Are Whois email checks doing more harm than good?
“Tens of thousands” of web sites are going dark due to ICANN’s new email verification requirements and registrars are demanding to know how this sacrifice is helping solve crimes.
These claims and demands were made in meetings between registrars and ICANN’s board and management at the ICANN 49 meeting in Singapore last week.
Go Daddy director of policy planning James Bladel and Tucows CEO Elliot Noss questioned the benefit of the 2013 Registrar Accreditation Agreement during a Tuesday session.
The 2013 RAA requires registrars to verify that registrants’ email addresses are accurate. If registrants do not respond to verification emails within 15 days, their domains are turned off.
There have been many news stories and blog posts recounting how legitimate webmasters found their sites gone dark due to an overlooked verification email.
Just looking at my Twitter stream for an “icann” search, I see several complaints about the process every week, made by registrants whose web sites and email accounts have disappeared.
Noss told the ICANN board that the requirement has created a “demonstrable burden” for registrants.
“If you cared to hear operationally you would hear about tens and hundreds of thousands of terrible stories that are happening to legitimate businesses and individuals,” he said.
Noss told DI today that Tucows is currently compiling some statistics to illustrate the scale of the problem, but it’s not yet clear what the company plans to do with the data.
At the Singapore meeting, he asked ICANN to go to the law enforcement agencies that demanded Whois verification in the first place to ask for data showing that the new rules are also doing some good.
“What crime has been forestalled?” he said. “What issues around fraud? We heard about pedophilia regularly from law enforcement. What has any of this done to create benefits in that direction?”
Registrars have a renewed concern about this now because there are moves afoot in other fora, such as the group working on new rules for privacy and proxy services, for even greater Whois verification.
Bladel pointed to an exchange at the ICANN meeting in Durban last July, during which ICANN CEO Fadi Chehade suggested that ICANN would not entertain requests for more Whois verification until law enforcement had demonstrated that the 2013 RAA requirements had had benefits.
The exact Chehade line, from the Durban public forum transcript, was:
law enforcement, before they ask for more, we put them on notice that they need to tell us what was the impact of what we did for them already, which had costs on the implementers.
Quoted back to himself, in Singapore Chehade told Bladel: “It will be done by London.”
Speaking at greater length, director Mike Silber said:
What I cannot do is force law enforcement to give us anything. But I think what we can do is press the point home with law enforcement that if they want more, and if they want greater compliance and if they want greater collaborations, it would be very useful to show the people going through the exercise what benefits law enforcement are receiving from it.
So will law enforcement agencies be able to come up with any hard data by London, just a few months from now?
It seems unlikely to me. The 2013 RAA requirements only came into force in January, so the impact on the overall cleanliness of the various Whois databases is likely to be slim so far.
I also wonder whether law enforcement agencies track the accuracy of Whois in any meaningfully quantitative way. Anecdotes and color may not cut the mustard.
But it does seem likely that the registrars are going to have data to back up their side of the argument — customer service logs, verification email response rates and so forth — by London.
They want the 2013 RAA Whois verification rules rethought and removed from the contract and the ICANN board so far seems fairly responsive to their concerns.
Law enforcement may be about to find itself on the back foot in this long-running debate.
Applicant claims “rogue” GAC rep killed its gTLD
The unsuccessful applicant for the .thai top-level domain has become the third new gTLD hopeful to file an Independent Review Process complaint against ICANN.
Better Living Management had its bid for the restricted, Thailand-themed TLD rejected by ICANN in November due to a consensus objection from the Governmental Advisory Committee.
Now the company claims that the Thailand GAC representative who led the charge against its bid has never been formally authorized to speak for the Thai government at ICANN.
BLM says it has sued Wanawit Ahkuputra, one of three Thailand GAC reps listed on the GAC’s web site, in Thailand and wants ICANN to unreject its application pending the case’s outcome.
In the IRP request, BLM claims that Ahkuputra was appointed to the GAC by previous rep Thaweesak Koanantakool without the authorization of the Thai government.
It further claims that while Koanantakool was “invited” by the Thai government to be Thailand’s GAC rep, he was never formally “appointed” to the role. He was “erroneously recruited by the GAC”, BLM alleges.
Following that logic, Ahkuputra could not claim to be a legitimate GAC rep either, BLM claims.
From the IRP alone it looks like a bit of a tenuous, semantics-based argument. Is there any real difference between “invited” and “appointed” in the platitude-ridden world of diplomacy?
Nevertheless, BLM claims that by pushing the rest of the GAC to object to the .thai bid at the ICANN Beijing meeting a year ago, Ahkuputra acted against the wishes of the Thai government.
BLM says it has letters of support from five Thai government ministries — including the one Koanantakool works for — all signed during the new gTLD application and evaluation periods in 2012 and 2013.
Those letters were apparently attached to its IRP complaint but have not yet been published by ICANN.
BLM says it has sued Koanantakool and Ahkuputra, asking a Thai court to force them to drop their objections to the .thai bid.
This is not the first time that an unsuccessful new gTLD applicant has alleged that a GAC member was not properly appointed. DotConnectAfrica has level similar accusations against Kenya.
DCA claims (pdf) that Alice Munyua spoke against its .africa application in the GAC on behalf of Kenya but against the wishes of Kenya, which DCA says did not oppose the bid.
However, ICANN and GAC chair Heather Dryden rubbished these claims in ICANN’s reply (pdf) to DCA’s complaint, citing evidence that Kenya did in fact oppose the application.
Top-level domains top 500
The number of live top-level domains on the internet has surpassed 500 for the first time.
The delegation yesterday of 12 new gTLDs — .archi, .consulting, .cooking, .country, .fishing, .haus, .商城, .horse, .miami, .rodeo, .vegas and .vodka — tipped the total TLD count to 507.
For the numbers geeks, here are some stats from the DI PRO database:
- 285 ccTLDs
- 222 gTLDs
- 60 IDN TLDs
- 24 IDN gTLDs
- 199 gTLDs delegated in the 2012 round
- 15 gTLDs delegated in previous rounds
- 8 legacy gTLDs
- 129 new gTLDs have started Sunrise periods
- 65 new gTLDs have started Trademark Claims periods
- 367 new gTLDs have ICANN contracts
- 1 new gTLD application is still in Initial Evaluation
- 6 new gTLD applications are still in Extended Evaluation
- 9.7 new gTLDs have been delegated per week, on average, since January 1, 2014
- 36 new gTLDs were delegated in March
Based on the rate that Verisign has been adding new gTLDs to the root recently, we should expect that to top 200 in the next few days. The number of new gTLDs could outstrip the number of ccTLDs next month.
Verisign probes name collisions link to MH370
Verisign is investigating whether Malaysian Airlines flight MH370 went missing due to a DNS name collision.
The Boeing 777 disappeared on a routine flight from Kuala Lumpur to Beijing, March 8. Despite extensive international searches of the Indian Ocean and beyond, no trace of the plane has yet been found.
Now Verisign is pondering aloud whether a new gTLD might be to blame.
The theory emerged during Verisign’s conference in London two weeks ago, at which the company offered a $50,000 prize to the researcher with the best suggestion about how to keep the collisions debate alive.
Chief propaganda officer Burt Kaslinksiki told DI that the decision to launch the investigation today was prompted by a continuing lack of serious interest in name collisions outside of Verisign HQ.
“We cannot discount the possibility that the plane went missing due to a new gTLD,” he said. “Probably something to do with .aero or .travel or something. That sounds plausible, right?”
“The .aero gTLD was delegated in 2001,” he said after a few minutes thought. “Is it any coincidence that just 13 years later MH370 should go missing? We intend to investigate a possible link.”
“Think about it,” Koslikiniski said. “When was the last time you saw a .aero domain? The entire gTLD has vanished without a trace.”
He pointed to a slide from a prize-winning Powerpoint presentation made at the London conference as evidence:
“We’re not saying new gTLDs cause planes to smash into the ocean and disappear without a trace, we’re just saying that it’s not not un-impossible that such a thing might conceivably, feasibly happen,” he said.
He added that it was also possible that name collisions were to blame that time Justin Bieber got photographed pissing in a bucket.
Verisign is proposing that ICANN add “modest” new registration restrictions to all new gTLDs as a precaution until the company’s investigation is concluded, which is expected to take four to six years.
Specifically, new gTLD registries would be banned from accepting any registrations for:
- Any domain name comprising a dictionary word, or a combination of dictionary words, in any UN language.
- Any domain name shorter than 60 characters.
- Any domain name containing fewer than six hyphens.
- Any domain name in which the second level is written in the same script as the TLD.
- Anything not written in Windings.
Kalenskiskiski denied that these restrictions would unreasonably interfere with competing gTLDs’ business prospects.
“Nobody seemed to care when we managed to get 10 million domains blocked based on speculation and fearmongering,” he said. “We’re fairly confident we can get away with this too.”
“If ICANN puts up a fight, we’ll just turn The Chulk loose on ’em again to remind them who pays their fucking salaries,” he explained.
“In the rare instances where these very reasonable restrictions might prevent somebody from registering the new gTLD name they want, there’s still plenty of room left in .com,” he added.
Donuts buys out rival .place gTLD applicant
Donuts has won the .place new gTLD contention set after paying off rival applicant 1589757 Alberta Ltd.
The deal, for an undisclosed sum, was another “cut and choose” affair, similar to deals made with Tucows last August, in which the Canadian company named its price to withdraw and Donuts chose to pay it rather than taking the money itself.
1589757 Alberta has withdrawn its application for .place already.
The deal means Donuts now has 165 new gTLDs that are either live, contracted or uncontested.
ARI and Radix split on all new gTLD bids
Radix no longer plans to use ARI Registry Services for any of its new gTLDs, I’ve learned.
The company has already publicly revealed that CentralNic is to be its back-end registry services provider for .space, .host, .website and .press, but multiple reliable sources say the deal extends to its other 23 applications too.
I gather that the split with ARI wasn’t entirely amicable and had money at its root, but I’m a bit fuzzy on the specifics.
The four announced switches are the only four currently uncontested strings Radix has applied for.
Of Radix’s remaining active applications, the company has only so far submitted a change request to ICANN — which I gather is a very expensive process — on one, .online.
For the other 22, ARI is still listed as the back-end provider in the applications, which have all passed evaluation.
Radix is presumably waiting until after its contention sets get settled before it goes to the expense of submitting change requests.
No sunrise periods for dot-brands
ICANN has finally signed off on a set of exemptions that would allow dot-brand gTLDs to skip sunrise periods and, probably, work only with hand-picked registrars.
Its board’s New gTLD Program Committee passed a resolution at ICANN 49 last week that would add a new Specification 13 (pdf) to Registry Agreements signed by dot-brands.
The new spec removes the obligation operate a sunrise period, which is unnecessary for a gTLD that will only have a single registrant. It also lets dot-brands opt out of treating all registrars equally.
Dot-brands would still have to integrate with the Trademark Clearinghouse and would still have to operate Trademark Claims periods — if a dot-brand registers a competitor’s name in its own gTLD during the first 90 days post-launch, the competitor will find out about it.
ICANN is also proposing to add another clause to Spec 13 related to registrar exclusivity, but has decided to delay the addition for 45 days while it gets advice from the GNSO on whether it’s consistent with policy.
That clause states that the dot-brand registry may choose to “designate no more than three ICANN accredited registrars at any point in time to serve as the exclusive registrar(s) for the TLD.”
This is to avoid the silly situation where a dot-brand is obliged to integrate with registrars from which it has no intention of buying any domain names.
Spec 13 also provides for a two-year cooling off period after a dot-brand ceases operations, during which ICANN will not delegate the same string to another registry unless there’s a public interest need to do so.
The specification contains lots of language designed to prevent a registry gaming the system to pass off a generic string as a brand.
There doesn’t seem to be a way to pass off a trademark alone, without a business to back it up, as a brand. Neither is there a way to pass off a descriptive generic term as a brand.
The rules seem to allow Apple to have .apple as a dot-brand, because Apple doesn’t sell apples, but would not allow a trousers company to have .trousers as a dot-brand.
ICANN muddles through solution to IGO conflict
ICANN may have come up with a way to appease both the GNSO and the GAC, which are at conflict over the best way to protect the names and/or acronyms of intergovernmental organizations.
At the public forum of the ICANN 49 meeting in Singapore last Thursday, director Bruce Tonkin told the community that the ICANN board will consider the GNSO’s recommendations piecemeal instead of altogether.
It will also convene a meeting of the GNSO, GAC, IGOs, international nongovernmental organizations and the At-Large Advisory Committee to help reach a consensus.
The issue, you may recall from a DI post last week, is whether the names and acronyms of IGOs and INGOs should be blocked in all new gTLDs.
The GNSO is happy for the names to be protected, but draws the line at protecting acronyms, many of which are dictionary words or have multiple uses. The GAC wants protection for both.
Both organizations have gone through their respective processes to come to full consensus policy advice.
This left ICANN in the tricky situation of having to reject advice from one or the other; its bylaws did not make a compromise easy.
By splitting the GNSO’s 20 or so recommendations up and considering them individually, the ICANN board may be able to reconcile some with the GAC advice.
It would also be able to reject bits of GAC advice, specific GNSO recommendations, or both. Because the advice conflicts directly in some cases, rejection of something seems probable.
But ICANN might not have to reject anything, if the GAC, GNSO and others can come to an agreement during the special talks ICANN has in mind, which could happen as soon as the London meeting in June.
Even if those talks lead to nothing, this proposed solution does seem to be good news for ICANN perception-wise; it won’t have to blanket-reject either GNSO or GAC policy advice.
This piecemeal or ‘scorecard’ approach to dealing with advice hasn’t been used with GNSO recommendations before, but it is how the board has dealt with complex GAC advice for the last few years.
It’s also been used with input from non-GNSO bodies such as the Whois Review Team and Accountability and Transparency Review Team.
Judging by a small number of comments made by GNSO members at the public forum on Thursday, the solution the board has proposed seems to be acceptable.
ICANN may have dodged a bullet here.
The slides used by Tonkin during the meeting can be found here.
Dodgy domainer owns 40% of .ceo’s new names
What do Mark Zuckerberg, Oprah Winfrey, Donald Trump, Jeff Bezos and the Saudi royal family have in common?
Their .ceo domain names all belong to the same guy, a registrant from Trinidad and Tobago who as of last night was responsible for 40% of hand-registered .ceo domains.
Andrew Davis has registered roughly 100 of the roughly 250 .ceo names sold since the new gTLD went into general availability on March 28, spending at least $10,000 to do so.
I hesitate to call him a cyberquatter, but I have a feeling that multiple UDRP panels will soon be rather less hesitant.
Oh, what the hell: the dude’s a cyberquatter.
Here’s why I think so.
According to Whois records, Davis has registered dozens of common given and family names in .ceo — stuff like smith.ceo, patel.ceo, john.ceo, wang.ceo and wolfgang.ceo.
So far, that seems like fair game to me. There are enough CEOs with those names out there that to register matching domains in .ceo, or in any TLD, could easily be seen as honest speculation.
Then there are domains that start setting off alarm bells.
zuckerberg.ceo? zuck.ceo? oprah.ceo? trump.ceo? bezos.ceo?
Sure, those are names presumably shared by many people, but in the context of .ceo could they really refer to anyone other than Mark Zuckerberg, Oprah Winfrey, Donald Trump and Jeff Bezos?
I doubt it.
Then there are a class of names that seem to have been registered by Davis purely because they show up on lists of the world’s wealthiest families and individuals.
The domains slim.ceo, walton.ceo, and adelson.ceo match the last names of three of the top ten wealthiest people on the planet; arnault.ceo matches the name of France’s second-richest businessman.
getty.ceo, rockefeller.ceo, hearst.ceo, rothschild.ceo… all family names of American business royalty.
Then there’s the names of members of actual royalty, the magnificently wealthy Saudi royal family: alsaud.ceo, saud.ceo and alwaleed.ceo.
Still, if Davis had registered any single one of these names he could make a case that it was a good faith registration (if his name was Walton or Al Saud).
Collectively, the registration strategy looks very dodgy.
But where any chance of a good-faith defense falls apart is where Davis has registered the names of famous family-owned businesses where the name is also a well-defended trademark.
bacardi.ceo… prada.ceo… beretta.ceo… mars.ceo… sennheiser.ceo… shimano.ceo… swarovski.ceo… versace.ceo… ferrero.ceo… mahindra.ceo… olayan.ceo…
There’s very little chance of these surviving a UDRP if you ask me.
Overall, I estimate that at least half of Davis’ 100 registrations seem to deliberately target specific high net worth individuals or famous brands that are named after their company’s founder.
The remainder are generic enough that it’s difficult to guess what was going through his mind.
On his under construction web site at andrewdavis.ceo, Davis says:
I am the owner of Hundreds of the Best .CEO Domains available on the web.
My collection comprises of the Top Premium .CEO Domains (in my opinion).
My list of domains contains the First or Last names of well over 1 Billion people around the world.
I offer Email and Web Link Services on each of these sites, so that these Domains can be shared with many people around the world, particularly CEOs, Business Owners and Leaders, or those aspiring to become one.
On each of Davis’ .ceo sites, he offers to sell email addresses (eg contact@bacardi.ceo) for $10 a month and third-level domain names (eg blog.walton.ceo) for $5 a month.
A UDRP panelist is going to take this as evidence of bad faith, despite Davis’ disclaimer, which appears on each of his web sites. Here’s an example from bacardi.ceo:
This Website (Bacardi.CEO) is NOT Affiliated with, nor refers to, any Trademark or Company named “Bacardi”, that may or may not exist.
This Website does NOT refer to any Specific Individual Person(s) named “Bacardi”.
This Website aims to provide Services for ANY Person named “Bacardi”, particularly: CEOs, Business Owners and Leaders.
Bacardi.CEO is an Independent and Personal Project/Service of Andrew Davis.
I must admit I admire his entrepreneurship, but I fear he has stepped over the line into cybersquatting that a UDRP panelist will have no difficulty at all recognizing.
Davis has already been hit with a Uniform Rapid Suspension complaint on mittal.ceo, presumably filed on behalf of billionaire Indian steel magnate Lakshmi Mittal and/or his company ArcelorMittal.
It’s not clear from the name alone whether mittal.ceo is a losing domain under URS’ higher standard of evidence, but I reckon the pattern of registrations described in this blog post would help make for a pretty convincing case that would put it over the line.
I should add, in fairness to .ceo registry PeopleBrowsr, that the other 60% of its zone, judging by Whois records, looks pretty clean. Small, but clean.
Slow start for .ceo with fewer than 400 names sold
The new .ceo gTLD has had a disappointing launch.
In the first 30 hours of general availability, which began on Friday afternoon, the TLD has managed to scrape just 378 registrations, according to the latest zone file.
That includes 100 names that were registered during the sunrise period.
Jodee Rich, CEO of PeopleBrowsr, the .ceo registry, told DI that the company sold about 40 premium names at $999 per year on the first day and that revenue for the first six hours was about $100,000.
The baseline retail price for .ceo names is $99.
There is a tiered pricing structure, and Rich said that only four out of its 40-something accredited registrars were ready to handle it, which may have impacted sales.
He added that .ceo has over 3,000 pre-registrations which he hopes to start seeing convert over the coming days.
Nevertheless, 378 domains is a poor showing by any measure.
On day one of GA, it was the eighth-fastest growing new gTLD by domain volume. Today, it’s ranked 52nd out of the 52 new gTLDs that have gone to full, baseline pricing general availability.
Recent Comments