Latest news of the domain name industry

Recent Posts

ICANN gunning for Tencent over abuse claims

Kevin Murphy, September 23, 2024, Domain Registrars

ICANN Compliance is taking on one of the world’s largest technology companies over claims that a registrar it owns turns a blind eye to DNS abuse and phishing.

The Org has published a breach of contract notice against a Singapore registrar called Aceville Pte Ltd, which does business as DNSPod and is owned by and shares its headquarters with $86-billion-a-year Chinese tech conglomerate Tencent.

ICANN says that DNSPod essentially has turned a blind eye to recent abuse reports, allowing phishing sites to stay online long after they were reported, and makes life difficult for people trying to report abuse.

It also has failed to upgrade from the Whois protocol to RDAP and failed to migrate its registration data escrow service provider from NCC to DENIC, according to the notice.

According to ICANN, DNSPod received abuse reports about several domains in July and August but failed to take action at all or until ICANN itself got in touch to investigate. Compliance wants to know why.

ICANN adds that the registrar seems to be requiring reporters to create user accounts and use a web form to submit their reports, even after they’ve already used the abuse@ email address.

Stricter rules on DNS abuse came into force on registrars this April. They’re now required to take action on abuse reports.

“Aceville does not appear to have a process in place to promptly, comprehensively, and reasonably investigate and act on reports of DNS Abuse,” the notice reads.

ICANN has given DNSPod until October 11 to answer its questions or risk escalation.

While DNSPod says it has been around for 17 years, it only received its ICANN accreditation in 2020. Since then, it’s grown to almost 200,000 domains under management in gTLDs.

It’s primarily a DNS resolution service provider, saying it hosts over 20 million domains, and does not appear to operate as a retail registrar in the usual sense.

Owner Tencent may not be a household name in the Anglophone world, but it’s the company behind some of China’s leading social media brands, including QQ and WeChat, as well as a formidable force in gaming and one of the world’s richest companies in any sector.

It’s the second huge Chinese tech firm to find itself publicly shamed by ICANN in recent months. Compliance went after Tencent’s primary competitor, Alibaba, on similar grounds in March. Alibaba has since resolved the complaints.

Chinese registrars back in trouble after porn UDRP suspension

Kevin Murphy, September 5, 2024, Domain Registrars

A collection of six registrars in the XZ.com stable are back on the ICANN naughty step, facing more Compliance action just a couple of years after a sister company was suspended over UDRP failures.

ICANN has published breach notices against DotMedia and five other registrars under common ownership, claiming that they are failing to send their registration data to the correct escrow provider.

Since last year, registrars have been obliged to escrow their data to DENIC, which replaced NCC Group as ICANN’s sole provider. Escrow is important as it helps make sure registrants keep their domains if a registrar goes out of business.

The six DotMedia registrars have failed to make this transition despite months of hand-holding from ICANN, according to the breach notices. Compliance has been on their case since at least April.

The registrars are among 20 that appear to be under common management, almost all based in Hong Kong and using xz.com as their primary storefront, and it’s not clear why only six accreditations have been found in breach.

The whole group appears to be on the skids in terms of registration volume. The main accreditation, US-registered MAFF Inc, once had around 600,000 gTLD names under management, but that’s down to around 60,000 in the latest registry reports. The others have a few thousand each, having suffered similar percentage declines.

Another member of the group, ThreadAgent.com, was actually suspended for months in 2022 after it failed to transfer two domains lost in cybersquatting complaints under the UDRP to BMW and Lockheed Martin.

The six registrars have until September 25 to come back in compliance or face further action.

ICANN to terminate five new gTLDs

Kevin Murphy, August 6, 2024, Domain Registries

ICANN is set to terminate the registry contracts for five new gTLDs run by an apparent deadbeat registry.

Asia Green IT System’s agreements for .pars, .shia, .tci, .nowruz and .همراه (.xn--mgbt3dhd) have all been “Escalated to Termination Process” following a July breach notice, according to ICANN’s web site.

The first stage of the termination is mediation, which can be followed by arbitration before the contracts, which were all due to expire next month anyway, finally get torn up.

The escalation was not unexpected. All five gTLDs were migrated to the Emergency Back-End Registry Operator program last month after critical systems failed to function within the contractual requirements.

It is believed that the TLDs stopped functioning properly after AGIT failed to pay its back-end provider. It also allegedly failed to pay its ICANN fees.

The gTLDs in question for the most part were not used. The Iranian new-year-themed .nowruz had a handful of third-party registrations but the others never launched in the decade AGIT was contracted to run them.

.tci is an interesting case, a planned dot-brand that AGIT had intended to operate on behalf of the Telecommunication Company of Iran, the country’s incumbent telco.

First registry gets breach notice over new abuse rules

.TOP Registry allegedly ignored reports about phishing attacks and has become the first ICANN contracted party to get put on the naughty step over DNS abuse rules that came into effect a few months ago.

ICANN has issued a public breach notice claiming that the registry, which runs .top, has also been ignoring the results of Uniform Rapid Suspension cases, enabling cybersquatting to take place.

The notice says that .TOP breached new rules, which came into effect April 5, that require it to act on reports of DNS abuse (such as malware or phishing attacks) by suspending the domains or referring them to the responsible registrar.

The registry didn’t do this with respect to a report of April 18, concerning “multiple .top domain names allegedly used to conduct phishing attacks”. It didn’t even read the report until contacted by ICANN, according to the notice.

As of yesterday, only 33% of the phishing domains have been suspended by their registrars, some three months after the attacks were reported, ICANN says.

Compliance is also concerned that .TOP seems to be ignoring notices from Forum, the company that processes URS cases, requiring domains to be locked within 24 hours when they’ve been hit with a charge of cybersquatting.

The registry “blatantly and repeatedly violated” these rules, according to ICANN.

.TOP has been given until August 15 to get its act together or risk having its Registry Agreement suspended or terminated.

The registry has about three million .top domains under management, having long been one of the most successful new gTLDs of the 2012 round in volume terms. It typically sells domains very cheaply, which of course attracts bad actors.

Five gTLDs at risk as registry goes AWOL

The chance of five new gTLDs themed around the Middle East ever going live has substantially decreased after the registry seemed to disappear and got hit by a third ICANN breach notice.

The registry is Istanbul-based Asia Green IT System, which goes by AGIT or AgitSys, and the five gTLDs are .nowruz (Iranian New Year), .pars (refers to Persia/Iran), .shia (a branch of Islam), .tci (an outsourced dot-brand for the Telecommunication Company of Iran) and .همراه (.xn--mgbt3dhd, means “comrade” in Persian).

According to ICANN, the company is failing to provide Whois, data escrow and has not filed its monthly transaction reports since February. It is also past due with its ICANN fees, according to the breach notice.

The turnaround for the breach notice was incredibly fast. ICANN appears to have noticed that the Whois failures met the “RDAP-RDDS emergency threshold” — which is 24 hours of downtime in a single week — on Friday, called the registry the same day, and issued the breach notice on Monday.

The technical breaches may or may not be related to the fact that the company appears to have disappeared from the internet. None of its NIC sites resolve for me today, and its agitsys.com company web site returns a 404.

These things were also true in 2019, when AGIT received its first breach notice, which was later resolved. It received a second notice a year ago, which it also later resolved.

Only .nowruz, the only one of the five to launch, appears to have any third-party registrations in its zone file, counting in the single figures and all apparently defensive. I could get one of them to resolve, so the DNS appears to be functional.

AGIT used CoCCA as its back-end. CoCCA said that it terminated its contract with AGIT after a “breach” earlier this year and has been turning off features ever since.

RDAP, WHOIS, Reporting and Escrow deposits have been disabled by CoCCA incrementally.

ICANN has given AGIT until the end of the month to come back into compliance or risk having its contracts terminated.

This article was updated July 8 with comment from CoCCA.

Alibaba hit with ICANN breach notice

One of the companies in the Alibaba Group, China’s biggest registrar and one of the largest technology companies in the world, has been handed a breach notice, containing a long list of complaints including abuse failures and non-payment of fees, by ICANN Compliance.

Alibaba.com Singapore E-Commerce, one of Alibaba’s four accredited registrars, failed to respond to abuse reports and failed to respond to ICANN’s requests for information about its failure to respond to abuse reports, the notice claims.

The breach notice will likely to be the last to be sent out for claims under the current version of the Registrar Accreditation Agreement. In two days, April 5, stricter domain takedown rules approved earlier this year will become effective on all registrars.

The abuse claims seem to cover four domains in .com and .vip that look like typos that could have been used in phishing attacks.

ICANN Compliance says that Alibaba also hasn’t published the names of its officers or its redemption fees, as the RAA also requires. It says the registrar also owes it an unspecified amount of past-due fees.

The chronologies reported in the notice claim Alibaba has been giving Compliance the run-around, failing to respond to calls and emails, since early November.

All four registrars in the Alibaba Group have the same published email and phone details, but it’s not clear whether the same ones are listed in ICANN’s internal directory.

Alibaba.com Singapore is one of four accredited registrars owned by Alibaba, the Chinese e-commerce giant. The parent is not short of a bob or two, reporting revenue equivalent to $126 billion last year. It can afford to pay its ICANN fees.

Of the three Alibaba registrars that have domains the “Singapore” one is the smallest, with about 660,000 domains under management. The other two have 3.2 million and 2.6 million domains to their accreditations.

The company has been told it has until April 17 to come back into compliance or risk getting terminated.

Freenom spanked for holding Olympics domain hostage

Kevin Murphy, October 17, 2023, Domain Registrars

Freenom has been hit by its third ICANN contract-breach notice in under a month, this time because the organizers of the 2024 Paris Olympics could not transfer a domain out to another registrar.

The registrar, formally OpenTLD, failed to take off the ClientTransferProhibited status from the domain club2024.tickets, preventing the registrant from transferring it, ICANN claims.

Digging through my database and Whois records, it looks like the organizing committee of Paris 2024 used Freenom to defensively register 10 .tickets domain names related to its Le Club Paris 2024 marketing initiative in July 2020.

They were the only .tickets domains Freenon has ever sold.

When they came up for renewal last year, the Paris committee instead transferred nine of them out to local registrar Gandi, where they remain. The 10th domain was not transferred for some reason.

ICANN says Freenom is in violation of the Transfer Policy by failing to unlock the domain without a good reason. Additionally, the domain doesn’t show up in Whois queries on Freenom’s web site, despite still being in the zone file.

Compliance has given the registrar until November 7 to come back into compliance or risk losing its accreditation.

Freenom is already working under two active breach notices, which ICANN said it has not yet responded to. The deadline on the earlier, September 20 notice has already passed, so ICANN could escalate any day.

Freenom gets yet another ICANN breach notice

Kevin Murphy, October 6, 2023, Domain Registrars

ICANN Compliance is really up in Freenom’s face now, filing yet another contract-breach notice against its registrar arm barely a week after the last one.

The September 29 notice adds three new tickets to the 12 in the September 20 notice I wrote about last month. It’s the sixth notice OpenTLD has received since 2015.

The cases are similar to those in the previous missive. ICANN wants proof that the registrar has been complying with the Transfer Policy and the Expired Registration Recovery Policy.

It seems some Freenom customers have had difficulty transferring their names out of the company’s control, and have been unable to restore their domains after accidentally allowing them to expire.

It still also owes ICANN past-due fees, the notice reiterates.

The notice covers complaints from June and July. The company has until October 20 to comply or risk losing its accreditation. The claims in the earlier notice give it until October 11.

Freenom is the company that runs a dwindling collection of free-to-register ccTLDs, notably .tk. It has not allowed registrations on its site all year, blaming technical issues. It’s also being sued by Facebook owner Meta over alleged cybersquatting.

Ancient registrar gets ICANN breach notice over UDRP

Kevin Murphy, September 25, 2023, Domain Registrars

A thirty-year-old registrar — practically prehistoric by internet standards — has been hit with an ICANN breach notice after apparently failing to transfer a domain lost in a UDRP and not paying its fees.

ICANN has told Texas-based GKG.net that it failed to implement a July UDRP decision (pdf) over the domain top-rx-market.com, which was won by generic pharmaceuticals firm TopRX.

That domain is using GKG’s Whois privacy service and suspended-domains.net as its name servers but still resolves to an active pharma storefront from where I’m sitting. The UDRP says the domain was registered to a Russian, who did not respond to the UDRP.

While the UDRP-related alleged breach is pretty recent, it looks like ICANN has been chasing GKG for a couple of years.

Compliance first notified the registrar that it was past due on its quarterly fees back in February 2022.

Since March, it also has been looking at alleged failures to handle abuse reports for pharma-related domains including canadianpharmstore.net, usapharmacymall.com, good-pills.com, and 1-pharm.com, which all resolve to the same discount medicines site.

ICANN says all of its attempts to call, email and fax GKG have fallen on deaf ears.

GKG isn’t tiny. It had over 83,000 gTLD domains under management in May, though it appears to have been shrinking by hundreds of domains per month for over a decade.

The company was accredited by ICANN with IANA number 93, which means it’s among the first wave of registrars accredited over two decades ago — it’s older than GoDaddy.

GKG has until October 13 to clean up its act or face suspension and termination.

Freenom hit by FIFTH ICANN action after litany of screw-ups

Kevin Murphy, September 21, 2023, Domain Registrars

Is time up for Freenom? After being sued by Facebook and losing its contracts to operate ccTLDs for at least two countries, now it also has ICANN Compliance to deal with.

Its registrar arm, Netherlands-based OpenTLD, has been hit with a lengthy ICANN breach notice that alleges the company failed to allow its customers to renew and/or transfer their domains, in violation of the registrar contract.

It’s the fifth time OpenTLD has been targeted by Compliance, following breach notices in 2020, 2017 and 2015 and a notice of suspension later in 2015. ICANN says this notice is for the same sorts of failures as in 2020 and 2017.

The latest notice covers a dozen separate cases, probably the largest number in a single breach notice to date. Some of them ICANN has been investigating as far back as January 2022.

The notice says that OpenTLD failed to allow some registrants of expired domains to recover their names under the Expired Registration Recovery Policy and that some registrants were not provided with the AuthInfo codes they need to transfer their domains to other registrars upon request, which registrars have to do under the Transfer Policy.

It goes on to describe a situation where the registrar habitually did not respond to Compliance’s calls, emails or faxes.

OpenTLD apparently has not filed its 2022 Compliance Certificate with ICANN either, which it was supposed to do before January 20 this year.

The company had almost 19,000 gTLD domain names under management at the end of May, down from a 2019 peak of almost 45,000, but it’s probably better known for being Freenom, the registry behind .ml, .ga, .cf, .gq and .tk.

Domains in these five ccTLDs — mostly representing West African nations suffering under military dictatorships or civil war — were offered for free and monetized by the registry upon expiration or suspension.

But Freenom has not offered new regs in these TLD since the start of the year. Its web site blames technical problems, but it’s widely believed to be a result of the cyberquatting lawsuit filed by Facebook owner Meta in late 2022.

Mali and Gabon, of .ml and .ga, have since severed ties with Freenom. It turned out .ga had seven million domains in its zone, most of which presumably belonged to the registry.

OpenTLD has until October 11 to give ICANN evidence that it followed policy with the renewals or transfers of dozens of names domains or risk losing its accreditation.