Two deadbeat registrars get their ICANN marching orders
ICANN has terminated the registrar accreditation agreements of two Chinese companies, which appear to be under common ownership, because they didn’t pay their bills.
EJEE Group Beijing and VIP Internet Industry are both losing their contracts, effective later this month. Both have common contact details, apparently run by the same person who had another registrar terminated in 2017.
EJEE does its business at category-killer domain domain.cn, though the registration storefront appears to be broken. VIP Internet’s web site appears to be down entirely.
While both companies have sold thousands of domains in their time, both have had just one or two gTLD domains under management for the last 12 months, according to my records. No registrants will be affected, in other words.
ICANN seems to have been chasing the registrars for their overdue fees since March 2023, over two years ago, according to the termination notices.
.med is a deeply weird gTLD, but it wants to be more normal
Medistry, the .med registry with a really strange business model, is looking to normalize its practices and start competing with the cluster of healthcare-related gTLDs already on the market.
The gTLD launched in 2016 and had almost 42,000 domains under management at the last count, which may sound like a pretty decent showing for a 2012-round niche registry (comparable to the likes of .beauty and .chat).
But there are a few caveats. For starters, only one non-registry .med domain has been indexed by Google, and it redirects to a .com web site.
Delve into the .med zone file, and you’ll discover that almost all of those 42,000 domains are 12 characters long and each comprises entirely numbers and hyphens. Doesn’t sound very sexy, does it?
Furthermore, delve into the Whois, and you’ll discover that all of those domains are registered via the registry’s in-house registrar, Name Share, to an entity affiliated with the registry itself.
A couple of years ago, having not sold more than a handful of .med domain names (I’ll get to the reasons for that in a moment), Medistry seems to have decided to reinvent .med as a directory for medicines.
In the US, all human medicines approved by the Food and Drug Administration are given a National Drug Code, a 10-digit unique identifier that the manufacturers are required to print on the packaging.
So, the domain name 55150-250-50.med refers to a bupivacaine hydrochloride injection, a surgical anaesthetic made by Eugia US LLC. Almost all .med domains follow this three-part NDC structure.
The domains seem to have been registered in service of Trust.med, another entity affiliated with the registry, which says it offers supply chain management services to the US healthcare industry.
Why the DNS is the best place to store this NDC information isn’t clear to me. All the .med names I checked came back NXDOMAIN and were marked as pendingDelete in the Whois despite being months away from expiration.
So… Plan C? Sell .med domains to any Tom, Dick or Harry who wants one, on a first-come, first-served basis.
Medistry says that, as of now:
A registrant of a .med domain name can be an individual or organization. All available domain names in .med are approved for registration on a first come, first serve basis through .med accredited registrars. .med domain names can also be purchased in the domain name aftermarket.
That’s hell and gone from the mission outlined in Medistry’s 2012 new gTLD application and its current Registry Agreement with ICANN, both of which outline some of the harshest registration restrictions of any TLD.
Its current ICANN contract states, in the Public Interest Commitments:
The lone method of domain name allocation in the TLD will be by Request for Proposal (RFP) under guidelines, rules and criteria as set forth by the Advisory Board in its sole discretion.
RFP for domain name registration in the TLD will be reviewed for approval by the Advisory Board, in its sole discretion, independent of Registry Operator.
PICs are enforceable by ICANN Compliance under the rarely used PIC Dispute Resolution Process, should there be a view that a registry is violating the contract.
Could Medistry be heading into stormy waters with Compliance? The company does have form in that regard — it’s owned by the same people who run .jobs registry Employ Media.
Employ Media got into a protracted fight with ICANN in 2012 over a service called Universe.jobs, which saw it register 40,000 generic .jobs domains to a close partner in order to turn the gTLD into a structured taxonomical jobs board.
ICANN thought the service was a breach of the .jobs RA and the two parties ended up in arbitration. ICANN eventually let Universe.jobs go ahead but it fizzled out a few years later when Employ Media came to blows with its partner.
Is history repeating itself with .med’s sudden change of business model?
Medistry says that full general availability for .med names will begin on September 2, but it’s telling registrars (pdf) they can “Pre-Register any domain to guarantee registration beginning on September 2” by emailing them a list of names.
It’s also looking to on-board more registrars. As of the end of January, the only registrars to ever sell a .med domain were owned by the registry. It uses Nominet as its back-end.
.med would compete against the likes of .doctor, .surgery, .health and .clinic.
Four deadbeat registrars get terminated
ICANN has terminated the contracts of four registrars that haven’t paid their accreditation fees in years.
US-based Zoo Hosting, UK-based Nerd Origins, and China-based Mixun and Mixun Network Technology have all been canned, following public breach notices in January.
Judging by the termination notices, the registrars all stopped paying their quarterly fees between 2022 and early 2024. None of them had implemented recent ICANN policies such as RDAP adoption, the notices added.
It’s not a huge problem, as none of the four companies had ever sold a single gTLD domain name, so there are no customers to be affected.
Six more gTLDs shown the door, five may be auctioned
There are to be six fewer gTLDs on the internet, after ICANN terminated its registry contracts with two companies.
Asia Green IT System’s agreements for .pars, .shia, .tci, .nowruz and .همراه (.xn--mgbt3dhd) have been cancelled, after a lengthy compliance process, while Kerry Trading Co self-terminated .kerrylogistics.
Despite being contracted for a decade, none of AGIT’s TLDs had ever meaningfully launched. The Iranian new-year-themed .nowruz had a handful of registrations.
The registry had stopped paying CoCCA, its back-end provider, bringing it into serious breach of its Registry Agreements. It had also failed to pay its ICANN fees.
According to ICANN correspondence, after it entered into mediation with AGIT last August it came up with a secret term sheet to give the company a way out, but it breached the terms of that deal too.
All five were terminated over the Christmas period, but they could return if ICANN decides to sell them off to the highest bidder.
ICANN told the company it “will conduct an assessment and make its determination whether to transition operation of the .nowruz gTLD to a successor registry operator.”
But they all look like poison chalices. They’re all related in some way to Iran, and could raise cultural or legal sensitivities.
.shia is related to the branch of Islam, .pars is related to the language and culture of Iran and .nowruz is the Persian new year holiday.
.tci, which I can easily imagine being picked up and repurposed by a discount-names portfolio registry, was supposed to be a dot-brand for the Telecommunication Company of Iran and همراه. is the brand of its mobile phone subsidiary, meaning something like “companion”.
Neither was technically a Spec 13 dot-brand, which is usually enough to for ICANN to rule out a redelegation.
But even if ICANN decides to sell off these five dead strings to another registry under the Registry Transition Process, there’s no guarantee that will ever actually happen.
Org decided to auction failed gTLD .wed almost five years ago and there’s been no movement on that ever since. Failed .desi is in a similar situation.
.kerrylogistics was a Spec 13, and will not be transitioned, after Hong Kong based delivery company Kerry unilaterally told ICANN it no longer wished to run the TLD.
Kerry has five remaining dot-brands, including .kerryhotels and .kerryproperties, that it does not use but does not seem to want to kill off just yet.
Registrar terminated after ignoring Whois transition
A registrar has lost its right to sell gTLD domains in part due to its failure to migrate from Whois to RDAP.
Spain-based Abansys & Hostytec has had its ICANN registrar contract terminated over a litany of alleged breaches dating back to 2023, and its meager collection of domains will now be given to another registrar.
ICANN said in its termination notice that the company had failed to implement the Registration Data Access Protocol, the successor to Whois that this week became the new industry standard for domain ownership lookups.
The registrar was also past due on its fees, hadn’t given ICANN evidence the was still in good standing, hadn’t had an employee attend compliance training and was not publishing masked contact addresses in Whois results, among other things.
While its accreditation dates back to the noughties, Abansys has never had more than 600 gTLD domains under management and it seems very unlikely that it was making enough money from those domains to cover the cost of compliance.
ICANN said the termination became effective January 26, but it still wants its past-due fees paid.
Separately, Compliance has also sent breach notices to four other registrars — US-based Zoo Hosting, UK-based Nerd Origins, and China-based Mixun and Mixun Network Technology — that cite RDAP failures as an area of non-compliance but appear to be primarily based on non-payment of fees.
All four registrars appear to have got accredited between 2019 and 2021 and stopped paying their fees not long afterwards. None of them has sold a single gTLD domain, ever, and two of their web sites suggest the companies are no longer around.
They’ve all got until February 12 to magically rectify their compliance problems or face execution.
ICANN gunning for Tencent over abuse claims
ICANN Compliance is taking on one of the world’s largest technology companies over claims that a registrar it owns turns a blind eye to DNS abuse and phishing.
The Org has published a breach of contract notice against a Singapore registrar called Aceville Pte Ltd, which does business as DNSPod and is owned by and shares its headquarters with $86-billion-a-year Chinese tech conglomerate Tencent.
ICANN says that DNSPod essentially has turned a blind eye to recent abuse reports, allowing phishing sites to stay online long after they were reported, and makes life difficult for people trying to report abuse.
It also has failed to upgrade from the Whois protocol to RDAP and failed to migrate its registration data escrow service provider from NCC to DENIC, according to the notice.
According to ICANN, DNSPod received abuse reports about several domains in July and August but failed to take action at all or until ICANN itself got in touch to investigate. Compliance wants to know why.
ICANN adds that the registrar seems to be requiring reporters to create user accounts and use a web form to submit their reports, even after they’ve already used the abuse@ email address.
Stricter rules on DNS abuse came into force on registrars this April. They’re now required to take action on abuse reports.
“Aceville does not appear to have a process in place to promptly, comprehensively, and reasonably investigate and act on reports of DNS Abuse,” the notice reads.
ICANN has given DNSPod until October 11 to answer its questions or risk escalation.
While DNSPod says it has been around for 17 years, it only received its ICANN accreditation in 2020. Since then, it’s grown to almost 200,000 domains under management in gTLDs.
It’s primarily a DNS resolution service provider, saying it hosts over 20 million domains, and does not appear to operate as a retail registrar in the usual sense.
Owner Tencent may not be a household name in the Anglophone world, but it’s the company behind some of China’s leading social media brands, including QQ and WeChat, as well as a formidable force in gaming and one of the world’s richest companies in any sector.
It’s the second huge Chinese tech firm to find itself publicly shamed by ICANN in recent months. Compliance went after Tencent’s primary competitor, Alibaba, on similar grounds in March. Alibaba has since resolved the complaints.
Chinese registrars back in trouble after porn UDRP suspension
A collection of six registrars in the XZ.com stable are back on the ICANN naughty step, facing more Compliance action just a couple of years after a sister company was suspended over UDRP failures.
ICANN has published breach notices against DotMedia and five other registrars under common ownership, claiming that they are failing to send their registration data to the correct escrow provider.
Since last year, registrars have been obliged to escrow their data to DENIC, which replaced NCC Group as ICANN’s sole provider. Escrow is important as it helps make sure registrants keep their domains if a registrar goes out of business.
The six DotMedia registrars have failed to make this transition despite months of hand-holding from ICANN, according to the breach notices. Compliance has been on their case since at least April.
The registrars are among 20 that appear to be under common management, almost all based in Hong Kong and using xz.com as their primary storefront, and it’s not clear why only six accreditations have been found in breach.
The whole group appears to be on the skids in terms of registration volume. The main accreditation, US-registered MAFF Inc, once had around 600,000 gTLD names under management, but that’s down to around 60,000 in the latest registry reports. The others have a few thousand each, having suffered similar percentage declines.
Another member of the group, ThreadAgent.com, was actually suspended for months in 2022 after it failed to transfer two domains lost in cybersquatting complaints under the UDRP to BMW and Lockheed Martin.
The six registrars have until September 25 to come back in compliance or face further action.
ICANN to terminate five new gTLDs
ICANN is set to terminate the registry contracts for five new gTLDs run by an apparent deadbeat registry.
Asia Green IT System’s agreements for .pars, .shia, .tci, .nowruz and .همراه (.xn--mgbt3dhd) have all been “Escalated to Termination Process” following a July breach notice, according to ICANN’s web site.
The first stage of the termination is mediation, which can be followed by arbitration before the contracts, which were all due to expire next month anyway, finally get torn up.
The escalation was not unexpected. All five gTLDs were migrated to the Emergency Back-End Registry Operator program last month after critical systems failed to function within the contractual requirements.
It is believed that the TLDs stopped functioning properly after AGIT failed to pay its back-end provider. It also allegedly failed to pay its ICANN fees.
The gTLDs in question for the most part were not used. The Iranian new-year-themed .nowruz had a handful of third-party registrations but the others never launched in the decade AGIT was contracted to run them.
.tci is an interesting case, a planned dot-brand that AGIT had intended to operate on behalf of the Telecommunication Company of Iran, the country’s incumbent telco.
We grassed up .TOP, says free abuse outfit
A community-run URL “blacklist” project has claimed credit for the complaints that led to .TOP Registry getting hit by an ICANN Compliance action earlier this week.
.TOP was told on Tuesday that it has a month to sort of its abuse-handing procedures or risk losing the .top gTLD, which has over three million domains.
ICANN said the company had failed to respond to an unspecified complainant that had reported multiple phishing attacks, and now the source of that complaint has revealed itself in a news release.
URLAbuse says it was the party that reported the attacks to .TOP, which according to ICANN happened in mid April.
“Despite repeated notifications, the .TOP Registry Operator failed to address these issues, prompting URLAbuse to escalate the matter to ICANN,” URLAbuse said, providing a screenshot of ICANN’s response.
URLAbuse provides a free abuse blocklist that anyone is free to incorporate into their security setup. Domain industry partners include Radix, XYZ.com and Namecheap.
First registry gets breach notice over new abuse rules
.TOP Registry allegedly ignored reports about phishing attacks and has become the first ICANN contracted party to get put on the naughty step over DNS abuse rules that came into effect a few months ago.
ICANN has issued a public breach notice claiming that the registry, which runs .top, has also been ignoring the results of Uniform Rapid Suspension cases, enabling cybersquatting to take place.
The notice says that .TOP breached new rules, which came into effect April 5, that require it to act on reports of DNS abuse (such as malware or phishing attacks) by suspending the domains or referring them to the responsible registrar.
The registry didn’t do this with respect to a report of April 18, concerning “multiple .top domain names allegedly used to conduct phishing attacks”. It didn’t even read the report until contacted by ICANN, according to the notice.
As of yesterday, only 33% of the phishing domains have been suspended by their registrars, some three months after the attacks were reported, ICANN says.
Compliance is also concerned that .TOP seems to be ignoring notices from Forum, the company that processes URS cases, requiring domains to be locked within 24 hours when they’ve been hit with a charge of cybersquatting.
The registry “blatantly and repeatedly violated” these rules, according to ICANN.
.TOP has been given until August 15 to get its act together or risk having its Registry Agreement suspended or terminated.
The registry has about three million .top domains under management, having long been one of the most successful new gTLDs of the 2012 round in volume terms. It typically sells domains very cheaply, which of course attracts bad actors.
Recent Comments