Recent Posts
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
- $2 million Christmas bonus for ICANN
- Another VW car dot-brand crashes out
- Largest back-end switch EVER as GoDaddy loses deal
- Yeah, we got phished, ICANN admits after crypto hack
- ICANN hacked to promote crypto scam
- Super Bowl a bit of a dud for .com?
- More gloom predicted for .com
- These are the .gov domains Trump has deleted so far
- Did Trump just create the world’s next ccTLD?
- $3,000 to do a Whois lookup?
- PIR to join GlobalBlock, but its crown jewel won’t
- LA wildfire victims get domain deletes delay
Did Whois blow the lid off a Labour leadership coup, or is this just pig-fuckery?
A British Member of Parliament has been forced to deny he was behind the registration of several domain names promoting him as a future leader of the Labour party.
Clive Lewis, until recently a member of the shadow cabinet, told the Guardian yesterday that he did not register the batch of domains, which included cliveforleader.org.uk, cliveforlabour.org.uk and their matching .org, .uk and .co.uk domains.
“None of this is true: I haven’t done this,” he told the paper, following a Huffington Post article revealing the names had been registered June 29 last year, just a couple of days after he was appointed shadow defence secretary.
Lewis resigned from the shadow cabinet three weeks ago after refusing to vote in favor of triggering the Article 50 process that will take the UK out of the European Union.
The Labour Party has been dogged by stories about potential leadership challenges ever since Jeremy Corbyn — popular among grassroots party members, unpopular with voters — took over.
Questions about Corbyn’s leadership reemerged last week after a disastrous by-election defeat for the party.
The domains were taken as an indication that Lewis had been plotting a coup for many months, which he has denied.
The Whois records do not support a conclusion one way or another.
Under Nominet rules, individuals are allowed to keep their phone number, postal and email addresses out of Whois if the domains are to be used for non-commercial purposes, a right the registrant of the names in question chose to exercise.
Public Whois records show the .uk names registered to “Clive Lewis”, but contain no contact information.
They do contain the intriguing statement “Nominet was able to match the registrant’s name and address against a 3rd party data source on 29-Jun-2016”, a standard notice under Nominet’s Whois validation program.
But Nominet does not validate the identity of registrants, nor does it attempt to link the registrant’s name to their purported address.
The statement in the Whois records translates merely that Nominet was able to discover that a person called Clive Lewis exists somewhere in the world, and that the postal address given is a real address.
The .org and .com domains, registered the same day by the same registrar, use a Whois privacy service and contain no information about the registrant whatsoever.
Lewis himself suspects the batch of names may have been registered by a political opponent in order to force him to deny that he registered them, noting that fellow MP Lisa Nandy had a similar experience last July.
His initial statement to HuffPo, on which he reportedly declined to elaborate, was:
A lesson from LBJ [US President Lyndon B Johnson] in how to smash an opponent. Legend has it that LBJ, in one of his early congressional campaigns, told one of his aides to spread the story that Johnson’s opponent f*cked pigs. The aide responded: ‘Christ, Lyndon, we can’t call the guy a pigf*cker. It isn’t true.’ To which LBJ supposedly replied: ‘Of course it ain’t true, but I want to make the son-of-a-bitch deny it.’
Since then, along with his denial to the Guardian, he’s told his local Norwich newspaper that he’s tasked his lawyers with finding out who registered the names.
“I have instructed a solicitor to go away and look at this. They can try and make sure we find the identity, the IP address and the payment details,” he told the Eastern Daily Press.
Sanchez beats Greenberg to ICANN board seat
Mexican intellectual property lawyer León Felipe Sánchez Ambía has been selected to become a member of the ICANN board of directors by the At-Large, comfortably beating his opponent in a poll this weekend.
Sanchez took 13 votes (65%) to 10-year At-Large veteran Alan Greenberg’s 7, in a vote of At-Large Advisory Committee members and Regional At Large Organization chairs.
He’ll take the seat due to be vacated in November by Rinalia Abdul Rahim, who will leave the board after one three-year term.
He’s currently head of the IP practice and a partner at Fulton & Fulton in Mexico City. According to his bio:
He is co-lead for the Mexican chapter of Creative Commons and advisor to different Government bodies that include the Digital Strategy Coordination Office of the Mexican Presidency, the Special Commission on Digital Agenda and IT of the Mexican House of Representatives and the Science and Technology Commission of the Mexican Senate.
He drafted the Internet Users Rights Protection Act for Mexico and has been very active on issues like Anti-Counterfeit Trade Agreement (ACTA), Stop Online Privacy Act (SOPA), Trans-Pacific Partnership Agreement (TPPA) and other local initiatives of the same kind, always advocating to defend users’ and creators’ rights in order to achieve a balance between regulation and freedom.
Sanchez is certainly the less experienced of the two short-listed men when it comes to length of involvement in the ICANN community, but he’s a member of the ALAC and is deeply involved as a volunteer in ICANN accountability work following the IANA transition.
The At-Large was recently criticized in a report (pdf) for the perception that it is “controlled by a handful of ICANN veterans who rotate between the different leadership positions”.
Sanchez’s appointment to the board may have an effect on that perception.
The selection of another (white, male) North American to the board, replacing an Asian woman, will of course create more pressure to increase geographic and gender diversity on the other groups within ICANN that select board members.
A written Q&A between the two candidates and At-Large members can be found here.
Now the DNA backpedals on “Copyright UDRP”
The Domain Name Association has distanced itself from the Copyright ADRP, a key component of its Healthy Domains Initiative, after controversy.
The anti-piracy measure would have given copyright owners a process to seize or suspend domain names being used for massive-scale piracy, but it appears now to have been indefinitely shelved.
The DNA said late Friday that it has “elected to take additional time to consider the details” of the process, which many of us have been describing as “UDRP for Copyright”.
The statement came a day after .org’s Public Interest Registry announced that it was “pausing” its plan for a Systemic Copyright Infringement Alternative Dispute Resolution Policy modeled on UDRP.
PIR was the primary pen-holder on the DNA’s Copyright ADRP and the only registry to publicly state that it intended to implement it.
It’s my view that the system was largely created as a way to get rid of the thepiratebay.org, an unwelcome presence in the .org zone for years, without PIR having to take unilateral action.
The DNA’s latest statement does not state outright that the Copyright ADRP is off the table, but the organization has deleted references to it on its HDI web page page.
The HDI “healthy practices” recommendations continue to include advice to registries and registrars on handling malware, child abuse material and fake pharmaceuticals sites.
In the statement, the DNA says:
some have characterized [Copyright ADRP] as a needless concession to ill-intentioned corporate interests, represents “shadow regulation” or is a slippery slope toward greater third party control of content on the Internet.
While the ADR of course is none of these, the DNA’s concern is that worries over these seven recommendations have overshadowed the value of the remaining 30. While addressing this and other illegalities is a priority for HDI, we heard and listened to various feedback, and have elected to take additional time to consider the details of the ADR recommendations.
…
Thus, the DNA will take keen interest in any registrar’s or registry’s design and implementation of a copyright ADR, and will monitor its implementation and efficacy before refining its recommendations further.
The copyright proposal had been opposed by the Electronic Frontier Foundation, the Internet Commerce Association and other members of ICANN’s Non-Contracted Parties House.
In a blog post over the weekend, ICA counsel Phil Corwin wrote that he believed the proposal pretty much dead and the issue of using domains to enforce copyright politically untouchable:
While the PRI and DNA statements both leave open the possibility that they might revive development of the Copyright UDRP at some future time, our understanding is that there are no plans to do so. Further, notwithstanding the last sentence of the DNA’s statement, we believe that it is highly unlikely that any individual registrar or registry would advance such a DRP on its own without the protective endorsement of an umbrella trade association, or a multistakeholder organization like ICANN. Ever since the U.S. Congress abandoned the Stop Online Privacy Act (SOPA) in January 2012 after millions of protesting calls and emails flooded Capitol Hill, it has been clear that copyright enforcement is the third rail of Internet policy.
PIR slams brakes on “UDRP for copyright”
Public Interest Registry has “paused” its plan to allow copyright owners to seize .org domains used for piracy.
In a statement last night, PIR said the plans were being shelved in response to publicly expressed concerns.
The Systemic Copyright Infringement Alternative Dispute Resolution Policy was an in-house development, but had made its way into the Domain Name Association’s recently revealed “healthy practices” document, where it known as Copyright ADRP.
The process was to be modeled on UDRP and similarly priced, with Forum providing arbitration services. The key difference was that instead of trademark infringement in the domain, it dealt with copyright infringement on the associated web site.
PIR general counsel Liz Finberg had told us the standard for losing a domain would be “clear and convincing evidence” of “pervasive and systemic copyright infringement”.
Losers would either have their domain suspended or, like UDRP, seized by the complainant.
The system seemed to be tailor-made to give PIR a way to get thepiratebay.org taken down without violating the owner’s due process rights.
But the the announcement of Copyright ADRP drew an angry response from groups representing domain investors and free speech rights.
The Electronic Frontier Foundation said the system would be captured by the music and movie industries, and compared it to the failed Stop Online Piracy Act (SOPA) in the US.
The Internet Commerce Association warned that privatized take-down policies at registries opened the door for ICANN to be circumvented when IP interests don’t get what they want from the multi-stakeholder process.
I understand that members of ICANN’s Non-Contracted Parties House was on the verge of formally requesting PIR pause the program pending a wider consultation.
Some or all of these concerns appear to have hit home, with PIR issuing the following brief statement last night:
Over the past year, Public Interest Registry has been developing a highly focused policy that addresses systemic, large scale copyright infringement – the ”Systemic Copyright Infringement Alternative Dispute Resolution Policy” or SCDRP.
Given certain concerns that have been recently raised in the public domain, Public Interest Registry is pausing its SCDRP development process to reflect on those concerns and consider forward steps. We will hold any further development of the SCDRP until further notice.
SCDRP was described in general terms in the DNA’s latest Healthy Domains Initiative proposals, but PIR is the only registry to so far publicly express an interest in implementing such a measure.
Copyright ADRP may not be dead yet, but its future does not look bright.
UPDATE: This post was updated 2/26 to clarify that it was only “some members” of the NCPH that were intending to protest the Copyright ADRP.
Hacked ICANN data for sale on black market
If you were a user of ICANN’s Centralized Zone Data Service back in 2014 you may wish to think about changing some passwords today.
ICANN has confirmed that a bunch of user names and hashed passwords that were stolen in November 2014 have turned up for sale on the black market.
The batch reportedly contains credentials for over 8,000 users.
ICANN said yesterday:
ICANN recently became aware that some information obtained in the spear phishing incident we announced in 2014 is being offered for sale on underground forums. Our initial assessment is that it is old data and that no new breach of our systems has occurred. The data accessed in the 2014 incident breach included usernames and hashed passwords for our Centralized Zone Data System (CZDS). Once the theft was discovered, we reset all user passwords, and urged users to do the same for any other accounts where they used the same passwords.
While CZDS users have all presumably already changed their CZDS passwords, if they are still using that same password for a non-CZDS web site they may want to think about changing it.
ICANN first announced the hack back in December 2014.
It said at the time that the Government Advisory Committee’s wiki, and a selection of other less interesting pages, had also been compromised.
The attackers got in after a number of ICANN staffers fell for a spear-phishing attack — a narrowly targeted form of phishing that was specifically aimed at them.
If you email with ICANN staff with any regularity you will have noticed that for the last several months your email subject lines get prefixed [EXTERNAL] before the staffer receives them.
That’s to help avoid this kind of attack being successful again.
India’s biggest bank switches to dot-brand
State Bank of India has announced plans to migrate all of its web sites to its new dot-brand gTLD.
The company has been responsible for .sbi since it was delegated by ICANN last April, but bank.sbi is its first live domain name.
Currently, while bank.sbi is live and resolving, the old domain sbi.co.in appears to still be its primary address.
However, SBI said “all of the bank’s internet presence… shall soon be migrated to the .sbi gTLD”.
There will be a period of crossover while customers get used to the change, it said in a press release.
The bank said: “a gTLD site like .sbi conveys an assurance to the customer that the site is authorised, genuine and is not an inappropriate or phishing site”.
The move is perhaps significant given that SBI is state-owned, and one might expect some level of nationalism when it comes to domain choice.
But SBI, India’s largest bank with $490 billion in assets under management, is not the first bank to say it plans to use its dot-brand as its primary TLD.
BNP Paribas, the world’s biggest non-Chinese bank, uses .bnpparibas for almost everything, particularly in its native France. It has three domains in the Alexa top 100,000 most-visited web sites.
Others with dot-brands in use include Barclays and Citi.
Activist investor says eNom was sold too cheap
J Carlo Cannell, the activist investor who has been circling Rightside for the last year or so, was unimpressed with the company’s recent sale of eNom to Tucows.
In a letter published as a Securities and Exchange Commission filing last week, Cannell announced that he has started up a support group for fellow “concerned” investors.
In the distinctly loveless Valentine’s Day missive, Cannell called for Rightside to be acquired, go private or issue a big dividend to investors, and said he intends to campaign to have the board of directors replaced.
On the eNom sale, Cannell wrote that the $76.7 million deal “marks a step in the right direction” for the company, but that he was “not satisfied” with the price or the $4 million legal fees accrued. He wrote:
Conversations with management suggest that the Company took only two months to evaluate and close the transaction. Perhaps if they had been more patient and diligent, shareholders would have enjoyed more than the 0.5x 2016 revenues which they received in this “shotgun sale”.
This price was a fraction of Tucows’ own valuation of 2.6x 2016 estimated revenue. For the two trading sessions following the eNom transaction, NAME traded up 10% while TCX was up 32%, suggesting that investors believe it was a better deal for TCX shareholders than NAME shareholders.
The deal was described at the time by Tucows’ CEO Elliot Noss as an “individual opportunistic transaction”.
Noss later told analysts that the eNom business was floundering, “a flat, potentially even slightly negative-growth business”.
Cannell said last week he has formed Save NAME Group, named after Rightside’s ticker symbol, as a means to exert pressure on the board.
He said it is currently “difficult to justify” the company remaining publicly listed, and that the “sale of the entire company” or a “special and substantial dividend” could help appease shareholders.
He said Rightside agreed last August to let him name a new director, but has dragged its feet approving his suggestion, adding:
SNG intends to become more active and vocal in its efforts to force change at NAME. SNG has compiled a slate of qualified candidates. The names and identity of these candidates shall be disclosed periodically together with other neutral and reliable facts to support the contention of SNG that some or all of the board of NAME needs to be replaced.
Cannell, who owns about 9% of Rightside, first emerged as a critic of the company a year ago.
At that time, he called for the company to ditch its “garbage” new gTLD registries in favor of a focus on its higher-margin eNom business.
He was supported by Uniregistry CEO Frank Schilling, then also a Rightside investor in addition to a competitor.
Phishing in new gTLDs up 1,000% but .com still the worst
The .com domain is still the runaway leader TLD for phishing, with new gTLDs still being used for a tiny minority of attacks, according to new research.
.com domains accounted for 51% of all phishing in 2016, despite only having 48% of the domains in the “general population”, according to the 2017 Phishing Trends & Intelligence Report
from security outfit PhishLabs.
But new gTLDs accounted for just 2% of attacks, despite separate research showing they have about 8% of the market.
New gTLDs saw a 1,000% increase in attacks on 2015, the report states.
The statistics are based on PhishLabs’ analysis of nearly one million phishing sites discovered over the course of the year and include domains that have been compromised, rather than registered, by attackers.
The company said:
Although the .COM top-level domain (TLD) was associated with more than half of all phishing sites in 2016, new generic TLDs are becoming a more popular option for phishing because they are low cost and can be used to create convincing phishing domains.
…
There are a few reasons new gTLDs are gaining traction in the phishing ecosystem. For one, some new gTLDs are incredibly cheap to register and may be an inexpensive option for phishers who want to have more control over their infrastructure than they would with a compromised website. Secondly, phishers can use some of the newly developed gTLDs to create websites that appear to be more legitimate to potential victims.
Indeed, the cheapest new gTLDs are among the worst for phishing — .top, .xyz, .online, .club, .website, .link, .space, .site, .win and .support — according to the report.
But the numbers show that new gTLDs are significantly under-represented in phishing attacks.
According to separate research from CENTR, there were 309.4 million domains in existence at the end of 2016, of which about 25 million (8%) were new gTLDs.
Yet PhishLabs reports that new gTLD domains were used for only about 2% of attacks.
CENTR statistics have .com with a 40% share of the global domain market, with PhishLabs saying that .com is used in 51% of attacks.
The difference in the market share statistics between the two sets of research is likely due to the fact that CENTR excludes .tk from its numbers.
Again, because PhishLabs counts hacked sites — in fact it says the “vast majority” were hacked — we should probably exercise caution before attributing blame to registries.
But PhishLabs said in its report:
When we see a TLD that is over-represented among phishing sites compared to the general population, it may be an indication that it is more apt to being used by phishers to maliciously register domains for the purposes of hosting phishing content. Some TLDs that met these criteria in 2016 included .COM, .BR, .CL, .TK, .CF, .ML, and .VE.
By far the worst ccTLD for phishing was Brazil’s .br, with 6% of the total, according to the report.
Also notable were .uk, .ru, .au, .pl, and .in, each with about 2% of the total, PhishLabs said.
Belgium domains will be registered in Ireland after cloud move
DNS Belgium, operator of .be, has moved its shared registration systems to the cloud, the non-profit said last week.
The registry migrated from a self-hosted system to Amazon Web Services on February 11.
It’s an effort to cut costs, increase efficiency, and free up engineering time currently dedicated to non-core functions such as hardware maintenance, executives said.
“As AWS sees to the hardware, connectivity etc., DNS Belgium can focus on the layers above, such as the software,” general manager Philip Du Bois said in a press release.
Business development manager Lut Goedhuys said that while the system has been moved to the cloud, AWS allows customers to select the data centers where their applications will be stored.
DNS Belgium picked Ireland, she said.
GoDaddy sold over $1 billion of domains in 2016
GoDaddy’s domain sales topped $1 billion for the first time last year, CEO Blake Irving told analysts this week.
The milestone was revealed as the registrar reported its fourth-quarter and full-year 2016 earnings late Wednesday.
In the fourth quarter, the company had a net loss of $800,000, compared to a year-ago loss of $500,000, on revenue that was up 14.2% at $485.9 million.
For the year, its loss was $21.9 million, compared to $120.4 million in 2015, on revenue that was up 15% at $1.85 billion.
GoDaddy also breaks out its revenue by segment, showing that domains revenue was up 11.2% at $242.5 million for the fourth quarter and up 11% at $927.8 million for the year.
Domain “bookings” — a somewhat informal measure that gives an indication of cash sales from domain names (as opposed to revenue under GAAP accounting) — surpassed $1 billion for the first time, Irving said.
Recent Comments