Recent Posts
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
- $2 million Christmas bonus for ICANN
- Another VW car dot-brand crashes out
- Largest back-end switch EVER as GoDaddy loses deal
- Yeah, we got phished, ICANN admits after crypto hack
- ICANN hacked to promote crypto scam
- Super Bowl a bit of a dud for .com?
- More gloom predicted for .com
- These are the .gov domains Trump has deleted so far
- Did Trump just create the world’s next ccTLD?
.health backer has cop-like takedown powers for all gTLDs in Japan
LegitScript, a US company focused on eradicating illegal online pharmacies, which backs the .pharmacy and .health gTLDs, has been given police-like powers to have domain names taken down in Japan.
It has also emerged that when IP Mirror, a brand protection registrar, was hit with an embarrassing ICANN contract-breach notice in November, it was as a result of a LegitScript complaint.
Under section 3.18.2 of ICANN’s 2013 Registrar Accreditation Agreement, registrars must have a 24/7 abuse hotline that can be used by “law enforcement, consumer protection, quasi-governmental or other similar authorities” to report illegal activity.
Registrars must act on complaints made to the hotline within 24 hours, but only authorities designated by national governments get to use it.
Now, it transpires that LegitScript has been formally designated a 3.18.2 authority by the Japanese Ministry of Health, Labor and Welfare.
That means the US company’s complaints about domains hosting potentially illegal pharmacy sites have the same weight as complaints from the Japanese police, when made to registrars that have an office in Japan, even if they’re headquartered elsewhere.
IP Mirror, which was recently acquired by CSC Digital Brand Services, is based in Singapore but has an office in Tokyo.
As far as I can tell, most of the top 10 registrars do not have offices in Japan. KeyDrive (Moniker, Key-Systems etc) may be the exception. GMO is the largest registrar based in Japan.
LegitScript announced its relationship with the Japanese ministry in September (I missed it at the time) and company president John Horton provided some context to the IP Mirror breach notice on CircleID today.
I only report the deal today because it strikes me as noteworthy that a private enterprise has been given the same powers under the 2013 RAA as law enforcement and government consumer protection agencies — and it’s not even in its home territory.
Horton told DI today that while LegitScript is legally based in the US and has offices in the EU, only Japan has so far formally granted it 3.18.2 powers. He said in an email:
We only have formal Section 3.18.2 designation in Japan at present. We have some other endorsements or recommendations by or on behalf of government authorities, although they do not specifically reference Section 3.18.2. We work closely with the Italian Medicines Agency and the Irish Medicines Board, for example, and report rogue Internet pharmacies in consultation with them.
Horton pointed out that anybody is able to to file abuse complaints under the 2013 RAA — and registrars are obliged to “take reasonable and prompt steps to investigate and respond appropriately”.
His CircleID piece cites two instances in which such complaints from LegitScript resulted in ICANN breach notices.
The chief difference is that under 3.18.2 registrars do not have much flexibility in their response times. They have to “take necessary and appropriate actions” within a black-and-white 24-hour deadline.
Black Ice suspended by ICANN
A small Israeli registrar has had its registrar accreditation suspended by ICANN.
Black Ice domains, which has a few thousand .com and .net domains under management, failed to comply with an ICANN audit and was overdue on its fees by over $5,000, according to the ICANN notice (pdf).
It won’t be allowed to sell gTLD domains or accept inbound transfers from December 19 to March 18, and may be terminated if it fails to come back into compliance.
The registrar is the fourth to have its accreditation suspended by ICANN in 2014. The organization has terminated a further seven registrars, down on the 11 terminated in the whole of 2013.
IP Mirror rapped for failing to deal with abuse
Here’s something you don’t see every day: a corporate brand management registrar getting smacked by an ICANN breach notice.
Singapore-based registrar IP Mirror has been sent a warning by ICANN Compliance about a failure to respond to abuse complaints filed by law enforcement, which appears to be another first.
Under the 2013 Registrar Accreditation Agreement, registrars are obliged to have a 24/7 abuse hotline to field complaints from “law enforcement, consumer protection, quasi-governmental or other similar authorities” designated by the governments of places where they have a physical office.
According to its web site, IP Mirror has offices in Singapore, Australia, Canada, Hong Kong, Indonesia, Japan, Malaysia, South Korea, Taiwan and the UK, but ICANN’s breach notice does not specify which authority filed the complaint or which domains were allegedly abusive.
Registrars have to respond to such complaints within 24 hours, the RAA says.
The ICANN notice (pdf) takes the company to task for alleged breaches of other related parts of the RAA, such as failure to retain records about complaints and to publish an abuse contact on its web site.
The company has been given until December 5 to come back into compliance or risk losing its accreditation.
IP Mirror isn’t massive in terms of gTLD names. According to the latest registry reports it has somewhere in the region of 30,000 gTLD domains under management.
But it is almost 15 years old and establishment enough that it has been known to sponsor the occasional ICANN meeting. It’s not your typical Compliance target.
New gTLDs steal $5 million from Web.com’s top line
Top registrar Web.com is seeing disappointing revenue from its domain business due to new gTLDs.
The “increased availability” of names has taken a chunk out of the company’s premium domain sales, CEO David Brown told analysts on the company’s third-quarter earnings call yesterday.
While we continue to expect the recently expanded top-level domain environment to increase our ability to sell domains over the medium to long term, the increased availability of names has had a near-term negative impact on domain-related revenue. This is primarily associated with non-core domain-related revenue such as sales of premium domain names and bulk domain sales.
As a result, the company has reduced its full-year 2014 revenue guidance from between $576 million and $579 million to between $566.7 million and $568.7 million
The company blamed about half of the reduction — about $5 million — on softness in its domain name business.
Brown explained that the new gTLD environment has seen domain investors exercise much more caution when it comes to buying premium names and buying names in bulk:
We’ve seen that market get soft…. The reason the softness is occurring is that this marketplace is looking at all of these new gTLDs coming into place, there are more options available for people and they’re kind of stepping back away, at least temporarily, to see how things settle out.
He said the company expects the market to come back after the uncertainty has passed.
Web.com yesterday reported third-quarter net income of $33.9 million, up from $29.3 million a year ago, on revenue that was up to $137.4 million from $125.2 million in 2013.
The company, which owns brands including Register.com and Network Solutions, announced a $100 million share repurchase at the same time, to prop up the inevitable hit its stock was to take.
Its shares are trading down 25% at time of publication.
DreamHost hit with big breach notice
DreamHost, a web hosting provider which says it hosts over 1.3 million web sites, has been hit with a lengthy ICANN compliance notice, largely concerning alleged Whois failures.
The breach notice raises questions about the company’s popular free Whois privacy service.
Chiefly, DreamHost has failed to demonstrate that it properly investigates Whois inaccuracy complaints, as required by the Registrar Accreditation Agreement, according to ICANN.
The notice contains numerous other complaints about alleged failures to publish information about renewal fees, its directors and abuse contacts on its web site.
The domain highlighted by ICANN in relation to the Whois failure is senect.com
ICANN sent three compliance notices to DreamHost concerning a Whois inaccuracy report for the domain name
and requested DreamHost demonstrate that it took reasonable steps to investigate the Whois inaccuracy claims. DreamHost’s failure to provide documentation demonstrating the reasonable steps it took to investigate and correct the alleged Whois inaccuracy is a breach of Section 3.7.8 of the RAA.
Weirdly, senect.com has been under private registration at DreamHost since the start of 2012.
ICANN seems to be asking the registrar to investigate itself in this case.
DreamHost offers private registration to its customers for free. It populates the Whois with proxy contact information and the registrant name “A Happy DreamHost Customer”.
DomainTools associates “A Happy DreamHost Customer” with over 710,000 domain names.
As an accredited registrar, DreamHost had over 822,000 gTLD domain names at the last count. According to its web site, it has over 400,000 customers.
The breach notice also demands the company immediately start including the real contact information for its privacy/proxy customers in its data escrow deposits.
ICANN has given the company until November 21 to resolve a laundry list of alleged RAA breaches, or risk losing its accreditation.
ROTD lends geo names to CentralNic registrar push
CentralNic and Right Of The Dot have teamed up to offer a series of geographically themed registrar storefronts for new gTLDs.
Under a joint venture, the companies are launching sites such as london.domains, vegas.domains, tokyo.domains and nyc.domains.
ROTD, the new gTLD venture launched by Mike Berkens and Monte Cahn, acquired these premium domains from Donuts during the .domains Early Access Period.
The second level strings all match the third-party geo-gTLDs that will be offered via these sites. Another 12 will be launched before the end of the year, the companies said.
CentralNic, best known as a registry, will provide the back-end for the site, as part of its push into the registrar side of the market that kicked off with its $7.5 million acquisition of Internet.bs.
ICANN terminates deadbeat registrar
ICANN has started termination proceedings on Domain Services Rotterdam, a Dutch registrar, for failure to pay accreditation fees.
The company owes ICANN $5,118.83 in dues but has failed to pay up despite breach notices dating back to May, according to an ICANN termination notice (pdf)
Domain Services does not have any gTLD domains under management, so no registrants will be affected by the termination, which is due to kick in November 21.
The registrar was accredited in March this year.
Korean registrar suspended
ICANN has suspended the accreditation of Korean registrar Dotname Korea over failures to comply with Whois accuracy rules.
The company was told this week that it will lose the ability to sell names for three months.
“No new registrations or inbound transfers will be accepted from 7 October 2014 through 5 January 2015,” ICANN compliance chief Maguy Serad told the company (pdf).
The suspension follows breach notices earlier in the year pertaining to Dotname’s failure to show that it was responding adequately to Whois inaccuracy complaints.
Other breaches of the Whois-related parts of the 2013 Registrar Accreditation Agreement were also alleged.
The company has until December 16 to show compliance of face the possibility of termination.
US-based Moniker gets Euro data retention waiver
ICANN has approved Moniker’s request for a partial waiver of the Registrar Accreditation Agreement based on European privacy law, despite the fact that the registrar is based in the US.
The data retention waiver for Moniker was one of a few granted to members of the KeyDrive group of registrars that were approved by ICANN yesterday.
KeyDrive is based in Luxembourg, but the waiver request was granted because complying with the 2013 RAA could violate German privacy law and Moniker’s data is stored in Germany.
ICANN said:
Registrar’s technical backend services provider as well as data storage and collection occur on servers hosted and operated in Germany, and is subject to German law. Accordingly, ICANN has determined that it is appropriate to grant Registrar a data retention waiver
Group members Key-Systems AG (a German company) Key-Systems LLC (an American company) also received waivers yesterday.
InternetX, part of Germany-based United Internet, and http.net Internet also had their requests approved.
The waiver process was introduced because the 2013 RAA requires registrars to store customer data long after their domains expire, which registrars’ lawyers say forces them to break local laws.
An EU directive implemented in many European countries says that companies cannot store personal data for longer than it is needed for the purpose for which is was collected.
Russian hackers breaking in to NameCheap accounts
If you have an account at NameCheap, now might be a good time to think about changing your password.
According to the registrar, hackers based in Russia are using a haul of a reported 4.5 billion username/password combinations to attempt to break into its customers’ accounts.
Some attempts have been successful, NameCheap warned.
The attackers are using credentials stolen from third-party sources in a large-scale, automated attempt to log in to user accounts, disguised as regular users, the company said in a blog post.
NameCheap said:
The vast majority of these login attempts have been unsuccessful as the data is incorrect or old and passwords have been changed. As a precaution, we are aggressively blocking the IP addresses that appear to be logging in with the stolen password data. We are also logging these IP addresses and will be exporting blocking rules across our network to completely eliminate access to any Namecheap system or service, as well as making this data available to law enforcement.
While the vast majority of these logins are unsuccessful, some have been successful. To combat this, we’ve temporarily secured the Namecheap accounts that have been affected and are currently contacting customers involved requesting they improve the security for these accounts.
Affected users have been emailed, the company said.
NameCheap suspects the attack is linked to a reported cache of 1.2 billion unique username/password combinations amassed by a hacker group from databases vulnerable to SQL injection.
The registrar pointed out that its own systems haven’t been hacked. Customers should only be vulnerable if they use the same username and password at NameCheap as they use on other sites.
Recent Comments