Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
Domain security arrives in .com
VeriSign announced late yesterday that it has fully implemented DNSSEC in .com, meaning pretty much anyone with a .com domain name can now implement it too.
DNSSEC is a domain-crypto protocol mashup that allows web surfers, say, to trust that when they visit wellsfargo.com they really are looking at the bank’s web site.
It uses validatable cryptographic signatures to prevent cache poisoning attacks such as the Kaminsky Bug, the potential internet-killer that caused panic briefly back in 2008.
With .com now supporting the technology, DNSSEC is now available in over half of the world’s domains, due to the size of the .com zone. But registrants have to decide to use it.
I chatted to Matt Larson, VeriSign’s VP of DNS research, and Sean Leach, VP of technology, this afternoon, and they said that .com’s signing could be the tipping point for adoption.
“I feel based on talking to people that everybody has been waiting for .com,” Larson said. “It could open the floodgates.”
What we’re looking at now is a period of gradual adoption. I expect a handful of major companies will announce they’ve signed their .coms, probably in the second half of the year.
Just like a TLD launch, DNSSEC will probably need a few anchor tenants to raise the profile of the technology. Paypal, for example, said it plans to use the technology at an ICANN workshop in San Francisco last month, but that it will take about six months to test.
“Most people have their most valuable domains in the .com space,” said Leach. “We need some of the big guys to be first movers.”
There’s also the issue of ISPs. Not many support DNSSEC today. The industry has been talking up Comcast’s aggressive deployment vision for over a year now, but few others have announced plans.
And of course application developer support is needed. Judging from comments made by Mozilla representatives in San Francisco, browser makers, for example, are not exactly champing at the bit to natively support the technology.
You can, however, currently download plugins for Firefox that validate DNSSEC claims, such as this one.
According to Leach, many enterprises are currently demanding DNSSEC support when they buy new technology products. This could light a fire under reluctant developers.
But DNSSEC deployment will still be slow going, so registries are doing what they can to make it less of a cost/hassle for users.
Accredited registrars can currently use VeriSign’s cloud-based signing service for free on a trial basis, for example. The service is designed to remove the complexity of managing keys from the equation.
I’m told “several” registrars have signed up, but the only one I’m currently aware of is Go Daddy.
VeriSign and other registries are also offering managed DNSSEC as part of their managed DNS resolution enterprise offerings.
Neither of the VeriSign VPs was prepared to speculate about how many .com domains will be signed a year from now.
I have the option to turn on DNSSEC as part of a Go Daddy hosting package. I probably will, but only in the interests of research. As a domain consumer, I have to say the benefits haven’t really been sold to me yet.
Greek IDN blocked due to non-existent domain
Greece’s request for .ελ, a version of .gr in its local script, was rejected by ICANN because it looked too much like .EA, a non-existent top-level domain, it has emerged.
Regular readers will be familiar with the story of how Bulgaria’s request for .бг was rejected due to its similar to Brazil’s .br, but to my knowledge the Greeks had not revealed their story until this week.
In a letter to the US government, George Papapavlou, a member of ICANN’s Governmental Advisory Committee, called the process of applying for an IDN ccTLD “long and traumatic”.
He said that Greece had to jump through “completely unnecessary” hoops to prove its chosen string was representative of the nation and supported by its internet community, before its application was finally rejected because it was “confusingly similar” to a Latin string.
“IANA has no right to question languages or local Internet community support. Governments are in the position of expressing their national Internet communities,” Papapavlou wrote.
The capital letters version of .ελ (ΕΛ) was considered to be confusingly similar to the Latin alphabet letters EA. The possibility of such confusion for a Greek language speaker, who uses exclusively Greek alphabet to type the whole domain name or address, to then switch into capital letters and type EA in Latin alphabet is close to zero. After all, there is currently no .ea or .EA ccTLD.
That’s true. There is no .ea. But that’s not to say one will not be created in future and, due to the way ccTLD strings are assigned, ICANN would not be able to prevent it on stability grounds.
Papapavlou called for “common sense” to be the guiding principle when deciding whether to approve an IDN ccTLD or not.
That is of course only one side of the story. Currently, ICANN/IANA does not comment on the details of ccTLD delegations, so it’s the only side we’re likely to see in the near future.
Those April 1 Headlines in Full
Too many ideas, not enough time.
These are some of the stories I would have written if there were more hours in the day…
Joan Rivers dies after head transplant surgery
UK banishes cybercrime sites to .au
Transparency review calls for ICANN reality show
UDRP panelist returns Taiwan to China
Bob Parsons shoots BigJumbo CEO
“Pigeon shit” blamed for Playboy plague
Hank Alvarez named ICANN compliance chief
Constantine Roussos says DNS needs “more cowbell”
NATO apologizes for Bit.ly bombing
Blacknight unveils leprechaun mascot
RIAA says .so domains “haven for piracy”
DomainTools merges with DomainJerks
BBC to apply for .cotton
ICANN successfully delays heat death of universe
Parsons apologizes, resurrects elephant
‘Hostel’ director slams Go Daddy CEO
Okay, this is getting weird.
Eli Roth, director of Hostel – one of the sickest horror films of recent years – has criticized Go Daddy CEO Bob Parsons for his controversial elephant-hunting video.
In a series of Twitter posts last night, Roth condemned Parsons for his video, saying, among other things: “It’s sick fucks like you that make me think Hostel could really happen.”
If you haven’t seen Hostel, it’s basically about an Eastern European gang that lets wealthy Americans torture and murder kidnapped backpackers in exchange for a hefty fee.
It’s just about as grim a movie as you could imagine.
Here’s a screenshot of some of Roth’s tweets.
Compounding the weirdness, Roth was later retweeted by Russell Crowe.
Porn affiliate network to shun .xxx
The Free Speech Coalition has announced support for its .xxx boycott from what looks to be a significant player in the porn affiliate network market.
Gamma Entertainment, which runs programs such as LiveBucks.com, said it plans to defensively register some of its brands in .xxx.
But for every dollar the company spends with ICM Registry, it also plans to make a matching donation to the top-level domain’s opponents, such as the FSC.
Xbiz quotes Gamma president Karl Bernard: “Gamma is committed to using our resources to lead by example – by pledging our support in the efforts to combat ICM’s .xxx.”
The company will continue to focus development on its .com web sites, according to the article.
The FSC announced its boycott earlier this week, to signal its objection to ICANN’s approval of the TLD.
Short .tel domains coming June 1
Telnic, the .tel registry, is to start selling short and numeric .tel domain names from June 1.
The company announced today that two-character and numeric-only .tel domains will first be subject to a premium-price landrush, followed by general availability from June 14.
It’s the first time you’ll be able to register domains containing only numerals, but you won’t be able to register anything with more than seven digits, including hyphens.
This would presumably rule out phone numbers including area codes in most if not all places.
All two-letter strings that correspond to existing country-code top-level domains are also reserved, as are all one-letter strings, whether they be numeric or alphabetic.
The release follows Telnic’s moderately controversial request to ICANN to liberalize its registration policies, which I previously covered here and here.
New UDRP guidelines reflect unpredictability
Cybersquatting cases filed under the Uniform Dispute Resolution Policy have become less predictable, judging from complex new guidelines for adjudication panels.
The World Intellectual Property Organization has just published WIPO Overview 2.0, which sets out over 10 years of UDRP precedent for panelists to consider when deciding future cases.
The document is a must-read for domain investors and trademark holders.
Updated for the first time since 2005, it contains new sections covering developments such as registrar parking, automatically generated advertising and proxy/privacy services.
The Overview has quadrupled in length, from 5,000 to 20,000 words. With that, has come increased complexity. WIPO notes:
While predictability remains a key element of dispute resolution systems, neither this WIPO Overview nor prior panel decisions are binding on panelists, who will make their judgments in the particular circumstances of each individual proceeding.
The document reflects decisions already made, rather than creating new law, but as such it also reflects the tilting balance of the UDRP in favor of complainants.
For example, while the 2005 guidelines presented majority and minority views on whether [trademark]sucks.com domains meet the “confusing similarity” criterion, Overview 2.0 presents only a “consensus view” that they do, suggesting that it is now settled law.
On whether parking a domain with PPC ads meets the “legitimate interests” criterion, the guidelines refer to precedent saying that the ads must not capitalize on a trademark:
As an example of such permissible use, where domain names consisting of dictionary or common words or phrases support posted PPC links genuinely related to the generic meaning of the domain name at issue, this may be permissible and indeed consistent with recognized sources of rights or legitimate interests under the UDRP, provided there is no capitalization on trademark value
Supporting this view, the Overview states that “bad faith” can be shown even if the domain owner does not control the content of their parked pages and makes no money from the ads:
Panels have found that a domain name registrant will normally be deemed responsible for content appearing on a website at its domain name, even if such registrant may not be exercising direct control over such content – for example, in the case of advertising links appearing on an “automatically” generated basis… It may not be necessary for the registrant itself to have profited directly under such arrangement
There is a defense to this, if the respondent can show they had no knowledge of the complainant’s trademark and made no effort to control or profit from the ads.
Because the UDRP calls for “registration and use in bad faith”, the guidelines also ask: “Can bad faith be found if the disputed domain name was registered before the trademark was registered or before unregistered trademark rights were acquired?”
The original guidelines said no, with a carve-out for cases where the squatter anticipated, for example, a future corporate merger (microsoftgoogle.com) or product release (ipad4.com).
The new guidelines are a lot less clear, calling it a “developing area of UDRP jurisprudence”. The document lists several cases where panelists have chosen to essentially set aside the registration date and concentrate instead just on bad faith usage.
The question of whether a renewed domain counts as a new registration is also addressed, and also has a couple of exceptions to give panelists more flexibility in the decisions.
The Overview covers a lot of ground – 46 bullet points compared to 26 in the first version – and will no doubt prove invaluable reading for people filing or fighting UDRP cases.
The guidelines are not of course set in stone. The 2005 version read:
The UDRP does not operate on a strict doctrine of precedent. However, panels consider it desirable that their decisions are consistent with prior panel decisions dealing with similar fact situations. This ensures that the UDRP system operates in a fair, effective and predictable manner for all parties
But the new version adds a caveat to the end of the sentence: “while responding to the continuing evolution of the domain name system.”
Too many ideas, not enough time.
These are some of the stories I would have covered today, if only there were more hours in the day.
Joan Rivers dies after head transplant surgery
UK government banishes cybercrime sites to .au
Transparency review calls for ICANN reality show
UDRP panelist returns Taiwan to China
Bob Parsons shoots BigJumbo CEO
“Pigeon shit” blamed for Playboy plague
Hank Alvarez named ICANN compliance chief
Constantine Roussos says DNS needs “more cowbell”
NATO apologizes for Bit.ly bombing
Blacknight unveils leprechaun mascot
RIAA says .so domains “haven for piracy”
DomainTools merges with DomainJerks
BBC to apply for .cotton
ICANN successfully delays heat death of universe
Parsons apologizes, resurrects elephant
There’s at least 15 stupidly obscure in-jokes there. Probably more. How many did you “get” without Googling?
15 – Congratulations! You’re me. Or a potential future spouse. Call me!
10-14 – You truly are a domain name industry nerd, the depth and breadth of your knowledge covering both domaining and ICANN politicking. You’ve probably been to ICANN meetings and DomainFest. You should be both immensely proud and profoundly ashamed of yourself.
6-10 – I’m proud to have you as a reader. You’re exactly the type of well-balanced individual I’m hoping to attract to this site. Why not try visiting one of my advertisers and purchasing something?
1-5 – Must try harder! Your insight into the industry is sadly lacking. Perhaps consider subscribing to my RSS and Twitter feeds, which can be found at at the top of the left-hand sidebar, in order to bulk up your knowledge base.
0 — You appear to have visited this blog by mistake. Were you searching for “group porn”? I get a lot of hits for that. Nothing to see here, please move along.
UDRP filings hit new record
The World Intellectual Property Organization handled more cybersquatting cases in 2010 than in any other year to date, according to just-released statistics.
WIPO said today it received 2,696 UDRP complaints last year, up 28% over 2009’s 2,107 cases.
But the number of domains covered by these cases actually slipped a little, from 4,688 to 4,370, according to WIPO.
Since the policy was created in 1999, WIPO says it has decided over 20,000 UDRP complaints, covering over 35,000 domain names in 65 TLDs.
It may sound like a lot, but it’s actually a vanishingly small percentage of the 205.3 million domain names that are registered across all TLDs today.
.xxx introduces the 48-hour UDRP
The forthcoming .xxx top-level domain will have some of the strictest abuse policies yet, including a super-fast alternative to the UDRP for cybersquatting cases.
With ICM Registry likely to sign its registry contract with ICANN soon, I thought I’d take another look at some of its planned policies.
I’d almost forgotten how tight they were.
Don’t expect much privacy
ICM plans to verify your identity before you register a .xxx domain.
While the details of how this will be carried out have not yet been revealed, I expect the company to turn to third-party sources to verify that the details entered into the Whois match a real person.
Registrants will also have to verify their email addresses and have their IP addresses recorded.
Whois privacy/proxy services offered by registrars will have to be pre-approved by ICM, “limited to services that have demonstrated responsible and responsive business practices”.
Registrants using such services will still have their full verified details stored by the registry, in contrast to TLDs such as .com, where the true identity of a registrant is only known to the proxy service.
None of these measures are foolproof, of course, but they would raise barriers to cybersquatting not found in other TLDs.
Really rapid suspension
The .xxx domain will of course abide by the UDRP when it comes to cybersquatting complaints, but it is planning another, far more Draconian suspension policy called Rapid Takedown.
Noting that “the majority of UDRP cases involve obvious variants of well-known trademarks”, ICM says it “does not believe that the clearest cases of abusive domain registration require the expense and time involved in traditional UDRP filings.”
The Rapid Takedown policy is modeled on the Digital Millennium Copyright Act. Trademark holders will be able to make a cybersquatting complaint and have it heard within 48 hours.
Complaints will comprise a “simple statement of a claim involving a well-known or otherwise inherently distinctive mark and a domain name for which no conceivable good faith basis exists”.
A “response team” of UDRP panelists will decide on that basis whether to suspend the domain, although it does not appear that ownership will be transferred as a result.
X strikes and you’re out
ICM plans to disqualify repeat cybersquatters from holding any .xxx domains, whether all their domains infringe trademarks or not.
The policy is not fully fleshed out, so it’s not yet clear how many infringing domains you’d have to own before you lose your .xxx privileges.
High-volume domain investors would therefore be advised to make sure they have clean portfolios, or risk losing their whole investment.
Gaming restrictions
ICM plans to allow IP rights holders to buy long-term, deep-discount registrations for non-resolving .xxx domains. As I’ve written before, Disney doesn’t necessarily want disney.xxx to point anywhere.
That would obviously appeal to volume speculators who don’t fancy the $60-a-year registry fee, so the company plans to create a policy stating that non-resolving domains will not be able to convert to normal domains.
There’s also going to be something called the Charter Eligibility Dispute Resolution Process, which which “will be available to challenge any resolving registration to an entity that is not qualified to register a resolving name in the .xxx TLD”.
This seems to suggest that somebody (think: a well-funded church) who does not identify as a member of the porn industry would be at risk of losing their .xxx domains.
The CEDRP, like most of the abuse policies the registry is planning, has not yet been fully fleshed out.
I’m told ICM is working on that at the moment. In the meantime, its policy plans are outlined in this PDF.
Recent Comments