Latest news of the domain name industry

Recent Posts

Ancient registrar gets ICANN breach notice over UDRP

Kevin Murphy, September 25, 2023, Domain Registrars

A thirty-year-old registrar — practically prehistoric by internet standards — has been hit with an ICANN breach notice after apparently failing to transfer a domain lost in a UDRP and not paying its fees.

ICANN has told Texas-based GKG.net that it failed to implement a July UDRP decision (pdf) over the domain top-rx-market.com, which was won by generic pharmaceuticals firm TopRX.

That domain is using GKG’s Whois privacy service and suspended-domains.net as its name servers but still resolves to an active pharma storefront from where I’m sitting. The UDRP says the domain was registered to a Russian, who did not respond to the UDRP.

While the UDRP-related alleged breach is pretty recent, it looks like ICANN has been chasing GKG for a couple of years.

Compliance first notified the registrar that it was past due on its quarterly fees back in February 2022.

Since March, it also has been looking at alleged failures to handle abuse reports for pharma-related domains including canadianpharmstore.net, usapharmacymall.com, good-pills.com, and 1-pharm.com, which all resolve to the same discount medicines site.

ICANN says all of its attempts to call, email and fax GKG have fallen on deaf ears.

GKG isn’t tiny. It had over 83,000 gTLD domains under management in May, though it appears to have been shrinking by hundreds of domains per month for over a decade.

The company was accredited by ICANN with IANA number 93, which means it’s among the first wave of registrars accredited over two decades ago — it’s older than GoDaddy.

GKG has until October 13 to clean up its act or face suspension and termination.

Freenom hit by FIFTH ICANN action after litany of screw-ups

Kevin Murphy, September 21, 2023, Domain Registrars

Is time up for Freenom? After being sued by Facebook and losing its contracts to operate ccTLDs for at least two countries, now it also has ICANN Compliance to deal with.

Its registrar arm, Netherlands-based OpenTLD, has been hit with a lengthy ICANN breach notice that alleges the company failed to allow its customers to renew and/or transfer their domains, in violation of the registrar contract.

It’s the fifth time OpenTLD has been targeted by Compliance, following breach notices in 2020, 2017 and 2015 and a notice of suspension later in 2015. ICANN says this notice is for the same sorts of failures as in 2020 and 2017.

The latest notice covers a dozen separate cases, probably the largest number in a single breach notice to date. Some of them ICANN has been investigating as far back as January 2022.

The notice says that OpenTLD failed to allow some registrants of expired domains to recover their names under the Expired Registration Recovery Policy and that some registrants were not provided with the AuthInfo codes they need to transfer their domains to other registrars upon request, which registrars have to do under the Transfer Policy.

It goes on to describe a situation where the registrar habitually did not respond to Compliance’s calls, emails or faxes.

OpenTLD apparently has not filed its 2022 Compliance Certificate with ICANN either, which it was supposed to do before January 20 this year.

The company had almost 19,000 gTLD domain names under management at the end of May, down from a 2019 peak of almost 45,000, but it’s probably better known for being Freenom, the registry behind .ml, .ga, .cf, .gq and .tk.

Domains in these five ccTLDs — mostly representing West African nations suffering under military dictatorships or civil war — were offered for free and monetized by the registry upon expiration or suspension.

But Freenom has not offered new regs in these TLD since the start of the year. Its web site blames technical problems, but it’s widely believed to be a result of the cyberquatting lawsuit filed by Facebook owner Meta in late 2022.

Mali and Gabon, of .ml and .ga, have since severed ties with Freenom. It turned out .ga had seven million domains in its zone, most of which presumably belonged to the registry.

OpenTLD has until October 11 to give ICANN evidence that it followed policy with the renewals or transfers of dozens of names domains or risk losing its accreditation.

Namecheap has given away 500,000 free .me domains

Kevin Murphy, September 6, 2023, Domain Registrars

A project started in 2014 has seen Namecheap give away 500,000 .me domains to university students in the Anglophone world.

The offer, started in 2014 at nc.me, is for the first year’s registration and is for students to create “online portfolios, resumes, blogs and other personal websites”.

Registrants authenticate themselves by having email addresses associated with universities, such as .edu in the US. Institutions in the UK and Australia are also supported.

Not all of the names registered over the last nine years are still registered, according to a spokesperson, but 500,000 would be a sizable chunk of .me’s total domains under management.

The registry, Domen, does not regularly publish its reg numbers but it hadn’t yet crossed the one million mark as of 2018, according to its web site.

The Namecheap spokesperson said that the registry provide the first-year regs for free under the partnership.

Epik had another terrible month in May

Kevin Murphy, September 6, 2023, Domain Registrars

Registrants continued to abandon Epik in droves in the wake of its financial mismanagement scandal in May, the latest gTLD registry transaction reports show.

Total domains under management dropped by 46,624 to end the month at 511,028, compared to its peak of 808,160 in August 2022, before the news of the crisis first started to emerge.

Net transfers were -32,149 in the month, with 32,320 outbound transfers. That’s not as bad as April, when the net transfers number was -34,492.

Adds — newly sold domains — were also up a bit, from 411 in April to 795 in May. Still a far cry from the 10,000+ new domains Epik sold in a typical month pre-scandal.

May was the final month of Epik’s floundering before it sold its assets to a mystery buyer and paid off its debts to customers, registries and ICANN. Next month, we’ll see how that rescue package affected its fortunes.

Epik had worst month ever in April

Kevin Murphy, August 8, 2023, Domain Registrars

The fallout from Epik’s financial mismanagement scandal continued to wreak havoc on the company’s registration numbers in April, the latest ICANN registry transaction reports show.

The company had its worse month ever for transfers, with 34,698 domains being moved to rival registrars and only 206 being transferred in.

Epik sold just 411 gTLD domains in April — its worst month for adds in over a decade — having regularly added five figures worth in pre-scandal months.

The registrar’s domains under management number for all gTLDs was 557,652 at the end of the month, down 50,239 compared to the end of March and down 234,902 compared to September, when the scandal began to emerge.

For context, April was the month when news of a customer lawsuit (now settled) seeking $300,000 redress over a botched domain sale first emerged and stories of Epik’s woes started receiving broader attention.

Epik now has a new owner and is awaiting ICANN approval to transfer its accreditation.

Registrar linked to defunct social network terminated

ICANN has terminated a registrar for not paying its fees and other infractions.

ICANN Compliance, in a termination notice effective August 10, said that US-based, Indian-operated Nimzo 98 had failed to provide a Whois service and escrow its registration data.

These secondary breaches seem to be side effects of the fact that the company is no longer operating. It’s been ghosting Compliance since December, according to the notice.

Nimzo, as I blogged in May, seems to have been the in-house registrar of a short-lived social network project name Houm, which offered users a domain name as part of the service bundle.

It peaked at about 21,000 names before it abruptly deleted them all, last October, registry transaction reports show.

At the last count, this March, it had just 270 names under management. ICANN will trigger its De-Accredited Registrar Transition Procedure to move whatever remains today into safer hands.

Domainer objects to Epik’s acquisition over Masterbucks collapse

A Los Angeles film production company and its domainer CEO have objected to Epik’s request to transfer its ICANN accreditation from the discredited former registrar Epik Inc to mystery new registrar Epik LLC.

Todd Ryan, CEO of American Business Capital Corporation and a domain investor, has written to ICANN to say that the transfer should be blocked until “all outstanding debts” are paid.

He’s particularly concerned with customers that may have been left out of pocket by Masterbucks, the payments service that has been described as a PayPal clone or simply a jumped-up Epik store credit system.

“The financial losses incurred by customers who utilized Masterbucks, a payment method provided by Epik registrar, are a matter of significant importance,” Ryan wrote.

“It is crucial that ICANN, as the governing body responsible for overseeing the domain registration industry, takes decisive action to ensure that all debts owed to these affected customers are satisfactorily resolved prior to any transfer of registrar accreditation,” he wrote.

Masterbucks was at the center of the old Epik’s financial mismanagement woes, with domainers beginning to complain that they couldn’t withdraw their funds almost a year ago.

Ryan says he’s a member of ICANN’s Business Constituency but does not say in his letter whether he’s owed money.

It’s not clear who currently owns the Masterbucks liabilities. The service was not believed to be part of the deal that saw the Epik registrar acquired from the Inc to the LLC last month.

ICANN’s head of compliance has written that it could take months for the Epik accreditation transfer to be approved (or otherwise).

Ryan also demands that ICANN disclose the identity of Epik LLC’s owners, which is still a bit of a mystery.

DENIC kicks out NCC as ICANN’s sole escrow agent

DENIC has won the contract to be the sole supplier of registrar data escrow services for ICANN, the Org has announced.

The German registry is replacing NCC Group, which acquired Iron Mountain’s escrow business two years ago. Iron Mountain has been ICANN’s chosen escrow agent since it started requiring registrars to escrow registrant data in 2007 in the wake of the RegisterFly scandal.

Under ICANN’s Registrar Accreditation Agreement, registrars have to deposit this data either daily or weekly, depending on how many domains under management they have, to mitigate the risk of domains being lost.

Registrars can choose to use ICANN’s chosen escrow agent, in which case ICANN pays, or they can choose another from an approved list, in which case the registrar pays.

Naturally enough, the vast majority of registrars choose to go with the free option. DENIC has been on the approved list since 2017. There are also one Russian and three Chinese companies approved to provide these services.

The change of contractor means escrow will now be provided by a EU-based company for the first time. UK-based NCC’s contract was via its US subsidiary, NCC Group Software Resilience (NA) LLC. ICANN said DENIC has opened up facilities in North America.

ICANN said NCC “will no longer be accepting new registrars with immediate effect and will no longer provide [Registrar Data Escrow] services starting 1 November 2024”, so registrars have some breathing space to migrate.

The deal was worth $800,000 a year to NCC, according to ICANN’s latest tax forms. One assumes DENIC is doing it cheaper.

Epik lost 125,000 domains in Q1

Epik’s domains under management total fell by over 125,000 in the first quarter, March registry transaction reports reveal.

The company had 607,891 domains in its stable at the end of March, down from 732,914 at the start of the year. The number was down 40,000 in the month, almost double the decrease of February.

Most of the decline can be blamed on transfers — it had 27,721 names go to rival registrars in March and a net transfer loss of 26,658.

Epik had its worst month for newly registered domains too. Having regularly added 10,000 to 20,000 names a month last year, in March that had dwindled to about 2,000.

The company is known to have had troubles paying the largest gTLD registries, but it’s not clear whether this had an impact on its March numbers.

Epik peaked at over 800,000 domains under management before its financial troubles started to emerge last September. Last month it was sold to a mystery buyer which has vowed to turn its fortunes around.

Epik is off the ICANN naughty step

Epik is no longer in breach of its ICANN registrar accreditation agreement, but it remains to be seen whether its anonymous new owners can take over the contract, ICANN has said.

The registrar has paid its past-due fees, explained why it delayed its customers’ renewal requests and promised to put in place measures to ensure this kind of thing doesn’t happen again, ICANN Compliance chief Jamie Hedlund blogged.

This means Epik has dodged a contract suspension and gets to continue with business as usual, for now, albeit with many distrustful customers.

Hedlund wrote that ICANN is now reviewing Epik’s request to transfer its accreditation from Epik Inc to new entity Epik LLC, whose owners have yet to reveal their identities.

ICANN has to do due diligence on the buyer before approving the transfer, but Hedlund said this case is “complex” and is expected to take “several months”.

The LLC bought the old registrar for almost $5 million last month after a tortuous few months for customers claiming to be owed hundreds of thousands of dollars.

Some have speculated that the LLC is a front for Epik founder and former CEO Rob Monster, the person arguably most responsible for Epik’s woes over the last 12 months, but court documents published as part of a customer lawsuit include emails from Monster that suggest he was not involved.