Ancient registrar gets ICANN breach notice over UDRP

A thirty-year-old registrar — practically prehistoric by internet standards — has been hit with an ICANN breach notice after apparently failing to transfer a domain lost in a UDRP and not paying its fees.

ICANN has told Texas-based GKG.net that it failed to implement a July UDRP decision (pdf) over the domain top-rx-market.com, which was won by generic pharmaceuticals firm TopRX.

That domain is using GKG’s Whois privacy service and suspended-domains.net as its name servers but still resolves to an active pharma storefront from where I’m sitting. The UDRP says the domain was registered to a Russian, who did not respond to the UDRP.

While the UDRP-related alleged breach is pretty recent, it looks like ICANN has been chasing GKG for a couple of years.

Compliance first notified the registrar that it was past due on its quarterly fees back in February 2022.

Since March, it also has been looking at alleged failures to handle abuse reports for pharma-related domains including canadianpharmstore.net, usapharmacymall.com, good-pills.com, and 1-pharm.com, which all resolve to the same discount medicines site.

ICANN says all of its attempts to call, email and fax GKG have fallen on deaf ears.

GKG isn’t tiny. It had over 83,000 gTLD domains under management in May, though it appears to have been shrinking by hundreds of domains per month for over a decade.

The company was accredited by ICANN with IANA number 93, which means it’s among the first wave of registrars accredited over two decades ago — it’s older than GoDaddy.

GKG has until October 13 to clean up its act or face suspension and termination.

Freenom hit by FIFTH ICANN action after litany of screw-ups

Is time up for Freenom? After being sued by Facebook and losing its contracts to operate ccTLDs for at least two countries, now it also has ICANN Compliance to deal with.

Its registrar arm, Netherlands-based OpenTLD, has been hit with a lengthy ICANN breach notice that alleges the company failed to allow its customers to renew and/or transfer their domains, in violation of the registrar contract.

It’s the fifth time OpenTLD has been targeted by Compliance, following breach notices in 2020, 2017 and 2015 and a notice of suspension later in 2015. ICANN says this notice is for the same sorts of failures as in 2020 and 2017.

The latest notice covers a dozen separate cases, probably the largest number in a single breach notice to date. Some of them ICANN has been investigating as far back as January 2022.

The notice says that OpenTLD failed to allow some registrants of expired domains to recover their names under the Expired Registration Recovery Policy and that some registrants were not provided with the AuthInfo codes they need to transfer their domains to other registrars upon request, which registrars have to do under the Transfer Policy.

It goes on to describe a situation where the registrar habitually did not respond to Compliance’s calls, emails or faxes.

OpenTLD apparently has not filed its 2022 Compliance Certificate with ICANN either, which it was supposed to do before January 20 this year.

The company had almost 19,000 gTLD domain names under management at the end of May, down from a 2019 peak of almost 45,000, but it’s probably better known for being Freenom, the registry behind .ml, .ga, .cf, .gq and .tk.

Domains in these five ccTLDs — mostly representing West African nations suffering under military dictatorships or civil war — were offered for free and monetized by the registry upon expiration or suspension.

But Freenom has not offered new regs in these TLD since the start of the year. Its web site blames technical problems, but it’s widely believed to be a result of the cyberquatting lawsuit filed by Facebook owner Meta in late 2022.

Mali and Gabon, of .ml and .ga, have since severed ties with Freenom. It turned out .ga had seven million domains in its zone, most of which presumably belonged to the registry.

OpenTLD has until October 11 to give ICANN evidence that it followed policy with the renewals or transfers of dozens of names domains or risk losing its accreditation.

Registrar linked to defunct social network terminated

ICANN has terminated a registrar for not paying its fees and other infractions.

ICANN Compliance, in a termination notice effective August 10, said that US-based, Indian-operated Nimzo 98 had failed to provide a Whois service and escrow its registration data.

These secondary breaches seem to be side effects of the fact that the company is no longer operating. It’s been ghosting Compliance since December, according to the notice.

Nimzo, as I blogged in May, seems to have been the in-house registrar of a short-lived social network project name Houm, which offered users a domain name as part of the service bundle.

It peaked at about 21,000 names before it abruptly deleted them all, last October, registry transaction reports show.

At the last count, this March, it had just 270 names under management. ICANN will trigger its De-Accredited Registrar Transition Procedure to move whatever remains today into safer hands.

Epik is off the ICANN naughty step

Epik is no longer in breach of its ICANN registrar accreditation agreement, but it remains to be seen whether its anonymous new owners can take over the contract, ICANN has said.

The registrar has paid its past-due fees, explained why it delayed its customers’ renewal requests and promised to put in place measures to ensure this kind of thing doesn’t happen again, ICANN Compliance chief Jamie Hedlund blogged.

This means Epik has dodged a contract suspension and gets to continue with business as usual, for now, albeit with many distrustful customers.

Hedlund wrote that ICANN is now reviewing Epik’s request to transfer its accreditation from Epik Inc to new entity Epik LLC, whose owners have yet to reveal their identities.

ICANN has to do due diligence on the buyer before approving the transfer, but Hedlund said this case is “complex” and is expected to take “several months”.

The LLC bought the old registrar for almost $5 million last month after a tortuous few months for customers claiming to be owed hundreds of thousands of dollars.

Some have speculated that the LLC is a front for Epik founder and former CEO Rob Monster, the person arguably most responsible for Epik’s woes over the last 12 months, but court documents published as part of a customer lawsuit include emails from Monster that suggest he was not involved.

New gTLD registry gets second ICANN breach notice

A new gTLD registry has become the second to receive a second ICANN breach notice from ICANN.

Asia Green IT System, based in Turkey, hasn’t been paying its fees on four of its TLDs, ICANN says in its notice, and isn’t displaying Whois data in the required format.

The gTLDs concerned are .nowruz (Iranian New Year), .pars (refers to Persia/Iran), .shia (a branch of Islam), and .همراه (.xn--mgbt3dhd, appears to mean something like “comrade” in Persian).

ICANN has given the company until July 5 to pay up or risk having its contracts terminated.

No domains would be at risk if that were to happen — none of the four TLDs has launched. Each has a single domain in its zone file, despite being in the root for several years.

Asia Green was hit with a similar notice in 2019, which it ultimately resolved.

Mystery buyer rescues Epik at end of crazy week

Limping registrar Epik isn’t out of the woods yet by a long shot, but its life became considerably easier late last week when a mystery buyer snapped up its assets for almost $5 million, enabling it to pay off many of its creditors.

The company said on Twitter that it had closed a deal that allowed it to pay off ICANN, which had filed a public breach notice just two days earlier, as well as various registries and loan providers.

It also allowed it to pay off Matthew Adkisson, the customer who was owed over $300,000 following a botched secondary market domain deal last year, who has now dropped his fraud and racketeering lawsuit.

Adkisson appears to have come away poorer, however, as the payoff seems to have only covered the money owed and not the probably substantial legal fees he has incurred since then.

The events of last week were pretty wild, including claims about literal assassination attempts, judging by court documents from Adkisson’s case.

Epik had told his lawyers that an “asset purchase agreement” for the Epik registrar was imminent, which would allow the company to settle its debts.

Disappointed with the offer, Adkisson filed for a temporary restraining order to prevent the sale, believing the money would wind up being squirreled away by the registrar’s current or former management.

That TRO disappeared when he withdrew his complaint and got paid at the weekend. ICANN, Identity Digital and Verisign all appear to have been paid at the same time, along with creditors called TVT and JJE.

The ICANN breach notice provides some poor optics for ICANN, which now looks like it only initiated Compliance proceedings in March, when its own registrar fees went unpaid, despite being aware of the many customer complaints against Epik.

However, now that the Compliance process has started, getting paid may not be enough to end it. The breach notice also refers to “several hundred” domains that were affected by Epik’s cash flow problems — it seems the company was unable to renew or transfer domains while in was in hock to the registries.

Adkisson’s docket contains several sworn declarations from customers saying they have lost important domains to others or been forced to spend thousands of dollars to move their domains elsewhere lest risk losing them.

While Epik cannot provide satisfactory answers to ICANN’s questions about these domains, its accreditation is still at risk.

Complicating matters, the new buyer will need to have the old registrar accreditation transferred to it, a process that takes time and subjects the registrar to a certain amount of ICANN scrutiny.

And the identity of the buyer is pretty mysterious.

On paper, the buyer is Epik LLC, a Wyoming corporation that formed about a week before the deal was finalized. Former Epik CEO Rob Monster has had to agree to change the names of operating company Epik Inc and parent Epik Holdings Inc to remove the “Epik” brand.

But the new LLC was created by a company called Registered Agents Inc, and the acquisition deal signed by its president, Jon Spear.

Registered Agents is a company that enables people to set up shell companies pretty much anonymously, and is often used by “[o]ligarchs, criminals and online scammers”, according to the Washington Post.

This is exactly the kind of association Epik does not need right now.

Making the new owners look even worse, an anonymous individual claiming to be a representative of the new Epik introduced himself or herself on the domainers forum Namepros at the weekend in probably the dumbest way imaginable if the company wants to claw back any credibility at all among what was once a core customer base.

The post does contain an apology to those “financially hurt” by Epik’s actions, and a commitment to “make things right for as many people as possible”, but it also contains several sideswipes at Namepros users, many of them victims of Epik’s mismanagement, calling their commentary “worthless”. It looks like the work of a troll.

In short, Epik still has a hell of a tough time ahead of it if it wants to shake off its bad reputation.

But before this article ends, I promised you some stuff about assassination attempts.

The material disclosed in the Adkisson case includes what appears to be a dense, multi-layered, rambling, paranoid conspiracy theory from Rob Monster, which draws in everyone from disgraced shock jock Alex Jones to Domain Name Wire editor Andrew Allemann (who hilariously Monster accuses of writing “hit pieces” about him).

I have to confess to being slightly disappointed that I didn’t get a shout-out.

He accuses people I’m not going to name here as secretly convening in late 2021 to discuss removing Monster from Epik by any means possible, with “lethal options” possibly on the table. He goes on to say:

For the record, I do have reason to believe that there have been attempts on my life including recently. This was the main reason why I stayed in Asia from January 20 through April 4 and maintained a heightened degree of privacy. I am in excellent health and not suicidal.

Monster, who I believe UK defamation law allows me to describe as “a bit of a character”, is known to frequently indulge in conspiracy theories, particularly with regards mass shootings (which feature in the theory outlined in his email to Adkisson’s lawyers).

Another registrar seemingly vanishes

An accredited registrar appears to have gone bust after its parent company failed.

ICANN has sent a breach notice to Nimzo 98, which while registered as an LLC in the US appears to be Indian-operated, saying the company has not paid its fees and the Compliance folk haven’t been able to reach management since December.

The notice also complains that the company isn’t providing a Whois service as required, which may be a polite way of saying that the entire web site is down — it’s not resolving properly for me.

Digging into the data a little, it seems Nimzo was the in-house registrar of a company called Houm that, according to its press releases, was operating some kind of privacy-oriented social network slash cloud storage service.

Part of Houm’s offering was a personal domain name, which came bundled as part of the monthly service fee.

When Houm seriously started promoting its service last year, it appears to have led to a spike in registrations via Nimzo. Most of its domains were concentrated in new gTLDs such as .live, .xyz, .earth, .world and .space.

Having consistently registered no more than a couple hundred gTLD names per month for years, there was a sudden spike to over 5,000 in July and 12,000 in August, peaking Nimzo’s total domains at 21,000 that month.

But then, in October, the registrar deleted almost all of its names. It went from 21,000 domains under management in August to 190 at the end of October. These were not grace-period deletes, so fees would have been applicable.

Houm’s web site at houm.me also appears inoperable today, showing a server error when I access it, and its Twitter account has been silent since last August.

ICANN has given Nimzo until May 22 to pay up or lose its accrediation.

Registrars CAN charge for Whois, ICANN grudgingly admits

ICANN is powerless to prevent registrars from charging for access to non-public Whois data, the Org has reluctantly admitted.

In a recent advisory, ICANN said it is “concerned” that registrars including Tucows have been charging fees to process requests for data that would otherwise be redacted in the free public Whois.

But it said there’s nothing in the Registrar Accreditation Agreement, specifically the Temporary Specification governing Whois in the post-GDPR world, that bans such services:

While the RAA explicitly requires access to public registration data directory services to be provided free of charge, the Temporary Specification does not specifically address the issue of whether or not a registrar may charge a fee for considering requests for access to redacted registration data.

So basic Whois results, with all the juicy info redacted, has to be free, but registrars can bill organizations who ask for the veil to be lifted. ICANN wrote:

ICANN org is concerned that registrars’ imposition of fees for consideration of requests for access to nonpublic gTLD registration data may pose an access barrier. Access to registration data serves the public interest and contributes to the security and stability of the Internet

The advisory calls out Tucows’ Tiered Access Compliance and Operations system, TACO, as the primary example of a registrar charging for data, but notes that others are too.

Not long after the advisory was published, Tucows posted an article in which it explained that the fees are necessary to cover the cost of the “thousands” of automated requests it has received in the last four years.

Charging fees for compliance with other forms of legal process is not uncommon in the industry, and the vast majority of requests for registration data (approximately 90%) continue to come from commercial litigation interests and relate to suspected intellectual property infringement.

Facebook, now Meta, was at first, and may still well be, a frequent bulk filer.

Tucows said that it “frequently” waives its fees upon request for “single-use requestors and private parties”.

Is ICANN toothless in the face of DNS abuse?

Concerns have been raised that ICANN may lack the tools to tackle DNS abuse using its contracts with registries and registrars.

The new report from the GNSO’s “small team” on abuse has highlighted two “gaps” in the current Compliance regime that may be allowing registrars to get away with turning a blind eye to abusive customers.

The current version of the standard Registrar Accreditation Agreement calls for registrars to maintain an abuse contact email and to “take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.”

The problem, the small team report finds, is that ICANN Compliance doesn’t seem to have a standard definition of “reasonable”, “prompt”, and “appropriately”. The contract doesn’t require any specific remediations from the registrar.

“Members of the small team are concerned that this interpretation may allow DNS abuse to remain unmitigated, depending upon the registrar’s specific domain name use and abuse policies,” the report states.

Judging by conversations at ICANN 75 last month, it’s apparently the first time Compliance has gone on the record about how it enforces this part of the contract.

It’s quite rare for ICANN to issue a public breach notice to a registrar over its failure to respond to abuse reports and when it does, it tends to relate to the registrar’s failure to keep records showing how it responded.

I can’t find any instances where Compliance has canned a registrar for allowing abusive domains — typically defined as those hosting malware, phishing, botnets, pharming and some spam — to remain active after an abuse report.

The small team’s report also thinks there’s a blind spot in ICANN’s standard Registry Agreement, which in turn requires registries to include, in their Registry-Registrar Agreements, provisions requiring anti-abuse terms in the registrars’ Registration Agreements.

This complex chain of contractual provisions doesn’t seem to be enforced, the small team notes, saying “further consideration may need to be given to what Registries are doing to ensure the text is indeed included in the Registration Agreement (ie Registries enforcing their own Registry-Registrar Agreements”.

The small team recommends that contracted parties talk further with ICANN about possible contract changes or best practices documents before going ahead with policy-making. The GNSO Council will address the recommendations later this month.

ICANN terminates these three deadbeat registrars

Registrars based in the US, Philippines and Bangladesh have lost their ICANN accreditations for non-payment of fees.

ICANN recently sent termination notices to Domainia, HOAPI, and Innovadeus, which the Org says have breached their contracts by not paying and in some cases failing to provide required information and services on their web sites.

It appears all three companies are no longer operational. Domainia’s domain resolves to a GoDaddy sales lander, HOAPI’s is NX’d, and Innovadeus’s site is riddled with WordPress errors.

Innovadeus and HOAPDI were first deemed “past due” on their fees in November 2020, according to ICANN. For Domainia, it was September 2020.

Fortunately, it seems few to no registrants will be affected by the terminations. HOAPI had one gTLD domain under management, its own. Domainia had none, and Innovadeus had a few hundred, which will be transferred to another registrar.