Recent Posts
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
Taryn Naidu is a *%@$! Rightside bans company “ridicule” in its new gTLDs
If you register a domain name in one of Rightside Registry’s new gTLDs, you’ll be banned from using it to mock the company or any of its employees or shareholders.
That’s according to its Acceptable Use (Anti-Abuse) Policy (pdf) published by ICANN today.
As well as prohibiting the usual kinds of malicious hacking and spamming activity, child abuse material and so on, the policy bans:
Holding of [United TLD Holdings] (including its affiliates) or their employees or shareholders up to public scorn, ridicule, or defamation.
I can’t recall seeing that kind of clause in a domain name registration agreement before.
While “defamation” is obviously illegal in most places (as determined by a court), “scorn” seems to be a pretty broad term that could capture a lot of free speech commentary.
Rightside has applied for 26 new gTLDs. Several are the kinds of places you might expect to see some edgy discussion: .republican, .democrat, .army, .actor and .gay to name a few examples.
It seems the simplest route to getting a web site you don’t like shut down in any of these gTLDs would be to buy a single Rightside share and file an abuse complaint.
Also banned by the policy is:
Impersonating any person or entity, including, but not limited to, a UTLDH official, or falsely stating or otherwise misrepresenting your affiliation
Rightside, aka United TLD, is the Demand Media domain name retailer and new gTLD registry currently being spun off into a standalone company under CEO (and thoroughly nice bloke) Tayrn Naidu.
Report names and shames most-abused TLDs
Newish gTLDs .tel and .xxx are among the most secure top-level domains, while .cn and .pw are the most risky.
That’s according to new gTLD services provider Architelos, which today published a report analyzing the prevalence of abuse in each TLD.
Assigning an “abuse per million domains” score to each TLD, the company found .tel the safest with 0 and .cn the riskiest, with a score of 30,406.
Recently relaunched .pw, which has had serious problems with spammers, came in just behind .cn, with a score of 30,151.
Generally, the results seem to confirm that the more tightly controlled the registration process and the more expensive the domain, the less likely it is to see abuse.
Norway’s .no and ICM Registry’s .xxx scored 17 and 27, for example.
Surprisingly, the free ccTLD for Tokelau, .tk, which is now the second-largest TLD in the world, had only 224 abusive domains per million under management, according to the report..
Today’s report ranked TLDs with over 100,000 names under management. Over 90% of the abusive domains used to calculate the scores were related to spam, rather than anything more nefarious.
The data was compiled from Architelos’ NameSentry service, which aggregates abusive URLs from numerous third-party sources and tallies up the number of times each TLD appears.
The methodology is very similar to the one DI PRO uses in TLD Health Check, but Architelos uses more data sources. NameSentry is also designed to automate the remediation workflow for registries.
ICANN offers to split the cost of GAC “safeguards” with new gTLD registries
All new gTLD applicants will have to abide by stricter rules on security and Whois accuracy under government-mandated changes to their contracts approved by the ICANN board.
At least one of the new obligations is likely to laden new gTLDs registries with additional ongoing costs. In another case, ICANN appears ready to shoulder the financial burden instead.
The changes are coming as a result of ICANN’s New gTLD Program Committee, which on on Tuesday voted to adopt six more pieces of the Governmental Advisory Committee’s advice from March.
This chunk of advice, which deals exclusively with security-related issues, was found in the GAC’s Beijing communique (pdf) under the heading “Safeguards Applicable to all New gTLDs”.
Here’s what ICANN has decided to do about it.
Mandatory Whois checks
The GAC wanted all registries to conduct mandatory checks of Whois data at least twice a year, notifying registrars about any “inaccurate or incomplete records” found.
Many new gTLD applicants already offered to do something similar in their applications.
But ICANN, in response to the GAC advice, has volunteered to do these checks itself. The NGPC said:
ICANN is concluding its development of a WHOIS tool that gives it the ability to check false, incomplete or inaccurate WHOIS data
…
Given these ongoing activities, ICANN (instead of Registry Operators) is well positioned to implement the GAC’s advice that checks identifying registrations in a gTLD with deliberately false, inaccurate or incomplete WHOIS data be conducted at least twice a year. To achieve this, ICANN will perform a periodic sampling of WHOIS data across registries in an effort to identify potentially inaccurate records.
While the resolution is light on detail, it appears that new gTLD registries may well be taken out of the loop completely, with ICANN notifying their registrars instead about inaccurate Whois records.
It’s not the first time ICANN has offered to shoulder potentially costly burdens that would otherwise encumber registry operators. It doesn’t get nearly enough credit from new gTLD applicants for this.
Contractually banning abuse
The GAC wanted new gTLD registrants contractually forbidden from doing bad stuff like phishing, pharming, operating botnets, distributing malware and from infringing intellectual property rights.
These obligations should be passed to the registrants by the registries via their contracts with registrars, the GAC said.
ICANN’s NGPC has agreed with this bit of advice entirely. The base new gTLD Registry Agreement is therefore going to be amended to include a new mandatory Public Interest Commitment reading:
Registry Operator will include a provision in its Registry-Registrar Agreement that requires Registrars to include in their Registration Agreements a provision prohibiting Registered Name Holders from distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law, and providing (consistent with applicable law and any related procedures) consequences for such activities including suspension of the domain name.
The decision to include it as a Public Interest Commitment, rather than building it into the contract proper, is noteworthy.
PICs will be subject to a Public Interest Commitment Dispute Resolution Process (PICDRP) which allows basically anyone to file a complaint about a registry suspected of breaking its commitments.
ICANN would act as the enforcer of the ruling, rather than the complainant. Registries that lose PICDRP cases face consequences up to an including the termination of their contracts.
In theory, by including the GAC’s advice as a PIC, ICANN is handing a loaded gun to anyone who might want to shoot down a new gTLD registry in future.
However, the proposed PIC language seems to be worded in such a way that the registry would only have to include the anti-abuse provisions in its contract in order to be in compliance.
Right now, the way the PIC is worded, I can’t see a registry getting terminated or otherwise sanctioned due to a dispute about an instance of copyright infringement by a registrant, for example.
I don’t think there’s much else to get excited about here. Every registry or registrar worth a damn already prohibits its customers from doing bad stuff, if only to cover their own asses legally and keep their networks clean; ICANN merely wants to formalize these provisions in its chain of contracts.
Actually fighting abuse
The third through sixth pieces of GAC advice approved by ICANN this week are the ones that will almost certainly add to the cost of running a new gTLD registry.
The GAC wants registries to “periodically conduct a technical analysis to assess whether domains in its gTLD are being used to perpetrate security threats such as pharming, phishing, malware, and botnets.”
It also wants registries to keep records of what they find in these analyses, to maintain a complaints mechanism, and to shut down any domains found to be perpetrating abusive behavior.
ICANN has again gone the route of adding a new mandatory PIC to the base Registry Agreement. It reads:
Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request.
You’ll notice that the language is purposefully vague on how registries should carry out these checks.
ICANN said it will convene a task force or GNSO policy development process to figure out the precise details, enabling new gTLD applicants to enter into contracts as soon as possible.
It means, of course, that applicants could wind up signing contracts without being fully apprised of the cost implications. Fighting abuse costs money.
There are dozens of ways to scan TLDs for abusive behavior, but the most comprehensive ones are commercial services.
ICM Registry, for example, decided to pay Intel/McAfee millions of dollars — a dollar or two per domain, I believe — for it to run daily malware scans of the entire .xxx zone.
More recently, Directi’s .PW Registry chose to sign up to Architelos’ NameSentry service to monitor abuse in its newly relaunched ccTLD.
There’s going to be a fight about the implementation details, but one way or the other the PIC would make registries scan their zones for abuse.
What the PIC does not state, and where it may face queries from the GAC as a result, is what registries must do when they find abusive behavior in their gTLDs. There’s no mention of mandatory domain name suspension, for example.
But in an annex to Tuesday’s resolution, ICANN’s NGPC said the “consequences” part of the GAC advice would be addressed as part of the same future technical implementation discussions.
In summary, the NGPC wants registries to be contractually obliged to contractually oblige their registrars to contractually oblige their registrants to not do bad stuff, but there are not yet any obligations relating to the consequences, to registrants, of ignoring these rules.
This week’s resolutions are the second big batch of decisions ICANN has taken regarding the GAC’s Beijing communique.
Earlier this month, it accepted some of the GAC’s direct advice related to certain specific gTLDs it has a problem with, the RAA and intergovernmental organizations and pretended to accept other advice related to community objections.
The NGPC has yet to address the egregiously incompetent “Category 1” GAC advice, which was the subject of a public comment period.
Directi fighting “massive” .pw spam outbreak
Recently relaunched budget TLD .pw is being widely abused by spammers already, but registry manager Directi said it’s enforcing a “zero tolerance” policy.
Anti-spam software makers and users have over the last week reported a “massive” increase in email spam from .pw domain names.
Security giant Symantec reports that .pw jumped to #4 in its rankings of TLDs used in spammed URLs in the week ending April 26.
Anti-spam vendor Fort even recommended its customers block the entire TLD at their mail gateways, blogging:
Since we have yet to see a legitimate piece of mail for the .pw domain but have recently seen massive amounts of spam from this domain, we are recommending that you block mail form this domain as soon as practical.
Anti-spam mailing lists have been full of people complaining about .pw spam, according to spam expert John Levine.
Our own TLD Health Check ranks .pw at #19 in abusive domains (which tracks phishing and malware domains rather than spam) for May, having not ranked it at all before April.
But Sandeep Ramchandani, head of Directi’s .PW Registry unit, told DI that the company has deactivated 4,000 too 5,000 .pw domains for breaching its anti-abuse policy.
He said that a single registrar was responsible for the majority of the abusive names, and that the registrar in question has had its discount revoked, resulting in newly registered domains from it going down to “almost nothing”.
“If you remove that registrar, the percentage of abusive names to non-abusive names is not alarming at all,” Ramchandani said.
He said the company has a “zero tolerance” approach to spam. It’s been communicating with many of its critics to let them know it’s on the case.
He noted that it’s not surprising that people are seeing more bad traffic from .pw than good — spammers tend to start using their domains immediately, whereas legitimate registrants take a bit longer.
Directi, which reported 50,000 names registered in the first three weeks of general availability last week, is now up to 100,000 names.
Many of the names were registered via the same aforementioned registrar, so more are likely to be turned off, Ramchandani said.
.pw is the ccTLD for Palau, but Directi brands it as “Professional Web”. It’s going for the budget end of the market, selling domains for less than .com prices even if you exclude discounts.
Afilias blames security crackdown for massive drop in .info domains
Afilias says a new anti-abuse policy is responsible for .info losing almost a million domains in 2012.
The .info space ended the year down 914,310 domains, an 11% decline on 2011, the biggest gTLD shrinkage in actual domain terms and second only to .tel in percentage terms, according to DI’s TLD Health Check.
The TLD ended the year with 7,402,557 domains under management, still the runaway leader of “new” gTLDs in terms of total domains.
An Afilias spokesperson blamed the DUM decline on a crackdown on abusive domain use, which impacted sales. He said in a statement:
To fight the growing scourges of spam, phishing and other Internet problems, .INFO established an industry-leading anti-abuse policy and began aggressively working with its registrar partners to take down any and all sites that violated the policy, regardless of the sales impact. This approach reinforces .INFOs strong foundation of great sites and enhances the reputation of .INFO as the ‘home of information on the Web’.
Historically, .info was favored by bad actors due to the low cost of registrations. At some points over the last ten years, it’s even been possible to register a .info domain for free.
Afilias’ crackdown affected .pro too, as then-president Karim Jiwani told us in January, but .pro managed to double in size anyway, due to new registrar partners and lower prices.
Of the 18 gTLDs tracked by TLD Health Check, only .name, .tel and .travel also suffered significant declines in domains under management in 2012.
Donuts signs up to Architelos anti-abuse service
Architelos has a secured its first major customer win for the NameSentry anti-abuse service that it launched back in August.
Donuts, the highest-volume portfolio gTLD applicant, has signed up for the service, according to the companies.
For Donuts, which is probably the applicant that makes opponents of new gTLDs the most nervous, it’s another chance to show that it’s serious about operating clean zones.
For Architelos, it’s a pretty significant endorsement of its new technology.
The NameSentry service aggregates abuse data from multiple third-party malware, spam and phising lists and presents it in a way that makes it easier for registries shut down bad behavior.
Architelos launches new gTLD anti-abuse tool
Architelos, having consulted on about 50 new gTLD applications, has refocused on its longer-term software-based game plan with the recent launch of a new anti-abuse tool for registries.
NameSentry is a software-as-a-service offering, currently being trialed by an undisclosed number of potential customers, designed to make it easier to track abusive domains.
Architelos gave us a demo of the web site yesterday.
The service integrates real-time data feeds from up to nine third-party blocklists – such as SURBL and SpamHaus – into one interface, enabling users to see how many domains in their TLD are flagged as abusive.
Users can then drill down to see why each domain has been flagged – whether it’s spamming, phishing, hosting malware, etc – and, with built-in Whois, which registrar is responsible for it.
There’s also the ability to generate custom abuse reports on the fly and to automate the sending of takedown notices to registrars.
CEO Alexa Raad and CTO Michael Young said the service can help streamline the abuse management workflow at TLD registries.
Currently, Architelos is targeting mainly ccTLDs – there’s more of them – but before too long it expects start signing new gTLD registries as they start coming online.
With many new gTLD applicants promising cleaner-than-clean zones, and with governments leaning on their ccTLDs in some countries, there could be some demand for services such as this.
NameSentry is priced on a subscription basis, based on the size of the TLD zone.
VeriSign yanks domain seizure power request
That was quick.
VeriSign has withdrawn its request for new powers to delete domain names being used for abusive purposes, just a few days after filing it with ICANN.
The company had proposed a policy that would give law enforcement the ability to seize .com and .net names apparently without a court order, and a new malware scanning service.
The former came in for immediate criticism from groups including the American Civil Liberties Union and the Electronic Frontier Foundation, while the latter appeared to have unnerved some registrars.
But now both proposals have been yanked from ICANN’s Registry Services Evaluation Process queue.
This is not without precedent. Last year, VeriSign filed for and then withdrew requests to auction off one-letter .net names and a “Domain Name Exchange” service that looked a bit like domain tasting.
Both came in for criticism, and have not reappeared.
Whether the latest abuse proposals will make a reappearance after VeriSign has had time to work out some of the more controversial kinks remains to be seen.
Registrars not happy with VeriSign abuse plans
VeriSign has been talking quietly to domain name registrars about its newly revealed anti-abuse policies for several months, but some are still not happy about its plans for .com malware scans.
The company yesterday revealed a two-pronged attack on domain name abuse, designed to counteract a perception that .com is not as secure a space as it should be.
One prong, dealing with law enforcement requests to seize domains, I covered yesterday. It’s already received criticism from the Electronic Frontier Foundation and American Civil Liberties Union.
The other is an attempt to introduce automatic malware scanning into the .com, .net and .name spaces, rather like ICM Registry has said it will do with all .xxx domains.
Unlike the daily ICM/McAfee service, VeriSign’s free scans will be quarterly, but the company intends to also offer a paid-for upgrade that would search domains for malware more frequently.
On the face of it, it doesn’t seem like a bad idea.
But some registrars are worried about the fading line between registrars, which today “own” the customer relationship, and the registries, which for the most part are hidden away in the cloud.
Go Daddy director of network abuse Ben Butler, asked about both of yesterday’s VeriSign proposals, said in a statement that they have “some merit”, but sounded several notes of caution:
This is going to make all registrars responsible for remediation efforts and negative customer-service clean up. The registrar at this point becomes the “middle man,” dealing with customers whose livelihood is being negatively impacted. As mentioned in their report, the majority of sites infected with malware were not created by the “bad guys.”
While there is an appeal process mentioned, it could take some time to get issues resolved, potentially leaving a customer’s website down for an extended period.
This could also create a dangerous situation, allowing registries to gain further control over registrars’ operations – as registrars have the relationship with the registrant, the registrar should be responsible for enforcing policies and facilitating remediation.
It has also emerged that VeriSign unilaterally introduced the malware scanning service as a mandatory feature of .cc and .tv domains – which are not regulated by ICANN – earlier this year.
The changes appear to have been introduced without fanfare, but are clearly reflected in today’s .tv registration policies, which are likely to form the basis of the .com policies.
Some registrars weren’t happy about that either.
Six European registrars wrote to VeriSign last month to complain that they were “extremely displeased” with the way the scanning service was introduced. They told VeriSign:
These changes mark the beginning of a substantive shift in the roles of registries regarding the monitoring and controlling of content and may lead to an increase of responsibility and liability of registries and registrars for content hosted elsewhere. As domain name registrars, we hold the position that the responsibilities for hosted content and the registration of a domain name are substantially different, and this view has been upheld in European court decisions numerous times. In this case, Verisign is assuming an up-front responsibility that surpasses even the responsibilities of a web hoster, and therefore opens the door to added responsibilities and legal liability for any form of abuse.
…
In the end, the registrar community will have to face the registrant backlash and criticism, waste countless hours of support time to explain this policy to the registrants and again every time they notice downtimes or loss of performance. These changes are entirely for the benefit of Verisign, but the costs are delegated to the registrants, the registrars and the hosting service providers.
The registrars were concerned that scanning could cause hosting performance hits, but VeriSign says the quarterly scan uses a virtual browser and is roughly equivalent to a single user visit.
They were also worried that the scans, which would presumably ignore robots.txt prohibitions on spidering, would be “intrusive” enough to potentially violate European Union data privacy laws.
VeriSign now plans to give all registrars an opt-out, which could enable them to avoid this problem.
It looks like VeriSign’s plans to amend the Registry-Registrar Agreement are heading for ICANN-overseen talks, so registrars may just be digging into a negotiating position, of course.
But it’s clear that there is some unease in the industry about the blurring of the lines between registries and registrars, which is only likely to increase as new gTLDs are introduced.
In the era of new gTLDs, and the liberalization of ICANN’s vertical integration prohibitions, we’re likely to see more registries having hands-on relationships with customers.
.xxx introduces the 48-hour UDRP
The forthcoming .xxx top-level domain will have some of the strictest abuse policies yet, including a super-fast alternative to the UDRP for cybersquatting cases.
With ICM Registry likely to sign its registry contract with ICANN soon, I thought I’d take another look at some of its planned policies.
I’d almost forgotten how tight they were.
Don’t expect much privacy
ICM plans to verify your identity before you register a .xxx domain.
While the details of how this will be carried out have not yet been revealed, I expect the company to turn to third-party sources to verify that the details entered into the Whois match a real person.
Registrants will also have to verify their email addresses and have their IP addresses recorded.
Whois privacy/proxy services offered by registrars will have to be pre-approved by ICM, “limited to services that have demonstrated responsible and responsive business practices”.
Registrants using such services will still have their full verified details stored by the registry, in contrast to TLDs such as .com, where the true identity of a registrant is only known to the proxy service.
None of these measures are foolproof, of course, but they would raise barriers to cybersquatting not found in other TLDs.
Really rapid suspension
The .xxx domain will of course abide by the UDRP when it comes to cybersquatting complaints, but it is planning another, far more Draconian suspension policy called Rapid Takedown.
Noting that “the majority of UDRP cases involve obvious variants of well-known trademarks”, ICM says it “does not believe that the clearest cases of abusive domain registration require the expense and time involved in traditional UDRP filings.”
The Rapid Takedown policy is modeled on the Digital Millennium Copyright Act. Trademark holders will be able to make a cybersquatting complaint and have it heard within 48 hours.
Complaints will comprise a “simple statement of a claim involving a well-known or otherwise inherently distinctive mark and a domain name for which no conceivable good faith basis exists”.
A “response team” of UDRP panelists will decide on that basis whether to suspend the domain, although it does not appear that ownership will be transferred as a result.
X strikes and you’re out
ICM plans to disqualify repeat cybersquatters from holding any .xxx domains, whether all their domains infringe trademarks or not.
The policy is not fully fleshed out, so it’s not yet clear how many infringing domains you’d have to own before you lose your .xxx privileges.
High-volume domain investors would therefore be advised to make sure they have clean portfolios, or risk losing their whole investment.
Gaming restrictions
ICM plans to allow IP rights holders to buy long-term, deep-discount registrations for non-resolving .xxx domains. As I’ve written before, Disney doesn’t necessarily want disney.xxx to point anywhere.
That would obviously appeal to volume speculators who don’t fancy the $60-a-year registry fee, so the company plans to create a policy stating that non-resolving domains will not be able to convert to normal domains.
There’s also going to be something called the Charter Eligibility Dispute Resolution Process, which which “will be available to challenge any resolving registration to an entity that is not qualified to register a resolving name in the .xxx TLD”.
This seems to suggest that somebody (think: a well-funded church) who does not identify as a member of the porn industry would be at risk of losing their .xxx domains.
The CEDRP, like most of the abuse policies the registry is planning, has not yet been fully fleshed out.
I’m told ICM is working on that at the moment. In the meantime, its policy plans are outlined in this PDF.
Recent Comments