Recent Posts
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
Emoji domains get a 👎 from security panel
The use of emojis in domain names has been discouraged by ICANN’s Security and Stability Advisory Committee.
In a paper late last week, SSAC told ICANN that emojis — aka emoticons or smileys — lack standardization, are barred by the relevant domain name technical standards, and could cause user confusion.
Emoji domains, while technically possible, are not particularly prevalent on the internet right now.
They’re implicitly banned in gTLDs due to the contractual requirement to adhere to the IDNA2008 standard, which restricts internationalized domain names to actual spoken human languages, and the only ccTLD I’m aware of actively marketing the names is Samoa’s .ws.
There was a notable example of Coca Cola registering 😀.ws (xn--h28h.ws) for a billboard marketing campaign in Puerto Rico a couple of years ago, but that name has since expired and been registered by an Australian photographer.
The SSAC said that emoji use should be banned in TLDs and discouraged at the second level for several reasons.
Mainly, the problem is that while emojis are described in the Unicode standards, there’s no standardization across devices and applications as to how they are displayed.
A certain degree of creative flair is permitted, meaning a smiling face in one app may look unlike the technically same emoji in another app. On smaller screens and with smaller fonts, technically different emojis may look alike.
This could lead to confusion, which could lead to security problems, SSAC warns:
It is generally difficult for people to figure out how to specify exactly what happy face they are trying to produce, and different systems represent the same emoji with different code points. The shape and color of emoji can change while a user is viewing them, and the user has no way of knowing whether what they are seeing is what the sender intended. As a result, the user is less likely to reach the intended resource and may instead be tricked by a phishing site or other intentional misrepresentation.
SSAC added that it:
strongly discourages the registration of any domain name that includes emoji in any of its labels. The SSAC also advises registrants of domain names with emoji that such domains may not function consistently or may not be universally accessible as expected
The brief paper can be read here (pdf).
Web.com in takeover talks – report
Web.com is in talks to be acquired by private equity firms, according to a report.
Reuters reported last night that the registrar said the talks were “early stage” and that there was no guarantee of a deal.
Web.com is of course home to Network Solutions, Register.com and is involved in secondary market plays SnapNames and NameJet.
The company had 2016 revenue of $710 million and a market capitalization prior to the report of $1.1 billion. Its shares surged on the news.
After price hike, now Tucows drops support for Uniregistry TLDs
Tucows is to drop OpenSRS support for nine Uniregistry gTLDs after the registry announced severe price increases.
The registrar told OpenSRS resellers that it will no longer support .audio, .juegos, .diet, .hiphop, .flowers, .guitars, .hosting, .property and .blackfriday from September 8, the date the increases kick in.
It’s the second major registrar, after GoDaddy, to drop support for Uniregistry TLDs in the wake of the pricing news.
“The decision to discontinue support for these select TLDs was made to protect you and your customers from unknowingly overpaying in a price range well beyond $100 per year,” OpenSRS told its resellers.
It will continue to support seven other Uniregistry gTLDs, including .click and .link, which are seeing more modest price increases and will remain at $50 and under.
While Tucows is a top 10 registrar in most affected TLDs, its domains under management across the nine appears to be under 3,000.
These domains will expire at their scheduled expiry date and OpenSRS will not allow their renewal after the September 8 cut-off. Customers will be able to renew at current prices for one to 10 years, however.
Tucows encouraged its roughly 40,000 resellers to offer to migrate their customers to other TLDs.
Uniregistry revealed its price increases in March, saying moving to a premium-pricing model was necessary to make the gTLDs profitable given the lack of volume.
Pricing for .juegos and .hosting is to go up from under $20 retail to $300. The other seven affected gTLDs will increase from the $10 to $25 range to $100 per year.
After GoDaddy pulled support for Uniregistry TLDs, the registry modified its plan to enable all existing registrations to renew at current prices.
That clearly was not enough for Tucows, which has sent a pretty clear message that it’s not prepared to be the public face of such significant price hikes.
Country names to finally be released in new gTLDs
It looks like hundreds of domain names matching the names of countries are to finally get released from ICANN limbo.
The ICANN board last week passed a resolution calling for the organization to clear a backlog of over 60 registry requests to start selling or using country and territory names in their gTLDs.
Some of the requests date back to 2014. They’ve all been stuck in red tape while ICANN tried to make sure members of the Governmental Advisory Committee was cool with the names being released.
The result of these three years of pondering is scrappy, but will actually allow some names to hit the market this year.
The new resolution calls for ICANN to “take all steps necessary to grant ICANN approvals for the release of country and territory names at the second-level”, but only “to the extent the relevant government has indicated its approval”.
And that’s the catch.
Some governments, such as the US and UK, don’t care who registers matching names. Dozens of others want to vet each registry request on a case-by-case basis.
The wishes of each government are record in a GAC database.
The only territories to so far give a blanket waiver over their names are: Denmark, Finland, Ireland, the Netherlands, Norway, Sweden, the UK, the USA, Guernsey and Pitcairn.
Almost 70 other countries have said they need to be told when a registry wants to sell a domain matching their name. Ten others give carte blanche to closed dot-brands, but require notification in the case of open gTLDs.
The majority of countries in the world have yet to officially express a preference one way or the other.
Of the roughly 60 new gTLD registries to request country name releases over the last few years, the vast majority are dot-brands. The number of open gTLDs with such requests appears to be in the single figures, and the only ones with mass-market appeal appear to be .xyz and .global.
Want to be one of the internet’s SEVEN SECRET KEY-HOLDERS? Apply now!
ICANN has put out a call for volunteers, looking for people to become what are sometimes referred to as “the internet’s seven secret key holders”.
Specifically, it needs Trusted Community Representatives, people of standing in the internet community who don’t mind carrying around a small key and getting a free trip to Los Angeles or Virginia once or twice a year.
The TCRs are used in the paranoia-inducing cryptographic key-signing ceremonies that provide DNSSEC at the root of the domain name system.
The ceremonies take place at ICANN data centers four times a year. The ceremonies themselves take hours, involve multiple layers of physical and data security, and the volunteers are expected to hang around for a day or two before and after each.
There’s no compensation involved, but the TCRs are allowed to apply to ICANN for travel reimbursements.
ICANN expects TCRs to stick around for about five years, but the large majority of the 28 people who act as TCRs (yeah, it’s not seven, it’s 28) have been in the role since 2010 and ICANN is probably planning a cull.
Other than knowing what the DNS is and how it works, the primary requirements are “integrity, objectivity, and intelligence, with reputations for sound judgment and open minds”.
If you think you tick those boxes, head here to apply.
Richemont kills off two more dot-brands
Luxury goods maker Richemont has decided to ditch two more of its dot-brand gTLDs.
The company has asked ICANN to terminate its registry contracts for .chloe and .montblanc, according to documents published by ICANN late last week.
Chloe is a fashion brand; Mont Blanc sells pens, jewelery and such.
No reason was given for either termination. Registries are allowed to self-terminate their Registry Agreements for any reason, given 180 days notice.
In both cases, ICANN has already agreed not to transfer the gTLD to a new operator. That’s a special privilege dot-brands get in their RAs.
Neither gTLD ever progressed beyond a single nic.brand placeholder page
Four additional Richemont dot-brands — .piaget, .iwc, .cartier, .panerai — have also been live for two years or more but are in identical states of disuse.
Richemont also runs .watches, .手表 and .珠宝 (Chinese for “watches” and “jewelry” respectively) which have been in the DNS for over 18 months but do not yet have any published launch plans.
The company was a somewhat enthusiastic early adopter of the new gTLD concept, providing speakers to industry events well before the application window opened back in 2012.
It applied for 14 strings in total, 10 of which eventually went live. It dumped two of its dot-brands before contract-signing and lost two auctions for generic strings.
Both .chloe and .montblanc are expected to be removed from the DNS in October.
There are now 22 new gTLDs that have voluntarily terminated their RAs.
Iran reported to Ombudsman after new gTLD conspiracy theory
ICANN’s Ombudsman has stepped in to resolve a complaint from the Iranian government that it was being “excluded” from discussions about the next phase of the new gTLD program.
Kavouss Arasteh, Iran’s Governmental Advisory Committee representative, earlier this month accused the leadership of the New gTLD Subsequent Procedures Working Group of deliberately scheduling teleconferences to make them difficult for him to attend.
He said the 0300 UTC timing of a meeting made it “painful” for European volunteers to participate (though it’s 0730 in Tehran).
When WG co-chair Avri Doria said that the time had been selected to avoid clashes with other working groups and declined his request, Arasteh said in an email: “If you insist, I interpret that this is an effort to EXCLUDE GAC TO ATTEND THE PDP.”
In other words, he was accusing the WG leaders of trying to exclude governments from helping to develop the rules of the new gTLD program.
Doria responded that she took the tone of the remarks as “abusive”, adding:
since my motives have been attacked and since I have been accused of trying to prevent GAC participation, I have no choice other than to turn this issue over to the Ombudsman.
The only other alternative I can think of is to accept the fact that I am incapable of co-chairing this group and step down.
Fellow co-chair Jeff Neuman chipped in with a detailed explanation of how, in the global ICANN community, there usually isn’t a time of day that is not inconvenient to at least some volunteers.
(It’s sometimes possible to hear snoring on these calls, but that’s not always due to the time of day.)
Today, Ombudsman Herb Weye responded to Doria’s complaint, saying that it has been “resolved” between the two parties. He wrote:
Without going into detail I am pleased to advise the working group that this complaint has been resolved and that I can bear witness to a unanimous demonstration of support for the leadership of the working group.
I would like to highlight the professional, “human” approach taken by all involved and their willingness to communicate in a clear, respectful and objective manner. This cooperative atmosphere allowed for a timely discussion and quick resolution.
Aratesh has for some time been one of the most vocal and combative GAC reps, noticeably unafraid to raise his voice when he needs to make his point.
He recently publicly threatened to take his concerns about ICANN’s policy on two-character domains to the International Telecommunications Union if his demands were not met.
Key-Systems buys reseller EDC
Key-Systems has acquired one of its resellers, European Domain Centre.
The acquiring registrar did not disclose the terms of the deal, but said EDC will help boost its own BrandShelter corporate registrar business.
EDC says it has clients including AirBnB, Campari, Lycamobile, iStockPhoto and BusinessWire.
The company was founded in 2003 by Nikolaj Borge and Christopher Hofman Laursen and is based in Copenhagen, Denmark.
Its selling point has been its willingness to offer offer its customers the broadest range of gTLD and ccTLD options.
It’s been a customer of RRPproxy, Key-Systems’ reseller network, since 2008.
As it’s been using the Key-Systems IANA number all this time, it’s not possible to get an accurate figure for its domains under management from ICANN reports.
Let’s all have a nosey at how much ICANN staff get paid
It’s that time of year again when ICANN publishes its US tax returns and we all get to have a good old nosey at how much its top brass get paid.
Figures for fiscal 2016 — so, basically a year out of date — came out this week and they show some senior executives got big pay boosts.
Overall, the return shows that the 17 highest-paid ICANN staffers received a total of $7.3 million in a combination of salary and bonuses, or about $429,000 on average, in the year.
That’s an increase of $603,000 on fiscal 2015 or $488,000 if you don’t count the bonuses.
I’m only counting the 17 named executives who appear in both the FY15 and FY16 returns, and I’m not counting non-executive directors.
Three of these executives received pay rises, not including bonuses, in excess of $100,000. While most top staff saw pay increases below 5%, raises of 21%, 34%, 44% and even 58% were recorded.
Four of them received bonuses of $125,000 or more.
One of the 17 saw his compensation go down. I’m guessing that might be an exchange rate fluctuation.
CEO Fadi Chehade, who left three quarters of the way through the fiscal year, still took home $854,000 in salary and bonuses, up from $737,000 in FY15. His successor’s compensation does not figure into the FY16 numbers.
ICANN has 155 staff members making over $100,000 a year, the return shows, up from 132 the previous year. That means more than half of ICANN’s total staff is in six-figure territory.
ICANN’s pay policy is to set compensation at the 50th to 75th percentile of the “relevant market”, which I assume is the technology sector rather than the not-for-profit sector, in order to stay competitive when hiring.
Its FY16 tax return can be downloaded here (pdf) and the FY15 one is here (pdf).
Massive ransomware attack hits 150 countries, brought down by a domain reg
A massive outbreak of malware on Friday hit thousands of organizations in an estimated 150 countries and had a big impact on the UK National Health Service before being temporarily thwarted by a single domain name registration.
WannaCry, as the malware has been called, targets Windows boxes that have not installed a March security patch. It encrypts files on the hosts it infects and demands money for the decryption key.
The attack is Big News for several reasons.
First, it spread ransomware over the network using a remotely exploitable vulnerability that required no user error or social engineering to install itself.
Second, it hit an estimated quarter-million machines, including thousands at big organizations such as Telefonica, the NHS, Deutsche Bahn and FedEx.
Third, it posed a real risk to human life. A reported 70,000 NHS machines, including medical devices, were said to be infected. Reportedly, some non-critical patients had to be turned away from UK hospitals and operations were cancelled due to the inability of doctors to access medical records.
Fourth, WannaCry appears to have been based on code developed by the US National Security Agency and leaked last month.
All in all, it was an attack the scale of which we have not seen for many years.
But it seems to have been “accidentally” prevented from propagating further on Friday, at least temporarily, with the simple act of registering a domain name.
A young British security researcher who goes by the online handle MalwareTech said he was poring over the WannaCry code on Friday afternoon when he came across an unregistered domain name.
On the assumption that the malware author perhaps planned to use the domain as a command and control center, MalwareTech spent the ten bucks to register it.
MalwareTech discovered that after the domain was registered, the malware stopped encrypting the hard drives it infected.
He first thought it was a fail-safe or kill-switch, but he later came to the conclusion that the author had included the domain lookup as a way to thwart security researchers such as himself, who run malware code in protected sandbox environments.
MalwareTech wrote:
In certain sandbox environments traffic is intercepted by replying to all URL lookups with an IP address belonging to the sandbox rather than the real IP address the URL points to, a side effect of this is if an unregistered domain is queried it will respond as [if] it were registered
Once the domain was registered, WannaCry iterations on newly infected machines assume they were running in sandboxes and turned themselves off before causing additional damage.
MalwareTech was naturally enough proclaimed the hero of the day by many news outlets, but it appears that versions of the malware without the DNS query kill-switch already started circulating over the weekend.
Many are warning that the start of the work week today may see a new rash of infections.
The researcher’s account of the incident can be read in full here.
Recent Comments