote to ICANN CEO Göran Marby February 13 to call off a meeting that had been planned to take place in Brasilia, February 19.
She blamed unspecified “unavoidable circumstances” for the cancellation, but insisted it was unrelated to the .amazon issue.
“It is necessary to clarify that the above mentioned circumstances have no connection whatsoever with neither the substance nor the agenda of the postponed meeting,” she wrote.
I believe the cancellation is related to the ongoing political instability in ACTO member Venezuela, which has recently spilled onto its borders with fellow members Brazil and Colombia.
Moreira reiterated that ACTO remains committed to talks to get the .amazon impasse resolved.
The cancellation of the February 19 meeting causes timing issues for ICANN’s board of directors, which has promised to vote on the .amazon applications at its meetings in Kobe, Japan, at ICANN 64, which kicks off in less than two weeks.
Brazilian Governmental Advisory Committee representative Achilles Zaluar has meanwhile reached out to Marby to request a delay of this decision until ICANN 65, which takes place in June.
Eight-nation ACTO is unhappy with Amazon’s encroachment onto what it sees as its geographic name rights, even though the Amazon region is typically known as Amazonia locally.
Amazon has offered to protect culturally sensitive terms at the second level and to support future efforts to secure a .amazonia TLD.
But its latest offers have still not been formally presented to and discussed with ACTO.
This post was updated an hour after publication to provide additional context to the cancellation.
Expect more Whois accuracy emails under new ICANN policy
Registrars will be obliged to send out even more Whois accuracy emails, under a set of recommendations being considered in ICANN.
Assuming recent recommendations out of the Whois policy working group are accepted, every registrant of a gTLD domain with something listed in the “Organization” field will receive a one-off mail from their registrar asking them to confirm its accuracy.
It’s Recommendation 12 of the EPDP Team Final Report, which was published last week (pdf) by ICANN’s first Expedited Policy Development Process working group.
In general, the Organization field would be redacted in the public Whois under the proposed policy, but registrants will be proactively asked if they want to opt in to having it published.
While registrars can pick their own methods to conduct this outreach, email seem like the most likely medium in the vast majority of cases.
These mails would be sent out the registrants of the over 192 million gTLD domains (if they have something in their Org field) at some point between May 2019, when ICANN is likely to formally adopt the policy, and February 29, 2020, which is EPDP group’s recommended implementation deadline.
In theory, the Org field is perhaps the main indicator of whether a domain is registered to a natural person (and therefore subject to the General Data Protection Regulation) or a legal person (and therefore not).
But it’s not uncommon for registrants or registrars to simply populate the field with the name of the natural-person registrant, even when there’s no actual organization involved.
That’s a GDPR problem, as it means personally identifiable information could leak into the public Whois.
Under the EPDP’s recommendation, registrars would be obliged to reach out to their customers to confirm whether the contents of their Org field are correct, and to ask whether they want that information to be made public.
Opting in would mean the registrar would begin to publish Org data in the public Whois. Ignoring the email or actively refusing publication would mean your registrar would redact or delete this field.
After this mass outreach has finished, registrars would stop redacting the Org field, unless the registrant has not consented to its publication.
For new registrations, registrars would have to show you a prominent warning that the Org data will be published and get your consent for it to do so.
The recommendation is among 29 that were arrived at following over six months of intensive discussions in the EPDP group.
Others we’ve previously reported on include the total elimination of the Admin Contact, making the Technical Contact both smaller and completely optional, and the mandatory introduction of an anonymous means for Whois users to contact registrants.
The recommendations have been submitted to the GNSO Council, which will vote on them March 4.
The EPDP report will then be opened for 30 days of public comment, before being sent to the ICANN board of directors for a full, final vote.
The policy will replace the current Temporary Specification governing Whois, which the board rushed through on an emergency basis last May in order to make the DNS ecosystem as GDPR-compliant as possible when the EU law came into effect.
The EPDP group is expected to shortly enter “phase two” of its work, which will look at whether there should be a unified access mechanism for security and intellectual property interests to snoop on otherwise private Whois data.
Namazi named new GDD boss
Cyrus Namazi has been appointed as the new head of ICANN’s Global Domains Division.
He’s been in the role on an interim basis since November, when former GDD president Akram Atallah left to lead Donuts.
Namazi won’t be “president” though, his new job title is senior vice president. He was previously VP of DNS industry engagement, having joined ICANN in 2013.
He’ll be on the executive team and report to CEO Göran Marby, ICANN said.
Namazi and Atallah worked together in their pre-ICANN days at technology firm Conexant Systems.
The GDD basically overseas everything related to ICANN’s gTLD contracted parties.
Recent Comments