Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
Delhi Commonwealth Games wins UDRP
With five days to go before the Commonwealth Games kicks off in Delhi, the organizers may be under fire for expecting athletes to live like squatters, but they have managed to beat off one cybersquatter.
(Do you see what I did there?)
The Organising Committee of the games has been handed delhi-commonwealth-games.com in a UDRP proceeding against an anonymous registrant handled by WIPO
It looks like a fairly straightforward case. The web site, which has content, appears on the first page of Google for [delhi commonwealth games]. The WIPO panelist said its use of commercial links showed bad faith.
The official domain of the games is the rather less SEO-friendly cwgdelhi2010.org.
Interestingly, the Committee became aware of the domain in April 2009 and its first move was to ask the registrar, Directi, to block it, which it refused. It was well over a year later when the UDRP claim was filed.
Delhi was awarded the Commonwealth Games in 2003. The domain was registered in 2006.
The city has recently come under fire for its apparent lack of preparation, offering arriving athletes accommodation well below par from a health and safety perspective.
ICANN to publish final new TLD rulebook before December
The ICANN board of directors said it will publish the final Applicant Guidebook for new top-level domains before the public meeting in Cartagena this December.
(UPDATE: that statement is not 100% accurate. See this post for an update.)
The decision came at the end of its two-day retreat in Trondheim, Norway yesterday, which seems to have left a number of important issues as yet unresolved.
The matters of registry-registrar cross ownership and morality and public order objections are both still unfinished business, while the intellectual property lobby has at least one bone thrown its way.
On the morality or “MOPO” problem, now known as the “Rec6” problem, the board had this to say:
The Board will accept the Rec6 CWG recommendations that are not inconsistent with the existing process, as this can be achieved before the opening of the first gTLD application round, and will work to resolve any inconsistencies.
The Rec6 working group had recommended a re-framing of the issue that would eliminate the possibility of any one government blocking a new TLD application based on its own laws and interests.
So the board resolution sounds like progress, until you realize that every decision on new TLDs made at the retreat is going to be re-evaluated in light of a shamefully eleventh hour wish-list submitted by the Governmental Advisory Committee on Thursday.
Having failed to get what it wanted through cooperation with the Rec6 working group, the GAC essentially went over the heads of the GNSO, taking its demands directly to the board.
So much for bottom-up policy making.
Resolved (2010.09.25.02), staff is directed to determine if the directions indicated by the Board below are consistent with GAC comments, and recommend any appropriate further action in light of the GAC’s comments.
In other words, the board may only accept the parts of the Rec6 recommendations that the GAC agrees with, and the GAC, judging from its latest missive, wants the first round of applications limited to purely “non-controversial” strings, whatever those may be.
The board also made no firm decision of the issue of registry vertical integration and cross-ownership. This is the entirety of what it said on VI:
The Board will send a letter to the GNSO requesting that the GNSO send to the Board, by no later than 8 October 2010, a letter (a) indicating that no consensus on vertical integration issues has been reached to date, or (b) indicating its documented consensus position. If no response is received by 8 October 2010, then the Board will deem lack of consensus and make determinations around these issues as necessary. At the time a policy conclusion is reached by the GNSO, it can be included in the applicant guidebook for future application rounds.
That’s actually borderline amusing, given that the GNSO working group on VI has recently been waiting for hints from the board about what it intends to do, rather than actually getting on with the job of attempting to create a consensus policy.
The bone I mentioned for the trademark crowd amounts to knocking a week off the length of time it takes to resolve a complaint under the Uniform Rapid Suspension policy.
The Trondheim resolutions also make it clear that the ICANN board will only be required to vote on a new TLD application in limited circumstances, such as when an objection is filed.
For all other applications, a staff mechanism for rapidly signing contracts and adding TLDs to the root will be created.
Crunch day for new TLDs
The ICANN board has kicked off a two-day retreat during which it will attempt to finalize the rules for applying for new top-level domains.
The big question for many is this: are more delays or the cards, or will ICANN finally put a firm timeline on the first new TLD application round?
One constituency that seems bent on more delays is the intellectual property community.
Dozens of organizations, including Microsoft, AT&T, Time Warner, Adobe and Coca-Cola, told ICANN in late July that the current IP protections in version 4 of the Draft Applicant Guidebook are not good enough.
The proposed Uniform Rapid Suspension process has become bloated and burdensome and the Trademark Clearinghouse does not go far enough to proactively protect trademarks, they say.
Just this week, it emerged that the International Trademark Association has called for further studies into the potential economic harms of new TLDs, which could easily add a couple of quarters of delay.
But there are good reasons to believe ICANN is done with being pushed around by IP interests.
As I reported earlier this week, chairman Peter Dengate Thrush has recently publicly stated that the current state of intellectual property protection in the DAG is a compromise position reflecting the views of all stakeholders and that IP lawyers “have had their chance”.
It’s not just IP interests that will be affected by the ICANN board’s discussions this weekend. The board’s decisions on “vertical integration” will make or break business models.
The VI issue, which governs whether registrars can apply for new TLDs and whether registrars can act as registrars, is perhaps the most difficult problem in the DAG. The working group tasked with sorting it out failed to reach consensus after six months of debate.
The DAGv4 currently says, as an explicit placeholder, that there can be no more than 2% cross-ownership of a registry by a registrar and vice versa.
This would mean that registrars that want to get into the TLD game, such as Demand Media’s eNom, would not be allowed to apply.
It may also cause problems for publicly listed registries such as VeriSign and Neustar, or registries that already have registrar shareholders, such as Afilias.
The proposals on the table include raising the ownership cap to 15% to eliminating it altogether.
A move by ICANN to restrict ownership will certainly attract allegations of anti-competitive behavior by those companies excluded, while a move too far in the opposite direction could lead to accusations that the rules do not go far enough to protect registrants.
There are no correct answers to this problem. ICANN needs to find a balance that does the least harm.
Also up for debate will be the rules on how governments and others can object to new TLD applications on “morality and public order” grounds.
Following the report of a working group, which I blogged about here, it seems likely that the term “morality and public order” will be replaced entirely, probably by “Objections Based on General Principles of International Law”.
If the board adopts the recommendations of this “Rec6” working group, there will be no special provision in the Guidebook for governments to make objections based on their own national laws.
There’s also the suggestion that ICANN’s board should have to vote with a two-thirds super-majority in order to deny a TLD application based on Rec6 objections.
It’s another almost impossible problem. Some say the Rec6 recommendations as they currently stand are unlikely to appease members of the Governmental Advisory Committee.
In summary, ICANN’s board has just two days to define the competitive parameters of a market that could be worth billions, figure out how to politely tell some of the world’s largest IP rights holders to back off, and write the rule-book on international governmental influence in the new TLD process.
I predict a small boom in sales of coffee and pizza in the Trondheim region.
Russian domain crackdown halves phishing attacks
Phishing attacks from .ru domains dropped by almost half in the second quarter, after tighter registration rules were brought in, according to new research.
Attacks from the Russian ccTLD namespace fell to 528, compared to 1,020 during the first quarter, according to Internet Identity’s latest report.
IID attributed the decline to the newly instituted requirement for all registrants to provide identifying documents or have their domains cancelled, which came into effect on April 1.
The report goes on to say:
Following a similar move by the China Internet Network Information Center in December 2009, spam researchers suggested that this tactic only moves the criminals to a new neighborhood on the Internet, but has no real impact on solving the problem.
I wonder whose ccTLD is going to be next.
The IID report also highlights a DNS redirection attack that took place in June in Israel, which I completely missed at the time.
Apparently, major brands including Microsoft and Coca-Cola started displaying pro-Palestine material on their .co.il web sites, for about nine hours, after hackers broke into their registrar accounts at Communigal.
ICANN Brussels – .xxx approved but not approved
The controversy over the .xxx top-level domain has for the last few years, at least from one point of view, centered on opposing views of whether it was already “approved”.
ICM Registry has long claimed that ICANN “approved” it in 2005, and believes the Independent Review Panel agreed with that position. ICANN said the opposite.
Regardless of what happened in Brussels yesterday, when the board grudgingly voted to reopen talks on .xxx (to a surprisingly muted audience response), the question of whether .xxx is “approved” is definitely not over yet.
ICM tweeted shortly after the ICANN’s board’s decision:
@ICMRegistry: We are delighted to announce that the #ICANN Board has approved the .xxx top-level domain.
But a couple of hours later, ICANN chair Peter Dengate Thrush told us at a press conference that it categorically was not “approved”.
In terms of getting its point across to the media, ICM’s message trumped ICANN’s, judging by the headlines currently scrolling past me on Google News.
I guess this boils down to a question of definitions.
From the ICANN perspective, a TLD is presumably not “approved” until a contract has been signed and the board has resolved to add it to the root.
The board’s decision yesterday merely sets out the track towards that eventuality, with a few hurdles scattered along the way. In conversation with ICM people, I get the impression they believe the hurdles are low and easily surmountable.
Crucially for ICM, the issue of community support, the stick with which ICANN nearly killed .xxx back in 2007, is now off the table. There will be a quick review of ICM’s books and technical capabilities, but the views of the porn industry now seem pretty much irrelevant.
The only real way I can see .xxx being derailed again now is if the Governmental Advisory Committee issues future advice that unequivocally opposes the TLD.
As Kieren McCarthy noted in some detail over on CircleID, the GAC has never had a hell of a lot of substantial advice to impart about .xxx in its official communiques, so it’s difficult to see where a clash could arise based on its previous missives.
But with the GAC currently using bogus “morality and public order” arguments to jerk everybody around with regards the next new TLD round, it’s not entirely impossible that it could lob one final grenade in ICM’s direction.
This story ain’t over yet.
Microsoft launches Kinect without Kinect.com
Microsoft has revealed that its long-awaited gaming platform previously known as Project Natal will be officially known as “Kinect”.
While the company has a trademark on the word, it does not currently own the domain name kinect.com.
It’s registered and redirecting to CAHG, which appears to be an advertising agency specialising in the pharmaceutical industry.
Kinect is widely recognized as a global leader in interactive marketing and promotion and serves as the Interactive Agency of Record for many market-leading brands in the US, Europe, Asia, South Africa, and the Middle East.
I expect lucky CAHG could shortly find itself on the receiving end of an offer it cannot refuse.
There is some precedent: four years ago, when Nintendo launched the Wii, the domain wii.com belonged to Weyerhaeuser, a forestry products company.
It took a few months for the name to change hands, for an undisclosed sum.
WSJ reporting bogus Indian domain name market info?
The Wall Street Journal is reporting that India “passed an Internet milestone of sorts” in the first quarter, when the number of .com domains registered in the country broke through 1 million.
Did it?
This is what the WSJ says:
[India] now has more than one million registered web sites using the suffixes .com or .net, according to data released today by VeriSign Inc., the U.S. company that tracks this sort of thing.
In its Domain Name Industry Brief, it reported that India now has a registered total of 1.037 million .com and .net domain names, up from about 800,000 in the same period the year before.
The number 1.037 million is terribly specific, considering that VeriSign’s Domain Name Industry Brief doesn’t say anything of the sort.
There’s nothing in the DNIB to suggest that anybody in India has ever registered a single .com domain.
The DNIB has never broken down .com registrations by location, and the Q1 report, released on Monday, doesn’t use the word “India” once.
If the WSJ numbers are accurate – the paper does appear to have interviewed a VeriSign India executive – I’m wondering how they were calculated.
It can’t be a case of tallying the number of .com domains managed by Indian registrars. Mumbai-based Directi alone has had more than a million .com names under its belt for a long time.
Could VeriSign be mining Whois records for location data?
It runs a thin registry, so it would have to reference Whois data acquired from its registrars in order to compute the numbers.
Or did the WSJ hit on unreliable sources? It seems possible.
Coupons.info sells for over $17,000
Go Daddy might be currently giving away .info domains as freebies when you buy a .com, but that doesn’t mean they’re all worthless.
Coupons.info has just sold through Sedo auction for $17,600, easily the priciest recent .info sale I can recall.
It looks as if the transaction closed yesterday, with the domain now redirecting to its new owner’s existing site at allcouponsdirect.com.
The seller had held a reserve price of $7,000, so I’m guessing he’s a happy bunny today.
Four of the top 100 brands have insecure domain names
Some of the world’s most famous global brands have domain names that are still vulnerable to the Kaminsky exploit and could be hijacked by others.
Earlier today, I ran all of the brands on Deloitte’s list of the top 100 brands through a vulnerability testing tool provided by IANA.
The results show that four of these brands – all household names – have domains classed as “highly vulnerable” to the Kaminsky exploit.
If the IANA test is reliable, this means that false data could be injected into their name servers, potentially redirecting users to a web site belonging to the attacker.
Another eight brands had domains that the IANA tool reported might be “vulnerable” to attacks, but which had measures in place to mitigate the risk.
The Kaminsky bug has been public for almost two years. It’s a cache poisoning attack in which a recursive name server is tricked into providing false data about a domain.
It becomes particularly scary when a domain’s authoritative name servers also have their recursive functions turned on. A successful attack could redirect all traffic to a compromised domain to a server managed by the attacker.
The surest way to avoid vulnerability is to turn off recursion. IANA says: “Authoritative name servers should never be configured to provide recursive name service.”
Alternatively, a method known as source port randomization can make the risk of being compromised by the Kaminsky exploit so small it’s barely a threat at all.
The IANA tool reports that four of the top 100 brands have at least one “highly vulnerable” authoritative name server that has recursion enabled and no source port randomization.
The other eight “vulnerable” domains were identified as running on at least one authoritative server that had recursion turned on and source port randomization enabled.
I’m not an expert, but I don’t believe this second category of companies has a great deal to worry about in terms of Kaminsky.
I picked the Deloitte brand list for this experiment because it is the list of brands Deloitte believes require the most trademark protection under ICANN’s new TLD process.
.CO Internet is already using the list during its sunrise period for the .co domain.
Michele Neylon of Blacknight has found some more vulnerable servers over here.
Hostway wants non-existent domain patent
Hostway, the large web hosting company, has applied for a US patent on a system of intercepting and redirecting requests for non-existent domains names.
The application describes “A system and method for controlling internet traffic controls internet traffic directed to a non-existing domain in a centralized manner.”
It appears to cover a service that could be offered to local ISPs, enabling them to show their users monetized search pages rather than domain-not-found error messages.
Under the system, ISPs would intercept NXDOMAIN responses to their users’ DNS lookups.
Instead of passing the error on to the browser, the ISP would consult a centralized controller for the IP address of a context-appropriate landing page to redirect the user to.
It’s not at all clear to me whether Hostway is using the technology or has plans to do so. The application was filed in October 2008.
ISPs using NXDOMAIN substitution to monetize error traffic is widespread but controversial.
ICANN president Rod Beckstrom strongly complained about the practice, which also has security implications, during a rant at the Nairobi meeting last month.
VeriSign’s Site Finder, and later Cameroon’s .cm, both controversially did similar things when they “wildcarded” non-existent domains at the TLD registry level.
Other interesting US patent applications published today include:
20100106650 – covering Go Daddy’s auction services.
20100106793 and 20100106794 – covering email forwarding under Go Daddy’s private registration services.
20100106731 – assigned to VeriSign, covering a method of offering alternative domain names for registration when a buyer’s first choice is unavailable.
Recent Comments