Recent Posts
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
ICANN name servers come under attack
ICANN’s primary name servers came under a distributed denial of service attack, the Org said earlier this week.
The incident appears to have gone largely unnoticed outside of ICANN and seems to have been successfully mitigated before causing any significant damage.
ICANN said on its web site:
ICANN was subjected to a Distributed Denial of Service (DDoS) attack targeting NS.ICANN.ORG. This event did not result in harm to the organization. It was mitigated by redirecting traffic flows through a DDoS scrubbing service.
ns.icann.org is the address of ICANN’s name servers, which handle queries to ICANN-owned domains such as icann.org and iana.org.
The servers are also authoritative for Ugandan ccTLD .ug for some reason, and until a few years ago also handled the .int special-purpose TLD and sponsored gTLD .museum.
ICANN did not disclosed the exact date of the attack, nor speculate about whether it was targeted and why it might have happened.
NamesCon will be virtual again this year, and more expensive
The popular NamesCon conference has scrapped its plan to return to in-person events this year, and will instead host another virtual con in September.
Organizers said today that NamesCon Online 2020 will take place from September 22 to 24, in a return to its in-house online networking platform.
It’s shuffled its pricing scheme since the last event, too.
At the low end, gone are the free passes for new attendees. Instead, the first 150 newbies to sign up will get their pass for $19.
Regular pricing is $99, reduced to $79 for those who register before July 4.
There’s also a new, more expensive tier for members of the sell-side of the industry. Employees of registries, registrars and marketplaces will have to pay $299 for their tickets.
NamesCon is also continuing its partnership with DNAcademy. A domaining course and conference ticket bundle will set you back $499 again.
NamesCon had planned to return to in-person meetings by the middle of 2021 with NamesCon Europe, back when phrases like “variant of concern” and “third wave” were largely hypothetical, but that event was recently cancelled.
Net4 nightmare almost over as court rules ICANN can shut down chaotic registrar
ICANN is finally moving to shut down Net 4 India’s gTLD domains business, after months of upheaval and thousands of customer complaints.
An Indian insolvency court this week lifted its ban on ICANN terminating Net4’s registrar contract, after ICANN appealed to it with a wealth of evidence showing how critical services such as hospitals and train services were being harmed by registrants being unable to transfer their domains away.
ICANN has now invoked its De-Accredited Registrar Transition Procedure, which will see Net4’s tens of thousands of gTLD domains transferred to a different, more stable registrar, according to head of compliance Jamie Hedlund.
The Org had terminated Net4’s contract in February after hearing from thousands of customers whose names had ceased to work, expired, or were locked-in to Net4 due to its broken transfers function.
But the Delhi court handling the registrar’s insolvency asked ICANN in March to delay the termination at the behest of the resolution professional attempting to extract as much value as possible from Net4 in service of its creditors.
That order was lifted orally after a hearing on Tuesday, according to ICANN.
Under the DARTP, either the dying registrar picks a successor or ICANN picks one, either from a rotation of pre-approved registrars or by rolling out a full registrar application process.
Given the timing crisis, and Net4’s irresponsible behavior to date, it appears most likely that ICANN will hand-pick a gaining registrar from the pre-qualified pool.
Hedlund blogged that ICANN expects to name Net4’s successor within two weeks, after which the gaining registrar will reach out to registrants to inform them how to proceed.
Registrants will not be charged for the bulk transfer.
Net4 had over 70,000 gTLD domains under management at the end of 2020, but this number has likely decreased in the intervening time.
ccTLDs such as India’s .in will not be covered by the bulk transfer. It will be up to local registry NIXI to minimize disruption for Net4’s .in registrants.
IWF finds 3,401 “commercial” child porn domains
The Internet Watch Foundation last year found child sexual abuse material on 3,401 domains that it says appeared to be commercial sites dedicated to distributing the illegal content.
The UK-based anti-CSAM group said in its annual report, published last week, that it found 5,590 domains containing such material in 2020, and 61% were “dedicated commercial sites… created solely for the purpose of profiting financially from the distribution of child sexual abuse material online.”
That’s a 13% increase in domains over 2019, the report says. It compares to 1,991 domains in 2015.
IWF took action on 153,369 URLs containing CSAM last year, the report says.
For example, the TLD with the most CSAM abuse is of course .com, with 90,879 offending URLs in 2020, 59% of the total. That compares to 69,353 or 52% in 2019.
But because those 90,000 URLs may include, for example, pages on image-hosting sites that use .com domains, the number of unique .com domains being abused will be substantially lower.
Same goes for the other TLDs on the top 10 list — .net, .ru, .nz, .fr, .org, .al, .to, .xyz and .pw.
.co, .cc and .me were on the 2019 list but not the 2019 list, being replaced by .al, .org and .pw.
The most disturbing part of the report, which is stated twice, is the alarming claim that some TLDs exist purely to commercially distribute CSAM:
We’ve also seen a number of new TLDs being created solely for the purpose of profiting financially from the distribution of child sexual abuse material online.
…
We first saw these new gTLDs being used by websites displaying child sexual abuse imagery in 2015. Many of these websites were dedicated to illegal imagery and the new gTLD had apparently been registered specifically for this purpose.
I can only assume that IWF is getting confused between a top-level domain and a second-level domain.
The alternative would be that the organization believes one or more TLD registries are purposefully catering primarily to commercial child pornographers, and for some reason it’s declining to do anything about it.
I’ve put in a request for clarification but not yet received a response.
IWF is funded by corporate donations from primarily technology companies. Pretty much every big domain registry is a donor. Verisign is a top-tier, £80,000+ donor. The others are all around the £5,000 to £10,000 mark.
UPDATE May 26: IWF has been in touch to clarify that it was in fact referring to SLDs, rather than TLDs, in its claims about dedicated commercial CSAM sites quoted above. It has corrected its report accordingly.
Price caps on .org could return, panel rules
ICANN could be forced to reimpose price caps on .org, .biz and .info domains, an Independent Review Process panel has ruled.
The panel handling the IRP case filed by Namecheap against ICANN in February 2020 has decided to allow the registrar to continue to pursue its claims that ICANN broke its own bylaws by removing price controls from the three gTLD contracts.
Conversely, in a win for ICANN, the panel also threw out Namecheap’s demand that the IRP scrutinize ICANN’s conduct during the attempted takeover of .org’s Public Interest Registry by Ethos Capital in 2019.
The split ruling (pdf) on ICANN’s motion to dismiss Namecheap’s case came March 10 and was revealed in documents recently published by ICANN. The case will now proceed on the pricing issue alone.
The three-person panel decided that the fact that ICANN ultimately decided to block Ethos’ acquisition of PIR meant that Namecheap lacked sufficient standing to pursue that element of its case.
Namecheap had argued that ICANN’s opaque processing of PIR’s change of control request created uncertainty that harmed its business, because ICANN may approve such a request in future.
But the panel said it would not prejudge such an eventuality, saying that if another change of control is approved by ICANN in future, Namecheap is welcome to file another IRP complaint at that time.
“Harm or injury flowing from possible future violations by the ICANN Board regarding change of control requests that are not presently pending and that may never occur does not confer standing,” the panel wrote.
On the pricing issue, the panel disagreed with ICANN’s argument that Namecheap has not yet been harmed by a lack of .org price caps because PIR has not yet raised its .org prices.
It said that increased prices in future are a “natural and expected consequence” of the lack of price controls, and that to force Namecheap to wait for such increases to occur before filing an IRP would leave it open to falling foul of the 12-month statute of limitations following ICANN decision-making baked into the IRP rules.
As such, it’s letting those claims go ahead. The panel wrote:
This matter will proceed to consideration of Namecheap’s request for a declaration that ICANN must annul the decision that removed price caps in the .org, .info and .biz registry agreements. The Panel will also consider Namecheap’s request for a declaration that ICANN must ensure that price caps from legacy gTLDs can only be removed following policy development process that takes due account of the interests of the Internet user and with the involvement of different stakeholders. The Panel will consider Namecheap’s request for a declaration that “registry fees… remain as low as feasible consistet with the maintenance of good quality service” within the context of removal of price caps (not in the context of regulating changes of control).
In other words, if Namecheap prevails, future price caps for pre-2012 gTLDs could be decided by the ICANN community, with an assumption that they should remain as low as possible.
That would be bad news for PIR, as well as .info registry Donuts and .biz registry GoDaddy.
But it’s important to note that the IRP panel has not ruled that ICANN has done anything wrong, nor that Namecheap is likely to win its case — the March 10 ruling purely assesses Namecheap’s standing to pursue the IRP.
The panel has also significantly extended the proposed timeline for the case being resolved. There now won’t be a final decision until 2022 at the earliest.
The panel last week delayed its final hearing in the case from August this year to January next year, according to a document published this week.
Other deadlines in the case have also been pushed backed weeks or months.
DNS genius and ICANN key-holder Dan Kaminsky dies at 42
Security researcher Dan Kaminsky, best known for uncovering the so-called “Kaminsky Bug” DNS vulnerability, has reportedly died at the age of 42.
It has been widely reported that Kaminsky’s niece confirmed his death from serious complications from his longstanding diabetes.
On Twitter, she rebutted emerging conspiracy theories that his death was linked to the coronavirus vaccine, which he had received April 12, saying her uncle would “laugh” at such views.
During his career as a white-hat hacker, Kaminsky worked for companies including Cisco, Avaya, and IOActive.
He occasionally spoke at ICANN meetings on security issues, and was since 2010 one of IANA’s seven Recovery Key Share Holders, individuals trusted to hold part of a cryptographic key that would be used to reboot root zone DNSSEC in the case of a massive disaster.
But he was best known for his 2008 discovery of a fundamental flaw in the DNS protocol that allowed cache poisoning, and therefore serious man-in-the middle attacks, across millions of name servers worldwide. He worked with DNS software vendors in private to help them with their patches before the problem was publicly disclosed.
His discoveries led in part to the ongoing push for DNSSEC deployment across the internet.
The vulnerability received widespread attention, even in the mainstream media, and quickly came to bear his name.
For me, my standout memory of Kaminsky is one of his series of annual “Black Ops” talks, at the Defcon 12 conference in Las Vegas in 2004, during which he demonstrated to a rapt audience of hackers how it was possible to stream live radio by caching small chunks of audio data in the TXT fields of DNS records and using DNS queries to quickly retrieve and play them in sequence.
As well as being a bit of a DNS genius, he knew how to work a stage: the crowd went mental and I grabbed him for an interview soon after his talk was over.
His death at such a young age is a big loss for the security community.
.gov TLD quietly changes hands
The .gov TLD used exclusively by governmental entities in the US has quietly changed managers.
On Friday, the IANA records for .gov changed from the General Services Administration to the Cybersecurity and Infrastructure Security Agency.
It was not unexpected. CISA announced the move in March.
But it’s less clear how the change request was handled. The ICANN board of directors certainly didn’t have a formal vote on the matter. IANA has not released a redelegation report as it would with a ccTLD.
CISA intends to make .gov domains more widely available to agencies at the federal, state, city and tribal level, and reduce the price to free or almost free.
Verisign currently manages the technical aspects of the domain, for $400 per domain per year.
ICANN asks registries to freeze Net 4 India’s expired domains
ICANN has asked all domain registries to exempt from deletion expired names registered via collapsed Indian registrar Net 4 India.
The company has been in receipt of an ICANN termination notice since the end of February, but it’s in insolvency proceedings and ICANN says the insolvency court is preventing it from carrying out the execution.
Net4’s customers have been plagued with problems such as the inability to renew or transfer their domains for well over half a year, and ICANN has issued three public breach notices since December.
ICANN says it has received more than 8,000 complaints related to the registrar — which does not even seem to have a functioning web site any more — since things got real bad last September.
Today, ICANN’s head of compliance Jamie Hedlund blogged:
While we await a final order from the insolvency court, ICANN has requested that all registries not delete expired domain names registered through Net 4 India that registrants have not been able to renew or transfer.
While this may not solve every technical issue experienced by Net4 customers, it should at least prevent them permanently losing their domains, assuming a high level of registry compliance with ICANN’s request.
Registrants won’t be fully safe until ICANN is able to carry out the termination and move Net4’s domains to a stable third-party registrar.
While ICANN disputes whether the Indian insolvency court has jurisdiction over it, it is nevertheless currently complying with its instruction to delay termination until further notice.
Hedlund wrote:
ICANN org is taking actions permitted by its agreements, policies, and law to protect registrants and to facilitate the bulk transfer of the Net 4 India registrations to a functioning registrar that can service its customers. ICANN also is being respectful of the [National Company Law Tribunal’s] processes with this case, which have not yet concluded.
He wrote that the next scheduled hearing of the NCLT is tomorrow, April 27. It appears to have been called due to Hedlund recently impressing upon the court the importance of the crisis.
UNR cuts $5.2 million from price of new gTLD portfolio
UNR has reduced the opening bids on almost all of the gTLDs it plans to auction off later in the week, to the tune of a whopping $5.2 million.
According to the minimum opening bids listed on the auction web site today, the job lot of 23 TLD contracts could go for as little as $11.65 million, if there’s no competitive bidding whatsoever.
That’s compared to the $16.87 million total when the TLDs were first announced for auction back in January.
It’s a no-reserve auction of UNR’s entire portfolio of gTLDs that runs from Wednesday to Friday this week.
Some gTLDs, such as .hiv and .juegos, have no minimum bids.
The only TLD to receive a price increase since January is .llp, which had a $0 listing back then but is now listed at $200,000. There’s been no change in .llp’s fortunes since then — it’s still unlaunched.
The music-themed .country, which had no list price in January, now has a $300,000 tag.
The biggest discount comes on .link, once listed with a $3 million opener, now reduced to $2 million.
Nine of the gTLDs are now priced at below the original ICANN application fee of $186,000.
Here’s a table comparing the January minimum bid to today’s pricing.
[table id=66 /]
UNR, which sold off its registrar and secondary market businesses to GoDaddy and its stakes in three car-themed gTLDs to XYZ.com last year, plans to remodel itself as a back-end operator post-auction.
UPDATE: According to UNR, the January prices were preliminary and published accidentally, and no changes have been made since late January or early February.
Formerly massive drop-catcher faces ICANN probe
Pheenix, which used to operate a network of hundreds of accredited registrars, now faces potentially losing its last remaining accreditation, due to an ICANN probe.
ICANN told the US-based company in a breach notice last week that it faces additional action unless it fixes a bunch of problems related to domain transfers and Whois before May 14.
According to ICANN, for over a year Pheenix has been declining to provide data showing it is in compliance with the Expired Registration Recovery Policy and the Transfer Policy, related to dozens of domains.
Pheenix was told about at least one such disputed domain as far back as February last year, but ICANN says it’s been unresponsive to its outreach.
It’s also failed to implement an RDAP server, which ICANN has been nagging it about since October 2019. RDAP, the Registration Data Access Protocol, is the successor protocol to Whois.
A quick spot-check reveals that the disputed names are traffic domains once belonging to legitimate organizations, usually with inbound Wikipedia links, that were captured after the organization in question folded and its domains expired. Most were repurposed with low-quality content and advertising.
That fits in with Pheenix’s registrar business model. It was until a few years ago a huge drop-catching player, with over 500 shell accreditations it used to gain speedy access to dropping domains.
But it dumped almost 450 of these in November 2017, and another 50 the following April.
Since then, Pheenix’s primary IANA number (the coveted “888”) has been associated with fewer and fewer domains.
It had 6,930 domains under management at the end of 2020, down from a November 2017 peak of 71,592.
It hasn’t recorded any new domain adds in any gTLDs since April 2020.
According ICANN’s chronology of events, it’s sent dozens of emails, faxes and voicemails over the last year, related to multiple domain names, and it’s only received a single email in response. And that was in May 2020.
Recent Comments