Recent Posts
- Salesforce to apply for a dot-brand
- Team Internet looking to break up
- Noss to leave Tucows corner office
- Rubens Kühl has died
- Sinha angry with Chapman’s firing as ICANN vice chair
- Glitch redux: ICANN screws up new gTLD security again
- CentralNic claims second-largest TLD migration ever
- DNS issue at Amazon takes out major apps and sites
- .io sales almost double over three years
- Amazon delays book and fashion gTLDs
- Lindqvist shuffles the exec deck
- GoDaddy launches “ultra-premium” domain marketplace
- .mobi to get a new rival in .mobile
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
Man writes to ICANN with Whois look-up
A second person has asked ICANN for “a list of all registered domains”, using the organization’s freedom of information policy.
Jorge Sabate made a Documentary Information Disclosure Policy filing (pdf) last December, published this week, in which he made the request. He added:
If you are unable to provide the whole information, i would like to know the dste [date] was created the domain name christiansmith.com
That’s right. Sabate’s method of doing a Whois look-up on a single domain name appears to involve asking ICANN for a database of all 200 million registered domain names.
He’s not the first person to use the DIDP to make such a strange request. One Barry Carter asked for the same list last September, and was similarly unsuccessful.
No such database exists, of course, so ICANN had to rebuff both men.
But to answer your question, Mr Sabate: christiansmith.com was originally registered November 13, 1998.
ICANN sponsors line up for Singapore
ICANN’s web page for its Singapore meeting has gone live, and the organization looks to have already attracted almost $200,000 in sponsorship fees.
The meeting, which officially begins June 19 at the Raffles City Convention Center, is widely expected to be the meeting when ICANN finally signs off on its Applicant Guidebook for new top-level domains.
As such, I expect it’s going to see a fair bit of sponsor interest.
Prices have been reduced somewhat since the San Francisco meet last month, due to some complaints from domain name companies, but there are still some big-ticket opportunities, including a $250,000 Diamond deal and two $150,000 Platinum Elite deals.
So far, five sponsors have already signed up, the biggest spenders being Neustar and the Public Interest Registry, which have both opted for $75,000 Platinum-tier arrangements.
Don’t expect any lengthy security briefings this time around – Singapore is one of the safest cities in the world, due in part to its harsh judicial system. You’re more likely to get beaten up under court order than by a mugger.
The weather: hot and wet.
The host of the meeting, which is ICANN’s 41st, is the Infocomm Development Authority of Singapore.
ICM faces porn anger over .xxx
ICM Registry executives took the brunt of angry opposition to the .xxx top-level domain from pornographers at an adult industry trade show this week.
A two-hour session on .xxx, which took place at The Phoenix Forum in Arizona the day after ICM and ICANN signed their registry contract, saw the new TLD attacked on multiple fronts.
Defending, ICM’s Vaughn Liley tried to explain why .xxx isn’t as bad as many in the US adult industry believe but, on the back foot from a misjudged opening gambit (asking the openly hostile audience of pornographers if any of them supported child porn), often found himself adding to the confusion.
Now that .xxx has been approved and the contract signed, the discussion focused largely on how ICM and its policy body, the International Foundation For Online Responsibility, will actually function.
Pornographers wanted to know, for example, why anybody would want to invest in marketing a .xxx domain if IFFOR could one day make a policy that excluded their business from the TLD.
I get the impression that the pro-ICM speakers, which included Greg Dumas of GEC Media, could have benefited from having copies of the company’s policy documents in front of them.
At one point, Liley flatly denied that ICM plans to “spider” .xxx domains to enforce compliance with IFFOR policies, such as the prohibition on meta tags that suggest the presence of child pornography.
Minutes later, a .xxx opponent read aloud from the IFFOR policy (pdf) that says all registrants must consent to “automated monitoring”.
A semantic misunderstanding? Possibly. But it left Liley facing calls of “liar” from the audience.
The question of whether this monitoring will extend to, say, .com domains, if the registrant chooses to redirect their .xxx names, was left unanswered.
IFFOR policies will be created by a Policy Council of nine members, five of which will be drawn from the adult entertainment industry.
Earlier in the discussion, Liley denied that IFFOR’s board of directors or ICM will have “veto” power over these Policy Council policies, calling it “factually incorrect”.
Again, an audience member reading aloud from the IFFOR Policy Development Process document (pdf) showed that the IFFOR board has the ability to block a policy under certain circumstances.
Not only that, but ICM gets to object to policies that emerge from IFFOR, under certain circumstances. If this happens, ICM will work with IFFOR “to modify the Proposed Policy to address any concerns identified by ICM”.
There may be enough limitations on ICM’s powers to mean it’s not technically a “veto”, but it’s close.
It makes perfect sense for ICM to have this safeguard, of course. If IFFOR were to be captured by the haters, they could easily make mischief that could ruin its business.
Many of the other questions raised at the forum related to issues that will effect all new TLD launches and concern all new TLD opponents, such as brand protection.
My conclusion after watching the two-hour session: ICM needs to work on its messaging.
The company actually has several ideas for how it could help the porn industry make money, but you wouldn’t know it from any of its public statements to date.
If you have a free couple of hours, the video can be watched here.
Namecheap poaches 20,000 domains from Go Daddy
A protest promo launched after Go Daddy CEO Bob Parsons came under fire for shooting an elephant appears to have netted Namecheap about 20,000 domain name transfers.
The company tweeted from its official account last night: “Thank you Namecheap customers, new and old! We have raised $20,433 to savetheelephants.org. We appreciate your support!”
Given Namecheap had offered to donate $1 for every domain transferred using a special $4.99 coupon code, it looks like it received 20,433 transfers over the last week.
Parsons won’t lose any sleep over this. Go Daddy’s domains under management ticks up by the same amount every five hours.
It may be a more significant amount for Namecheap, which says it has over a million domains under its belt.
UPDATE: As Adam Strong notes in the comments, the 20,000 domains did not necessarily all come from Go Daddy, as the offer was open to anybody.
New Russian TLD hits 800,000 domains mark
Russia’s Cyrillic internationalized domain name, .РФ, received its 800,000th registration last night, according to the registry.
Coordination Center for TLD RU said this puts it 15th place in terms of European ccTLDs, pushing past the Czech Republic’s .cz in the rankings.
That’s pretty good going for an IDN TLD of interest primarily only to citizens of one country, a ccTLD which didn’t exist until early November 2010, less than five months ago.
It’s probably even larger than .co, which I believe has yet to reach the 700,000 domains mark.
The Russian Federation has almost 60 million internet users, 43% penetration, according to InternetWorldStats. That’s about 10 times more than the Czechs.
VeriSign now front-runner for .bank
VeriSign has signed a deal with two major banking industry organizations to become their exclusive provider of registry services for any new top-level domains designed for financial services companies.
The deal is with the American Bankers Association and BITS, the technology policy arm of the Financial Services Roundtable. Together, they represent the majority of US banks.
While the announcement conspicuously avoids mentioning any specific TLD strings, .bank is the no-brainer. I suspect other announced .bank initiatives will now be reevaluating their plans.
The way ICANN’s new gTLD Applicant Guidebook is constructed, any TLD application claiming to represent the interests of a specific community requires support from that community.
There are also community challenge procedures that would almost certainly kill off any .bank application that did not have the backing of major banking institutions.
BITS has already warned ICANN that it would not tolerate a .bank falling into the wrong hands, a position also held by ICANN’s Governmental Advisory Committee.
In an era of widespread phishing and online fraud, the financial services industry is understandably eager that domains purporting to represent banks are seen to be trustworthy.
Because we all trust bankers, right?
VeriSign is of course the perfect pick for a registry services provider. As well as running the high-volume .com and .net domains, it also carries the prestige .gov and .edu accounts.
“We’re honored to have been chosen by BITS and ABA as their registry operator for any new gTLDs deployed to serve the financial services industry and their customers,” said Pat Kane, VeriSign’s senior VP of Naming Services, in a statement.
Apart from the multilingual versions of .com and .net, I think this may be the first new TLD application VeriSign has publicly associated itself with.
NetSol to alert cops over domain hijacking
Network Solutions intends to “notify the proper authorities” after a high-profile customer had his account hijacked over the weekend.
Stephen Toulouse, head of policy and enforcement for Microsoft’s Xbox LIVE, lost access to stepto.com, including his web site and email, for several hours yesterday, after a disgruntled teenaged gamer persuaded a member of NetSol’s support staff to hand over the account.
In a statement published on its blog, the domain name registrar said it was an “isolated incident directed at a specific customer account”, adding:
We maintain a well developed processes to ensure that Social Engineering attempts or any identified security concerns are immediately alerted to a Supervisor, who will expedite the investigation, usually with the help of the Network Solutions Security team. In this case, the procedure was not followed, and we apologize for any trouble caused to our customer.
Our Security team continues to investigate this matter. Additionally, because we take this matter very seriously, we intend to notify the proper authorities with the evidence that we have gathered, so that they may investigate the person(s) responsible for the fraud.
According to a new YouTube video released by the person claiming responsibility for the attack, “Predator”, he’s 15. He blamed Toulouse for his frequent Xbox LIVE bannings.
While he said he perpetrated the attack to highlight insecurities in Xbox LIVE, he also offered to hijack other gamers’ accounts for up to $250.
Comments posted in response to his first post-attack video claim to reveal his true identity, but of course comments on YouTube are not what you’d call reliable evidence.
The video itself does reveal a fair bit of information, however, so I can’t imagine tracking him down will be too difficult, especially if Microsoft has his parents’ credit card number on file.
His YouTube channel also has videos of him operating a botnet. That’s a whole lot more serious.
Xbox security chief gets domain hijacked
The head of Xbox Live policy and enforcement at Microsoft has had his domain name compromised by a disgruntled gamer using a social engineering attack on Network Solutions
Stephen Toulouse, who goes by the screen name “Stepto” and has the domain stepto.com, seems to have also lost his email, hosting and, as a result, his Xbox Live account.
He tweeted earlier today: “Sigh. please be warned. Network solutions has apparently transferred control of Stepto.com to an attacker and will not let me recover it.”
Somebody claiming to be the attacker has uploaded a video to YouTube showing him clicking around Toulouse’s Xbox account, whilst breathlessly describing how he “socialed his hosting company”.
It’s a bit embarrassing for Toulouse. He was head of communications for Microsoft Security Response Center for many years, handling comms during worm outbreaks such as Blaster and Slammer.
Now at Xbox Live, he is, as the attacker put it, “the guy who’s supposed to be keeping us safe”.
But it’s probably going to be much more embarrassing for Network Solutions. When the tech press gets on the story tomorrow, difficult questions about NSI’s security procedures will no doubt be asked.
Toulouse has already made a few pointed remarks about the company on his Twitter feed today.
Social engineering attacks against domain name registrars exploit human, rather than technological, vulnerabilities, involving calling up tech support and trying to convince them you are your victim.
In this case, hijacking the domain seems to have been a means to control Toulouse’s email account, enabling the attacker to reset his Xbox Live password and take over his “gamer tag”.
The same technique was used to compromise the Chinese portal Baidu.com, that time via Register.com, in late 2009. That resulted in a lawsuit, now settled.
The attacker, calling himself Predator, was apparently annoyed that Toulouse had “console banned” him 35 times, whatever that means.
He seems to have left a fair bit of evidence in his wake, and he appears to be North American, so I expect he’ll be quite easy to track down.
Predator’s video, which shows the immediate aftermath of the attack, is embedded below. It may not be entirely safe for work, due to some casually racist language.
UPDATE (April 5): The video has been removed due to a “violation of YouTube’s policy on depiction of harmful activities”. I snagged a copy before it went, so if anybody is desperate to see it, let me know.
ICANN doubles .xxx fees
ICANN has doubled the amount it will charge ICM Registry to register .xxx domain names, adding potentially hundreds of thousands of dollars to its top line.
The two parties yesterday signed a registry agreement (pdf), but it has been revised in quite significant ways since the last published version.
In short: ICANN has substantially increased its revenue whilst substantially reducing its risk.
Notably, ICANN will now charge the registry $2 per .xxx domain per year, compared to the $1 anticipated by the version of the contract published in August 2010 (pdf).
With ICM hoping for 300,000 to 500,000 registrations in its first year, that’s a nice chunk of change. Porn domains could be a $1 million business for ICANN quite soon.
For comparison, successful applicants under the new generic top-level domains program will only have to pay $0.25 per domain per year, and that fee only kicks in after 50,000 domains.
If there’s a .sex or a .porn, they’ll pay an ICANN fee an eighth of ICM’s.
Text from the new gTLD Applicant Guidebook that allows ICANN to raise fees in line with US inflation has also been added to ICM’s contract.
ICANN said in a blog post that the increases “account for anticipated risks and compliance activities”. It appears to be expecting trouble.
A number of other changes address the legal risks and compliance problems ICANN seems to be anticipating.
The contract now allows ICANN to more easily impose monetary fines on ICM for non-compliance, for example.
A new mediation procedure has been added to resolve disputes, to come between face-to-face talks and formal arbitration.
The contract would also would oblige ICM to pay for ICANN’s legal costs in the event of a third-party dispute, such as an Independent Review Panel hearing, being filed.
While the original contract required ICM to indemnify ICANN against third-party lawsuits, the revised version also includes a broad waiver (pdf) “to resolve all outstanding dispute/possible litigation matters” between ICM and ICANN.
I am not a lawyer, but it appears that ICM has signed away a fairly comprehensive chunks of its rights, and has agreed to shoulder most of the risk, in order to get its hands on the potentially lucrative deal.
Domain security arrives in .com
VeriSign announced late yesterday that it has fully implemented DNSSEC in .com, meaning pretty much anyone with a .com domain name can now implement it too.
DNSSEC is a domain-crypto protocol mashup that allows web surfers, say, to trust that when they visit wellsfargo.com they really are looking at the bank’s web site.
It uses validatable cryptographic signatures to prevent cache poisoning attacks such as the Kaminsky Bug, the potential internet-killer that caused panic briefly back in 2008.
With .com now supporting the technology, DNSSEC is now available in over half of the world’s domains, due to the size of the .com zone. But registrants have to decide to use it.
I chatted to Matt Larson, VeriSign’s VP of DNS research, and Sean Leach, VP of technology, this afternoon, and they said that .com’s signing could be the tipping point for adoption.
“I feel based on talking to people that everybody has been waiting for .com,” Larson said. “It could open the floodgates.”
What we’re looking at now is a period of gradual adoption. I expect a handful of major companies will announce they’ve signed their .coms, probably in the second half of the year.
Just like a TLD launch, DNSSEC will probably need a few anchor tenants to raise the profile of the technology. Paypal, for example, said it plans to use the technology at an ICANN workshop in San Francisco last month, but that it will take about six months to test.
“Most people have their most valuable domains in the .com space,” said Leach. “We need some of the big guys to be first movers.”
There’s also the issue of ISPs. Not many support DNSSEC today. The industry has been talking up Comcast’s aggressive deployment vision for over a year now, but few others have announced plans.
And of course application developer support is needed. Judging from comments made by Mozilla representatives in San Francisco, browser makers, for example, are not exactly champing at the bit to natively support the technology.
You can, however, currently download plugins for Firefox that validate DNSSEC claims, such as this one.
According to Leach, many enterprises are currently demanding DNSSEC support when they buy new technology products. This could light a fire under reluctant developers.
But DNSSEC deployment will still be slow going, so registries are doing what they can to make it less of a cost/hassle for users.
Accredited registrars can currently use VeriSign’s cloud-based signing service for free on a trial basis, for example. The service is designed to remove the complexity of managing keys from the equation.
I’m told “several” registrars have signed up, but the only one I’m currently aware of is Go Daddy.
VeriSign and other registries are also offering managed DNSSEC as part of their managed DNS resolution enterprise offerings.
Neither of the VeriSign VPs was prepared to speculate about how many .com domains will be signed a year from now.
I have the option to turn on DNSSEC as part of a Go Daddy hosting package. I probably will, but only in the interests of research. As a domain consumer, I have to say the benefits haven’t really been sold to me yet.
Recent Comments