Let’s all beat up Go Daddy!

I think it’s fair to say that Go Daddy is ending 2011 on a bum note.
A handful of competitors, notably Namecheap, are exploiting the recent outrage about the company’s support for the Stop Online Piracy Act (since recanted) to really stick the boot in.
NameCheap today called for December 29 to be marked as Move Your Domain Day and is currently sponsoring the hashtag #BoycottGoDaddy on Twitter.
It also said it will donate $1 to the Electronic Frontier Foundation for every domain transferred to it that day using the coupon code SOPASUCKS.
Other registrars are joining in with somewhat less gusto.
Dotster, for example, is offering cheap transfers with the discount code NOFLIPFLOP, a reference to Go Daddy’s changed position on SOPA.
So what’s the net effect of all this on Go Daddy’s business? It’s difficult to tell with much accuracy at this point.
NameCheap claims to have seen 40,000 inbound transfers in the last week, most of them presumably coming from former Go Daddy customers.
That’s going to be a difficult claim to verify however, even when December’s official gTLD registry reports are published a few months from now.
Unlike most ICANN-accredited registrars, NameCheap does not register domains directly — it has fewer than 200 .com domains under management, according to the most recent registry report.
The company started off life as an eNom reseller and appears to have never gotten around to migrating its customers.
(I wonder how many people transferring their domains this week are aware that some of their fees are probably flowing into the coffers of Demand Media, another popular internet hate figure.)
Several media articles have sourced DomainTool’s DailyChanges service for numbers of transfers out of domaincontrol.com, Go Daddy’s default name server constellation.
But as Andrew Allemann and Elliot Silver have already noted, those numbers are not a reliable indication of how many domains are being transferred from Go Daddy to other registrars.
Here’s a graph showing the transfers in and out of domaincontrol.com since the start of the month.

Transfers out briefly overtook transfers in this week, but by a negligible number.
The two big spikes you can see – both of which occur before the boycott began on December 22 – can be attributed to domainers (possibly a single domainer) moving thousands of domains from domaincontrol.com to internettraffic.com, a parking service, and back again.
Those movements had nothing to do with SOPA or the boycott, nor do they indicate that the domains were transferred away from Go Daddy. Name server changes != transfers.
Facts shouldn’t get in the way of a good story, however.
That’s probably why NameCheap seems to have got away with its insinuations about Go Daddy “blocking” transfers yesterday, which turned out to be highly questionable.
It transpires that transfers into NameCheap were failing not because of any nefarious activity by Go Daddy, but because NameCheap’s Whois queries were being automatically rate limited.
This was likely because NameCheap failed to white-list the IP addresses it uses for port 43 Whois look-ups either using ICANN’s RADAR tool or by notifying Go Daddy directly.
Registrar expert Jothan Frakes said as much on this blog yesterday, as did Michele Neylon of the unrelated registrar Blacknight on Twitter.
Go Daddy senior direct of product development Rich Merdinger suggested in a statement last night that NameCheap looked for the PR opportunity before picking up the phone:

Namecheap posted their accusations in a blog, but to the best our of knowledge, has yet to contact Go Daddy directly, which would be common practice for situations like this. Normally, the fellow registrar would make a request for us to remove the normal rate limiting block which is a standard practice used by Go Daddy, and many other registrars, to rate limit Whois queries to combat WhoIs abuse.

NameCheap has naturally disputed this interpretation of events, saying it had tried to get in touch with Go Daddy but received no response for 24 hours (Christmas Day, presumably).
Regardless of the he said/she said, the narrative in the media and on Twitter for the last couple of days has been pretty clear — Go Daddy: Bad, NameCheap: Good.
The SOPA story seems to have hit a nerve, and there are no shortage of pissed-off Go Daddy customers with horror stories to recount or just general criticisms of the company’s fairly brash image.
Warren Adelman picked a hell of a time to take over as CEO.

Whois throttling returns to bite Go Daddy on the ass

Go Daddy has been accused by a competitor of “thwarting” domain name transfers in violation of ICANN rules. (Note: story has been updated, see below).
The problem has reared its head due to the ongoing SOPA-related boycott of the company’s services, and appears to be related to Go Daddy’s decision earlier this year to throttle Whois queries.
NameCheap, one of the registrars that has been offering discounts to Go Daddy customers outraged by its recently recanted support of the controversial Stop Online Piracy Act, blogged today:

As many customers have recently complained of transfer issues, we suspect that this competitor [Go Daddy] is thwarting efforts to transfer domains away from them.
Specifically, GoDaddy appears to be returning incomplete WHOIS information to Namecheap, delaying the transfer process. This practice is against ICANN rules.
We at Namecheap believe that this action speaks volumes about the impact that informed customers are having on GoDaddy’s business.
It’s a shame that GoDaddy feels they have to block their (former) customers from voting with their dollars. We can only guess that at GoDaddy, desperate times call for desperate measures.

Part of transferring a domain from Go Daddy to NameCheap involves checking the identity of the registrant against Whois records.
Judging by a number of complaints made by Reddit readers today, it appears that NameCheap and other registrars are attempting to automatically query Go Daddy’s Whois database on port 43 at sufficient volume to trigger whatever throttling algorithm Go Daddy has in place to prevent the “harvesting” of contact data.
Go Daddy caused a similar ruckus earlier this year when it started blocking DomainTools and other Whois aggregation services from collecting full Whois records.
The registrar giant claimed then that it was trying to protect its customers by preventing the inappropriate use of their contact data.
However, while blocking a third-party information tool is merely annoying and disturbing, interfering with legitimate inter-registrar transfers could get Go Daddy into hot water, even if it is inadvertent.
NameCheap says it is doing the required Whois look-ups manually for now, and that it will honor each transfer request.
Giving Go Daddy the benefit of the doubt, I assume that this problem is ongoing largely due to the Christmas holiday, and that it will be rectified as soon as the appropriate people become aware of it.
Add this to your list of reasons .com and .net need a thick Whois.
UPDATE: All registrars have access to an ICANN service called RADAR, which enables them to specify the IP addresses they use to query competitors’ Whois databases.
Whitelisting IP addresses in this way could prevent a registrar’s queries being throttled, but not all registrars use the service.
According to this screenshot, NameCheap has not whitelisted any IP addresses in RADAR, which may be the reason it is having problems transferring Go Daddy customers’ domains to itself.

Will new gTLDs really increase phishing?

The US Federal Trade Commission has come out swinging against ICANN’s new generic top-level domains program, saying it will increase online fraud and should be scaled back.
In an open letter to ICANN’s top brass yesterday, the FTC’s four commissioners claimed that “the dramatic introduction of new gTLDs poses significant risks to consumers”.
Saying that more gTLDs will make it easier for scammers to acquire domain names confusingly similar to existing brands, the commissioners said the program should be rolled out as a limited pilot.
The FTC commissioners wrote (pdf):

A rapid, exponential expansion of gTLDs has the potential to magnify both the abuse of the domain name system and the corresponding challenges we encounter in tracking down Internet fraudsters. In particular, the proliferation of existing scams, such as phishing, is likely to become a serious challenge given the infinite opportunities that scam artists will now have at their fingertips. Fraudsters will be able to register misspellings of businesses, including financial institutions, in each of the new gTLDs, create copycat websites, and obtain sensitive consumer data with relative ease before shutting down the site and launching a new one.

The letter demands better Whois accuracy enforcement, better ICANN compliance programs, and a cap on approved new gTLDs in the first round perhaps as low as a couple dozen.
The FTC’s claims that new gTLDs will increase phishing may not be supported by reality, however.
The latest data (pdf) from the Anti-Phishing Working Group shows that in the first half of the year only 18% of domain names used in phishing attacks were registered by the attacker.
That was down from 28% in the second half of 2010. Phishers are much more likely to compromise a domain belonging to somebody else – by hacking a web server, for example.
Of the 14,650 maliciously registered domains 10,444 (70%) were used to phish Chinese targets, “overwhelmingly” the e-commerce site Taobao.com, the APWG found.
Furthermore, only 2% of these domains – just 1,816 over six months – were judged to have been registered due to their confusing similarity with the brands they target.
The APWG said (emphasis in the original):

These are the lowest numbers we have observed in the last past four years, and show that using domain names containing brand strings has fallen further out of favor among phishers.
…
the domain name itself usually does not matter to phishers, and a domain name of any meaning, or no meaning at all, in any TLD, will usually do. Instead, phishers almost always place brand names in subdomains or subdirectories

The APWG found only one gTLD that ICANN has introduced – .info, with 4.5% – in its top ten phishing TLDs. The .com space accounts for 48.9% of all phishing domains.
Will the increase in the number of gTLDs reverse these trends? The FTC seems to think so, but the claims in its letter appear to be based largely on guesswork and fear rather than data.
I suspect that the FTC’s letter is more concerned with ICANN’s ongoing bilateral talks with registrars over law enforcement-demanded amendments to the Registrar Accreditation Agreement.
These talks are completely separate and distinct from the new gTLDs program policies, but in the last few weeks we’ve seen them being repeatedly conflated by US lawmakers, and now the FTC.
This may be ignorance, but it could just as well be an attempt to apply political pressure on ICANN to make sure the RAA talks produce the results law enforcement agencies want to see.
ICANN does not want to be forced into an embarrassing retreat on its hard-fought gTLD expansion. By producing a strong RAA, it could deflect some of the concerns about the program.

ICM opens can of worms with .xxx domain seizures

ICM Registry has suspended several dozen .xxx domain names registered by cybersquatters.
It’s believed to be unprecedented for a mainstream registry to unilaterally shut down domains purely on the grounds of alleged cybersquatting, as I reported for The Register earlier today.
ICM took down 70 to 80 domains including washingtonpost.xxx, cnbc.xxx and verizonwireless.xxx because it decided that the domains infringed trademarks and were therefore abusive.
Many belonged to the squatter Domain Name Wire first fingered as the registrant of huffingtonpost.xxx, named in Whois as Justin Crews.
Crews had told MSNBC that he planned to sell the domains at profit.
There was no UDRP arbitration, no court order, just a breach of the .xxx registry-registrant agreement, which gives ICM the right to suspend squatted domains at will.
This is the relevant part of the agreement, which all .xxx registrants must agree to:

You acknowledge and agree that the Registry reserves the right to disqualify you or your agents from making or maintaining any Registrations or Reservations in the .XXX TLD if you are found to have repeatedly engaged in abusive registrations, in its sole discretion.

I blogged back in May about why it might not be necessary to spend a fortune on defensive registrations in .xxx, given the existence of this policy and others.
Nevertheless, while it may take a while for the implications to become clear, I think the suspensions represent a very significant development.
Coming so soon after the end of ICM’s sunrise period, which saw many organizations spend thousands on useless non-resolving defensive registrations, I wouldn’t be surprised if many companies feel like they may have wasted their money.
If you’ve just spent $200 defending your brand, I imagine it would be quite annoying to see the likes of verizonwireless.xxx or businessweek.xxx get the same protection for free.
I would also not be surprised if, from now on, trademark attorneys trying to defend their rights in .xxx first contacted ICM, rather than WIPO or the National Arbitration Forum.
Why spend thousands on a UDRP complaint when you can just send a legal nastygram to ICM?
ICM president Stuart Lawley told DI today that this wave of suspensions was done independently, not in response to any legal demands.
Still, the precedent has been set: ICM will suspend domains for free, under certain circumstances.
What those circumstances are is less clear.
Lawley said that ICM will not get involved in complaints about individual domains – but it will shut down cybersquatters with multiple infringements.
But what constitutes cybersquatting? UDRP has a definition, but I’m not sure ICM does. It may be quite subjective.
It’s also not clear what ICM will do with the suspended domains, not all of which necessarily infringe trademarks. Some may be bona fide, but the ICM policy is to take down the registrant’s entire portfolio.
So will those non-infringing domains be released back into the pool? And if so, how will ICM determine which are squats and which are not?
And what about the ones that are squats? Will they be released?
AOL may be content for huffingtonpost.xxx to remain suspended forever. As long as it’s suspended, the company does not have to worry about defensive registration fees.
But consider gayroom.xxx, which was also suspended.
The owner of gayroom.com owns a trademark on the word “gayroom”. Gayroom.com is a porn site, but one that has chosen not to buy its equivalent .xxx domain.
What if it changes its mind? If gayroom.com wants gayroom.xxx in future, is there a way to take it out of suspension, or is the company stuck without its .xxx forever, just because a cybersquatter got there first?
ICM’s policies do not seem to answer this question and the company has not yet revealed its plans for the suspended domains.
As a post-script, I should note that Huffington Post owner AOL is currently listed as the registrant of huffingtonpost.xxx in the Whois record.
It’s not yet clear why this is the case, but Lawley stated unequivocally today that the apparent transfer is completely unrelated to ICM’s own crackdown.
Go Daddy, the registrar of record for the domain, declined to comment, citing its customer privacy policy.
Did the cybersquatter transfer the domain to AOL before the suspension? Did he sell it to AOL? Or did he just update the Whois with phoney data? Either seems possible at this point.

Notes from the Senate new gTLDs hearing

The US Senate’s Commerce Committee held a hearing into ICANN’s new generic top-level domain program today, following pressure from the Association of National Advertisers.
It must have been a busy day on Capitol Hill. Not only was the hearing delayed by 45 minutes, but when it did begin only four or five Senators showed up to speak.
Committee chair Sen. Jay Rockefeller put his head through the door just long enough to deliver a prepared statement, leaving Sen. Amy Klobuchar to lead the rest of the hearing.
It was a relatively subdued and hurried affair that heard for the most part some extremely well-worn arguments about the potential benefits and risks of new gTLDs.
Nevertheless, the hearing did generate a few headline moments. These are my first impressions.
Rockefeller in pro-gTLD shocker
Given that the hearing was called at the behest of ICANN’s critics, it was slightly surprising that the Committee’s chairman gave a generally pro-expansion statement.
Sen. Rockefeller said he was generally in favor of new gTLDs, believing them to be pro-competition and pro-innovation, but suggested that the roll-out should be slower and more cautious.
“I think we’ll have to get used to .hotel, I think we’ll have to get used to .auto,” he said.
“If ICANN is determined to move forward, it should do so slowly and cautiously,” he said. “The potential for fraud, consumer confusion, and cybersquatting is massive and argues for a phased in implementation. Scaling back the initial round of new top level domains introduced in 2013 may be a prudent approach.”
ICANN expects about 1,000 applications
Senior vice president Kurt Pritz gave the latest ICANN guesstimate about how many new gTLD applications it expects to receive in the first round.
That number is 500 to 1,000, maybe a little more but “not thousands”, he said, noting that the estimate was completely based on hearsay.
New ICANN conflict of interest rules
ICANN’s board of directors evidently voted to restrict their post-ICANN employment opportunities at the board meeting earlier today, if Pritz’s testimony is an accurate guide.
He said that directors will not be able to work for any new gTLD operator that they have voted to approve for 12 months after they leave ICANN.
Cheaper application fees for worthy applicants
Again scooping the publication of today’s ICANN board meeting resolutions, Pritz revealed that application fees are going to be reduced from $185,000 to $47,000 for needy applicants.
This suggests heavily that ICANN figured out a way to accommodate the recommendations of the Joint Applicant Support working group, which proposed a number of measures aimed at reducing the financial burden for applicants in developing nations.
There was no word from Pritz about which organizations or nations will be eligible for the reduction, however.
The ANA compares senators to Disney characters
At one point, the ANA’s Dan Jaffe wheeled out a slide bearing a picture of Donald Duck and Mickey Mouse, to illustrate the problem of inaccurate Whois information.
He was addressing Sen. Maria Cantwell and Sen. Kelly Ayotte, both of whom asked questions about fraud and both of whom use Whois privacy services on their official campaign web sites.
I found this immensely amusing.
Dyson speaks for the little guy (if he has a trademark)
Former ICANN chair Esther Dyson said in her opening testimony that she was the only person at the hearing there to represent public opinion, rather than that of big business.
She then went on to complain, with a straight face, about all the trademark enforcement headaches big business will have to deal with in a world of hundreds of new gTLDs.
She’s particularly miffed, as a director of a company called Meetup, that ICM Registry has reserved meetup.xxx as a premium domain name.
Meetup will probably sue whoever buys the name for trademark infringement, she indicated.
Way to stick it to The Man, Esther!
Wither IDNs?
Non-Latin-script gTLDs were not discussed in any depth during the hearing, meriting only one or two mentions.
That’s unusual, given that IDN gTLDs are the one benefit of the ICANN program that not even intellectual property interests have dared to argue against.
Next steps
The ANA and the YMCA want somebody to put a stop to the new gTLD program, or to at least delay it.
Dyson suggested that for the US to unilaterally intervene might be a bad idea, politically.
When asked whether the Department of Commerce would be able to stay ICANN’s hand, Commerce representative Fiona Alexander ducked the question.
With a handful of exceptions, nobody on the Senate committee seemed to care enough about the subject to show up and ask questions.
I think this probably counts as a win for the pro-expansion camp.
There is however another hearing, this time before the House Energy and Commerce Committee, next week. If recent history is any guide, we’re likely to be in for more of the same.

YouPorn imposes embargo on .xxx sites

Manwin, the company behind YouPorn, has stepped up its fight against ICM Registry by saying it will not do business with any .xxx web site.
Reported in the adult press this weekend, the ban seems to extend to webmasters hoping to promote their sites on Manwin’s “tube” sites, including YouPorn.
It also won’t allow its content to be used on .xxx sites, according to Xbiz.
Manwin is of course already suing ICM and ICANN under US monopoly laws, and has demanded an ICANN independent review, claiming the .xxx launch amounted to “extortion”.
The domain YouPorn.xxx is currently on ICM’s Registry Reserved list, meaning it was not acquired during sunrise and will not become available when .xxx opens its doors on Tuesday.
YouPorn is one of the web’s top 100 sites, according to Alexa.

Zip.ca lets zip.tv expire then files UDRP to get it back

The Canadian movie rental site Zip.ca, a sister company of Pool.com, has filed a cybersquatting complaint with WIPO over the domain name zip.tv.
A UDRP filed over a dictionary word would often scream reverse domain name hijacking, but it appears that in this case Zip.ca owned the matching .tv but accidentally let it expire.
According to historical Whois records, Zip.ca owned zip.tv until July 6 this year, when the registration expired and it went into its registrar’s “Reactivation Pending” status.
It was then acquired by a Chinese registrant, Mai Lifang, in October. The domain is currently parked.
It’s embarrassing for Zip.ca, given that its parent, Momentous, is primarily a domain name company, owning DomainsAtCost.com, Pool.com, Internic.ca, Rebel.com and NameScout.
Zip.tv was not just a defensive registration, either. It was previously promoted as a community-focused YouTube-style companion site for Zip.ca back in 2007.
The company also owns a trademark on the domain.

Gaddafi ousted from Libya’s Whois

Libya has changed the Whois records for the .ly top-level domain to remove references to the usurped Gaddafi regime.
While ownership of .ly has not changed in the IANA records — it’s still delegated to the national General Post and Telecommunication Company — the name of the country has.
Until late last month, it was “Libyan Arab Jamahiriya”, a reference to the unique political philosophy of Colonel Muammar Gaddafi, who took over the country in 1977.
It’s now just “Libya”.
The change was made October 27, just seven days after Gaddafi was captured and killed by rebels in Sirte.
(Hat tip: @ianawhois)

Go Daddy bans DNS harvesting

Go Daddy is blocking companies from harvesting its DNS records, the company has confirmed.
CTO Dave Koopman denied that Go Daddy has a “DNS Blackouts” policy, but confirmed that it has banned certain IP addresses from doing DNS queries for its customers’ domains. He wrote:

The rumor about “DNS Blackouts” was started by someone using Go Daddy servers to cache all Go Daddy DNS records on his personal servers for financial gain.
Back to our previous example of 100 queries a day. Instead of one person accessing 100 domain names, this individual was attempting to download tens of millions of Go Daddy DNS records – twice daily. While his behavior did not cause any system issues, we felt it best to revoke access to the offending IPs.
If Go Daddy finds unwanted activity in our network, Go Daddy takes actions to stop it.

That appears to be a reference to a blog post from DNSstuff.com founder R Scott Perry, who complained in early September about what he called a “Selective DNS Blackouts” policy.
Perry suggested that Go Daddy was trying to drum up interest in its Premium DNS service by providing poor DNS service to regular customers.
Blocking DNS queries from selected IP addresses draws to mind Go Daddy’s policy of banning DomainTools and other companies from harvesting Whois records in bulk.
In January, the company confirmed, that it was blocking commercial Whois aggregators including DomainTools. The ban appears to still be in affect for non-paying DomainTools users.
Like DomainTools, DNSstuff.com offers DNS monitoring and alerts for premium fees.

Registrar threatened with shutdown for failing to reveal registrant

ICANN has told a Turkish domain name registrar that its accreditation will be terminated unless it fixes its apparently shoddy Whois services.
While Alantron has a track record of Whois failures and connections to abusive domains, ICANN’s threat appears to have been made in connection with a single domain name.
ICANN compliance director Stacey Burnette wrote to Alantron (pdf):

On 12 October 2011, ICANN requested that Alantron make registration records available to ICANN concerning a specific domain name, as ICANN received a complaint that there was no Whois output available for the domain name. Although numerous requests were made by ICANN to make the registration records available for inspection and copying, as of the date of this letter, Alantron has not made any arrangements to comply with ICANN’s request.

The letter also details Alantron’s alleged failures to make Whois available through Port 43 and its web interface going back to September 1.
ICANN has also threatened to suspend Alantron’s ability to create new registrations. Alantron received a similar de-accreditation warning for Whois failures in April 2010.
It does not say who made the complaint or which domain is in question, but the company has come under fire from security pros in the past for allowing its services to be abused to push fake pharmaceuticals.
Alantron, which has about 26,000 domains under management according to Webhosting.info, has until November 25 to rectify the problem.