Recent Posts
- First registry gets breach notice over new abuse rules
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
First collision block-lists out now. How painful will they be for new gTLDs?
ICANN has published the name collision block-lists for the first four new gTLDs, and they making pretty interesting reading.
The four registries in question will be required to block between 104 and 680 unique second-level domains from their gTLDs if they want to use the fastest path to delegation on offer.
The four gTLDs with lists published this morning are: .сайт (Russian “.site”), .онлайн (Russian “.online”), شبكة. (Arabic “.web”) and .游戏 (Chinese “.games”).
These were the first four new gTLDs with signed Registry Agreements. ICANN seems to be following the order contracts were signed, rather than the official prioritization number.
So what’s on the lists?
Gibberish
The first thing to note is that, as expected, ICANN has helpfully removed invalid strings (such as those with underscores) and gibberish Google Chrome strings from the lists, greatly reducing their size.
The block-lists are based on Day In The Life Of The Internet data, which recorded DNS root queries for applied-for gTLDs over 48-hour periods between 2006 and 2013.
According to ICANN, “a significant proportion” of the DITL queries were for the nonsense 10-character strings that Chrome generates and sometimes accidentally sends to the public DNS.
Because these “appear to present minimal risk if filtered from the block lists”, ICANN has made an effort to automatically remove as many as possible, while acknowledging it may not have caught them all. The human eye is good at spotting meaningless strings, software is not so adept.
All four lists still contain plenty of gibberish strings, according to this human eye, but mostly they’re not of 10 characters in length.
IDNs
All four lists published today are for non-Latin domain names and are presumably expecting their registries to be mostly populated with IDN.IDN domain names.
As such, the impact of their mostly Latin block-lists may be even smaller than it first appears.
For example, if we look at the list for .сайт, which has 680 strings to block, we discover that only 80 of them are IDNs (beginning with xn--). I assume they’re all, like the gTLD, in Cyrillic script.
I haven’t decoded all of these strings from Punycode and translated them from Russian, but the fact is there’s only 80 of them, which may not be unduly punitive on CORE Association’s launch plan.
At the other end of the spectrum, Donuts will only have to block 13 IDN strings from its .游戏 (Chinese .games) gTLD, and the ASCII strings on its list are mostly numeric or gibberish.
There’s very probably some potentially valuable generic strings on these lists, of course, which could impact the landrush purse, but it’s beyond this monoglot’s expertise to pick them out.
Trademarks
A small number of Latin-script brands appear on all four lists.
Donuts will have to block nokia.游戏, htc.游戏 and ipad.游戏 in its Chinese “.games”, for example. CORE will have to block iphone.сайт and brazzersnetwork.онлайн. DotShabaka Registry will have to block شبكة.redbull.
The impact of this on the registries could be minimal — a few fewer sunrise sales, assuming the brand owner intended to defensively register.
If the blocked brand was a potential launch partner it could be much more annoying and even a launch-delaying factor. It’s not yet clear how registries and brand owners will be able to get these names unblocked.
Bear in mind that registries are not allowed to activate these domains in any sense for any use — they must continue to return NXDOMAIN error responses as they do today.
I’m sure ipad.游戏 (“ipad.games”) could have some value to Apple — and to Donuts, in the unlikely event it managed to persuade Apple to be an anchor tenant — but it’s no longer available.
ICANN will deliver full mitigation plans for each gTLD, which may often include releasing blocked names to their ‘rightful’ owner, but that’s not expected for some months.
Generic terms
A number of generic dictionary terms are getting blocked, which may prove irksome for those registries with long lists. For example, CORE will have to block photo.сайт and forum.сайт.
So far, .онлайн has by far the longest list of ASCII generics to block — stuff like “football”, “drinks”, “poker” and “sex”. Even weirdness like “herpesdating” and “musclefood”.
As it’s an IDN, this might not be too painful, but once ICANN starts publishing lists for Latin gTLDs we might start seeing some serious impact on registries’ ability to sell and market premium domains.
Shurely shome mishtake
There are a few strings on these lists that are just weird, or are likely to prove annoying to registries.
All four of these gTLDs are going to have to block “www” at the second level, for example, which could impact their registry marketing — www.tld is regularly used by TLD registries.
It is going to be really problematic if “www” shows up on the block-lists for dot-brand registries — many applicants say “www.” is likely to be the default landing page for their dot-brand.
The only string that ICANN says it won’t put on any block-list is “nic”, which was once the standard second-level for every TLD’s registry web site but doesn’t really have mass recognition nowadays.
The block-lists also include two-letter strings, most of which correspond to ccTLDs and all of which are already banned by the base Registry Agreement for precisely that reason.
There’s no reason for these two-letter names to be on the lists, but I don’t see their presence causing any major additional heartaches for registries.
So is this good news or what?
As the four block-lists to be released so far are for IDN gTLDs, and because I don’t speak Chinese, Arabic or Russian, it’s a difficult call today to say how painful this is going to be.
There are plenty of reasons to be worried if you’re a new gTLD applicant, certainly.
Premium names will be taken out of play.
You may lose possible anchor tenants.
Your planned registry-use domain names may be banned.
If you’re a dot-brand, you’d better start thinking of alternatives to “www.”.
But the block-lists are expected to be temporary, pending permanent mitigation, and they’re so far quite small in terms of meaningful strings, so on balance I’d say so far it’s not looking too bad.
On the other hand, nothing on the published lists jumps out at me like a massive security risk, so the whole exercise might be completely pointless and futile anyway.
Donuts and Uniregistry sign more new gTLD contracts
ICANN has signed eight more Registry Agreements with new gTLD applicants, six of them with Donuts.
Donuts’ newly contracted gTLDs are .photos, .recipes, .limo, .domains, .coffee and .viajes (.travel in Spanish).
Uniregistry, meanwhile, signed an RA for .gift and Luxury Partners signed for .luxury.
As you might expect from these portfolio applicants, they’re all expected to be open, unrestricted registries.
It’s official: Verisign has balls of steel
Verisign has spent the last six months telling anyone who will listen that new gTLDs will kill Japanese people and cause electricity grids to fail, so you’d expect the company to be a little coy about its own activities that (applying Verisign logic) endanger life and the global economy.
But apparently not.
Verisign today decided to use the same blog it has been using to play up the risks indicated by NXDOMAIN traffic in new gTLDs to plug its own service that actively encourages people to register error-traffic domains.
The company has launched DomainScope, which combines several older “domain discovery” tools — DomainFinder, DomainScore and DomainCountdown — under one roof.
According to an unsigned corporate blog post, with my emphasis:
DomainScope enables users to discover domain name registration opportunities through learning about the recent history of a domain name, understanding a domain name’s DNS traffic patterns, and knowing which domains are available that are receiving traffic.
That’s right, Verisign is giving malicious hackers the ability, for free, to find out which .com, .net and .tv domains currently receive NXDOMAIN traffic, so that the hackers can pay Verisign to register them and cause mayhem.
I used the service today see what mischief might be possible, and hit paydirt on my first query.
Typing in “mail” as the search query, ordering the results by “Traffic Score” — a 1 to 10 measure of how much error traffic a domain already gets — I got these results:
You’ll notice (click to enlarge if you don’t) that the third result, with a 9.9 out of 10 score, is netsoolmail.net.
That caught my attention for obvious reasons, and a little Googling seems to confirm that it’s a typo of netsolmail.net, a domain Network Solutions uses for its mail servers (or possibly a spam filter).
Network Solutions is of course a top-ten registrar with millions of mostly high-end customers.
So what?
Well, if Verisign’s arguments are to be believed, this poses a huge risk of information leakage — something that should be avoided at all costs in new gTLDs but which is apparently just fine in .com and .net.
Emails set to go to netsoolmail.net will fail today due to an NXDOMAIN response. But what happens when somebody registers that domain (which is likely to happen about 10 minutes after this post is published)?
Do they suddenly start receiving thousands of sensitive emails intended for NetSol’s customers?
Could NetSol’s spam filters all start to fail, causing SOMEBODY TO DIE! from a dodgy Viagra?
I don’t know. No clue. Probably not.
But there’s a risk, right? Even if it’s a very small risk (as Verisign argues), shouldn’t ICANN be preventing Verisign from promoting these domains, maybe using some kind of massive block-list?
Data leakage is important enough to Versign that it was the headline risk it posed in a recent report aimed at getting new gTLDs delayed.
In an August “technical report” entitled “New gTLD Security, Stability, Resiliency Update: Exploratory Consumer Impact Analysis”, somebody from Verisign wrote (pdf):
once delegated, the registrants under new gTLDs have the ability to register specific domains for targeted collisions
…
This form of information leakage can violate privacy of users, provide a competitive advantage between business rivals, expose details of corporate network infrastructures, or even be used to infer details about geographical locations of network assets or users
What the report fails to mention is that registrants today have this ability, and that Verisign is actively encouraging the practice.
In Yiddish they call what Verisign has done today chutzpah.
In British English, we call it taking the piss.
dotShabaka Diary — Day 20, Positive signs?
The twentieth installment of dotShabaka Registry’s journal, charting its progress towards becoming one of the first new gTLDs to go live, written by general manager Yasmin Omer.
Friday 18 October 2013
Maybe we are starting to see some positive steps from ICANN towards delegation:
We received a revised Registry Agreement, Specification six that includes the requirements for Name Collision Occurrence Management and Report Handling.
ICANN made an announcement that included the statement that collision “…assessments and SLD lists will be posted to the specific TLD’s registry agreement page on the ICANN website. The first of these will be available before the end of this week.”
ICANN reached out this week and requested a detailed list of contacts for legal, media, financial, emergency, CZDS, TMDB, abuse, URS and compliance.
We are still waiting for ICANN to comment on the TMCH launch issues highlighted in our 12 October 12 journal.
Oh, and we are still waiting for the Welcome Pack!
Read previous and future diary entries here.
Ralph Lauren can’t have .polo, panel rules
Ralph Lauren’s application for the dot-brand .polo is likely at an end, after the International Chamber of Commerce ruled that it would infringe the rights of polo players.
The Community Objection to the gTLD was filed by the US Polo Association, the governing body of the sport in the US, and supported by the Federation of International Polo, along with seven national and 10 regional US-based polo associations.
The FIP letter was crucial in ICC panelist Burkhard Hess’ decision to find against Ralph Lauren, persuading him that there was “substantial opposition” from a “clearly delineated” polo-playing community.
The word “polo” was often used in straw man arguments when the new gTLD program and its objection mechanisms were being designed. Who gets .polo? Ralph Lauren? Volkswagen? Nestle? The sport?
Well, now we know: according to the ICC, the sport will probably trump any dot-brand.
The precedent might be bad news for Donuts and Famous Four Media, which are facing Community Objections from the international governing bodies of rugby and basketball on .rugby and .basketball.
However, none of those applications are for dot-brand spaces.
Under the Community Objection rules, the objector has to show that the gTLD would harm its interests is delegated.
In the case of .polo, the panelist found detriment largely due to the fact that Ralph Lauren’s plan was for a single-registrant space from which the sports associations would be excluded.
With open, unrestricted .basketball and .rugby applications, it’s likely to be much harder for the objectors to prove that the gTLDs would damage the sport.
.shopping ruled confusingly similar to .shop
An International Centre for Dispute Resolution panelist has ruled that .shop and .shopping are too confusingly similar to coexist on the internet.
The panelist was Robert Nau, the same guy who ruled that .通販 and .shop are confusingly similar.
Again, the objector is .shop applicant Commercial Connect, which filed String Confusion Objections against almost every new gTLD application related to buying stuff online.
The defendant in this case was Donuts, via subsidiary Sea Tigers LLC.
Here’s the key part of the decision:
the concurrent use of “shopping”, the participle, and the root word “shop”, in gTLD strings will result in probable confusion by the average, reasonable Internet user, because the two strings have sufficient similarity in sound, meaning, look and feel. The average Internet user would not be able to differentiate between the two strings, and in the absence of some other external information (such as an index or guidebook) would have to guess which of the two strings contains the information the user is looking to view.
The adopters of the applicable standard of review for string confusion hypothetically could have allowed an unlimited number of top level domain names using the same root, and simply differentiate them by numbers, e.g., <.shop1>, <.shop2>, <.shop3>, etc., or other modifiers, including pluralization, or other similar variations of a root word, or other modifiers before or after the root word. While that might allow for increased competition, as argued by Applicant, it would only lead to a greater level of confusion and uncertainty among average, reasonable Internet users. Accordingly, the Applicant’s argument that the concurrent use of a root word and its participle version in a string increases competition is not persuasive in this context, and is rejected.
So far, Commercial Connect has lost 15 of the 21 SCOs it filed, against strings as weird as .supply and .shopyourway. Four cases remain open.
There are nine applicants for .shop, including Commercial Connect. Uniregistry has also applied for .shopping, but did not receive an objection.
Name collision block-lists to be published this week
ICANN will begin to publish the lists of domains that new gTLD registries must block at launch as early as this week, according to an updated name collisions plan released last night.
Registries that have already signed contracts with ICANN will be given their block-lists “before the end of this week”, ICANN said.
Registries that were not able to sign contracts because they’d been given an “uncalculated risk” categorization will now be invited, in priority order, to contracting.
The base Registry Agreement itself has been updated — unilaterally — to include provisions requiring registries to block second-level names deemed risky when they are delegated.
For each contracted gTLD, ICANN will provide what it’s calling a SLD Collision Occurrence Assessment, which will outline the steps registries need to take to mitigate their own collision risk.
It is also expected to contain a list of SLDs that have been seen on the Day In The Life Of The Internet data sets, collected from root server operators over 48-hour periods between 2006 and 2013.
Using previous years’ DITL data is news to me, and could potentially greatly expand the number of SLDs — already expected to be in the thousands in many cases — that registries are obliged to block.
“Most” new gTLD applicants are expected to be eligible for what ICANN calls an “alternative path to delegation”, in which the registry simply blocks the SLDs on an ICANN-provided list, gets delegated, and deals with the SLD Collision Occurrence Assessment at a later date.
Here’s how ICANN described the timetable for this:
For Registry Operators with executed registry agreements the Assessments and SLD lists will be posted to the specific TLD’s registry agreement page on the ICANN website. The first of these will be available before the end of this week.
In the coming weeks ICANN will post the alternative path eligibility assessments and SLD lists for all applied-for gTLDs.
In other words, if you haven’t already signed a contract there’s not yet a firm date on when you’ll find out how many — and which — names you’re expected to block, or even if you’re eligible for the alternative delegation path.
dotShabaka Diary — Day 19
The eighteenth installment of dotShabaka Registry’s journal, charting its progress towards becoming one of the first new gTLDs to go live, written by general manager Yasmin Omer.
Tuesday 15 October 2013
Still no advice from ICANN on transition to IANA. As we approach the transition to delegation and start launch processes, we remain concerned about the following process and schedule risks:
ICANN have made references to the TLD Startup information being submitted “…via the customer service portal or other mechanism” but have not provided details. We are concerned that the TLD Startup interface has not been provided. Why not allow TLDs to enter the information now and submit it to ICANN once delegated to the root zone?
The process to ‘Email ICANN CSC – Confirm Tests Completed’ is not documented. Without a process definition or certificate to confirm IBM’s email advice that شبكة. has “passed TMDB testing” we risk ICANN rejecting the launch submission and the Sunrise schedule being thrown out.
ICANN have stated the TLD Startup Information must include confirmation that the TMCH Sunrise and Claims Operator has accepted the start and end dates prior to the Registry Operator providing the TLD Startup Information. There is no process documented for submitting the start and end dates to the TMCH.
If we choose the ‘Alternate Path to Delegation’ as defined in the ‘New gTLD Collision Occurrence Management Plan’ we need to block all second-level labels that appear in DNS requests to the applied-for TLD in the DITL and other relevant dataset. ICANN have committed to developing the list of labels but have not defined a timeline or distribution process. Why not distribute the list now so we don’t have to manage Registry change after the transition process starts?
Read previous and future diary entries here.
Trademark+50 costs $75 to $200 a pop
The Trademark Clearinghouse has started accepting submissions under the new “Trademark+50” service, with prices starting at about $76.
It’s now called the Abused DNL (for Domain Name Label) service.
It allows trademark owners to add up to 50 additional strings — which must have been cybersquatted according to a court or a UDRP panel — to each record they have in the TMCH.
To validate labels found in court decisions, it will cost mark owners $200 and then $1 per abused string. For UDRP cases, the validation fee is $75.
If you’re on the “advanced” (read: bulk) fee structure, the prices drop to $150 and $50 respectively.
To add a UDRP case covering 25 domains to the Abused DNL would cost $100 in the first year and $25 a year thereafter, for example.
Adding a trademark to the TMCH costs between $95 and $150 a year, depending on your fee structure.
CEO Rosenblatt quits Demand Media
Demand Media CEO and co-founder Richard Rosenblatt has resigned and will be replaced by co-founder Shawn Colo, the company has announced.
In a statement filed with the Securities and Exchange Commission today, no reason was given for his departure.
Colo will take the CEO spot at the end of the month, while director James Quandt takes over as chairman immediately.
The company also said last night that it is still planning to spin off its domain name business, but “is currently in the process of evaluating the timing for completing the separation.”
This implies the plan, which was announced in February, has been delayed.
Demand Media’s domains business includes eNom, dozens of smaller registrars, and United TLD, which has applied for a portfolio of new gTLDs.
Recent Comments