Recent Posts
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
Registries unveil plan to tackle botnet abuse with mass takedowns
Domain name registries have thrown a bone to critics who say they’re not doing enough to tackle DNS abuse by revealing a framework for rapidly taking down domains associated with large-scale botnets.
In a nutshell, the new Framework on Domain Generating Algorithms (DGAs) Associated with Malware and Botnets (pdf) would enable registries to preemptively register potentially abusive names without paying ICANN fees.
It is hoped that the framework will give law enforcement an easier time in tackling botnets, and perhaps cool down some of the heat the domain name industry is taking over the DNS abuse problem.
Botnets, you’ll recall, are large networks of compromised computers that can be deployed to, for example, carry out damaging distributed denial of service attacks.
The endpoint malware on botted machines is often controlled by regularly pinging a predetermined domain name to ask for instructions.
Rather than a single domain name, which would be easy to block, the malware often use algorithms, seeded with the current time or date, to create apparently random, gobbledygook names.
Botnet controllers need only run the same algorithm at home to determine the appropriate domain to register at any given time.
Other times, lists of thousands of domains are generated in advance and hard-coded into the malware.
Either way, DGAs can give law enforcement a way to effectively shut down a botnet by having all the potential command and control domains blocked or registered, but only with the cooperation of the registries.
A notable example of such cooperation was during the Conficker crisis over a decade ago, which ultimately saw a broad coalition of LE, registries and security companies come together to reverse engineer and preemptively block the huge numbers of domains the malware was expected to generate.
The new framework, which was created by ICANN’s Registries Stakeholder Group in cooperation with the Governmental Advisory Committee, essentially formalizes and expedites that kind of countermeasure.
It’s not official ICANN consensus policy, nor is it binding on all registries. It’s purely voluntary.
It appears primarily concerned with reducing the administrative and financial burden on registries that choose to participate.
It asks law enforcement to submit takedown requests as part of “a well thought-out, comprehensive abuse disruption strategy” that gives registries sufficient time to implement them.
It further asks (and provides a template letter) that ICANN waives the fees it collects when registries register botnet domains, which with some DGAs could amount to many tens or hundreds of thousands of dollars.
It also lists several reasons why registries might refuse to comply with LE without a court order — such as when the names are already registered and need to be seized, or when they’ve been identified as potentially high-value domains.
For registries, offering up the framework appears to be low-hanging fruit in their ongoing conflict with governments, cops and security researchers that argue the industry should do more to tackle abuse.
What it doesn’t do is expand the current industry definition of “abuse”, which is currently limited to botnets, phishing, pharming and malware distribution. Spam can also be considered DNS abuse when it is used to perpetrate any of the other four malfeasances.
But that definition is also voluntary, and only a few dozen registries and registrars have signed up to it. ICANN contracts are pretty much toothless when it comes to abuse.
The fight about DNS abuse is pretty amorphous, and overlaps with intellectual property interests’ demand for more access to private Whois data and the issue of when to start the next new gTLD application round.
Next new gTLD round should be less English, says ICANN boss
The next round of new gTLDs should be less focused on the English-speaking world, ICANN CEO Göran Marby said yesterday.
Talking to ICANN’s Governmental Advisory Committee in a bilateral session at ICANN 71 yesterday, Marby said he believed the 2012 round — the last time anyone was able to apply for a new gTLD — was too English-centric.
We have so few identifiers on the internet, [which] I think is a problem. Most of them are in relation to the English language or translations of English words…
I think and I truly believe that the next round should be giving the ability for people to have identifiers on the internet that’s actually in correlation with their own local contexts, their own scripts, their own keyboards, their own narratives, so they can create their pwn communities on the internet…
We have to rethink a lot of things we have done previously, because last time we did a round it was very much about the English language and I don’t think that’s fair for the rest of the world.
He pointed out the need for universal acceptance — the technical and educational challenge of making sure all software and online services support non-Latin internationalized domain names.
While it’s true that the 2012 round of applications turned out very much English-heavy, it was not by design.
Broadening the gTLD space out to non-Latin scripts and non-English languages was one of the benefits frequently cited (often, I thought, to guilt-trip the naysayers) before opponents of new gTLDs — including governments — in the run-up to the 2012 round.
ICANN was tasked in 2011/12 with reaching out to potential applications in under-served areas of the world, but it’s generally considered to have done a pretty shoddy job of it.
In the 2012 round, 116 of the 1,930 total applications were for IDNs, and 97 of those at some point made it into the DNS root. There have been a further 61 IDN ccTLDs that came in through the IDN ccTLD Fast Track process.
IDN applicants were given special privileges in the 2012 round, such as prioritization in the lottery that selected the processing order for applications. The first delegated new gTLD was in Arabic.
The IDN gTLDs have had a mixed performance volume-wise, with the top 10 strings, which are mostly Chinese, having between 14,500 and 164,000 domains under management.
Only one has passed the 50,000-domain threshold where it has to start paying ICANN transaction fees.
The numbers are not thoroughly terrible by new gTLD standards, but they don’t make the case for huge demand, either.
Cade and Dammak win ICANN awards
Marilyn Cade and Rafik Dammak have been named joint winners of this year’s ICANN Community Excellence Award, formerly the Ethos Award.
The award acknowledges those community members deemed to have embodied ICANN’s values and devoted a lot of time to community work.
As I previously blogged, policy consultant Cade, who died last year to a wide outpouring of tributes, was pretty much a shoo-in.
“This award is not intended to be a memorial. Instead, it is a well-deserved recognition of Marilyn’s contributions and commitment to ICANN and our multistakeholder community,” the awards selection committee noted.
Dammak has for over a decade contributed “countless volunteer hours” on various ICANN policy working groups, mainly in the GNSO, the committee noted. His impartiality was called out by the selection committee for praise.
He last year stepped in to fill a leadership vacuum in the working group devoted to reviewing Whois privacy policy.
In two weeks, Brits will lose their .eu domains forever
UK registrants of .eu domains have just two weeks left to bring their registrations into compliance or face losing their names forever.
EURid today sent out its final warning to its UK customers — update your records or have your domains placed into an unrecoverable “withdrawn” status, which means they’re removed from the zone file.
These domains have been in a “suspended” status since January, but still recoverable.
To come back into compliance, records will have to be updated to either a registrant based in the post-Brexit EU 27 member states, or an EU citizen based in the UK.
The deadline is June 30, with the withdrawal axe falling the following day.
ICANN waves off EFF concerns about the Ethos-Donuts deal
ICANN has dismissed concerns from the Electronic Frontier Foundation about the recent acquisition of Donuts by Ethos Capital.
Responding to a letter from EFF senior attorney Mitch Stoltz, ICANN chair Maarten Botterman said the deal had been thoroughly reviewed according to the necessary technical and financial stability standards.
In reviewing this transaction, the ICANN org team completed a thorough review and analysis of information provided by Ethos Capital and Donuts. Based on the review, the ICANN org team concluded that Donuts, as controlled by its proposed new owners would still meet or exceed the ICANN-adopted specifications or policies on registry operator criteria in effect, including with respect to financial resources, operational and technical capabilities, and overall compliance with ICANN’s contracts and Consensus Policies. Before its final decision on the matter, ICANN org provided multiple briefings to the Board. Following its final briefing and discussion with the Board, ICANN org approved the change of control in late March 2021.
The EFF had claimed that the anti-abuse parts of Donuts various registry agreements amounted to giving Donuts the right to “censor” domains, and it took issue with the Domain Protected Marks List domain blocking service.
Botterman noted that these predate the Ethos acquisition and were not reviewed.
Prior to the deal, which closed in March, Donuts was owned by another PE firm, Abry Partners. ICANN CEO Göran Marby had previously expressed puzzlement that the acquisition to lead to such concerns.
ICANNers itching to get back to face-to-face shindigs
A majority of ICANN community members want a return to in-person meetings as soon as possible, and overwhelmingly don’t care how many pandemic-related restrictions are put in place to get it done.
That’s according to the results of an online survey ICANN carried out, which ultimately had 665 responses, or 514 if you exclude responses from ICANN staff.
The survey found that over half of all respondents were keen to fling open the doors for ICANN 72 in Seattle this October, even if it meant reduced attendance and global diversity due to pandemic restrictions on travel.
There was even greater acceptance of — and indeed demand for — health measures such as social distancing, face masks, proof of vaccination, and on-site testing.
None of these proposed measures attracted less than 72% support, and no more than 11% of respondents objected to any individual measure.
While the majority of the respondents were from North America or Europe — which I think it’s fair to say are broadly considered to be well-vaccinated and in the closing days of their pandemic restrictions — ICANN has helpfully broken down some of the responses by geography.
Perhaps unsurprisingly, North Americans and Europeans were far more likely to approve of vaccination-related attendance rules, at 73% and 66% respectively. But a majority of those from Latin America, Asia and Africa were also tolerant of such restrictions.
North Americans were also much less likely to fear travel restrictions — ICANN 72 will be held on home turf, after all.
While the survey results show a clear inclination for reopening in-person meetings, with an online component for those unable to make it, the decision will be made by the ICANN board of directors next month.
The full survey results can be viewed here (pdf).
How awful would ICANN 72 have to be for you to stay at home?
ICANN is seriously considering holding its ICANN 72 public meeting with a face-to-face component in Seattle this October. But it wants to know what would make you stay at home.
The org is surveying community members to see how they would respond to stuff like temperature checks, rapid testing, compulsory mask wearing, , vaccine certificates, physical distancing and even physical tracking.
Do community members want this stuff to make them feel safe? Or would it make them steer clear of the meeting for the sheer annoyance and intrusion? Is the community made up of bleeding-heart liberal wokesters, or hardline dunderhead deniers?
And if it turned out that the meeting would be predominately populated with vaxxed-up North Americans and Western Europeans, with few attendees from less well-off parts of the world, would that make you stay away in solidarity?
These are among the questions asked in the 10-page survey, sent out in advance of this week’s ICANN 71 public meeting, which had been due to take place in The Hague but instead will be ICANN’s fifth consecutive online-only gathering.
There’s going to be a live discussion about the possibility of a return to hybrid in-person meetings on Thursday.
The ICANN board is due to make a call on the location of 72 at some point in July.
And it’s not just a decision about health and global representation.
While the survey does not cover this, ICANN meetings are not cheap, and to set the ball rolling now with poor visibility into the pandemic situation a few months in advance would incur costs that could not be recouped.
More non-rules proposed for Whois privacy
An ICANN working group has come up with some extra policy proposals for how registries and registrars handle Whois records, but they’re going to be entirely optional.
The ongoing Expedited Policy Development Process team has come up with a document answering two questions: whether registrars should differentiate between people and companies, and whether there should be a system of uniform, anonymized email addresses published in Whois records.
The answer to both questions is a firm “Maybe”.
The EPDP working group seems to have been split along the usual party lines when it comes to both, and has recommended that contracted parties should get to choose whether they adopt either practice.
Under privacy laws, chiefly GDPR, protections only extend to data on natural persons — people — and not to legal persons such as companies, non-profits and other amorphous entities.
Legally, registries and registrars are not obliged to fully redact the Whois records of domains belonging to companies, but many do anyway because it’s easier than putting systems in place to differentiate the two types of registrant.
There’s also the issue that, even if the owner of the domain is a company, the contact information may belong to a named, identifiable person who is protected by GDPR. So ICANN’s contracted parties may reduce their potential liability by redacting everything, no matter what type of entity the domain belongs to.
The EPDP’s has decided to stick to the status quo it agreed to in an earlier round of policy talks: “Registrars and Registry Operators are permitted to differentiate between registrations of legal and natural persons, but are not obligated to do so”.
Contracted parties will get the option to ask their registrants if they’re a natural person (yes/no/not saying) and capture that data, but they’ll have to redact the answer from public Whois output.
They’d have to “clearly communicate” to their customers the fact that their data will be treated differently depending on the choice they make.
On the second question, related to whether a system standardized, published, anonymized email addresses is feasible or desirable, the EPDP is also avoiding any radical changes:
The EPDP Team recognizes that it may be technically feasible to have a registrant-based email contact or a registration-based email contact. Certain stakeholders see risks and other concerns that prevent the EPDP Team from making a recommendation to require Contracted Parties to make a registrant-based or registration-based email address publicly available at this point in time.
Again, the working group is giving registries and registrars the option to implement such systems or not.
The benefit (or drawback, depending on your perspective) of giving each registrant a single anonymous email address that is published in all their Whois records is that it makes it rather easy to reverse-engineer that registrant’s entire portfolio.
If you’re a political insider running a whistle-blower blog, a bar owner who also moderates a forum for closeted gays in a repressive regime, or a domain name news blogger running a furry porn site on the side, you might not want your whole collection of domains to be easily doxxed.
But if you’re a trademark lawyer chasing cybersquatters or a security researcher tracking spammers, being able to take action against a ne’er-do-well’s entire portfolio at once could be hugely useful.
So the EPDP working group proposes to leave it up to individual registries and registrars to decide whether to implement such a system, basically telling these companies to talk to their lawyers.
The EPDP Team recommends that Contracted Parties who choose to publish a registrant- or registration-based email address in the publicly accessible RDDS should ensure appropriate safeguards for the data subject in line with relevant guidance on anonymization techniques provided by their data protection authorities and the appended legal guidance in this recommendation
An appendix to the recommendations, compiled by the law firm Bird & Bird, says there’s “a high likelihood that the publication or automated disclosure of such email addresses would be considered to be the processing of personal data”.
The EPDP recommendations are now open for public comment until July 19, and could become binding if they make it through the rest of the ICANN policy development system.
Domain regs dip for second quarter in a row and it’s all China’s fault
There were 363.5 million domain name registrations across all top-level domains at the end of March, down by 2.8 million names compared to the end of 2020, Verisign’s latest Domain Name Industry Brief shows.
But the losses can be attributed mostly to China, which saw plummeting .cn regs in the ccTLD world and big declines across gTLDs popular with Chinese speculators.
In .cn, regs were down a whopping four million at 20.7 million in the quarter. China has historically been subject to steep fluctuations due to local government regulations.
Overall, ccTLD registrations were down 2.4 million at 156.5 million, but that seems to be all down to China.
All the other ccTLDs in the DNIB top 10 were either flat or up slightly on Q4. The frequent wild-card .tk did not have an impact on this quarter’s numbers, staying flat.
Verisign does not break down new gTLD registrations, but zone file and transaction report data shows that the likes of .icu and .wang, which typically sell first-year regs very cheaply, were hit by material junk drops in Q1.
ShortDot’s .icu zone file shrank by 2.5 million names between January 1 and March 30. It’s still in decline in Q2, but the trajectory isn’t nearly as steep. It had 814,000 zone file names at the end of Q1.
Zodiac’s .wang was at 525,000 at the end of 2020 but had dropped to 86,000 by March 30.
.top also lost around half a million names in the first quarter.
The vast majority of regs in .icu, .top and .wang come through Chinese registrars, which often sell for under a dollar for the first year.
The DNIB reports that .com performed well as usual, up from 151.8 million reported in the Q4 report to 154.6 million, but Verisign bedfellow .net was once again flat at 13.4 million.
ICANN 71 — now with added bearded men!
What’s better than a flabby, bearded, middle-aged man lecturing you about DNS policy in a Zoom window? Why, up to 25 flabby, bearded, middle-aged men lecturing you about DNS policy in the same Zoom window, of course!
That appears to be an added benefit (to beard fans, at least) of upgrades ICANN has made to its remote participation platform ahead of this month’s ICANN 71 public meeting, which will be taking place virtually.
The org has implemented a new Zoom feature called Immersive View, which permits the illusion that everyone on a given panel or committee is sitting in the same room, by pasting their images in real-time to the same fake background image.
From Zoom’s blog announcing the feature earlier this year:
The feature supports up to 25 participants, which should be sufficient to accommodate every member of ICANN’s various committees and the board of directors.
While I’m making light of it, I do see some value to observers of being able to see all session speakers simultaneously. As an inveterate nose-picker, I’m not sure I’d be quite as happy about it as a participant.
Other useful features announced by senior engineering veep Ashwin Rangan yesterday include real-time captioning in English of non-English speakers and a return to one-on-one rooms for people wishing to have private meetings.
ICANN has also linked its meeting registration system with its regular web site login accounts, Rangan said.
Recent Comments