Recent Posts
- Could ICANN’s chair be ousted by NomCom?
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
Dot-brand gTLD guilty of domain name hijacking
Fashion retailer Mango, which owns its own dot-brand gTLD, has been found guilty of Reverse Domain Name Hijacking after allegedly doctoring evidence in a .uk cybersquatting case.
The company, which runs .mango, lost a Nominet Dispute Resolution Service complaint against New Zealand-based domain investor Garth Piesse over mango.co.uk and mango.uk.
It’s only the sixth RDNH finding in 13 years of DRS history.
Mango tried to buy the domain using a pseudonym and, when Piesse asked for “six figures”, filed the DRS instead.
Piesse claimed in what appears to have been a well-argued defense that the person attempting to buy the domain on Mango’s behalf did not identify Mango as the would-be buyer.
Further, he claimed that Mango deliberately tried to hide this fact from the DRS panel by scrubbing its negotiator’s email address from evidence it submitted.
While DRS panelist Tim Brown did not agree that this omission alone was enough to find RNDH, he agreed that Mango did not have “entirely clean hands”. He ruled:
The sequence of events in the present case appears to show that the Complainant attempted to buy
from the Respondent. When these negotiations failed the Complainant started proceedings under the DRS. As I have noted, the Complainant has relied on bare assertion and has provided a paucity of evidence to support its arguments.
Even a cursory reading of the Policy, Procedure and extensive guidance on Nominet’s website would quickly show that a matter concerning a clearly generic, dictionary term would require a higher standard of argument and evidence than is perhaps common. That the Complainant has failed to come anywhere close to providing sufficient argument or evidence is, in my view, strongly indicative that the Complainant pursued this dispute in frustration at the Respondent’s unwillingness to sellfor a price it was willing to pay, rather than because of the merits of its position in terms of the Policy’s requirements.
I conclude that the Complainant brought a speculative complaint in bad faith in an attempt to deprive the Respondent of the Domain Names. I therefore determine that the Complainant has engaged in Reverse Domain Name Hijacking.
Spain-based Mango has owned its trademarks for well over a decade, and Piesse only got his hands on the domains in question in 2013 and 2014.
Piesse, who owns about 18,000 domains, was able to show that Mango the brand is unheard of in New Zealand and that he has a track record of buying fruit-based .uk domain names.
Whois privacy reforms incoming
Whois privacy services will become regulated by ICANN under proposals published today, but there’s a big disagreement about whether all companies should be allowed to use them.
A working group has released the first draft of its recommendations covering privacy and proxy services, which mask the identity and contact details of domain registrants.
The report says that P/P services should be accredited by ICANN much like registrars are today.
Registrars should be obliged to disclose which such services they operate or are affilated with, presumably at the risk of their Registrar Accreditation Agreement if they do not comply, the report recommends.
A highlight of the paper is a set of proposed rules governing the release of private Whois data when it is requested by intellectual property interests.
Under the proposed rules, privacy services would not be allowed to reject such requests purely because the alleged infringement deals with the content of a web site rather than just the domain.
So the identity of a private registrant of a non-infringing domain would be vulnerable to disclosure if, for example, the domain hosted bootleg content.
Registrars would be able to charge IP owners a nominal “cost recovery” fee in order to process requests and would be able to ignore spammy automated requests that did not appear to have been manually vetted.
There’d be a new arbitration process that would kick in to resolve disputes between IP interests and P/P service providers.
The 98 pages of recommendations (pdf) were drafted by the Generic Names Supporting Organization’s Privacy & Proxy Services Accreditation Issues Working Group (PPSAI) and opened for public comment today.
There are a lot of gaps in the report. Work, it seems, still needs to be done.
For example, it acknowledges that the working group didn’t reach any conclusions about what should happen when law enforcement agencies ask for private data.
The group was dominated by registrars and IP interests. There was only one LEA representative and only one governmental representative, and they participated in a very small number of teleconferences.
There was also a sharp division on the issue of who should be able to use privacy services, with two dissenting opinions attached to the report.
One faction, led by MarkMonitor and including Facebook, Domain Tools and fake pharmacy watchdog LegitScript, said that any company that engages in e-commerce transactions should be ineligible for privacy, saying: “Transparent information helps prevent malicious activity”.
Another group, comprising a handful of non-commercial stakeholders, said that no kind of activity should prevent you from registering a domain privately, pointing to the example of persecuted political groups using web sites to raise funds.
There was a general consensus, however, than merely being a commercial entity should not alone exclude you from using a P/P service.
Currently, registrar signatories to the 2013 RAA are bound by a temporary P/P policy that is set to expire January 2017 or whenever the P/P accreditation process starts.
There are a lot of recommendations in the report, and I’ve only touched on a handful here. The public comment period closes July 7.
Most ICANN new gTLD breaches were over a year ago
Almost three quarters of the security breaches logged against ICANN’s new gTLD portal occurred over a three-month period in early 2014, DI can reveal.
Almost every incident of a new gTLD applicant coming across data they weren’t supposed to see — 322 of the 330 total — happened before the end of October last year, ICANN told DI.
Most — 244 of the 330 — happened before April 30 last year.
The first breach, discovered by an independent audit of the portal, was January 22 2014.
ICANN says it was first notified of there being a problem on February 27, 2015.
The improper data disclosures were announced by ICANN last week.
As we reported, a simple configuration error by ICANN in third-party software allowed users of the Global Domains Division portal — all new gTLD applicants — to view confidential data belonging to other applicants.
Documents revealed could have included sensitive financial projections and registry technical details.
My first assumption was that the majority of the incidents — which have been deliberate or accidental — were relatively recent, but that turns out not to be the case.
In fact, if anyone did download data they weren’t supposed to see, most of them did it over a year ago.
ICANN has been notifying applicants and registries about whether their own data was compromised and expects to have told each affected applicant which other applicants could have seen their data before May 27.
Ninety-six applicants and 21 registries were affected.
.porn and .adult sunrises net around 8,000 sales
The sunrise periods for .porn and .adult netted just shy of 4,000 domains per TLD, according to ICM Registry.
The company said .porn received 3,995 registrations while .adult trailed slightly with 3,902.
Those numbers are a combination of regular Trademark Clearinghouse sunrise registrations and Sunrise B registrations.
The ICANN-mandated sunrise periods ended April 1 and were followed by unique Sunrise B periods, during which anyone who bought a .xxx block in 2011 could register the matching new gTLD names.
This time, however, Sunrise B domains actually do resolve.
I believe the the Sunrise B phases accounted for something like 1,500 names apiece.
The previous high bar for 2012-round new gTLD sunrises was .london, with just over 800 registrations.
While .porn and .adult may be record breakers for this round, sales were just a twentieth of the levels seen when .xxx launched in 2011 — about 80,000 names were defensively registered back then.
Later this week, ICM will kick off another launch phase — Domain Matching — during which anyone who owned a .xxx domain prior to April 30 can get their matching .porn and .adult names.
General availability is scheduled for June 4.
“Naked aggression” or genius? .sucks trolls trademark event
.sucks registry Vox Populi has annoyed intellectual property interests by trolling a trademark conference with a .sucks mobile billboard.
As tweeted by corporate registrar Marksmen, which described the move as “naked aggression”, attendees to the International Trademark Association conference in San Diego, California saw this roaming the streets this weekend.
Spotted on the streets of San Diego… naked aggression. #dotsucks #INTA15 pic.twitter.com/bm33UIZWRe
— Marksmen (@MarksmenTweets) May 3, 2015
Vox Pop also has a booth at INTA 2015.
The company says .sucks is an opportunity for brands to engage more effectively with their customers, but most IP interests think it looks more like extortion.
The high annual $2,000+ sunrise fee has a lot to do with that, as does the special “Sunrise Premium” list of trademarks that will always incur similarly high prices.
Update: According to a reader, who submitted this photo, Vox Pop is also giving out free .sucks-branded condoms.
Dumb ICANN bug revealed secret financial data to new gTLD applicants
Secret financial projections were among 330 pieces of confidential data revealed by an ICANN security bug.
Over the last two years, a total of 19 new gTLD applicants used the bug to access data belonging to 96 applicants and 21 registry operators.
That’s according to ICANN, which released the results of a third-party audit this afternoon.
Ashwin Rangan, ICANN’s new chief information and innovation officer, confirmed to DI this afternoon that the data revealed to unauthorized users included private financial and technical documents that gTLD applicants attached to their applications.
It would have included, for example, documents that dot-brand applicants reluctantly submitted to demonstrate their financial health.
But Rangan said it was not clear whether the glitch had been exploited deliberately or accidentally.
While saying the situation was “very deeply regrettable”, he added that applicant data deemed confidential when it was submitted back in 2012 may not be considered as such today.
The vulnerability was in ICANN’s Global Domains Division Portal, which was taken offline for three days at the end of February and early March after the bug was reported by a user.
Two outside consulting firms were brought in to scan access logs going back to the launch of the new gTLD portal back in April 2013.
What they found was that any user of the portal could access any attachment to any application, whether it belonged to them or a third-party applicant, simply by checking a radio button in the advanced search feature.
It was a misconfiguration by ICANN of the Salesforce.com software used by GDD, rather than a coding error, Rangan said.
“The public/private data sharing setting can be On or Off and here it was set to On,” he said.
On 330 occasions, starting “in earliest part of when the portal first became available” two years ago, these 19 users would have been exposed to data they were not supposed to be able to see.
The audit has been unable to determine whether the users actually downloaded confidential data on those occasions.
What’s confirmed is that only new gTLD applicants were able to use the glitch. No third-party hackers were involved.
The 19 users who, whether they meant to or not, exploited this vulnerability are now going to be sent letters asking them to explain themselves. They’ll also be asked to delete anything they downloaded and to not share it with third parties.
Before May 27, ICANN will also contact those applicants whose secret data was exposed, telling them which rival applicants could have seen it.
Rangan said that there have been almost 600,000 GDD sessions in the last two years, and that only 36 of them revealed data to unauthorized users.
“It’s a small fraction,” he said. “The question is whether they just stumbled across something they were not even aware of… Looking at the log files it is not clear what is the case.”
ICANN seems to be giving the 19 users the benefit of the doubt so far, but still wants them to explain their actions.
As CIO, Rangan was not able to comment on whether the breach exposes ICANN or applicants to any kind of legal liability.
It’s not the first time sensitive applicant data has been exposed. Back in 2012, DI discovered that the home addresses of the directors of applicants had been published, despite promises that they would remain private.
At the time of the original GDD portal misconfiguration, ICANN had noted security expert Jeff “The Dark Tangent” Moss as its chief security officer.
Earlier this week, ICANN’s board of directors authorized expenses of over $500,000 to carry out security audits of ICANN’s code.
.xyz dismisses own ads as “puffery”
XYZ.com has dismissed its own claim that .xyz is the “next .com” as “mere opinion or puffery”, in an attempt to resolve a false advertising lawsuit filed by Verisign.
Attempting to get the lawsuit resolved without going to the expense of a full trial, the registry has filed with the court a lengthy, rather self-deprecating deconstruction of its own marketing.
It says among other things that the blog posts and videos at issue are “not statements of fact but rather mere puffery, hyperbole, predictive, or assertions of opinion”.
Verisign sued XYZ and its CEO, Daniel Negari, in December, claiming that the video embedded below reflects “a strategy to create a deceptive message to the public that companies and individuals cannot get the .COM domain names they want from Verisign, and that XYZ is quickly becoming the preferred alternative.”
Last week XYZ filed a motion asking the court to rule on the pleadings only, meaning it would not go to trial. It appears to be an effort by the smaller company to avoid any more unnecessary legal fees.
“Verisign is attempting to litigate XYZ out of business complaining about a vanity video, website blog posts, and opinions stated to a reporter,” the motion says.
The document goes to great lengths to argue that the video, blog posts and interviews given by Negari are not “statements of fact”, but rather mere “hyperbole”.
It even goes to the extent of arguing that its ads make Verisign look good:
XYZ’s claim to be “the next .com” could not plausibly harm Verisign’s commercial interest because the claim reinforces that Verisign’s .COM is the most-popular, most-successful domain. Perhaps consumers think that since .XYZ is the next .COM, they should not buy other new domains. Perhaps consumers buy more .COM domains because XYZ has promoted Verisign as the market leader. But Verisign suffering any injury as a result of XYZ’s statements is implausible.
…
Some might view the old Honda in the video with the “COM” license plate as trusty and reliable, and the Audi sports car with “XYZ” as high maintenance, impracticable, and too trendy.
Verisign may or may not win the lawsuit, but it does seem to have succeeded in getting XYZ to cut the balls off of its own marketing.
Verisign has not yet filed a response to XYZ’s motion, which will be heard in court May 8.
You can download the PDF of the motion here.
DomainFest to hold one-day event this June
DomainFest is heading to Bulgaria for a special one-day conference a little over a month from now.
NamesCon, which now owns the DomainFest brand, plans to hold the event June 3 at the Kempinski Hotel Marinela in Sofia.
It will be sandwiched between the fifth annual DomainForum — June 1-2 in Varna and Ruse — and EuroDIG — and internet governance conference June 4-5 also at the Kempinski.
The focus of the event appears to be very much on the domain investment side of the industry.
Tickets for DomainFest will be €125 ($140) on the door, but can be acquired for the early-bird price of €49 until the end of April (that is, today). Dinner costs another €40.
DomainForum, as ever, will be free to attend.
The schedule, which has not yet been finalized, can be found here. Tickets for DomainFest and DomainForum can be obtained here.
DI may attend.
GoDaddy getting out of NASCAR, whatever that is
GoDaddy is dropping its sponsorship of a NASCAR racing car, largely because Johnny Foreigner doesn’t have a clue what NASCAR is.
The company has been sponsoring Stewart-Haas Racing and driver Danica Patrick since 2007; Patrick is a spokesperson appearing in many commercials.
But now GoDaddy says it is dropping the deal at the end of the 2015 season in order to diversify its marketing in growth markets overseas.
It is currently negotiating to keep on Patrick as a spokesperson separately.
NASCAR is a pretty US-centric pass-time, with little recognition overseas. I recall seeing Patrick’s face on a London Underground billboard a few years ago and wondering what on Earth Go Daddy was thinking.
GoDaddy chief marketing officer Phil Bienert said in a press release yesterday:
NASCAR has been a tremendous domestic platform to help us achieve an 81 percent aided brand awareness domestically, but at this stage, we need a range of marketing assets that reach a more globally-diverse set of customers.
GoDaddy said it has presence in 37 countries in 17 languages and “is positioning to fortify its presence in Asia by the end of this year.”
From 2010 to 2012, the company had an Asia-based celebrity spokesperson in actress/singer/model DI.
In related news, I’ve just noticed that GoDaddy no longer uses a space between Go and Daddy in its brand, so DI’s house style will be adjusted accordingly.
.xyz helps CentralNic double its revenue
CentralNic’s revenue almost doubled in 2014, helped by the launch of new gTLDs.
The UK-based registry today reported annual operating profit of £497,000 ($759,000), down from £694,000 ($1.05 million) in 2013, on the back of revenue up 99% at £6.06 million ($9.25 million).
Billings– money taken but not yet recorded as revenue — was up a whopping 154% at £9.89 million ($15.1 million).
Part of the reason for the growth was the launch of new gTLDs last year.
CentralNic acts as the registry back-end for eight TLDs that launched last year, including runaway volume leader .xyz, which has about 880,000 domains in its zone file today.
Another big contributor was Internet.bs, the Bahamas-based registrar that CentralNic acquired for $7.5 million last year.
The registrar had about 400,000 legacy gTLD domains under management at the end of the year, according to DI’s records.
Both new gTLDs and Internet.bs started contributing to revenue in the second half of the year.
CentralNic also said that its new “enterprise” division, which sells premium domains and offers consulting and software, was a growth factor.
CEO Ben Crawford told the markets that the new gTLD opportunity has so far been “softer” than expected.
Only a small number of retailers received their accreditations from ICANN to sell domains under the new TLDs in 2014, and a lack of public awareness pending the launches of the “superbrand TLDs” such as .google, .apple and .sony, meant that the market for new TLDs in 2014 was softer than had been projected by ICANN and other industry experts. It was essentially limited to domain investors and other early adopters.
Opinion in split in the industry on how much reliance can be put on what Crawford calls “super-brands” to do the heavy lifting when it comes to public awareness of new gTLDs.
Recent Comments