Recent Posts
- Domain world growth despite .com slide
- Verisign predicts more gloom as registrars shun .com growth
- Republicans quiz NTIA on Verisign .com renewal
- Smaller, more intense ICANN meetings with no free cocktails?
- Private auctions to be banned in next new gTLD round
- .au prices going up
- Nominet names director hopefuls
- Crowdstrike screw-up took down ICANN’s email
- We grassed up .TOP, says free abuse outfit
- ICANN to earmark $10 million for new gTLD subsidies
- TV network rebrands on single-letter domain
- First registry gets breach notice over new abuse rules
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
First registry gets breach notice over new abuse rules
.TOP Registry allegedly ignored reports about phishing attacks and has become the first ICANN contracted party to get put on the naughty step over DNS abuse rules that came into effect a few months ago.
ICANN has issued a public breach notice claiming that the registry, which runs .top, has also been ignoring the results of Uniform Rapid Suspension cases, enabling cybersquatting to take place.
The notice says that .TOP breached new rules, which came into effect April 5, that require it to act on reports of DNS abuse (such as malware or phishing attacks) by suspending the domains or referring them to the responsible registrar.
The registry didn’t do this with respect to a report of April 18, concerning “multiple .top domain names allegedly used to conduct phishing attacks”. It didn’t even read the report until contacted by ICANN, according to the notice.
As of yesterday, only 33% of the phishing domains have been suspended by their registrars, some three months after the attacks were reported, ICANN says.
Compliance is also concerned that .TOP seems to be ignoring notices from Forum, the company that processes URS cases, requiring domains to be locked within 24 hours when they’ve been hit with a charge of cybersquatting.
The registry “blatantly and repeatedly violated” these rules, according to ICANN.
.TOP has been given until August 15 to get its act together or risk having its Registry Agreement suspended or terminated.
The registry has about three million .top domains under management, having long been one of the most successful new gTLDs of the 2012 round in volume terms. It typically sells domains very cheaply, which of course attracts bad actors.
Five gTLDs at risk as registry goes AWOL
The chance of five new gTLDs themed around the Middle East ever going live has substantially decreased after the registry seemed to disappear and got hit by a third ICANN breach notice.
The registry is Istanbul-based Asia Green IT System, which goes by AGIT or AgitSys, and the five gTLDs are .nowruz (Iranian New Year), .pars (refers to Persia/Iran), .shia (a branch of Islam), .tci (an outsourced dot-brand for the Telecommunication Company of Iran) and .همراه (.xn--mgbt3dhd, means “comrade” in Persian).
According to ICANN, the company is failing to provide Whois, data escrow and has not filed its monthly transaction reports since February. It is also past due with its ICANN fees, according to the breach notice.
The turnaround for the breach notice was incredibly fast. ICANN appears to have noticed that the Whois failures met the “RDAP-RDDS emergency threshold” — which is 24 hours of downtime in a single week — on Friday, called the registry the same day, and issued the breach notice on Monday.
The technical breaches may or may not be related to the fact that the company appears to have disappeared from the internet. None of its NIC sites resolve for me today, and its agitsys.com company web site returns a 404.
These things were also true in 2019, when AGIT received its first breach notice, which was later resolved. It received a second notice a year ago, which it also later resolved.
Only .nowruz, the only one of the five to launch, appears to have any third-party registrations in its zone file, counting in the single figures and all apparently defensive. I could get one of them to resolve, so the DNS appears to be functional.
AGIT used CoCCA as its back-end. CoCCA said that it terminated its contract with AGIT after a “breach” earlier this year and has been turning off features ever since.
RDAP, WHOIS, Reporting and Escrow deposits have been disabled by CoCCA incrementally.
ICANN has given AGIT until the end of the month to come back into compliance or risk having its contracts terminated.
This article was updated July 8 with comment from CoCCA.
Alibaba hit with ICANN breach notice
One of the companies in the Alibaba Group, China’s biggest registrar and one of the largest technology companies in the world, has been handed a breach notice, containing a long list of complaints including abuse failures and non-payment of fees, by ICANN Compliance.
Alibaba.com Singapore E-Commerce, one of Alibaba’s four accredited registrars, failed to respond to abuse reports and failed to respond to ICANN’s requests for information about its failure to respond to abuse reports, the notice claims.
The breach notice will likely to be the last to be sent out for claims under the current version of the Registrar Accreditation Agreement. In two days, April 5, stricter domain takedown rules approved earlier this year will become effective on all registrars.
The abuse claims seem to cover four domains in .com and .vip that look like typos that could have been used in phishing attacks.
ICANN Compliance says that Alibaba also hasn’t published the names of its officers or its redemption fees, as the RAA also requires. It says the registrar also owes it an unspecified amount of past-due fees.
The chronologies reported in the notice claim Alibaba has been giving Compliance the run-around, failing to respond to calls and emails, since early November.
All four registrars in the Alibaba Group have the same published email and phone details, but it’s not clear whether the same ones are listed in ICANN’s internal directory.
Alibaba.com Singapore is one of four accredited registrars owned by Alibaba, the Chinese e-commerce giant. The parent is not short of a bob or two, reporting revenue equivalent to $126 billion last year. It can afford to pay its ICANN fees.
Of the three Alibaba registrars that have domains the “Singapore” one is the smallest, with about 660,000 domains under management. The other two have 3.2 million and 2.6 million domains to their accreditations.
The company has been told it has until April 17 to come back into compliance or risk getting terminated.
Freenom spanked for holding Olympics domain hostage
Freenom has been hit by its third ICANN contract-breach notice in under a month, this time because the organizers of the 2024 Paris Olympics could not transfer a domain out to another registrar.
The registrar, formally OpenTLD, failed to take off the ClientTransferProhibited status from the domain club2024.tickets, preventing the registrant from transferring it, ICANN claims.
Digging through my database and Whois records, it looks like the organizing committee of Paris 2024 used Freenom to defensively register 10 .tickets domain names related to its Le Club Paris 2024 marketing initiative in July 2020.
They were the only .tickets domains Freenon has ever sold.
When they came up for renewal last year, the Paris committee instead transferred nine of them out to local registrar Gandi, where they remain. The 10th domain was not transferred for some reason.
ICANN says Freenom is in violation of the Transfer Policy by failing to unlock the domain without a good reason. Additionally, the domain doesn’t show up in Whois queries on Freenom’s web site, despite still being in the zone file.
Compliance has given the registrar until November 7 to come back into compliance or risk losing its accreditation.
Freenom is already working under two active breach notices, which ICANN said it has not yet responded to. The deadline on the earlier, September 20 notice has already passed, so ICANN could escalate any day.
Freenom gets yet another ICANN breach notice
ICANN Compliance is really up in Freenom’s face now, filing yet another contract-breach notice against its registrar arm barely a week after the last one.
The September 29 notice adds three new tickets to the 12 in the September 20 notice I wrote about last month. It’s the sixth notice OpenTLD has received since 2015.
The cases are similar to those in the previous missive. ICANN wants proof that the registrar has been complying with the Transfer Policy and the Expired Registration Recovery Policy.
It seems some Freenom customers have had difficulty transferring their names out of the company’s control, and have been unable to restore their domains after accidentally allowing them to expire.
It still also owes ICANN past-due fees, the notice reiterates.
The notice covers complaints from June and July. The company has until October 20 to comply or risk losing its accreditation. The claims in the earlier notice give it until October 11.
Freenom is the company that runs a dwindling collection of free-to-register ccTLDs, notably .tk. It has not allowed registrations on its site all year, blaming technical issues. It’s also being sued by Facebook owner Meta over alleged cybersquatting.
Ancient registrar gets ICANN breach notice over UDRP
A thirty-year-old registrar — practically prehistoric by internet standards — has been hit with an ICANN breach notice after apparently failing to transfer a domain lost in a UDRP and not paying its fees.
ICANN has told Texas-based GKG.net that it failed to implement a July UDRP decision (pdf) over the domain top-rx-market.com, which was won by generic pharmaceuticals firm TopRX.
That domain is using GKG’s Whois privacy service and suspended-domains.net as its name servers but still resolves to an active pharma storefront from where I’m sitting. The UDRP says the domain was registered to a Russian, who did not respond to the UDRP.
While the UDRP-related alleged breach is pretty recent, it looks like ICANN has been chasing GKG for a couple of years.
Compliance first notified the registrar that it was past due on its quarterly fees back in February 2022.
Since March, it also has been looking at alleged failures to handle abuse reports for pharma-related domains including canadianpharmstore.net, usapharmacymall.com, good-pills.com, and 1-pharm.com, which all resolve to the same discount medicines site.
ICANN says all of its attempts to call, email and fax GKG have fallen on deaf ears.
GKG isn’t tiny. It had over 83,000 gTLD domains under management in May, though it appears to have been shrinking by hundreds of domains per month for over a decade.
The company was accredited by ICANN with IANA number 93, which means it’s among the first wave of registrars accredited over two decades ago — it’s older than GoDaddy.
GKG has until October 13 to clean up its act or face suspension and termination.
Freenom hit by FIFTH ICANN action after litany of screw-ups
Is time up for Freenom? After being sued by Facebook and losing its contracts to operate ccTLDs for at least two countries, now it also has ICANN Compliance to deal with.
Its registrar arm, Netherlands-based OpenTLD, has been hit with a lengthy ICANN breach notice that alleges the company failed to allow its customers to renew and/or transfer their domains, in violation of the registrar contract.
It’s the fifth time OpenTLD has been targeted by Compliance, following breach notices in 2020, 2017 and 2015 and a notice of suspension later in 2015. ICANN says this notice is for the same sorts of failures as in 2020 and 2017.
The latest notice covers a dozen separate cases, probably the largest number in a single breach notice to date. Some of them ICANN has been investigating as far back as January 2022.
The notice says that OpenTLD failed to allow some registrants of expired domains to recover their names under the Expired Registration Recovery Policy and that some registrants were not provided with the AuthInfo codes they need to transfer their domains to other registrars upon request, which registrars have to do under the Transfer Policy.
It goes on to describe a situation where the registrar habitually did not respond to Compliance’s calls, emails or faxes.
OpenTLD apparently has not filed its 2022 Compliance Certificate with ICANN either, which it was supposed to do before January 20 this year.
The company had almost 19,000 gTLD domain names under management at the end of May, down from a 2019 peak of almost 45,000, but it’s probably better known for being Freenom, the registry behind .ml, .ga, .cf, .gq and .tk.
Domains in these five ccTLDs — mostly representing West African nations suffering under military dictatorships or civil war — were offered for free and monetized by the registry upon expiration or suspension.
But Freenom has not offered new regs in these TLD since the start of the year. Its web site blames technical problems, but it’s widely believed to be a result of the cyberquatting lawsuit filed by Facebook owner Meta in late 2022.
Mali and Gabon, of .ml and .ga, have since severed ties with Freenom. It turned out .ga had seven million domains in its zone, most of which presumably belonged to the registry.
OpenTLD has until October 11 to give ICANN evidence that it followed policy with the renewals or transfers of dozens of names domains or risk losing its accreditation.
New gTLD registry gets second ICANN breach notice
A new gTLD registry has become the second to receive a second ICANN breach notice from ICANN.
Asia Green IT System, based in Turkey, hasn’t been paying its fees on four of its TLDs, ICANN says in its notice, and isn’t displaying Whois data in the required format.
The gTLDs concerned are .nowruz (Iranian New Year), .pars (refers to Persia/Iran), .shia (a branch of Islam), and .همراه (.xn--mgbt3dhd, appears to mean something like “comrade” in Persian).
ICANN has given the company until July 5 to pay up or risk having its contracts terminated.
No domains would be at risk if that were to happen — none of the four TLDs has launched. Each has a single domain in its zone file, despite being in the root for several years.
Asia Green was hit with a similar notice in 2019, which it ultimately resolved.
Another registrar seemingly vanishes
An accredited registrar appears to have gone bust after its parent company failed.
ICANN has sent a breach notice to Nimzo 98, which while registered as an LLC in the US appears to be Indian-operated, saying the company has not paid its fees and the Compliance folk haven’t been able to reach management since December.
The notice also complains that the company isn’t providing a Whois service as required, which may be a polite way of saying that the entire web site is down — it’s not resolving properly for me.
Digging into the data a little, it seems Nimzo was the in-house registrar of a company called Houm that, according to its press releases, was operating some kind of privacy-oriented social network slash cloud storage service.
Part of Houm’s offering was a personal domain name, which came bundled as part of the monthly service fee.
When Houm seriously started promoting its service last year, it appears to have led to a spike in registrations via Nimzo. Most of its domains were concentrated in new gTLDs such as .live, .xyz, .earth, .world and .space.
Having consistently registered no more than a couple hundred gTLD names per month for years, there was a sudden spike to over 5,000 in July and 12,000 in August, peaking Nimzo’s total domains at 21,000 that month.
But then, in October, the registrar deleted almost all of its names. It went from 21,000 domains under management in August to 190 at the end of October. These were not grace-period deletes, so fees would have been applicable.
Houm’s web site at houm.me also appears inoperable today, showing a server error when I access it, and its Twitter account has been silent since last August.
ICANN has given Nimzo until May 22 to pay up or lose its accrediation.
Dynadot takes down its own web site after apparent breach
Dynadot took the drastic move of turning off its own web site last week after noticing an apparent security breach.
The registrar also reset all of its customers’ passwords, acknowledging the pair of moves were “extremely inconvenient”.
It’s not clear from the company’s statement whether there really had been an attack or whether it overreacted
It said “our system noticed irregular activity” but later brought its site back up after staff “investigated and determined there was not a threat”.
The company said it has engaged “cyber security experts” to help it out in future.
Recent Comments