Latest news of the domain name industry

Recent Posts

Freenom settles $500 million Meta lawsuit and will exit domain business

Kevin Murphy, February 16, 2024, Domain Registries

Facebook has claimed another domain industry scalp. Freenom said this week it has settled the cybersquatting lawsuit filed against it by Meta last year, and that it is getting out of the domain name business.

The registry/registrar said in a brief February 12 statement (pdf) that it will pay Meta an undisclosed sum and has “independently decided to exit the domain name business”.

Just how “independent” that decision was is debatable. The company lost its ICANN registrar accreditation last year and is believed to have lost its government contracts to run the ccTLDs for Equatorial Guinea, Central African Republic, Mali, Gabon, and possibly also Tokelau, its flagship .tk domain.

Meta had claimed in its complaint that Freenom had typosquatted its trademarks thousands of times, including domains such as faceb00k.ga. It sued for 5,000 counts under US anti-cybersquatting law, seeking $100,000 for each infringement, for a cool half-billion bucks in total.

Freenom and its network of co-defendant affiliates said in their defense that Meta had access to an abuse API that allowed it to turn off such domains, but had never used it. It also claimed many of the cited typosquats had already been shut down by the time the suit was filed.

It seems the names in question were likely those registered by abusive third-parties that were reclaimed and monetized by Freenom under its widely criticized free-domains business model, which made its TLDs some of the world’s most-abused.

But the claims on both sides evidently will not be tested at trial. The last court filing, dated late December, showed the two parties were to enter mediation, and Freenom put out the following statement this week:

Freenom today announced it has resolved the lawsuit brought by Meta Platforms, Inc. on confidential monetary and business Terms. Freenom recognizes Meta’s legitimate interest in enforcing its intellectual property rights and protecting its users from fraud and abuse.

Freenom and its related companies have also independently decided to exit the domain name business, including the operation of registries. While Freenom winds down its domain name business, Freenom will treat the Meta family of companies as a trusted notifier and will also implement a block list to address future phishing, DNS abuse, and cybersquatting.

Meta said in its Q4 Adversarial Threat Report this week that the settlement showed its approach to tackling DNS abuse is working.

Freenom’s gTLD domains have been transferred to Gandi. It’s less clear what’s happening to its ccTLD names, though social media chatter this week suggests the company has been giving registrants in affected ccTLDs nine-year renewals at no cost.

First GlobalBlock prices revealed — they ain’t cheap

Kevin Murphy, February 15, 2024, Domain Services

Trademarks owners, organizations and celebrities could find themselves paying the thick end of ten grand for the “peace of mind” offered by the new GoDaddy-led GlobalBlock trademark protection service.

101domain, which often has some of the least-expensive pricing, has become the first registrar to publish its prices for the domain-blocking service, which entered beta this week.

The base GlobalBlock service, which offers single-string blocking in 560 gTLDs and ccTLDs, is going for $5,999 per year, according to the 101domain storefront. The GlobalBlock+ version, which covers potentially tens of thousands of variants and typos, starts at $8,999 a year.

None of the other 20 approved GlobalBlock resellers I checked are currently publishing prices.

Some simple division shows us that the basic service works out to roughly $10.71 per domain per year — a bit more than Verisign will charge for a wholesale .com when its prices go up later this year — but the average per-domain cost should go down as more registries sign up to GlobalBlock.

With the GlobalBlock+ service offering to block 50,000 domains or more, the per-domain price obviously shrinks to pennies.

GlobalBlock is offered by the Brand Safety Alliance, a GoDaddy initiative, but it has support from the likes of Identity Digital, which has hundreds of gTLDs in its stable. Dozens of gTLD registry operators have recently asked ICANN’s permission to offer GlobalBlock and rival offering NameBlock.

The BSA has previously said it expects to launch with over 650 TLDs on board. A calculator on its web site suggests 511 are currently operational, but it has not yet named the participating TLDs.

Donald Trump loses second UDRP case

Kevin Murphy, February 7, 2024, Domain Policy

Former US president Donald Trump has lost a second cybersquatting case related to his Mar-a-Lago resort, where he lives in Florida.

A three-person WIPO panel late last month ruled that DTTM Holdings, which has owned a trademark on the term Mar-a-Lago since 1997, had failed to show that the registrant of maralago.com, Michael Gargiulo, did not have a legitimate interest in the domain.

Gargiulo, an investor who bought the domain from a third party in 2021, had argued that “mar a lago” is a generic term, meaning “sea to lake” in Spanish and other languages. He also said it could mean the personal name “Mara Lago”.

DTTM failed to convince the WIPO panel otherwise. It ruled (pdf) that “the Complainant was unable to provide persuasive specific evidence to overcome the Respondent’s arguments”. It did not rule on whether the registration was made in bad faith.

It’s the second Mar-a-Lago case DTTM has lost recently. Late last year it lost a UDRP complaint against a company called Marq Quarius (from which Gargiulo acquired maralago.com) over the domain mar-a-lago.com.

The single panelist in the earlier case (pdf) ruled that while the registrant’s defense (that the three words in the domain corresponded to the names of dead pets) strained credulity, there was no evidence of bad-faith cybersquatting.

Trump uses maralagoclub.com for the club’s official web site.

UK cybersquatting complaints hit record low

Kevin Murphy, February 7, 2024, Domain Registries

There were fewer cybersquatting complaints filed against .uk domain holders in 2023 than in any other year since Nominet started reporting its annual stats, according to the latest annual Nominet DRS report.

There were just 511 complaints filed last year, down from 568 in 2022, according to the latest report. That’s the lowest number for at least the last 14 years Nominet has been reporting its annual DRS stats. The highest number was 728, in 2015.

Just 48% of cases resulted in a domain being transferred to the complainant (compare to the 82% WIPO reported for its UDRP cases in 2023), up from 43% in 2022, Nominet said.

The number of disputed domains was 680, down from 745 in 2022, but the number of domains in .uk complained about rocketed from 26 to 122, the second-highest level since Nominet opened the second level for direct registrations a decade ago.

The number of disputed .co.uk domains was down from 686 in 2022 to 538 in 2023.

The decline in cybersquatting complaints come as .uk as a whole continues to shrink. The second and third levels combined lost a net 366,778 domains in 2023, ending December at 10,732,479 domains, according to Nominet stats.

.ai helps UDRP cases rise in 2023, WIPO says

Kevin Murphy, January 26, 2024, Domain Policy

The number of cybersquatting cases filed with the World Intellectual Property Organization increased 7% in 2023, WIPO said this week.

The total UDRP filings, 6,192, includes national ccTLD variations that WIPO handles but not UDRP filings with other providers.

WIPO said that 82% of cases resulted in the domain being transferred to the complainant, with the complaint being denied in just 3% of cases.

The organization does not publish data on Reverse Domain Name Hijacking findings, but RDNH.com, which tracks these things, shows 31 RDNH finding at WIPO in 2023.

.com accounted for 80% of complaints. WIPO said that the most complained-about ccTLDs were .co (Colombia), .cn (China), .mx (Mexico), .au (Australia) and .ai (Anguilla).

Perhaps unsurprisingly, given its rapid growth in registrations, Anguilla’s .ai saw a sharp uptick in UDRP filings last year, up from just four in 2022 to 43 in 2023, according to the WIPO web site.

Meta given 30 days to stop using Threads trademark

Kevin Murphy, October 30, 2023, Domain Policy

A small UK software firm has given Facebook owner Meta, well known in the domain industry for pursuing cybersquatters, 30 days to stop using the brand name “Threads” or face legal action.

Meta launched a Twitter clone called Threads back in July and quickly gathered over 100 million users (since declining to eight million daily active users), but Threads Software of London says its UK trademark dates back to 2012.

“Threads Software Limited and its lawyers have today (30 October) written to Meta’s Instagram giving it 30 days to stop using the name Threads for their service in the UK. If it does not, Threads Software Limited will seek an injunction from the English Courts,” the company said in a press release (pdf).

The company further claimed that Meta’s lawyers have tried to buy the domain threads.app from it four times this year but were turned down each time. Meta is using threads.net, Threads Software uses threads.cloud.

Threads Software says it operates a service that “captures, transcribes, and organises all of a company’s digital messages (emails and phone calls) into one easily searchable database”.

Managing director John Yardley said in the press release: “We recognise that this is a classic ‘David and Goliath’ battle with Meta. And whilst they may think they can use whatever name they want, that does not give them the right to use the Threads brand name.”

“We want them to stop using the Threads name with immediate effect. If they do not, we will seek an injunction from the UK courts,” he added.

The irony here is of course that Meta owns some of the most-cybersquatted brands out there and is one of the most litigious enforcers of its intellectual property.

Government to regulate UK-related domain names

Kevin Murphy, July 20, 2023, Domain Policy

The UK government is to trigger a law that would allow it to take control of .uk, .wales, .cymru, .scot and .london if their registries get thoroughly abused and they fail to do anything about it.

The Department for Science, Innovation and Technology said today it is to activate (or “commence”) the parts of the Digital Economy Act of 2010 that give it the power to appoint a new manager for any “UK-related” TLDs.

DSIT would only be able to exercise these powers if the registry in question had let DNS abuse or cybersquatting run amok and failed to follow government orders to fix it. I don’t believe any of the affected registries are currently in such a state.

The government has now launched a consultation, running until the end of August, to get industry and public feedback on its definitions of abuse and what it called “unfair domain use”, meaning cybersquatting.

Nominet, which runs .uk, .wales and .cymru, said in a statement:

The proposed prescribed requirements are consistent with Nominet’s current voluntary procedures, which Government has made clear it believes Nominet operates in a perfectly satisfactory manner. As the Government has had a reserve power to “step in” ever since the DEA was introduced, the purpose of the new provisions is to give Government a formal mechanism to do so, should it ever be required. Our understanding is that Government is enacting these provisions now to ensure the UK meets international best practice on governance of country code top-level domains in line with key global trading partners and future global trading commitments.

Based on my first read, I expect registries and registrars will think it looks generally pretty palatable. It seems DSIT has followed ICANN and the industry’s lead in terms of what qualifies as abuse, and Nominet said in a statement tonight that all three affected registries have been meeting with DSIT to craft the consultation.

Domain investors may take issue with the precise wording of the cybersquatting definition, however.

The definitions of abuse cover the industry standard five bases: malware, phishing, botnets, pharming and spam (insofar as it facilitates any of the other four) and cybersquatting is defined thus:

the pre-emptive, bad faith registration of trade marks as domain names by third parties who do not possess rights in such names. This includes ‘typosquatting’, when an end user takes advantage of common misspellings made by Internet users who are looking for a particular site or a particular provider of goods or services, in order to obtain some benefit.

Domainers will notice the document talks about “bad faith registration”, whereas UDRP talks about bad faith “registration and use”, which is sometimes an important edge-case distinction in cybersquatting disputes. Nominet’s DRS uses bad faith registration “or” use.

Where the consultation gets vague, and the potential for debate arises, is when it talks in general, high-level terms about how dispute resolution procedures should be designed.

Failure to deal with child sexual abuse material, as defined in the Convention on the Rights of the Child, in an affected TLD could also result in the government appointing a new registry.

The four gTLDs affected by the legislation all are considered geographic under ICANN rules and had to secure local government support when they applied for their strings. ICANN has a contractual right to terminate them if that government says so.

After the consultation is complete, DSIT intends to make its definitions law through secondary legislation.

This post was updated shortly after publication to add Nominet comments.

Facebook sues free domains registry for cybersquatting

Facebook parent Meta has sued Freenom, the registry behind multiple free-to-register ccTLDs including .tk, claiming the company engages in cybersquatting.

Meta alleges that Freenom infringes its Facebook, Instagram and WhatsApp trademarks over 5,000 domain names in the TLDs it operates.

While best-known for Tokelau’s .tk, which had almost 25 million registrations when Verisign stopped counting them a year ago, Freenom also operates .gq for Equatorial Guinea, .cf for the Central African Republic, .ml for Mali, and .ga for Gabon.

Apart from some reserved “premiums”, the company gives domains away for free then monetizes, with parking, residual traffic when the domains expire or, one suspects more commonly, are suspended for engaging in abuse.

Naturally enough, it therefore has registered, to itself, a great many domains previously used for phishing.

Meta lists these names as examples of infringers: faceb00k.ga, fb-lnstagram.cf, facebook-applogin.ga, instagrams-help.cf, instaqram.ml, chat-whatsaap.gq, chat-whatsaap-com.tk, and supportservice-lnstagram.cf, though these do not appear to be monetized right now.

It accuses the registry of cybersquatting, phishing and trademark infringement and seeks over half a billion dollars in damages (at $100,000 domain).

Today, Freenom is not accepting new registrations, but it’s blaming “technical issues” and says it hopes to resume operations “shortly”.

Facebook is one of the most prolific and aggressive enforcers of its trademarks in the domain space, having previously sued OnlineNIC, Namecheap and Web.com. OnlineNIC had to shut up shop due to its lawsuit.

(Via Krebs on Security)

UDRPs up in 2022, firm says

Kevin Murphy, December 28, 2022, Domain Policy

The World Intellectual Property Organization saw an increase in cybersquatting disputes this year, according to WIPO data compiled by VPN maker AtlasVPN.

There were 5,616 UDRP complaints filed with WIPO, up almost 10% from 2021, the company said.

The report does not appear to include data from the several other UDRP providers, so may not reflect the state of the system as a whole.

WIPO has processed 61,284 UDRP cases since the system was founded over two decades ago, the company said.

RDNH loser files second appeal

Kevin Murphy, August 11, 2022, Domain Policy

A big drug company has appealed to ICANN for a second time over a Reverse Domain Name Hijacking ruling against it, claiming ICANN should be responsible for the decisions of the World Intellectual Property Organization.

India-based Zydus Lifesciences, which among other things makes Covid-19 vaccines, lost a UDRP complaint against the owner of zydus.com in June. To add insult to injury, WIPO made a RDNH finding against it.

Rather that go to court, Zydus filed a Request for Reconsideration with ICANN in July, but this was summarily dismissed because the Reconsideration mechanism only applies to the actions or inactions of the ICANN board or staff.

Now Zydus has filed a second RfR, in which its lawyers claim ICANN is responsible for WIPO’s UDRP decisions and failure to address the first RfR amounts to board inaction. The latest claim states:

when a dispute resolution service provider is accredited by ICANN to conduct mandatory administrative policy, as prescribed by the UDRP adopted by ICANN, such service providers are extension of ICANN itself

Zydus claims the WIPO panel erred by relying on what it claims were false and misleading statements by the zydus.com registrant. It wants the decision reversed and the three panelists forever barred.

I doubt the RfR will get anywhere. ICANN’s Board Accountability Mechanisms Committee is not about to make itself the de facto court of appeals for every UDRP party who thinks they got stiffed.