A new way to game the new gTLD program

It may not help you win a gTLD, but a new method for screwing over your enemies in ICANN’s new gTLD program has emerged.

As I reported earlier today, it seems quite likely that ICANN is going to add a new step in the new gTLD evaluation process for the next round — testing each applied-for string in the live DNS to see if it causes significant name collision problems, breaking commonly deployed software or leading to data leaks.

The proposed new Technical Review Team would make this assessment based in part on how much query traffic non-existent TLDs receive at various places in the DNS, including the ICANN-managed root. A string with millions of daily queries would be flagged for further review and potentially banned.

The Name Collision Analysis Project Discussion Group, which came up with the new name collisions recommendations, reckons this fact could be used against new gTLD applicants as a form of sabotage, as it might be quite difficult for ICANN to figure out whether the traffic is organic or simulated.

The group wrote in its final report (pdf):

In the 2012 round, the issue of name collisions included an assumption that the existence of any name collision was accidental (e.g., individuals and organizations that made a mistake in configuration). In future rounds, there is a concern on the part of the NCAP DG that name collisions will become purposeful (e.g., individuals and organizations will simulate traffic with an intention to confuse or disrupt the delegation process)…

Determining whether a name collision is accidental or purposeful will be a best-effort determination given the limits of current technologies.

We’re basically talking about a form of denial of service attack, where the DNS is flooded with bogus traffic with the intention of breaking not a server or a router but a new gTLD application filed by a company you don’t like.

It probably wouldn’t even be that difficult or expensive to carry out. A string needs fewer than 10 million queries a day to make it into the top 25 non-existent TLDs to receive traffic.

It would make no sense if the attacker was also applying for the same gTLD — because it’s the string, not the applicant, that gets banned — but if you’re Pepsi and you want to scupper Coca-Cola’s chances of getting .coke, there’s arguably a rationale to launch such an attack.

The NCAP DG noted that such actions “may also impact the timing and quantity of legal objections issued against proposed allocations, how the coordination of the next gTLD round is designed, and contention sets and auctions.”

“Name collisions are now a well-defined and known area of concern for TLD applicants when compared to the 2012 round, which suggests that individuals and organizations looking to ‘game’ the system are potentially more prepared to do so,” the report states.

I’d argue that the potential downside of carrying out such an attack, and getting found out, would be huge. Even if it turns out not to be a criminal act, you’d probably find yourself in court, with all the associated financial and brand damage that would cause, regardless.

D3 announces seventh blockchain gTLD client

D3 Global has announced yet another likely new gTLD applicant from the blockchain space.

The specialist consultancy said it has partnered with MAKE and the Casper Foundation, a software developer and its non-profit backer respectively, to apply for .cspr when ICANN opens its long-awaited next round of new gTLD applications in a couple years.

It’s the seventh such deal D3, which says it can help blockchain companies link their alternative namespaces to the DNS, has announced since its launch late last year.

It is also working with partners to apply for .ape, .core, .vic, .near, .gate, and .shib.

.my domains to be sold globally next month

The .my namespace is to be opened up to international registrants next month under a deal between the Malaysian registry and Caymans-based Internet Naming Co, according to INCO’s CEO.

Shayan Rostam said that MYNIC will continue to be the registry for .my, but that INCO will look after it outside Malaysia. The deal will allow non-Malaysians to register .my domains for the first time, he said. Currently, some registrars offer local presence services to get around the rules.

INCO already runs a portfolio of gTLDs, the initial batch acquired from UNR a few years ago, and adding .my should bring the ccTLD to a wider range of registrars. There’s going to be a new Registry-Registrar Agreement that is “less restrictive” than the old one, Rostam said.

.my has been around since 1987 and currently has about 313,000 domains under management, split roughly 50:50 between the second-level under .my and third level under .com.my. There are also lesser-used spaces such as .org.my and .net.my.

Rostam said the third-level spaces will still be reserved for Malaysians, but that no local nexus will be required under the second-level. It’s a similar idea to how Colombia’s .co was operated when it relaunched in 2010.

The TLD is of course potentially attractive because it’s an English word commonly used in domains, albeit usually at the start of the name rather than the end. According to my database, “my” is the most commonly-registered ccTLD-match two-letter domain among dot-brands.

Rostam said that he expects to start the relaunch with an Early Access Period, with prices starting at about $25,000, in late May, with full general availability in June.

Renewal pricing in GA is expected to be around the $30 mark — substantially cheaper than current retail prices — but registrars are expected to run first-year promotions in the sub-$10 area,

There will also be a list of premium-priced domains that could pump the pricing up to between $100 and $10,000 per year.

There’s no formal sunrise period — ccTLDs are not governed by ICANN rules and .my has of course been around for almost 40 years — but brand-protection registrars have been given special early access in case they have clients that want protection, Rostam said.

Under a separate deal, INCO has also taken over management of .forum and .feedback on behalf of two of Jay Westerdahl’s companies, Rostam confirmed.

ICANN 79: anonymous trolls and undercover lawyers

Transparency, an ICANN watchword since day one, was a noticeable thematic undercurrent at the community’s 79th public meeting in Puerto Rico last week.

The problem of lawyers representing unnamed clients in policy-making groups was raised in several fora, while another section of the community seems to have separately been infiltrated by the same kind of anonymous trolls that plagued ICANN during its infancy.

Governments were especially keen that the GNSO clean house by tightening up its disclosure rules, following an abortive attempt at reform at the Hamburg meeting last October, and they found allies in the Contracted Parties House, which had killed off the reform after deciding it did not go far enough.

Under the current GNSO rules of engagement, everyone who volunteers to participate in policy-making has to file a Statement of Interest, disclosing information such as their employer, community group affiliations, and so on. Among other things, volunteers are asked:

Do you believe you are participating in the GNSO policy process as a representative of any individual or entity, whether paid or unpaid? Please answer “yes” or “no.” If the answer is “yes,” please provide the name of the represented individual or entity. If professional ethical obligations prevent you from disclosing this information, please so state.

The exemption is believed to be designed primarily for American lawyers in private practice, some of whom say they may sometimes be ethically prevented from disclosing the identity of their clients.

But this creates problems for community volunteers, and for the rest of us.

For policy-makers: sometimes, in a working group, you won’t know who you’re really arguing with. The guy opposite, in the expensive suit who keeps inexplicably rubbing her nostrils, could be a mouthpiece for almost any corporation, industry association, or government.

For the rest of us: we don’t know who is really making the policies that impact how domain names are sold, managed, and regulated. Those may seem trivial issues in the grand scheme of things, but they touch on issues such as free speech, data privacy, and how much money comes out of your pocket when you buy a domain.

An attempt last year by the GNSO to update its SOI rules was shot down by the Contracted Parties House because the proposed changes kept the lawyer disclosure exemption.

The Non-Contracted Parties House gave the changes their unanimous approval.

The GNSO Council Committee for Overseeing and Implementing Continuous Improvement, which came up with the changes, looked at 351 SOIs from two recent large policy working groups and found that “a maximum of 0.03% members were making use of the exemption.”

I think that means just one person.

But the scale of the issue is irrelevant compared to the principle, according to some.

Swiss GAC rep Jorge Cancio noted during a session with the CPH last week, “even if there’s a very small number of cases where people use some exceptions for not explaining whom they are working for, even if it’s just 10 people out of 1,000 participants, this already tarnishes the whole of the system”.

Registries Stakeholder Group chair Sam Demetriou concurred: “We believe in and we are strong supporters of the multistakeholder model, but in order for a model to be multistakeholder, you need to know who those stakeholders are. It is inherent in the entire system and the definition.”

The GAC’s position is that everyone participating in policy-making needs to be up-front about their interests, in accordance with global norms. In a session with the GNSO Council, UK rep and vice-chair Nigel Hickson urged the GNSO to sort out the SOI issue before ICANN meets again, set for Kigali this June, because ministers will be present, wanting answers.

Separately at ICANN 79 last week, there was a parallel debate going on about whether a group affiliated with ICANN should force its members to even file SOIs at all.

The Universal Acceptance Steering Group isn’t technically an ICANN body — a Supporting Organization or Advisory Committee — but it is funded and supported by ICANN and carries out ICANN work. It’s been around since 2015 but so far hasn’t required members to submit SOIs.

As anyone who attended or remotely lurked on the ICANN 79 Public Forum last week will know, the UASG came in for a lot of criticism, mostly from remote participants, some of whom have managed to pull off the near-miraculously impressive achievement of having a non-existent Google footprint.

I’m not of course suggesting that some of the people in the Public Forum chat room were trolls using pseudonyms, but… actually, yes, that is what I am suggesting.

These participants had beef with the UASG for imposing a new strict SOI requirement — rules coming into force right now give participants a few months to file their SOIs or get kicked off the UASG mailing list — and suggested UASG leadership had broken with ICANN rules by unilaterally imposing the requirement.

Said mailing list is notable for being lightly used, but with occasional traffic spikes, usually during discussions of anything related to elections or UASG leadership, from participants using free webmail addresses and often what appear to be joke names (Yisrael Memshelet, really?).

Sometimes, these participants have helped steer the mailing list discussion, and at least one question from an aforementioned Google-resistant remote participant was read out at last week’s Public Forum and responded to (kinda) by a board member. ICANN received so many remote UASG questions during the Public Forum that it said it would provide a consolidated written response after the meeting.

It seems ICANN is suffering from twin related transparency problems right now — lawyers who don’t want to reveal their clients, and trolls who don’t want to reveal their identities — neither of which is ideal for its legitimacy.

ICANN begs people to use its new Whois service

ICANN’s CEO has published an open letter encouraging the community to spread the word about its new Registration Data Request Service.

Sally Costerton explained (pdf) that RDRS is a “free, global, one-stop shop ticketing system” that hooks up people seeking private Whois data with the relevant registrar.

“I appreciate your attention to this new service and ask that you share this information with the relevant stakeholders in your organization,” she concludes.

The plea comes after the late-November launch of the system and the revelation that the system currently has far from blanket coverage from registrars.

“Use of the RDRS is voluntary, but I’m pleased to let you know that we have strong participation from registrars already,” Costerton wrote.

Since I published a blog post three weeks ago naming 25 large registrars not participating in RDRS, only Markmonitor has chosen to sign up, adding another one million domains to RDRS’s footprint.

But it turns out Chinese registrar Alibaba, which I was unable to check due to a bug or downtime somewhere, definitely is not participating, so there are still 25 out of the 40 registrars with over a million domains that are not participating.

Usage on the demand side is not known, but ICANN says it will publish regular monthly progress reports.

The RDRS is considered a pilot. It will run for at least two years before ICANN figures out whether it’s worth keeping.

Mystery buyer rescues Epik at end of crazy week

Limping registrar Epik isn’t out of the woods yet by a long shot, but its life became considerably easier late last week when a mystery buyer snapped up its assets for almost $5 million, enabling it to pay off many of its creditors.

The company said on Twitter that it had closed a deal that allowed it to pay off ICANN, which had filed a public breach notice just two days earlier, as well as various registries and loan providers.

It also allowed it to pay off Matthew Adkisson, the customer who was owed over $300,000 following a botched secondary market domain deal last year, who has now dropped his fraud and racketeering lawsuit.

Adkisson appears to have come away poorer, however, as the payoff seems to have only covered the money owed and not the probably substantial legal fees he has incurred since then.

The events of last week were pretty wild, including claims about literal assassination attempts, judging by court documents from Adkisson’s case.

Epik had told his lawyers that an “asset purchase agreement” for the Epik registrar was imminent, which would allow the company to settle its debts.

Disappointed with the offer, Adkisson filed for a temporary restraining order to prevent the sale, believing the money would wind up being squirreled away by the registrar’s current or former management.

That TRO disappeared when he withdrew his complaint and got paid at the weekend. ICANN, Identity Digital and Verisign all appear to have been paid at the same time, along with creditors called TVT and JJE.

The ICANN breach notice provides some poor optics for ICANN, which now looks like it only initiated Compliance proceedings in March, when its own registrar fees went unpaid, despite being aware of the many customer complaints against Epik.

However, now that the Compliance process has started, getting paid may not be enough to end it. The breach notice also refers to “several hundred” domains that were affected by Epik’s cash flow problems — it seems the company was unable to renew or transfer domains while in was in hock to the registries.

Adkisson’s docket contains several sworn declarations from customers saying they have lost important domains to others or been forced to spend thousands of dollars to move their domains elsewhere lest risk losing them.

While Epik cannot provide satisfactory answers to ICANN’s questions about these domains, its accreditation is still at risk.

Complicating matters, the new buyer will need to have the old registrar accreditation transferred to it, a process that takes time and subjects the registrar to a certain amount of ICANN scrutiny.

And the identity of the buyer is pretty mysterious.

On paper, the buyer is Epik LLC, a Wyoming corporation that formed about a week before the deal was finalized. Former Epik CEO Rob Monster has had to agree to change the names of operating company Epik Inc and parent Epik Holdings Inc to remove the “Epik” brand.

But the new LLC was created by a company called Registered Agents Inc, and the acquisition deal signed by its president, Jon Spear.

Registered Agents is a company that enables people to set up shell companies pretty much anonymously, and is often used by “[o]ligarchs, criminals and online scammers”, according to the Washington Post.

This is exactly the kind of association Epik does not need right now.

Making the new owners look even worse, an anonymous individual claiming to be a representative of the new Epik introduced himself or herself on the domainers forum Namepros at the weekend in probably the dumbest way imaginable if the company wants to claw back any credibility at all among what was once a core customer base.

The post does contain an apology to those “financially hurt” by Epik’s actions, and a commitment to “make things right for as many people as possible”, but it also contains several sideswipes at Namepros users, many of them victims of Epik’s mismanagement, calling their commentary “worthless”. It looks like the work of a troll.

In short, Epik still has a hell of a tough time ahead of it if it wants to shake off its bad reputation.

But before this article ends, I promised you some stuff about assassination attempts.

The material disclosed in the Adkisson case includes what appears to be a dense, multi-layered, rambling, paranoid conspiracy theory from Rob Monster, which draws in everyone from disgraced shock jock Alex Jones to Domain Name Wire editor Andrew Allemann (who hilariously Monster accuses of writing “hit pieces” about him).

I have to confess to being slightly disappointed that I didn’t get a shout-out.

He accuses people I’m not going to name here as secretly convening in late 2021 to discuss removing Monster from Epik by any means possible, with “lethal options” possibly on the table. He goes on to say:

For the record, I do have reason to believe that there have been attempts on my life including recently. This was the main reason why I stayed in Asia from January 20 through April 4 and maintained a heightened degree of privacy. I am in excellent health and not suicidal.

Monster, who I believe UK defamation law allows me to describe as “a bit of a character”, is known to frequently indulge in conspiracy theories, particularly with regards mass shootings (which feature in the theory outlined in his email to Adkisson’s lawyers).

[Guest Post] Hey ICANN: Reporters are not the enemy

This is a guest post by Emmy award-winning former reporter Brad White, who, from 2009 until 2021, was ICANN’s director of global media affairs and later director of communications for North America

It seems like ICANN utters the phrase “accountability and transparency” about every third sentence. And with good cause, since it is a vital foundation upon which the organization was built. But there are indications that foundation is severely cracked.

Unfortunately, ICANN’s leadership too often seems to adopt the position that its commitment to accountability and transparency only extends to its interaction with its community. The news media and by extension – the public – are generally not prioritized.

Journalists and bloggers (who also inform the public) who reach out to the org with questions or interview requests are too often viewed in hostile terms.

The default position of ICANN executives generally appears to be to not talk with journalists unless they must. My sense is that they should adopt the opposite attitude. Specifically, that ICANN leadership should almost always speak with journalists.

In my experience, at various points in the past, ICANN execs even forbade anyone on the communications team from talking to select journalists or bloggers. I was reminded of Richard Nixon’s famous “enemy’s list.”

The very first ICANN Board Chair, Esther Dyson had a good grasp on transparency with the news media when she said, “What I’m thinking about more and more these days is simply the importance of transparency, and Jefferson’s saying that he’d rather have a free press without a government than a government without a free press.”

I worked 12 years at ICANN, before leaving in January 2021 to work as an independent communications consultant. A large part of my job during my tenure was to interact with the news media. Having spent most of my career as a journalist, I enjoyed that aspect of my work, and felt it a vital component of the org’s oft-stated commitment to “accountability and transparency.” But over the years, I witnessed a shift in the way the organization wanted me to perform that function.

During my early days, when a news reporter would reach out with a question and/or seek an interview, I would research the issue the journalist was asking about and then after consulting the appropriate people, pass along the answers and perhaps set up an interview with the appropriate ICANN subject matter expert. And, that was the end of it.

By the time I left, with increasing frequency, when a reporter contacted ICANN, the request ended up going to at least two or three senior executives, the legal department and sometimes the CEO. Too often, the collective decision was to say nothing, if at all possible. When answers were afforded to the journalist, they were too often non-responsive or they merely “pointed” the reporter to a previously published blog or announcement. There were of course exceptions to this approach, but they were few.

What is perhaps most troubling, is that the organization doesn’t seem to feel an obligation to speak with journalists as part of its core value of transparency and accountability, instead the determining factor as to whether to grant an interview was too often — “are they going to screw us?” It was not “we have an obligation to be open to talk to all, including reporters and bloggers, because we believe in accountability and transparency.”

Some years ago, I was asked to conduct media training for ICANN’s top executives so they would better understand journalists and also learn how to better interact with them. But in the immediate years preceding my departure, the media training program appears to have been terminated. In fact, word often went out that “no one should talk to the media.”

Shortly before I left, I was asked to write a report on “ICANN’s Media Strategy.” After submitting an initial draft, it seemed to have gone into a black hole. I was never questioned about the report. I never received a red-lined draft, excluding or including elements, nor was I asked to write a subsequent draft.

Given the apparent efforts to curtail interactions with journalists and bloggers, it was difficult to not interpret the shelving of the media strategy paper because of one of its major points was — “Reporters are not the enemy.”

My sincere hope is that the new Board leadership and the community will re-commit the organization towards maximum accountability and transparency, and that includes talking to journalists, bloggers, and anyone else who can help in implementing the vital checks, balances and accountability that are the foundation of ICANN’s work. It is critical in helping the world understand ICANN and its mission.

.au passes four million names as 2LDs surge

Australia’s .au domains has surpassed four million registered names for the first time, boosted by second-level regs.

The milestone appears to have been hit in the last 24 hours, with the total count at 4,001,440 right now, according to the registry’s web site.

The ccTLD has added just shy of 300,000 registrations in the last month. On August 28, it had just over 3.7 million domains.

While auDA does not break down third-level versus second-level domains, the spike no doubt was caused by last-minutes claims of 2LDs under the Priority Allocation Process.

About 240,000 of the names registered in the last month were registered before the September 20 cut-off date for .com.au registrants to buy their matching second-level .au names.

Unclaimed names will be released into the available pool at 2100 UTC October 3, next Monday, which could potentially lead to another surge.

Guy asks ICANN to shut down prostitution site

A man is using ICANN’s Request for Reconsideration process to try to take down a domain that appears to be used as a marketplace for sex workers, many of whom appear to be offering prostitution services.

The requester says that the site in question, adultsearch.com (NSFW) is breaking the law in the US, where prostitution is in most places illegal, and that it should be taken down.

He says he contacted the registrar, Namecheap, but did not get a satisfactory response. He says he then contacted ICANN Compliance, but was given the brush off.

He’s now using RfR (pdf) to bring the matter to ICANN’s board of directors.

“Take it down, offline. If it were child pornography, which is illegal, too. Would I have to ask twice…?” he writes.

The site in question is essentially a collection of classified ads posted by people offering in-person sexual services. While many ads talk in coded terms about legal services such as “massage”, alongside sexually explicit photographs, many others are fairly explicit that they’re offering sex.

The site has listings for scores of countries, but the default front-page ads come from the US, broken down by state and city.

The requester says he was moved to file the complaint after meeting a young immigrant woman involved in illegal prostitution from a young age. He provides some details of her situation, though not enough to personally identify her.

Regardless, he asked ICANN to redact that portion of the request before posting it publicly, but ICANN didn’t.

Turkey name change could free up gTLD string

Turkey is changing its name to Türkiye, which could free up its old name to new gTLD applicants in the bird-killing industry.

The Turkish government has reportedly submitted a formal request to the UN for the change, which is intended to bring it more into line with the Turkish name and pronunciation — “Turkey-YAY”, apparently — and to disassociate it with the poultry and its disparaging connotations.

That could mean that one day the old spelling will cease to be a reserved string under ICANN’s new gTLD program rules.

The version of the Applicant Guidebook from 2012 bans applications for strings that match country names on the ISO 3166 list, translations and variants, as well as names by which a country is “commonly known” as evidenced by its use by an intergovernmental or treaty organization.

If everybody plays ball and starts calling the nation Türkiye instead, those provisions may no longer apply and new gTLD consultants may want to put their feelers out to Bernard Matthews.

The old name could remain banned if the ISO decides to keep the name on its “exceptionally reserved” list. As of today, the 3166 standard still lists the old name on its primary list.

The new spelling almost certainly won’t have any effect on the country’s ccTLD, which is .tr.