Latest news of the domain name industry

Recent Posts

Covid vaccine maker takes RDNH loss to ICANN board

Kevin Murphy, July 26, 2022, Domain Policy

An Indian pharmaceuticals firm with a $2 billion turnover has complained at the highest level of ICANN after it was handed a Reverse Domain Name Hijacking decision over the .com matching its company name.

Zydus Lifesciences, which produces mainly generic drugs but last year earned government approval to manufacture a Covid-19 vaccine, says a UDRP panel “exhibited extreme bias” when it threw out its UDRP complaint against the owner of zydus.com last month.

The company had claimed the anonymous registrant was cybersquatting, but the WIPO panel instead found RDNH.

The panel was not convinced that the registrant should have been aware of Zydus’ existence when he registered the name in 2004, and said his use of the name — which it characterized as a fanciful five-letter generic — to redirect to various affiliate marketing sites was not “bad faith”.

But now Zydus is claiming that the panel ignored evidence that it was already a very large company, with a $110 million turnover, at the time of registration, and says the UDRP decision shows evidence of bias against developing-world companies. The latter card is played pretty hard.

I believe this is only the second time that a UDRP decision has been challenged with a formal Request for Reconsideration with the ICANN board of directors, and there’s a pretty good chance it will be summarily dismissed like the first one.

Zydus will probably have to sue, or pay up.

Comment Tagged: , , , , , ,

Guy asks ICANN to shut down prostitution site

Kevin Murphy, July 26, 2022, Uncategorized

A man is using ICANN’s Request for Reconsideration process to try to take down a domain that appears to be used as a marketplace for sex workers, many of whom appear to be offering prostitution services.

The requester says that the site in question, adultsearch.com (NSFW) is breaking the law in the US, where prostitution is in most places illegal, and that it should be taken down.

He says he contacted the registrar, Namecheap, but did not get a satisfactory response. He says he then contacted ICANN Compliance, but was given the brush off.

He’s now using RfR (pdf) to bring the matter to ICANN’s board of directors.

“Take it down, offline. If it were child pornography, which is illegal, too. Would I have to ask twice…?” he writes.

The site in question is essentially a collection of classified ads posted by people offering in-person sexual services. While many ads talk in coded terms about legal services such as “massage”, alongside sexually explicit photographs, many others are fairly explicit that they’re offering sex.

The site has listings for scores of countries, but the default front-page ads come from the US, broken down by state and city.

The requester says he was moved to file the complaint after meeting a young immigrant woman involved in illegal prostitution from a young age. He provides some details of her situation, though not enough to personally identify her.

Regardless, he asked ICANN to redact that portion of the request before posting it publicly, but ICANN didn’t.

2 Comments

No smoking! Rules laid down as .kids reveals launch dates

DotKids Foundation has published its launch dates and its fairly strict rules about what kinds of content are permitted and prohibited on .kids domains.

The sunrise period for trademark holders will run from August 11 to September 14, to be followed a week later by a “community sunrise” targeting non-profits “with a main mission of championing children’s rights, children’s well-being, education or child-welfare” that runs until October 19.

Then comes the “pioneer domains” program, where DotKids seeks to recruit a suite of anchor tenants who it can name at launch when it goes into full general availability on November 29. Just in time for Christmas.

But .kids will be far from a free-for-all, with a bunch of regulations on content.

Content bans include the stuff you might expect related to violence, drugs, pornography, kids drinking and smoking, and gambling (but only where the gambling is with “lawful currencies”, presumably because video games nowadays are rife with virtual-currency gambling).

The policies are laid out in several documents here.

While content rules such as these may seem to amount to an effective ban on user-generated content, DotKids is actively encouraging its registrants to use their sites to engage with kids and provide a “platform for children’s voices to be heard”.

Developers on .kids domains will need to have a decent moderation budget, it seems.

Comment Tagged: ,

Nominet sold security unit for a dollar after blowing $23.5 million

Nominet has found itself out of pocket to the tune of $23.5 million after selling its CyGlass network security business for a dollar.

Chair Andrew Green told members last week that the .uk registry sold CyGlass to a group of its employees for the nominal sum after deciding to divest itself of non-core businesses. He said in an email:

As our involvement in CyGlass is now at an end, I am in a position to share the approximate cost of the unsuccessful investment in CyGlass with members. In addition to the $6.3m cost of purchase, Nominet invested around $16.0m in supporting the ongoing running cost of the business. Costs associated with closure will be c$1.2m – approximately equivalent to continuing to support the business for a further two months. That totals c$23.5m. Converting back to GBP over a relatively long period is complex, but the total cost over 2+ years is approximately £18m.

At the time it was sold, it was costing Nominet $600,000 a month to keep CyGlass running, he said.

The strategy of diversification from the core registry business was made under previous management and ultimately was partly the cause of last year’s boardroom bloodbath that eventually led to Green’s appointment on a back-to-basics platform.

Green told members that CyGlass “struggled as a result of changing work patterns following the Covid pandemic”, adding:

While there has been continuing interest in the offering from customers, the pipeline of opportunities has been slow in converting to new long-term customers. As a result Annual Recurring Revenue – a key driver of investor interest – has been growing imperceptibly

Now independent, CyGlass recently told the security trade press it is seeking partnerships to drive growth.

Comment Tagged: , ,

CentralNic revenue almost doubles

CentralNic has reported its preliminary first-half financial report, showing a top line that almost doubled compared to last year.

The company, which nowadays makes most of its growth from domain monetization, saw revenue up 92% to $335 million, driven by acquisitions. Organic revenue growth was up 62%.

Adjusted EBITDA was up 85% at $38 million, CentralNic said.

The company credited its online marketing segment, which it has built through acquisitions over the last couple of years, for the bulk of the growth.

Speaking of acquisitions, CentralNic also said today that it’s on the hook for $1,138,400 due to the acquisition of KeyDrive — holding company for the likes of registrar Moniker and registry KSRegistry — which was carried out in 2018.

That’s at the low-end of the up to $10.5 million in performance-related acquisition payout announced at the time.

Comment Tagged: , , , ,

Feds warn of Covid risk from “dark” Whois

Kevin Murphy, July 19, 2022, Domain Policy

The US Food and Drug Administration has escalated its beef with ICANN, warning that inaccessible Whois data is making it harder to tackle bogus Covid-19 “cures” and the country’s opioid crisis.

Catherine Hermsen from the FDA’s Office of Criminal Investigations wrote to ICANN CEO Göran Marby last week to complain that some registrars do not adequately respond to abuse complaints and that ICANN ignores follow-up complaints from government agencies.

She doubled down on the FDA’s previous complaint that ICANN’s inaction may be because it is funded by the industry, but back-pedaled on previous insinuations that ICANN’s leadership were putting their own big salaries ahead of public safety.

The beef started in early June, when an organization called Coalition for a Secure & Transparent Internet — basically a front for the likes of DomainTools and other companies whose business models are threatened by privacy legislation — held a one-sided webinar entitled “The Threat of a Dark WHOIS”.

On that webinar, Daniel Burke, chief of the FDA’s Investigative Services Division, lamented the lack of cooperation his agency gets when requesting private Whois data from “certain” registrars, and pointed to cases where the FDA’s inability to quickly get fake pharma sites, including those related to Covid-19, shut down have led to deaths.

He also said that complaints to ICANN about non-compliant registrars fall on deaf ears, to the point that it no longer bothers complaining, and suggested that ICANN and domain companies are financially incentivized to be uncooperative.

Burke quoted the writer Upton Sinclair: “It is difficult to get a man to understand something when his salary depends on his not understanding it.”

“I have found that’s the case with my interactions with ICANN and certain registries and registrars,” Burke said. “They just don’t want to listen… it’s a money-maker for them right now, it’s not profitable for them to deal with it.”

Marby also “spoke” on the CSTI webinar, but his brief intervention was actually just an out-of-context snippet — the “GDPR is not my fault!” T-shirt speech — taken from a recording of an ICANN webinar back in January and presented — dishonestly in my opinion — as if it had been filmed as a contribution to the CSTI discussion.

His inability to directly respond to Burke live led him to write to the FDA (pdf) a couple of weeks later to dispute some of his claims.

First, Marby said the the FDA does not need to obtain a subpoena to get access to Whois data. Registrars are obliged to respond to “legitimate interest” requests, when balanced against the privacy rights of the registrant, he said. He added:

In a few instances, government agencies have submitted complaints to ICANN Contractual Compliance regarding registrars’ refusal to provide non-public registration data. These agencies were ultimately successful in gaining access to the requested data without having to obtain a subpoena or lawful order.

Second, Marby disputed the financial motivation claims, writing: “ICANN’s leadership’s salaries are in no way tied to or dependent upon domain name registrations.”

Third, he offered a (pretty weak, in my view) defense against the claim that ICANN ignores complaints from government agencies, pointing out: “ICANN is not political and, therefore, takes actions to ensure that the workings of the Internet are not politicized.”

He also pointed out that ICANN operates a system called DNSTICR which monitors reports of DNS abuse related to the pandemic and alerts the relevant registries and registrars.

The problem here is that ICANN’s definition of abuse is pretty narrow and does not extend to web sites that sell industrial bleach as a Covid cure. That would count as “content” and ICANN is not the “content police”.

That’s pretty much what Hermsen says in the latest missive (pdf) in this row.

DNS security threats such as malware and phishing, however, were not what SA Burke was referring to in his presentation. Given the agency’s public health mission, FDA has been working during the pandemic to protect Americans from unproven or fraudulent medical products claiming to treat, cure, prevent, mitigate or diagnose COVID-19…

Given your stated concerns regarding COVID-19-related malware and phishing activity, we trust that you are equally concerned about registrars who may not be following the [Registrar Accreditation Agreement’s] requirements to “investigate” and “respond appropriately” following receipt of notifications about abuse, particularly complaints reporting activity involving COVID-19-related fraud or activity exacerbated the current opioid addiction crisis — especially in light of ICANN’s singular ability to enforce the terms of RAAs.

She also comes back, splitting hairs in my opinion, on the ICANN salaries claim, stating: “SA Burke was not referring to ICANN’s leadership salaries… SA Burke was referring more generally to the substantial source of funding ICANN receives from domain name registries and registrars.”

ICANN has just started work on a Whois Disclosure System that, while pretty weak, may make it slightly easier for government agencies to obtain the data they want.

2 Comments Tagged: , , , , , , ,

ICANN names NomCom chairs

Kevin Murphy, July 18, 2022, Domain Policy

ICANN has announced its picks for chair and chair-elect of its influential Nominating Committee, raising questions about the latter role for not the first time.

The board of directors has picked Vanda Scartezini as chair and Amir Qayyum as chair elect, according to a newly published resolution.

It’s the third time in recent years that the previous year’s chair-elect, in this case Damon Ashcraft, has not gone on to become chair, as the ICANN bylaws anticipate.

The bylaws say that the chair-elect, who does not have a vote, is basically an apprentice to the chair who spends a year on the committee to prepare her or him for the big seat. The bylaws also say that the ICANN board can pick another person for chair if it wants to.

In this case, while Scartezini was on the 2022 committee she was not chair-elect.

Something similar happened last year, when the board picked 2021 chair-elect Tracy Hackshaw for chair, then changed its mind two weeks later.

It also caused a controversy in the 2015 cycle when it snubbed Ron Andruff.

The NomCom is responsible for picking several leadership roles in the ICANN community, including three directors per year.

New chair Scartezini is from the At-Large community and Brazil. Qayyum is from the root server community and Pakistan.

Comment Tagged: ,

ICANN’s top brass get pay raises

Kevin Murphy, July 18, 2022, Domain Policy

ICANN’s CEO and several top executives are to receive pay raises amounting to tens of thousands of dollars.

The Org’s board of directors has approved a 4% raise for Göran Marby and four other of the top brass, with CFO Xavier Calvez getting an extra 4.5%.

The board also approved the payment of Marby’s bonus, but the amount — capped at 30% of his salary — will likely not be disclosed until ICANN files its tax returns.

It’s the fourth year in a row the CEO has received a pay rise.

Last year it was 3% andthe year before’s was 5%, but it was not a unanimous decision of the board. It’s not yet known how this year’s vote broke down.

The other execs receiving a raise of up to 4% are general counsel John Jeffrey, senior VPs Theresa Swinehart and David Olive and CIO Ashwin Rangan. None of them earned less than $450,000 in ICANN’s last tax filings.

The board resolution states that Marby’s salary is still lower than the low end of the 50-75th percentile of comparable industry salaries, though this formula is sometimes criticized for weighing tech industry CEOs in with non-profit CEOs.

2 Comments Tagged: ,

New gTLD prep work delayed until December

Kevin Murphy, July 15, 2022, Domain Policy

ICANN has confirmed that the current phase of preparation for the next round of new gTLDs will last six weeks longer than previously expected.

The new deadline for the delivery of the Operational Design Assessment for the project is December 12, almost certainly pushing out board consideration of the document out into 2023.

The extension follows the GNSO’s approval of a new Whois Disclosure System, which will suck Org resources from the new gTLDs ODP as work on both continues in parallel.

ICANN chair Maarten Botterman confirmed the delay yesterday, and the precise length was disclosed by staff in a blog post today. It says in part:

While we’re sharing our best estimate of the impact that the WHOIS Disclosure System design paper work could have on the SubPro ODA in the interest of transparency, rest assured that we are simultaneously moving forward on the ODA and actively seeking ways to streamline and minimize the impact as much as possible.

The updated timetable has been published here.

Comment Tagged: , , , ,

New gTLDs WILL be delayed by Whois work

Kevin Murphy, July 14, 2022, Domain Policy

The next round of new gTLD applications will be delayed by ICANN’s work on Whois reform, ICANN chair Maarten Botterman confirmed today.

In a letter to his GNSO Council counterpart Philippe Fouquart, Botterman states that the new gTLDs Operational Design Phase, which was due to wrap up in October, will have to proceed with an “extended timeline”.

This is because the GNSO has pushed the concept of a Whois Disclosure System, previously known as SSAD Light and meant to provide the foundations of a system for access private Whois data, and ICANN needs time to design it.

Botterman wrote (pdf):

there is an overlap in org resources with the relevant expertise needed to complete these efforts. As a result, work on the [Whois] design paper will impact existing projects. While SubPro [new gTLDs] ODP work will not stop during this period, we anticipate that an extended timeline will be required to account for the temporary unavailability of resources allocated to the design paper work.

Botterman did not put a length of time to these delays, but previous ICANN estimates have talked about six weeks. GNSO members had worried that this estimate might be a low-ball that could be extended.

ICANN had given the GNSO the option to choose to delay Whois work to complete the SubPro ODP, but it could not come to an agreement on which project was more important, and seemed to resent even being asked.

Comment Tagged: , , , , ,