Recent Posts
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
- $2 million Christmas bonus for ICANN
- Another VW car dot-brand crashes out
- Largest back-end switch EVER as GoDaddy loses deal
- Yeah, we got phished, ICANN admits after crypto hack
- ICANN hacked to promote crypto scam
- Super Bowl a bit of a dud for .com?
- More gloom predicted for .com
- These are the .gov domains Trump has deleted so far
- Did Trump just create the world’s next ccTLD?
- $3,000 to do a Whois lookup?
- PIR to join GlobalBlock, but its crown jewel won’t
- LA wildfire victims get domain deletes delay
ICANN gunning for Tencent over abuse claims
ICANN Compliance is taking on one of the world’s largest technology companies over claims that a registrar it owns turns a blind eye to DNS abuse and phishing.
The Org has published a breach of contract notice against a Singapore registrar called Aceville Pte Ltd, which does business as DNSPod and is owned by and shares its headquarters with $86-billion-a-year Chinese tech conglomerate Tencent.
ICANN says that DNSPod essentially has turned a blind eye to recent abuse reports, allowing phishing sites to stay online long after they were reported, and makes life difficult for people trying to report abuse.
It also has failed to upgrade from the Whois protocol to RDAP and failed to migrate its registration data escrow service provider from NCC to DENIC, according to the notice.
According to ICANN, DNSPod received abuse reports about several domains in July and August but failed to take action at all or until ICANN itself got in touch to investigate. Compliance wants to know why.
ICANN adds that the registrar seems to be requiring reporters to create user accounts and use a web form to submit their reports, even after they’ve already used the abuse@ email address.
Stricter rules on DNS abuse came into force on registrars this April. They’re now required to take action on abuse reports.
“Aceville does not appear to have a process in place to promptly, comprehensively, and reasonably investigate and act on reports of DNS Abuse,” the notice reads.
ICANN has given DNSPod until October 11 to answer its questions or risk escalation.
While DNSPod says it has been around for 17 years, it only received its ICANN accreditation in 2020. Since then, it’s grown to almost 200,000 domains under management in gTLDs.
It’s primarily a DNS resolution service provider, saying it hosts over 20 million domains, and does not appear to operate as a retail registrar in the usual sense.
Owner Tencent may not be a household name in the Anglophone world, but it’s the company behind some of China’s leading social media brands, including QQ and WeChat, as well as a formidable force in gaming and one of the world’s richest companies in any sector.
It’s the second huge Chinese tech firm to find itself publicly shamed by ICANN in recent months. Compliance went after Tencent’s primary competitor, Alibaba, on similar grounds in March. Alibaba has since resolved the complaints.
All the one-character .sk domains to be auctioned
SK-NIC, part of Team Internet, says it plans to auction off all 36 single-character .sk domains over the coming months.
The auction plans also include releasing all the 200-odd two-letter domains that match existing ccTLDs, as well as .com.sk and .net.sk, which have all been registry-reserved to date.
The registry said it plans to hold auctions every two months starting on the 15th and running for seven days, starting in November.
There will be a trademark priority phase first, running from October 1 to October 14, in which trademark owners can apply for their matching domain for €300. If successful, the domain will cost them €3,000 ($3,348) or more if a contested mark has to be auctioned.
Opening bids for the regular auctions will start at €1,000 for two-char names, €1,500 for the 26 one-letter domains, and €2,000 for everything else, SK-NIC says.
The domains to be sold — I count 277 — are listed here (pdf). They’re all either one-character or matches for existing TLDs, but sk.sk is not on the list.
.sk is of course the ccTLD for Slovakia, but it’s owned from the UK following CentralNic’s acquisition of SK-NIC and has no local presence requirements. There are over 471,000 registered domains today, according to the registry.
Straggler gTLD signs first ICANN contract for years
One of the outstanding contested gTLDs from the 2012 application round looks set to be delegated finally, after the winning bidder signed its Registry Agreement with ICANN.
Merck Registry Holdings Inc is now the officially contracted registry for .merck, and it appears the intent is to be a dot-brand jointly controlled by two unaffiliated chemical companies of the same name.
An American company and a German company, both called Merck and with common roots that were severed during World War I, now seem set to have equal ownership rights to .merck, after over a decade of legal wrangling.
Both companies applied for .merck, and according to the ICANN process the American one won because the German one withdrew its application.
However, the winning application was amended in 2021 to say that the registry intends to transfer its contract to a newly formed UK company called MM Domain Holdco Ltd.
Company records indicate that this shell firm is a 50:50 joint venture of the two Mercks, with over a million dollars cash in the bank.
It seems that the two firms intend to share the gTLD, and run it as a dot-brand for both of their benefit, which is pretty rare.
GoDaddy likely to win relaxed .xxx deal
GoDaddy seems set to get a renewed and relaxed .xxx registry contract, after ICANN dismissed the concerns of critics of the deal.
In a much-delayed analysis of submissions to a recent public comment period, Org indicated that it is in favor of GoDaddy, via subsidiary ICM Registry, migrating to a Registry Agreement much more in line with sister gTLDs .porn, .adult and .sex.
That would mean an end to the “sponsored” status of .xxx, removing the largely pointless restrictions and streamlining the registration process, and the dissolution of IFFOR, the nominal sponsor, which was criticized by one commenter as a toothless “gravy train”.
Only nine comments were received, and views were mixed, but where commenters were critical of the proposed deal ICANN has stood firm.
Notably, Org dismissed the idea that a public comment period on a Registry Agreement renewal is an appropriate forum to question whether a signatory to that Registry Agreement has historically complied with its terms.
At least two commenters had raised issues, some of which I have reported, about whether ICM had stuck to promises related to funding IFFOR and whether IFFOR had stuck to promises to issue cash grants to worthy causes.
Commenters also said that ICM has already stopped verifying the identities of registrants in its made-up “sponsored community”, which would have enabled it to more easily tackle repeatedly abusive registrants.
But ICANN doesn’t think that kind of thing — which it files under “Misconceptions, assumptions, and allegations and claims” — is suitable for discussion in Public Comments.
“If there are concerns regarding ICM’s compliance with the .XXX RA, such concerns (if any) should be raised with ICANN Compliance for investigation and are considered outside of the scope of this Public Comment proceeding,” the analysis reads.
There’s also no need to replace ICM’s sponsorship commitments with Public Interest Commitments along the lines of those found in most post-2012 gTLDs, according to the Org analysis.
“ICANN has not identified a need to add further, new obligations for the operation of .XXX or to treat .XXX differently than other adult-themed gTLDs, particularly in light of the similar PICs that the .ADULT, .PORN, and .SEX gTLDs have utilized for approximately the last decade,” it reads.
The .xxx agreement was due to expire in early 2021, but its term has been repeatedly extended as negotiations continued behind the scenes. Likewise, the public comment analysis was originally due to be published in late May but was repeatedly delayed.
It’s now up to ICANN’s board of directors, which has already been briefed on the analysis contents, to approve the renegotiated deal.
Tonkin promoted to CEO at auDA
Australian ccTLD overseer auDA has appointed industry veteran Bruce Tonkin to CEO.
It’s an internal promotion; Tonkin has been chief operating officer at auDA since 2018.
He’s replacing Rosemary Sinclair, who intends to leave at the end of the year.
Tonkin was formerly chief strategy officer of Melbourne IT, one of the very first batch of registrars accredited by ICANN a quarter-century ago. It’s now part of Webcentral, though the brand was resurrected a couple years ago.
He also spent nine years on the ICANN board of directors.
ICANN hires new Ombuds from WIPO
ICANN has named its new Ombuds, who will take over the role vacated by Herb Waye almost a year ago.
She’s Liz Field, a HR specialist who spent most of her career at Amnesty International but most recently has been working for WIPO as an independent outside consultant, according to her LinkedIn.
After almost two decades at Amnesty, Field worked for two years as an anti-harassment coordinator for the UK government’s Foreign, Commonwealth and Development Office.
Field, who says she also speaks French and Spanish, will take over from complaints officer Krista Papac, who has been filling in for Waye since his resignation.
ICANN said that 36 people applied for the job — 22 men and 14 women. The Ombuds Search Committee interviewed five of them and two candidates were interviewed by the full board of directors.
The genders of the applicants is relevant in this case. Some female ICANN community members have previously said they would be reluctant to make gender-related complaints, such as sexual harassment, to a male Ombuds.
ICANN chair Tripti Sinha earlier this week linked the hiring of the new Ombuds to a strengthened anti-harassment policy that the board hopes to shortly introduce. Field seems to have the CV to support such a goal.
The Ombuds role is to hear complaints about unfair treatment and unpleasant behavior in and from the Org and community.
The job occupies a unique position in ICANN’s structure, answering directly to the board rather than the Org’s management hierarchy. Only four people have occupied the role since it was created 20 year ago.
Big twist as ICANN bans new gTLD auctions
ICANN is to ban new gTLD applicants from paying each other off if they apply for the same strings, removing a business model that saw tens of millions of dollars change hands in the 2012 application round.
But, in a twist, applicants will be able to submit second-choice strings along with their main application, allowing them to switch if they find themselves in contention.
While ICANN’s board of directors has yet to pass a resolution on private resolution in forthcoming application rounds, chair Tripti Sinha said in a letter to the GNSO Council (pdf) and blog post that there’s agreement on three principles.
“Private resolution of contention sets will not be permitted during the Next Round,” Sinha told the Council. The idea of permitting joint-venture resolution was also ruled out as impractical and open to gaming.
This of course means that where contention sets do occur, they’ll be resolved with a “last resort” auction where ICANN gets all the cash from the winning bidder.
Funds raised this way in the last round, along with a decade’s worth of investment interest, have been used to replenish ICANN’s reserve fund, to fund the current Grant Program, and may be shortly used to subsidize the Applicant Support Program.
Second, applicants will be able to submit at least one alternate string with their applications, allowing them to avoid a contention set and last resort auction.
This potentially makes the cost of acquiring a gTLD cheaper for the applicant while increasing the number of gTLDs that go live. ICANN might also have to issue fewer refunds for withdrawn applications.
ICANN thinks this measure might make gTLDs more affordable for less well-resourced applicants from the Global South, where ICANN is keen to diversify the industry, although the applicants may not get their first-choice strings.
Applicants would only be able to switch to an alternate string, which they will have to have pre-selected, if doing so would not create a new contention set or make the applicant join a different existing contention set.
They’d also only be able avoid a contention set of exact-match strings, and not sets subsequently created by the String Similarity Review or String Confusion Objection results.
So, to take an example from 2012, any of the seven .hotels applicants would have been able to switch to a second-choice string immediately after Reveal Day, but not after the similarity review placed them in contention with .hoteis.
The third point of agreement from the board is that the last resort auctions should keep the ascending-clock second-price method used for the 2012 round, deciding against lotteries or the Vickrey auction method.
The ascending clock method sees bids filed in rounds until all bidders but one had dropped out. The last applicant standing then pays ICANN the last price offered by the runner-up.
A Vickrey auction would have seen applicants submit their maximum bids at the time of application, not knowing who they were bidding against. Lotteries are legally problematic under California gambling law.
Sinha said the board intends to pass a resolution embodying these three principles “in the coming weeks”.
This is going to create some extra work for the GNSO, as ruling out joint ventures as a means to private resolution goes against community policy recommendations (and the board’s adoption of those recommendations).
The GNSO Council is set to discuss Sinha’s letter at its regular monthly meeting this Thursday.
ICANN to “strengthen” harassment rules as it picks another homophobic meeting host
ICANN has revealed it is to “strengthen” its anti-harassment policy, but the announcement came the same day as it picked another public meeting host country where being gay can lead to jail time.
“The Board Anti-Harassment Working Group has recently worked to evaluate and strengthen the ICANN Community Anti-Harassment Policy,” chair Tripti Sinha posted over the weekend. “We do not accept any form of harassment, and we must continually seek opportunities to improve.”
The draft revisions shortly follow the revelations of a sexual harassment legal action by a veteran former staffer, at least the third such instance in the last five years I’m aware of.
The current Community Anti-Harassment Policy is already pretty broad, covering a wide range of protected characteristics (from race to marital status) and behaviors (from groping to dirty jokes).
The proposed revisions will be posted for public comment before ICANN’s Annual General Meeting in Istanbul this November, Sinha wrote.
It’s not illegal to be gay in Türkiye, but it is in Muscat, Oman, where ICANN announced just hours before the anti-harassment post it plans to hold its 2025 AGM.
Men and women can get three years imprisonment for gay sex or “cross-dressing” there, according to the Human Dignity Trust. It’s also technically illegal for unmarried straight couples to share a hotel room, according to the UK government.
While the law in Oman might not be rabidly enforced, it’s understandable that some LGBT members of the ICANN community could be made to feel nervous and adjust their travel plans accordingly — things like traveling with a same-sex partner, hooking up with someone, or having Grindr on your phone might carry additional risk.
Oman is just one of many countries with homophobic laws on the books that ICANN has invited its community members to attend over the years.
Looking back over just the last 10 years of meetings, ICANN has been to Malaysia (in 2022), the UAE, and Morocco (twice), where gay sex acts get you prison time. It’s also been to Singapore (twice) and India, which have since decriminalized homosexuality.
It’s baffling to me that ICANN can lecture its community about “microagressions” and yet also routinely invites its not-insignificant contingent of gay community members to return to the closet for a week, under pain of arrest.
.my global relaunch starts slowly despite cheapo prices
Malaysia’s .my ccTLD has so far failed to attract the hoped-for thousands of new registrations since it relaunched to a global audience a few months ago, according to registry statistics.
MYNIC puts the total number of .my domains, including third-levels under the likes of .com.my and .biz.my, at 313,588 at the end of August, barely 3,500 above the end of May number.
Second-level domains directly under .my grew by about 3,000 over the same period to end August at 149,273.
June was when .my was due to go to general availability with scrapped local presence restrictions and a worldwide registrar channel under partnership with Internet Naming Co and Tucows.
Previously, .my domains were only available to Malaysia-based entities. Third-level domains continue to be available only to Malaysians.
MYNIC told the local Malaysian press in April, before the global launch was announced, that it hoped to hit the 400,000-domains mark by the end of the year. Its best monthly number so far was about 341,000, back in June 2018.
There’s not a great deal of retail registrar coverage outside of Asia right now, judging by the registry’s web site, but those registrars actually selling it are selling it cheap — around the $2 mark for the first year at Spaceship and Namecheap.
Hackers break .mobi after Whois domain expires
It’s probably a bad idea to let a critical infrastructure domain expire, even if you don’t use it any more, as Identity Digital seems to be discovering this week.
White-hat hackers at WatchTowr today published research showing how they managed to undermine SSL security in the entire .mobi TLD, by registering an expired domain previously used as the registry’s Whois server.
Identity Digital, which now runs .mobi after a series of acquisitions, originally used whois.dotmobiregistry.net for its Whois server, but this later changed to whois.nic.mobi and the original domain expired last December.
WatchTowr spotted this, registered the name, and set up a Whois server there, which went on to receive 2.5 million queries from 135,000 systems in less than a week.
Sources of the queries included security tools such as VirusTotal and URLSCAN, which apparently hadn’t updated the hard-coded Whois URL list in their software, the researchers said.
GoDaddy and Domain.com were among the registrars whose Whois tools were sending queries to the outdated URL, WatchTowr found.
Incredibly, so was Name.com, which is owned by Identity Digital, the actual .mobi registry.
More worryingly, it seems some Certificate Authorities, responsible for issuing the digital certificates that make SSL work, were also using the old Whois address to verify domain ownership.
WatchTowr says it was possible to obtain a cert for microsoft.mobi by providing its own email address in a phony Whois record served up by its bogus Whois server.
“Effectively, we had inadvertently undermined the CA process for the entire .mobi TLD,” the researchers wrote.
They said they would have also been able to send malicious code payloads to vulnerable Whois clients.
While WatchTowr’s research doesn’t mention ICANN, it might be worth noting that the change from whois.dotmobiregistry.net to whois.nic.mobi is very probably a result of .mobi’s transition to a standardized gTLD registry contract, which requires all registries to use the whois.nic.[TLD] format for their Whois servers.
As a pre-2012 gTLD, .mobi did not have this requirement until it signed a new Registry Agreement in 2017. There are still some legacy gTLDs, such as .post, that have not migrated to the new standard URL format.
The WatchTowr research, with a plentiful side order of cockiness, can be read in full here.
Recent Comments