Latest news of the domain name industry

Recent Posts

DotConnectAfrica slammed for two-faced strategy as it loses .africa appeal

Kevin Murphy, October 5, 2021, Domain Policy

Unsuccessful gTLD applicant DotConnectAfrica has been handed what may prove to be the final nail in the coffin for its failed .africa bid.

A California appeals court has upheld ICANN’s lower-court victory over DCA in its entirety, ruling that the .africa applicant had a two-faced legal strategy that saw it first argue that it did not have a right to sue, but then suing anyway.

After having its .africa application rejected by ICANN due to lack of African government support in 2012, the following year DCA filed an Independent Review Process complaint against ICANN.

One of its key arguments in that case was that it, along with every other new gTLD applicant, had been forced to sign a legal waiver, preventing them from taking ICANN to court.

When it was handed a partial victory in the IRP, sufficient to embarrass ICANN but not enough to have .africa reassigned, DCA was one of a few parties who ignored the legal waiver and sued anyway, in 2016.

Now, the California appeals court has confirmed a lower court ruling that this violated the rule of “judicial estoppel”, which prevents a party switching between two diametrically opposing arguments to suit their strategy at any given time.

“DotConnect took two contrary positions. It told the arbitrators on the Independent Review Panel it could not sue in court. DotConnect then sued in court,” the three judges wrote.

They added that the “text of that litigation waiver was unequivocal, unconditional, and unlimited.”

The ruling describes the .africa case in pretty much the same way as I have for the last decade — DCA didn’t have government support when it applied for the gTLD and ICANN was well within its rights to throw out the application under the program’s rules.

ICANN was handed a thoroughly comprehensive victory, in other words, and awarded costs.

Is this the end of the .africa case? Given DCA boss Sophia Bekele’s apparent fondness for the sunk cost fallacy, who knows?

While all these legal shenanigans have been ongoing, .africa has been delegated to and launched by ZA Central Registry, which had the support of the African Union following an RFP that DCA refused to participate in.

There are about 30,000 .africa domains under management today, which is not terrible for a new gTLD.

The 30-page appeals court ruling (pdf) was made September 20 and ICANN published it this week.

Comment Tagged: , , , , ,

PIR poaches new CTO from Verisign

Kevin Murphy, October 4, 2021, Domain Registries

Public Interest Registry has announced the hiring of Rick Wilhelm as its new chief technology officer.

Wilhelm comes from Verisign, where he was VP of platform management. He’s also previously worked for Network Solutions and Neustar and sat on ICANN’s Security and Stability Advisory Committee.

He replaces Joe Abley, who quit for a job at Neustar in August.

Wilhelm started today, and reports to CEO Jon Nevett.

Comment Tagged: , ,

Marby finds his pandemic pessimism

Kevin Murphy, October 4, 2021, Domain Policy

CEO Göran Marby has spelled out his goals for ICANN’s current fiscal year, and they include a scaled-back ambition when it comes to face-to-face public meetings in the face of an ongoing pandemic.

His first enumerated goal for the year ending June 30, 2022 is:

Develop, with the community and with support from the Board, the ability to conduct hybrid meetings that are inclusive and enhance the opportunity for community interaction and decision-making.

Compare this with his equivalent goal from July 2020:

Work with Supporting Organization and Advisory Committee leaders, community members, and the Board to define and implement a phased plan to return to face-to-face meetings.

The goal of creating a “face-to-face” meetings plan has been replace with a “hybrid” meeting plan, where some section of the community can only participate online, depending on travel restrictions.

A lot has happened in the last 15 months when it comes to the coronavirus pandemic.

In June 2020, there was still some optimism in the ICANN board that the October meeting that year would go ahead in Hamburg as normal. That didn’t happen, and the face-to-face components of the three subsequent meetings have also been cancelled.

At that time, the world still hadn’t experienced the reality of Covid-19 variants, and the possibility of multiple lockdown scenarios was still largely theoretical.

So it’s probably no surprise that Marby has been forced to rein in his hopes for bumping elbows with the global community any time soon.

ICANN 72 later this month, originally planned for Seattle, will be the sixth consecutive online-only public meeting, but Marby has been tasked by the board with making the Puerto Rico meeting next March a “hybrid” affair.

Given his goals run to mid-2022, it seems possible ICANN 74, slated for The Hague next June, is also being considered most likely a hybrid meeting.

Marby has nine goals for the year in total. Seven he wrote himself, two were set by the board. Last year, he had 10 in total of which four were set by the board.

Other areas of interest coming from his own pen include greater focus on legislation around the world, emerging technologies such as blockchain naming, outreach in the developing world, DNS security and stability and prioritizing ICANN’s increasingly overwhelming workload.

Not all of them are stated as goals, at least in Marby’s blog post, and not all appear to have measurable outcomes.

The board has told him to “stimulate Universal Acceptance” and “work with Internet governance stakeholders”. Again, it’s all pretty amorphous stuff.

One 2021 goal that does not make an appearance this year is “Develop a plan for the potential economist function”, or hiring an “astrologer in chief” as I phrased it last year.

Reasonable people could disagree with whether this one was fulfilled — the economist job has been advertised on the ICANN web site all year, but does not yet appear to have been filled.

Comment Tagged: , , ,

James Bond domains listed for sale by .bond registry

Kevin Murphy, October 4, 2021, Domain Registries

ShortDot has made James Bond related domain names in the gTLD .bond available for sale or lease, as the movie franchise’s latest outing smashes box office records.

Both james.bond and 007.bond are currently listed for sale for $25,000 each at Dan.com, with a lease-to-own option of $2,084 a month. The .bond registry is listed as the seller. They will renew at the standard rate.

The offers were announced shortly before the weekend opening of No Time To Die made a reported $120 million internationally in cinema ticket sales, beating pandemic-related box office records.

Both “James Bond” and “007” are trademarks of movie producer EON Productions, so it seems buyers might be assuming some UDRP risk. I asked ShortDot about this last week but did not receive a response.

In a press release, the company made hay about the fact that that “James” is a super-common given name and “007” is a three-digit numeric, which are both sought-after categories of domains.

These are the kinds of assertions you’d expect in a UDRP defense.

.bond was originally a dot-brand for Bond University in Australia, but it was sold to ShortDot in 2019 after laying dormant for years.

Regular .bond domains retail for about $70 a year. There are over 4,000 currently registered.

Comment Tagged: , , , , , ,

Afnic gets renewed for .fr

Kevin Murphy, October 4, 2021, Domain Registries

Incumbent .fr registry Afnic has been reinstated for another five years by the French government.

The company said its contract has been re-upped for a further period starting July 1 next year, following an open call for rival bidders that opened in May.

Between now and then, the precise terms of the deal will be worked out. The government appears to want improved security and accountability at the ccTLD.

Afnic has been running .fr, which has been estimated as a €76 million contract, since 1997.

.fr has about 3.8 million domains under management, making it a the eighth-largest ccTLD by volume.

Comment Tagged: ,

Tucows buys UNR’s registry business as Schilling bows out

Kevin Murphy, October 1, 2021, Domain Registries

Tucows has acquired UNR’s registry business, the latest in the piecemeal sale of the old Uniregistry by founder Frank Schilling.

The Canadian registrar said it is taking on the technology platform as well as 10 UNR staffers.

Not many details of the deal, not even the purchase price, have been revealed.

“While I am slowly getting out of the industry, it’s important to me to know that my businesses are being left in the best hands,” Schilling said in a brief Tucows press release.

The deal gives Tucows a registry component to match rival GoDaddy, which acquired Neustar’s registry business last year, and makes the company the latest to throw itself into the vertically integrated domain space.

GoDaddy acquired Uniregistry’s registrar business last year also.

The UNR registry was originally Internet Systems Consortium’s but was acquired by UNR towards the beginning of the current new gTLD cycle.

It’s not currently clear which TLDs, if any, continue to run on the UNR platform. The company auctioned off 20 gTLDs in May, making $40 million, but did not disclose the buyers and none of the ICANN contracts have yet changed hands.

Certain ICANN approvals are needed before the deal closes, Tucows said.

Neither company answered DI’s questions about which TLDs are making the move, but Tucows VP Dave Woroch told us:

We are purchasing their registry platform and technology/intellectual property. In addition to servicing a number of registry operators, this platform will be applicable or beneficial to our broader registrar business, and we are looking at how we can implement some of that technology into our registrar platform. Along with this purchase of the registry platform, we have the unique opportunity to bring on a very experienced team of software engineers with specific expertise, and that will benefit our domain business at a time when it has been particularly challenging to add talent…

Tucows will be actively marketing itself as a backend registry provider, both for gTLDs and ccTLDs, and if there is another round of new gTLDs, we would fully expect to participate there as well.

Comment Tagged: , , , ,

Neustar exec fingered in Trump’s Russian “collusion” probe

Kevin Murphy, October 1, 2021, Domain Registries

A senior former Neustar executive has been outed as a participant in 2016 research that sought to establish nefarious links between then US presidential candidate Donald Trump and the Russian government.

According to a US federal indictment last month, former Neustar senior VP and head of security Rodney Joffe and others used DNS query data collected by the company to help create a “narrative” that Trump’s people had been covertly communicating with Kremlin-connected Alfa Bank.

The indictment claims that they did so despite privately expressing skepticism that the data was conclusive in establishing such ties.

Joffe did this work while under the impression he would be offered a top cybersecurity job in Hilary Clinton’s administration, had she won the 2016 general election, the indictment claims.

Joffe has not been accused of any illegality or wrongdoing — he’s not even named in the indictment — and his lawyer has told the New York Times that the indictment gives an “incomplete and misleading” version of events.

The indictment was returned by a federal grand jury on September 16 against Washington DC lawyer Michael Sussmann, as a result of Special Counsel John Durham’s investigation into the origins of the Trump-Russia “collusion” probe, which ultimately found insufficient evidence of illegality by the former president.

Sussman is charged with lying to the FBI when, in September 2016, he showed up with a bunch of evidence suggesting a connection between Trump and Alfa Bank and claimed to not be working on behalf of any particular client.

In fact, the indictment alleges, he was working on behalf of the Clinton campaign and Joffe, both of whom had retained his services. Lying to the FBI is a crime in the US.

The indictment refers to Joffe as “Technology Executive 1”, but his identity has been confirmed by the NYT and others.

Sussman’s evidence in part comprised DNS data supplied by Joffe and analyzed by himself and other researchers, showing traffic between the domain mail1.trump-email.com and the Russian bank.

At the time, Neustar was a leading provider of domain registry services, but also a significant player in DNS resolution services, giving it access to huge amounts of data about domain queries.

“Tech Executive-1 [Joffe] used his access at multiple organizations to gather and mine public and non-public Internet data regarding Trump and his associates, with the goal of creating a ‘narrative’ regarding the candidate’s ties to Russia,” the indictment claims.

According to the indictment, Joffe had been offered a job in the Clinton administration. He allegedly wrote, shortly after the November 2016 election: “I was tentatively offered the top [cybersecurity] job by the Democrats when it looked like they’d win. I definitely would not take the job under Trump.”

The researchers — which also included employees of the Georgia Institute of Technology, ​Fusion GPS, and Zetalytics, according to the NYT — sought to create a case for a connection between Trump and the Russian government while privately expressing doubts that their conclusions would stand up to third-party scrutiny, the indictment claims.

The suspicions were briefed to the media by Sussman and the Clinton campaign, the indictment says, and widely reported prior to the election.

When the FBI investigated the alleged links, it concluded the suspicious traffic was benign and caused by the activities of a third-party marketing firm, according to reports.

As I said, it is not alleged that Joffe broke the law, and his people say the indictment is, as you might expect from an indictment, one-sided.

Still, it’s a very interesting, and possibly worrying, insight into how companies like Neustar and their employees are able to leverage DNS resolution data for their own private purposes.

The full indictment, which uses pseudonyms for most of the people said to be involved in the research, can be read here (pdf). The New York Times story, which reveals many of these identities, can be read here (paywall).

While Neustar’s registry business was acquired last year by GoDaddy, it appears that Joffe did not make the move and instead stayed with Neustar. His LinkedIn profile showed he “retired” at some point in the last few weeks, after 15 years with the company.

1 Comment Tagged: , , , , ,

Donuts’ drop-catching service not anti-competitive, ICANN says

Kevin Murphy, September 29, 2021, Domain Registries

Donuts’ proposed DropZone service, which could see the registry start charging drop-catchers additional fees, is not anti-competitive, according to ICANN.

The service “does not raise any competition concerns”, ICANN VP Russ Weinstein said in a letter to registrar TurnCommerce, the company behind DropCatch.com.

He was responding to TurnCommerce’s concern that DropZone would allow Donuts to charge unlimited extra fees to register expiring names, while giving an advantage to its in-house registrars.

But Weinstein wrote (pdf):

The information received in the Dropzone RSEP request was thoroughly evaluated pursuant to our process, which included consideration of the matters raised in your letter. ICANN org determined that the Dropzone service as submitted by Donuts Inc. on behalf of [Donuts subsidiaries] Binky Moon, LLC and Dog Beach, LLC does not raise any competition concerns requiring ICANN org to refer either RSEP to a relevant competition authority.

DropZone would see Donuts handle its dropping names on a parallel registry system that registrars would have to obtain separate access to. Its Registry Service Evaluation Process request raises the prospect of new fees for such access.

Comment Tagged: , , , , ,

Almost no security researchers asking for Whois records – Tucows

Kevin Murphy, September 29, 2021, Domain Registrars

Security researchers are not asking for private Whois records in anywhere near the numbers you might have been led to believe, according to data released this week by Tucows.

The registrar revealed that it received just one request from the security community between September 2020 and the end of August 2021. That’s not even 1% of the total.

Over the same period, the “commercial litigators” category, presumably including intellectual property interests going after suspected cybersquatters, were behind 87% of requests.

About 9% of requests came from law enforcement agencies, Tucows said.

The company said that it disclosed private registrant data in 74% of cases. It denied the requests in 9% of cases. Other requests were incomplete or abandoned.

Tucows has been offering a Tiered Access service for its Whois records since the General Data Protection Regulation came into effect in May 2018. It has received 4,478 requests since then.

Comment Tagged: , , ,

Price of Whois lookups could rise as ICANN delays reform work

Kevin Murphy, September 28, 2021, Domain Policy

ICANN has delayed the conclusion of work on Whois reform, potentially increasing the cost of requesting domain registration data in future.

Back in March, its board of directors gave the Org six months to complete the Operational Design Phase of the so-called SSAD, or System for Standardized Access and Disclosure, but that deadline passed this week.

It appears that ICANN is not even close to concluding its ODP work. No new deadline has been announced, but ICANN intends to talk to the community at ICANN 72 next month.

SSAD is a proposal created by the community and approved — not without controversy — by the GNSO Council. It would essentially create a centralized clearinghouse for law enforcement and intellectual property interests to request private registrant data from registries and registrars.

The ODP is a new process, never before used, whereby ICANN clarifies the community’s intentions and attempts to translate policy recommendations into a roadmap that is feasible and cost-effective to implement.

It seems this process suffered some teething troubles, which are partially responsible for the delays.

But it also appears that ICANN is having a hard time finding potential service provider partners capable of building and operating SSAD all by themselves, raising the prospect of a more complex and expensive piecemeal solution.

It had 17 responses to a recent RFI, but no respondent said it could cover all the bases.

The key sticking point, described by some as a “chicken and egg” problem, is figuring out how many people are likely to use SSAD and how often. If the system is too expensive or fails to deliver results, it will be used less. If it works like a charm and is cost-effective, query volumes would go up.

So ICANN is challenged to gaze into its crystal ball and find a sweet spot, balancing cost, functionality and usage, if SSAD is to be a success. So far, its estimates for usage range from 25,000 users making 100,000 requests a year to 3 million users making 12 million requests.

That’s how far away from concluding its work ICANN is.

Confounding matters, the longer ICANN drags its feet on the ODP phase, the more expensive SSAD is likely to be for the end users who will ultimately wind up paying for it.

In a webinar last week, CEO Göran Marby said that the SSAD project is meant to recover its own costs. Whatever ICANN is spending on the ODP right now is expected to be recouped from access fees when SSAD goes live.

“This should not cost ICANN Org anything,” he said. “The costs should be carried by the user.”

ICANN is working on the assumption that SSAD will eventually happen, but if the ODP decides not to implement SSAD, ICANN will have to eat the costs, he indicated.

When the ICANN board approved this ODP, it did not specify how much money was being allocated to the project.

A second and separate ODP, looking at the next round of new gTLDs, was earlier this month given $9 million to conduct an anticipated 10-month project.

Comment Tagged: , , , ,