ICANN picks 28 registries for abuse audit
ICANN has kicked off its annual compliance audit, and this time it’s focused on registries rather than registrars.
It’s picked 28 gTLDs based on whether they’ve not been fully audited before, whether they have more than 100 domains, and whether they show up a lot in abuse blocklists (excluding spam blocklists).
Only one gTLD per registry has been picked, which might be why the number is lower than previous audit rounds.
The audit will entail sending a questionnaire to each registry to ask how they are complying with each of their commitments under the Registry Agreement.
Registries have already been told if they’ve been picked. ICANN hopes to have it all wrapped up in the third quarter.
TMCH turning off some brand-blocking services
The Trademark Clearinghouse is closing down two of its brand protection services after apparently failing to attract and retain registry partners.
The company announced recently that TREx, its Trademark Registry Exchange, will shut down after its customers’ existing subscriptions expire, saying:
The communication that we receive from our agents, resellers, clients and other registries that we have reached out to around improving the product shows that there is currently little appetite for such a service.
TMCH said it may revive the service after the new round of new gTLDs happens.
TREx was a service similar to Donuts’ Domain Protected Marks List and others, whereby trademark owners can block their brands across a multitude of TLDs for a substantial discount on the cost of defensive registrations.
But the TMCH offering was not restricted to one registry’s portfolio. Rather, it consolidated TLDs from multiple smaller operators, including at least one ccTLD — .de — into one service.
It seems to have peaked at 43 TLDs, but lost three when XYZ.com pulled out a couple years ago.
Its biggest partner was MMX, which sold its 22 gTLDs to GoDaddy Registry last year. I’d be very surprised if this consolidation was not a big factor in the decision to wind down TREx.
I’d also be surprised if we don’t see a DPML-like service from GoDaddy before long. It already operates AdultBlock on its four porn-themed gTLDs.
The news follows the announcement late last year that TMCH will also close down its BrandPulse service, which notified clients when domains similar to their brands were registered in any TLD, when its existing subscriptions expire.
Both services leveraged TMCH’s contractual relationship with ICANN, under which it provides functions supporting mandatory rights protection mechanisms under the new gTLD program rules, but neither are ICANN-mandated services.
Bye-bye Alice’s Registry
One of ICANN’s oldest accredited registrars has had its contract terminated for non-payment of fees and other alleged breaches.
Alice’s Registry, which has been around since 1999, has been told it’s no longer allowed to sell gTLD domains and that whatever remains of its managed domains will be transferred to another registrar.
The termination comes at the end of more than two years of ICANN’s Compliance department pursuing AR for not paying its accreditation fees, not operating a working Whois service, not implementing RDAP, and not showing its company is in good standing.
The registrar’s web site hasn’t been working in many months, and until its accreditation was suspended last October it had not responded to ICANN’s calls and emails.
Its responses to Compliance since then did not help its case, so ICANN made the decision to terminate.
.kids goes live, plans to launch this year
The long-anticipated .kids top-level domain has its first live site, and the registry has announced plans to start selling domains towards the end of the year.
The contractually mandated nic.kids is now resolving, leading to the registry web site of the DotKids Foundation.
Hong Kong-based DotKids, which has close ties to DotAsia and ICANN director Edmon Chung, said the plan is to start a sunrise period in the third quarter and go to general availability in the fourth quarter this year.
There’s also going to be a special registration period for children’s rights groups and a Q3 “Pioneer Program” for early adopters.
The idea behind the gTLD is to provide a space where all content is considered suitable for under-18s, though the exact policing policies have yet to be written. DotKids is using the UN definition of a child.
It will be a tough balancing act. My fifteen-year-old nephew isn’t happy with content that doesn’t involve the laser-beam dismemberment of tentacled beasts, but a decade ago was content to watch Peppa Pig on a loop for hours a day.
DotKids won the rights to .kids, somehow beating rival applicants Amazon and Google, in 2019. It signed a very strange Registry Agreement with ICANN last year.
Previous attempts at creating child-friendly domains have proven unsuccessful.
In the US, there was a government-mandated .kids.us brought in 20 years ago, aimed at under-13s, but it was a spectacular failure, attracting just a handful of registrations. It was killed off in 2012.
Russian speakers have their own equivalent gTLD .дети, a word that has taken on more sinister overtones in recent weeks, but that currently has only about 800 names under management.
DotKids has its work cut out to make .kids a commercial success, but it is a non-profit and it was the only new gTLD applicant to have most of its ICANN fees waived under the Applicant Support Program.
ICANN suggests its Covid waiver may be worthless
The controversial legal waiver ICANN is insisting you agree to before attending its next public meeting may not be worth the pixels it’s written with, judging by the Org’s latest statement on the matter.
In an updated FAQ, posted in response to a complaint from Blacknight, ICANN now states:
Attending an ICANN meeting remains a risk-based analysis for each attendee, recognizing that sometimes things can and do go wrong. A liability waiver helps enshrine that ICANN’s funds should not be used to defend ICANN against items for which ICANN itself should not be held liable. Protecting ICANN in this way helps support ICANN’s continued ability to serve its mission.
But it denies that the waiver is as all-encompassing as some fear:
There will be times, of course, where ICANN might not perform to an expected best practice, and that might be the cause of injury or damage to an attendee. Those claims against ICANN are not waived.
This apparently contradicts the waiver itself, which continues to say:
I knowingly and freely assume all risks related to illness and infectious diseases, including but not limited to COVID-19, even if arising from the negligence or fault of ICANN.
It also continues to require you to sign away your rights to sue, and your kids’ rights to sue, even if you die of Covid-19 due to ICANN’s “gross negligence”.
There may be a way to avoid the waiver.
Based on my experience, it appears that the waiver is presented in the registration path if you click the box indicating that you will be attending in-person, but if you ALSO check the box saying you’ll be attending remotely then the waiver does not appear.
So if you’re planning on attending in a hybrid fashion, perhaps in-person for only a day or two and on Zoom for the balance, ICANN doesn’t need you to waive your rights.
I expect this is a glitch in how the web form is configured that will probably be fixed not too long after I publish this article.
ICANN 74 will take place in The Hague, and Zoom, in June.
Domain sales exempt from US sanctions on Russia
A variety of internet technologies, including domain name registration services, have been declared exempt from US sanctions on Russia.
The Department of the Treasury’s Office of Foreign Assets Control has issued a notice (pdf) specifically authorizing the export to Russia for the following:
services, software, hardware, or technology incident to the exchange of communications over the internet, such as instant messaging, videoconferencing, chat and email, social networking, sharing of photos, movies, and documents, web browsing, blogging, web hosting, and domain name registration services
The move is reportedly meant to support independent media’s and activists’ fight against Russian government propaganda during the Ukrainian invasion.
Some US registrars, including Namecheap and GoDaddy, have chosen to restrict their Russian customer base on ethical grounds since the first week of the war in Ukraine.
Namecheap, which has many staff in Ukraine, has banned all Russian custom other than those actively opposing the Putin government.
African Union can’t register .africa domain
File this one under “ironic”. Also file it under “Maarten Botterman might be the worst pen-pal in history.”
It turns out that the African Union has been unable to register its domain of choice in the .africa gTLD — for which AU support was a crucial and divisive deal-breaker — because of rules insisted upon by governments.
The AU Commission’s vice chair, Kwesi Quartey, has asked ICANN to release the string “au” from the list that all contracted registries have to agree to reserve because they match the names or acronyms of intergovernmental organizations (IGOs).
The AU is an IGO, so its string is protected from being registered by anyone, including itself.
Quartey wrote, in a letter (pdf) to ICANN chair Botterman:
Unfortunately inclusion of the AU label within the IGO List had the unintended consequence of preventing any third party, including the African Union, from registering the acronym as a domain name (au.africa), yet there is an urgent need to change the African Union digital identifier on the internet from au.int to the .africa domain name.
“Urgent need”, you say? That’s ICANN’s specialty!
Botterman immediately sprang into action and sent his urgent reply (pdf), waiting just 21 short months from Quartey’s July 2020 urgent request to urgently pass the buck to the Governmental Advisory Committee.
Only the GAC can ask for a protected acronym to be removed from the list, he wrote. ICANN Org and board have their hands tied.
Also, removing “au” from the list will release it in all gTLDs, potentially allowing it to be registered by third parties in hundreds of other zones, so watch out for that, Botterman noted.
An additional wrinkle not noted in the letter, which may help or hinder the AU, is that Australia also has rights to the same string under an entirely different new gTLD program reserved list, because it matches the Aussie ccTLD.
You’ll recall that .africa was a contested gTLD in which AU support was the deciding factor.
The AU had originally offered to support a bid from DotConnectAfrica, but after the new gTLD program got underway it withdrew that support and conducted a registry tender that was won by ZA Central Registry, which now runs .africa.
DCA has been pursuing ICANN about this in arbitration and the courts ever since.
Microsoft seizes domains Russia was using to attack Ukraine
Microsoft says it has taken control of some domain names that we being using by hackers connected to the Russian security services to launch cyber attacks against Ukrainian, US and EU targets.
Company VP Tom Burt wrote that seven domains used by a group called Strontium were seized via a US court order and redirected to a Microsoft sinkhole, disrupting these attacks.
Burt wrote that the targets were Ukrainian media organizations and US and EU foreign policy think tanks, adding:
We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information.
One wonders why Russia would use domains under US jurisdiction to conduct such attacks.
Blacknight objects to ICANN 74 Covid waiver
Irish registrar Blacknight has objected to ICANN’s demand that attendees at its forthcoming 74th public meeting sign a legal waiver over the potential for Covid-19 infections.
CEO Michele Neylon has written (pdf) to his ICANN counterpart and chair Maarten Botterman to complain that the waiver is “excessive” and “unreasonable”.
Neylon said he’d consulted his lawyer and concluded: “I cannot sign this waiver and I obviously cannot ask any of my staff to do so either.”
“[The lawyers] agree that you would want to reduce your liability, but you cannot expect people to grant you a blanket exclusion of liability which includes actual fault,” he wrote.
As I reported earlier in the week, registering for ICANN 74 requires attendees to agree to a waiver which states:
I knowingly and freely assume all risks related to illness and infectious diseases, including but not limited to COVID-19, even if arising from the negligence or fault of ICANN.
The four-day June meeting is set to be the first to have an in-person component — in The Hague, the Netherlands — since the pandemic began two years ago. Zoom participation will also be a prominent feature.
Attendees are strictly expected to be double or triple-vaccinated, wear masks, and socially distance while at the venue. There will also be “health checks” whenever you enter the venue.
Blacknight has no complaint about these precautions, but wants ICANN to reconsider the legal waiver.
DNS Abuse Institute names free tool NetBeacon, promises launch soon
NetBeacon has been picked as the name for the DNS Abuse Institute’s forthcoming free abuse-reporting tool.
The tool is expected to launch in early June, after software was donated by CleanDNS accelerated the development cycle, according to Institute director Graeme Bunton.
The system was previously using the working title CART, for Centralized Abuse Reporting Tool, as I blogged in February.
CleanDNS CEO Jeff Bedser is also on the board of Public Interest Registry, which funds DNSAI. Bunton wrote that PIR approved the use of the CleanDNS software under its conflict of interest policy, with Bedser recusing himself.
NetBeacon is expected to provide a way for authenticated abuse reporters to file complaints in a normalized fashion, potentially streamlining the workflow of registrars that subsequently have to deal with them.
Bunton has said that the service will be free at both ends, funded by non-for-profit PIR.
Recent Comments