Recent Posts
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
Registrars warn of huge domain suspension scam
Customers of at least half a dozen large registrars been targeted by an email malware attack that exploits confusion about takedown policies.
The fake suspension notices have been spammed to email addresses culled from Whois and are tailored to the registrar of record and the targeted domain name.
Customers of registrars including eNom, Web.com, Moniker, easyDNS, NameBright, Dynadot and Melbourne IT are among those definitely affected. I suspect it’s much more widespread.
The emails reportedly look like this:
Dear Sir/Madam,
The following domain names have been suspended for violation of the easyDNS Technologies, Inc. Abuse Policy:
Domain Name: DOMAIN.COM
Registrar: easyDNS Technologies, Inc.
Registrant Name: Domain Owner
Multiple warnings were sent by easyDNS Technologies, Inc. Spam and Abuse Department to give you an opportunity to address the complaints we have received.
We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.
We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.
Click here and download a copy of complaints we have received.
Please contact us by email at mailto:abuse@easydns.com for additional information regarding this notification.
Sincerely,
easyDNS Technologies, Inc.
Spam and Abuse Department
Abuse Department Hotline: 480-124-0101
The “click here” invitation leads to a downloadable file, presumably containing malware.
Of course, the best way to check whether your domain name has been genuinely suspended or not is to use it — visit its web site, use its email, etc.
As domain suspensions become more regularly occurrences, due to ICANN policies on Whois accuracy for one reason, we can only expect more scams like these.
Domains pointing to social media tiny, but growing
The number of domain names registered via Go Daddy and pointing to social media profiles measures only in the “tens of thousands”, according to the company.
The market leading registrar put out a press release earlier this week stating that “in the last 18 months, customers pointing a domain name to social media sites increased by 37 percent.”
The company said it “attributes the rise in the redirects to customers wanting to control their online identity.”
While it’s an uptick for sure, the number of domains behaving this is actually still quite low.
A Go Daddy spokesperson told DI: “We’re not releasing exact numbers, but it’s in the tens of thousands.”
That’s a drop in the ocean compared to the over 60 million domains Go Daddy has under management.
The press release promoted the company’s new Personal Domains sales page, which offers buyers a streamlined way to point their domains to their Facebook, Twitter, LinkedIn or Tumblr profiles.
ICANN: we won’t force registrars to suspend domains
In one of the ongoing battles between registrars and the intellectual property lobby, ICANN’s compliance department seems to have sided with the registrars, for now.
Registrars will not be forced to suspend domain names when people complain about abusive or illegal behavior on the associated web sites, according to chief contract compliance office Allen Grogan.
The decision will please registrars but will come as a blow to the likes of music and movie studios and those who fight to shut down dodgy internet pharmacies.
Grogan yesterday published his interpretation of the 2013 Registrar Accreditation Agreement, specifically the section (3.18) that obliges registrars to “investigate and respond appropriately” abuse reports.
The IP crowd take this to mean that if they submit an abuse report claiming, for example, that a web site sells medicines across borders without an appropriate license, the registrar should check out the site then turn off the domain.
Registrars, on the other hand, claim they’re in no position to make a judgment call about the legality of a site unless presented with a proper court order.
Grogan appears to have taken this view also, though he indicated that his work is not yet done. He wrote:
Sometimes a complaining party takes the position that that there is only one appropriate response to a report of abuse or illegal activity, namely to suspend or terminate the domain name registration. In the same circumstances, a registrar may take the position that it is not qualified to make a determination regarding whether the activity in question is illegal and that the registrar is unwilling to suspend or terminate the domain name registration absent an order from a court of competent jurisdiction. I am continuing to work toward finding ways to bridge these gaps.
It’s a testament to how little agreement there is on this issue that, when we asked Grogan back in June how long it would take to provide clarity, he estimated it would take “a few weeks”. Yet it’s still not fully resolved.
His blog post last night contains a seven-point checklist that abuse reporters must conform to in order to give registrars enough detail to with with.
They must, for example, be specific about who they are, where the allegedly abusive content can be found, whose rights are being infringed, and which laws are being broken in which jurisdiction.
It also contains a six-point checklist for how registrars must respond.
Registrars are only obliged to investigate the URL in question (unless they fear exposure to malware or child abuse material), inform the registrant about the complaint, and inform the reporter what, if anything, they’ve done to remediate the situation.
There’s no obligation to suspend domains, and registrars seem to have great leeway in how they treat the report.
In short, Grogan has interpreted RAA 3.18 in a way that does not seem to place any substantial additional burden on registrars.
He’s convening a roundtable discussion for the forthcoming ICANN meeting in Dublin with a view to getting registrars to agree to some non-binding “voluntary self-regulatory” best practices.
GoDaddy did not cybersquat the Oscars, court finds
In a landmark decision, a US court has ruled that GoDaddy’s practice of parking unused domains with Google advertising does not count as cybersquatting.
The Academy of Motion Picture Arts and Sciences, which runs the annual Oscars awards, sued the registrar five years ago after seeing that GoDaddy had parked hundreds of names containing its mark.
Under UDRP, registrar parking is controversially often taken as a sign of the registrants bad faith by panelists.
But the California court ruled that GoDaddy’s actions did not amount to trademark infringement due to the unique circumstances of the case.
GoDaddy did not select the advertisements — Google’s algorithms did — nor did it manually review which domains were being parked.
Domain Name Wire has a pretty good breakdown of the key points in the 129-page ruling.
What’s going to be interesting is whether UDRP panelists — which sometimes take their cues from US legal precedent — will start to adjust to view registrar parking in a more benign way when judging registrant bad faith.
Frakes to lead Moniker
Domain industry veteran Jothan Frakes has been tapped to take over leadership of troubled US registrar Moniker.
Frakes will take over from CEO Bonnie Wittenburg.
The news emerged during the DomainFest Asia conference in Macau, at which Frakes is a speaker, overnight.
Moniker will be his first CEO gig, but he’s a bit of a jack of all trades in the industry.
Frakes has previously worked for Sedari, Minds + Machines, Oversee.net and Moniker.
He was one of the technical evaluators for the new gTLD program, subcontracted to KPMG.
For the last couple of years he’s been a key figure behind the NamesCon and DomainFest conferences.
It might be a wise hire for Moniker — Frakes is well known and well liked in the domaining community, somewhere Moniker’s reputation has suffered horribly over the last year.
Its market share has been plummeting for years, but matters were exacerbated in June 2014 with a disastrous switch to a new registration platform that was uniformly despised (read these comments) and broke everything.
Reddit peppers Go Daddy boss with sexism questions
Go Daddy can’t seem to shake off the legacy of its long-running, sexually suggestive TV advertising.
In an “Ask Me Anything” session on Reddit yesterday, CEO Blake Irving seemed to face more questions about sexism, women in technology and equal opportunities hiring than any other topic.
He made about 70 posts during the session, at least 10 of which related to Go Daddy’s relationship with the equally-fair sex in some way. Some Reddit users wondered aloud whether some such questions had been planted by Go Daddy sock-puppets.
The “best”-rated question on the thread addressed the company’s old TV commercials, which in the early days regularly featured scantily-clad, large-breasted women. Irving said:
The old ads helped GoDaddy build massive brand awareness in the US. They weren’t helpful to our reputation as an egalitarian provider of services though, and they didn’t do enough to tell people what we actually do. One of the first things I did at GoDaddy was pivot the advertising to reflect what we did and who we did it for. When 58% of small businesses in the US are run by women you should reflect the great work they do as small businesses. That’s what we’ve done with our ads over the past two years.
Irving joined Go Daddy in December 2012. Its ads since then have focused less and less on the prurient interest.
Irving also pointed out in one answer than a third of the company’s executive team is female.
He was also asked a number of questions about the new .ski gTLD (he was wearing a branded baseball cap in the AMA’s accompanying photograph).
Go Daddy employees also seemed to be out in force, asking multiple questions about this year’s corporate Christmas party.
When asked about the prospects for new gTLDs versus .com, Irving sat on the fence:
We’re seeing steady increases in awareness and the first instances of big global brands using the names (like abc.xyz and brand TLDs like home.barclays). We expect this to continue to drive new gTLD sales over time. For the foreseeable future, COM will likely remain the most desired name in the US and outside. It’s universally recognizable around the world. Either way, our goal is to provide the best choices available for each customer and the new gTLDs make getting the perfect name for you much more likely.
When asked “Does your burning evil raise your body temperature?”, Iriving replied:
Ummmm …. GoDaddy is an eco-conscious company, so we are firmly against practices that are harmful to the environment, including the use of malevolent forces as a fuel source. But, I do like a good bike ride to get my heart pumping.
The whole AMA can be read here.
OpenTLD suspension reinstated
ICANN has suspended OpenTLD’s ability to sell gTLD domain names for the second time, following an arbitration ruling yesterday.
OpenTLD, part of the Freenom group, will not be able to sell gTLD names or accept inbound transfers from tomorrow — about two hours from now — to November 24, according to ICANN’s web site.
That doesn’t give the company much time to make the required changes to its web site and registrar systems.
As reported earlier today, OpenTLD lost its battle to have the suspension frozen in arbitration with ICANN.
The arbitrator agreed with ICANN Compliance that the registrar cybersquatted its competitors and has not yet done enough to ensure that it does not do the same again in future.
Yes, you are dangerous, arbitrator tells “cybersquatter” OpenTLD
Free domains provider OpenTLD has been dealt a crushing blow in its fight against the suspension of its Registrar Accreditation Agreement.
ICANN is now free to suspend OpenTLD’s RAA, due to the company’s “pattern of cybersquatting”, following a decision by an independent arbitrator.
The arbitrator ruled yesterday that OpenTLD’s suspension should go ahead, because “OpenTLD’s continued operation could potentially harm consumers and the public interest.”
The 90-day suspension was imposed by ICANN Compliance in June, after it became aware that OpenTLD had lost two UDRP cases filed by competing registrars.
WIPO panelists found in both cases that the company had infringed its competitors’ trademarks in order to entice resellers over to its platform.
The suspension was put on hold voluntarily by ICANN, pending the arbitrator’s ruling on OpenTLD’s request for emergency stay. That request was conclusively rejected yesterday.
The arbitrator wrote:
the Arbitrator has little doubt that the multiple abusive name registrations made by OpenTLD, each of which included the registered mark of a competing domain name registrar and OpenTLD’s subsequent use of those domains… formed part of a broad concerted effort by OpenTLD calculated to deliberately divert name registration business, otherwise destined for competing domain name registrars… away from those registrars to OpenTLD instead.
He wrote that OpenTLD needs to put a process in place to prevent similarly cybersquatty behavior in future, rather than just making a commitment to changing its ways.
It’s pretty harsh stuff.
OpenTLD said recently that a suspension would “devastate” and “decimate” its business, due to the intertwining of its massive ccTLD business and rather smaller gTLD platform, but the arbitrator thought a technology workaround would be rather simple to implement.
No RAA means no gTLD sales and no inbound transfers.
OpenTLD is part of Freenom, which runs .tk and other free-to-register ccTLDs.
The company’s only ray of sunlight in the ruling is that the arbitrator said the costs of the proceeding should be split equally, not all falling on OpenTLD’s shoulders.
ICANN has not yet re-instituted the suspension, but it could come soon.
The full ruling can be read here.
Registrants guilty until proven innocent, say UK cops
UK police have stated an eyebrow-raising “guilty until proven innocent” point of view when it comes to domain name registrations, in comments filed recently with ICANN.
In a Governmental Advisory Committee submission (pdf) to a review of the Whois accuracy rules in the Registrar Accreditation Agreement, unspecified “UK law enforcement” wrote:
Internet governance efforts by Industry, most notably the ICANN 2013 RAA agreement have seen a paradigm shift in Industry in the way a domain name is viewed as “suspicious” before being validated as “good” within the 15 day period of review.
UK law enforcement’s view is that a 45 day period would revert Industry back to a culture of viewing domains “good” until they are proven “bad” therefore allowing crime to propagate and increase harm online.
The GAC submission was made August 13 to a public comment period that closed July 3.
The Whois Accuracy Program Specification Review had proposed a number of measures to bring more clarity to registrars under the 2013 RAA.
One such measure, proposed by the registrars, was to change the rules so that registrars have an extra 30 days — 45 instead of 15 — to validate registrants’ contact information before suspending the domain.
That’s what the UK cops — and the GAC as a whole — don’t like.
They have a point, of course. Criminals often register domains with bogus contact information with the expectation that the domains will not have a long shelf life. Fifteen days is actually quite generous if you want to stop phishing attacks, say.
The Anti-Phishing Working Group says phishing attacks have an average up-time of 29 hours.
Clearly, ICANN’s Whois accuracy program is doing little to prevent phishing as it is; a switch to 45 days would presumably have little impact.
But the number of domains suspended for lack of accuracy at any given time is estimated to be in the hundreds of thousands, and registrars say it’s mostly innocent registrants who are affected.
Verisign said this March that .com domains “on hold” grew from roughly 394,000 names at the end of 2013 to about 870,000 at the end of 2014.
In June 2014, registrars claimed that over 800,000 domains had been suspended for want of Whois accuracy in the first six months the policy was in place.
Web.com hacked, 93,000 cards stolen
The credit card details of 93,000 Web.com customers have been stolen by hackers.
The name, address and credit card number of the affected customers were accessed. The verification numbers (from the back of the cards) were not stolen.
Web.com said the attack was discovered August 13 and has been reported to the proper authorities.
Network Solutions and Register.com, its leading registrar businesses, were not affected, the company said.
It has 3.3 million customers. Those whose details were stolen have been emailed and will receive a letter in the mail.
The company said it will provide affected customers with a year of free credit monitoring.
Recent Comments