Recent Posts
- Could ICANN’s chair be ousted by NomCom?
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
Donuts shuts down 14 registrars, but it’s “not related to DropZone”
Donut has let 14 of its shell registrar accreditations expire, but told DI it’s not related to its recently approve drop-catching service, DropZone.
ICANN records show that the companies, with names such as Name118 Inc and Name104 Inc, all basically mini-clones of Name.com, recently had their registrar contracts terminated.
This kind of thing happens fairly regularly with companies resizing the networks they use for catching dropping domains. Donuts still has at least half a dozen active accreditations, records show.
But the move comes just weeks after ICANN approved a controversial new Donuts service called DropZone, which would see dropping domains across Donuts’ portfolio of 250+ gTLDs being handled by a dedicated parallel registry.
DropZone would reduce the need for owning vast numbers of shell accreditations in order to effectively drop-catch, but has faced criticism from rival DropCatch because a) Donuts may charge registrars for access and b) claims that Donuts-owned registrars would have an advantage.
But Donuts says the two things are unrelated. Name.com senior product marketing manager Ethan Conley said in an email:
We did recently let 14 ICANN registrar accreditations expire. These accreditations had become an administrative headache and a point of confusion for customers. This decision was not related to DropZone, and the domain drop business has not been a core focus of Name.com for quite some time.
It’s worth noting that cancelling registrar accreditations would also have an affect on the ability to catch names in other, unaffiliated gTLDs, including .com.
Donuts’ DropZone approved despite competition fears
ICANN has approved Donuts’ proposed drop-catching service, DropZone, despite concerns it could add cost to the dropping domains market.
The Org and Donuts subsidiaries representing over 200 gTLDs signed amendments September 29 that incorporate DropZone into their Registry Agreements, according to ICANN records.
The full new text in the amendments, which does a pretty good job of describing the service, is:
Dropzone Service
Registry Operator may offer the Dropzone service, which is a Registry Service that will manage the release of domain names that have reached the end of their life cycle.
The Dropzone is a separate system, parallel to the main EPP system, that will manage on a daily basis the release of domain names that have been purged for a short period of time, called the Dropzone. Any TLD-accredited registrars may use the Dropzone to register a recently-purged domain name.
On a daily basis, at the end of the Dropzone period, the Registry will execute an awarding process, which will select, per domain name, the first domain creation request submitted (first come, first serve).
What the amendment doesn’t mention are fees. The original Donuts Registry Service Evaluation Request stated in August:
In addition to the standard or premium registration prices of a given domain name, The Dropzone service can support additional application fees to be configured on a per TLD basis. Applications fees where applicable will be charged in addition to the standard registration price of a domain name.
This caused concern at TurnCommerce, the company that runs the DropCatch.com network of registrars, which told ICANN last month that DropZone was anti-competitive and could raise the price of dropping domains.
But ICANN responded that DropZone passed its competition sniff test, and would not be referred to government authorities.
Donuts has not yet publicly announced plans to launch DropZone.
A virtually identical service, that did not mention added fees in its RSEP, was previous approved for Afilias, the registry operator Donuts acquired at the start of the year.
Donuts’ drop-catching service not anti-competitive, ICANN says
Donuts’ proposed DropZone service, which could see the registry start charging drop-catchers additional fees, is not anti-competitive, according to ICANN.
The service “does not raise any competition concerns”, ICANN VP Russ Weinstein said in a letter to registrar TurnCommerce, the company behind DropCatch.com.
He was responding to TurnCommerce’s concern that DropZone would allow Donuts to charge unlimited extra fees to register expiring names, while giving an advantage to its in-house registrars.
But Weinstein wrote (pdf):
The information received in the Dropzone RSEP request was thoroughly evaluated pursuant to our process, which included consideration of the matters raised in your letter. ICANN org determined that the Dropzone service as submitted by Donuts Inc. on behalf of [Donuts subsidiaries] Binky Moon, LLC and Dog Beach, LLC does not raise any competition concerns requiring ICANN org to refer either RSEP to a relevant competition authority.
DropZone would see Donuts handle its dropping names on a parallel registry system that registrars would have to obtain separate access to. Its Registry Service Evaluation Process request raises the prospect of new fees for such access.
DropCatch raises antitrust concerns about Donuts’ Dropzone proposal
TurnCommerce, the company behind DropCatch.com and hundreds of accredited domain name registrars, reckons Donuts’ proposed Dropzone service would be anticompetitive.
Company co-founder Jeff Reberry has written to ICANN to complain that Dropzone would introduce new fees to the dropping domains market, raising the costs involved in the aftermarket.
He also writes that Donuts’ ownership of Name.com, a registrar that DropCatch competes with in the drop market, would have an “unfair competitive advantage” if Dropzone is allowed to go ahead:
Donuts is effectively asking every entity in the ICANN ecosystem to bear the costs of introducing a new service with no benefit outside of a financial benefit to itself, while forcing all registrars to spend more money and resources to register available domain names.
Donuts is proposing Dropzone across its whole portfolio of 200+ gTLDs. It’s a parallel registry infrastructure that would exist just to handle dropping domains in more orderly fashion.
Today, companies such as TurnCommerce own huge collections of shell registrars that are used to ping registries with EPP Create commands around the time valuable domains are going to delete.
Under Dropzone, they’d instead submit create requests with the Dropzone service, and Donuts would give out the rights to register the domains in question on a first-come, first-served basis.
While ICANN had approved a similar request from Afilias before it was acquired by Donuts, the Dropzone proposed by Donuts has one major difference — it proposes a new fee for accessing the system.
No details about this fee have been revealed, which has TurnCommerce nervous.
Donuts is asking for Dropzone via the Registry Services Evaluation Process and ICANN has not yet approved it.
Reberry says ICANN should consult with the relevant governmental competition authorities before it approves the proposal.
You can read Reberry’s letter here (pdf) and our original article about Dropzone here.
Dropping domains might get more expensive at Donuts
Donuts is planning to change the way its registry handles dropping domains and may charge additional fees for access.
According to a service request filed with ICANN, Donuts wants to migrate its hundreds of gTLDs to the “Dropzone” system originally deployed by Afilias, which the company acquired at the end of 2020.
Instead of domains separately dropping according to their expiry time, Dropzone sees them pooled together into daily batches for a more orderly release.
Registrars are still awarded dropping domains on a first-come, first-served basis, according to when they submit their EPP create requests to the Dropzone environment, according to Donuts.
Donuts reckons this system will allow it to better manage traffic load on its registry. Presumably, registrars won’t need to send so many creates, as the drop time is synchronized for all deleting domains.
It also thinks the process will help level the playing field for registrars trying to register expired domains.
But the ICANN request (pdf) also suggests that, unlike Afilias, it might add additional fees for registrars to access Dropzone:
In addition to the standard or premium registration prices of a given domain name, The Dropzone service can support additional application fees to be configured on a per TLD basis. Applications fees where applicable will be charged in addition to the standard registration price of a domain name.
Such charges would presumably be passed on to registrants.
Afilias’ original request for Dropzone approval stated that the fee to catch a drop would be the same as a standard registration fee.
Registrars will have to reconfigure their systems to use Dropzone, which exists on a separate host.
Afilias’ 21 gTLDs have been using Dropzone since ICANN approved the service last year.
“Crimes against humanity” claims against Afilias
Donuts subsidiary Afilias has been accused of participating in “crimes against humanity” and imperialist “apartheid”, due to its management of the contested .io ccTLD.
A London-based lawyer has filed a complaint with the Organization for Economic Cooperation and Development, seeking either the redelegation of .io or a big chunk of its profits.
The complaint was filed on behalf of Crypto Currency Resolution Trust (CCRT), representing people allegedly ripped off by cryptocurrency scams on .io domains, and the Chagos Refugees Group UK (CRG UK).
The latter group represents some of the people forcibly deported from the Chagos Islands in the 1970s, when the British government evicted the entire native population to make way for a US military base on Diego Garcia, the largest island.
The islands were renamed the British Indian Ocean Territory and, in the early days of the DNS, became eligible for the ccTLD .io
The TLD was delegated by IANA to Paul Kane’s London-based outfit Internet Computer Bureau in 1997, in the pre-ICANN days when such decisions were made without very much oversight.
ICB was quietly bought by Afilias for $70 million in 2017, as I broke the following year.
In 2019, the International Court of Justice ruled that the UK’s continued administration of BIOT is unlawful, and that the territory should be returned to the Chagossians, but the current Conservative UK government has shown no indication that it plans to abide by that ruling.
The lawyer for the Chagossians, Jonathan Levy, now claims in his OECD complaint that for Afilias to continue to run .io — which he reckons brings in over €10 million a year — amounts to a human rights abuse in violation of OECD guidelines.
The complaint states:
The British military occupation of the Chagos Archipelago has been severe and resulted in the Chagossians wandering the globe as a displaced people deported from their homeland in a forcible exile reminiscent of British tactics also used on Irish home rule advocates in the 19th Century. It is just simply an outrage that an Irish multinational company is deliberately complicit in crimes against humanity and apartheid on behalf of one of last vestiges of British imperialism and apartheid.
While Levy recognizes on his blog that Afilias has been acquired by US-based Donuts, only Afilias and its subsidiaries in the UK and Ireland are named as respondents.
In a second prong of the attack, Levy claims that Afilias is somehow complicit in cryptocurrency frauds carried out using .io domains.
Blaming a registry for the actions of its registrants is pretty tenuous. Imagine if Verisign got blamed for every nefarious action carried out with a .com domain — there would not be enough lawyers in the world to handle that workload.
But Levy reckons .io is a special case because BIOT lacks law enforcement and because Afilias promotes .io as the best TLD for tech companies “knowing full well” it is often used for crypto fraud. The complaint reads:
Complaina[n]ts submit that while other general purpose domains like GLTD .com may have as much or even more crypto fraud, ccTLD .io is an exception because it represents a political entity with no permanent population and no companies law and no law enforcement. Consequently, unlike ccTLD .com or .net where US authorities may seize websites; .io criminals have little to fear as BIOT has no civil police force nor financial intelligence unit. ICB has promoted ccTLD .io to the tech community knowing full well it will be misused by a significant criminal element specializing in crypto assets.
This still feels pretty tenuous to me. You cannot evade the long arm of the law simply by registering on offshore domain.
Still, Levy’s asking for restitution in the form of a percentage of the ICB acquisition price, ongoing and backdated royalties from the sale of .io domains and, failing that, redelegation of the ccTLD to the Chagossian people.
While I think the notion of Donuts/Afilias actively abusing human rights is pretty weak, there’s no denying it’s the beneficiary of an historical wrong. Imagine how many credibility points it could earn by voluntarily negotiating a profit-share with the displaced Chagossians.
ICANN waves off EFF concerns about the Ethos-Donuts deal
ICANN has dismissed concerns from the Electronic Frontier Foundation about the recent acquisition of Donuts by Ethos Capital.
Responding to a letter from EFF senior attorney Mitch Stoltz, ICANN chair Maarten Botterman said the deal had been thoroughly reviewed according to the necessary technical and financial stability standards.
In reviewing this transaction, the ICANN org team completed a thorough review and analysis of information provided by Ethos Capital and Donuts. Based on the review, the ICANN org team concluded that Donuts, as controlled by its proposed new owners would still meet or exceed the ICANN-adopted specifications or policies on registry operator criteria in effect, including with respect to financial resources, operational and technical capabilities, and overall compliance with ICANN’s contracts and Consensus Policies. Before its final decision on the matter, ICANN org provided multiple briefings to the Board. Following its final briefing and discussion with the Board, ICANN org approved the change of control in late March 2021.
The EFF had claimed that the anti-abuse parts of Donuts various registry agreements amounted to giving Donuts the right to “censor” domains, and it took issue with the Domain Protected Marks List domain blocking service.
Botterman noted that these predate the Ethos acquisition and were not reviewed.
Prior to the deal, which closed in March, Donuts was owned by another PE firm, Abry Partners. ICANN CEO Göran Marby had previously expressed puzzlement that the acquisition to lead to such concerns.
Afilias hints at more legal action over .web
As Verisign does everything but declare outright victory in last week’s Independent Review Process result, .web rival Afilias is now strongly hinting that its lawyers are not quite ready to retire.
John Kane, VP of Afilias (now Altanovo) said in a statement that Afilias is prepared to “take all actions necessary to protect our rights in this matter”.
This matter is of course the contested 2015 auction for the new gTLD .web, which was won by Nu Dot Co with $135 million of Verisign’s money.
Afilias thinks the winning bid should be voided because Verisign’s involvement had been kept a secret. The IRP panel stopped short of doing that, instead forcing ICANN’s board of directors to make a decision.
The earliest they’re likely to do this is at ICANN 71 later this month.
But with one IRP down, Afilias is now reminding ICANN that the board’s ultimate decision will also be “subject to review by an IRP Panel.”
So if ICANN decides to award .web to Verisign, Afilias could challenge it with another IRP, adding another two years to the go-live runway and another couple million dollars to the lawyers’ petty cash jar.
None of which should overly bother Verisign, of course, if one subscribes to the notion that its interest in .web is not in owning it but rather in preventing its competitors from owning it and aggressively marketing it against .com.
But Verisign also put out a statement reviewing the IRP panel’s decision last week, reiterating that it believes Afilias should be banned from the .web contest and banned from making any further complaints about Verisign’s bid.
While Afilias spent its press release focusing on trashing ICANN, Verisign instead focused its blog post on trashing Afilias.
According to Verisign, Afilias is no longer competent to run a registry (having sold those assets to Donuts) and is just looking for a payday by losing a private auction.
“Afilias no longer operates a registry business, and has neither the platform, organization, nor necessary consents from ICANN, to support one,” Verisign claims.
Afilias could of course outsource its would-be .web registry, as is fairly standard industry practice, either to Donuts or any other back-end operator.
.web ruling hands Afilias a chance, Verisign a problem, and ICANN its own ass on a plate
ICANN has lost yet another Independent Review Process case, and been handed a huge legal bill, after being found to have violated its own rules on transparency and fairness.
The decision in Afilias v ICANN has failed to definitively resolve the issue of whether the auction of the .web gTLD in 2016, won by a shell applicant called Nu Dot Co backed by $135 million of Verisign’s money, was legit.
ICANN’s now urging NDC, Afilias and other members of the .web contention set to resolve their beefs privately, which could lead to big-money pay-days for the losing auction bidders at Verisign’s expense.
For ICANN board and staff, the unanimous, three-person IRP panel decision is pretty damning, with the ruling saying the org “violated its commitment to make decisions by applying documented policies objectively and fairly”.
It finds that ICANN’s board shirked its duty to consider the propriety of the Verisign/NDC bid, allowing ICANN staff to get perilously close to signing a registry contract with an applicant that they knew may well have been in violation of the new gTLD program rules.
Despite being named the prevailing party, it’s not even close to a full win for Afilias.
The company had wanted the IRP panel to void the NDC/Verisign winning bid and award .web to itself, the second-highest bidder. But the panel did not do that, referring the decision instead back to ICANN.
As the loser, ICANN has been hit with a $1,198,493 bill to cover the cost of the case, which includes Afilias’ share of $479,458, along with another $450,000 to cover Afilas’ legal fees connected to an earlier emergency IRP request that ICANN “abusively” forced Afilias into.
The case came about due to a dispute about the .web auction, which was run by ICANN in July 2016.
Six of the seven .web applicants had been keen for the contention set to be settled privately, in an auction that would have seen the winning bid distributed evenly among the losing bidders.
But NDC, an application vehicle not known to be particularly well-funded, held out for a “last resort” auction, in which the winning bid would be deposited directly into ICANN’s coffers.
This raised suspicions that NDC had a secret sugar daddy, likely Verisign, that was covertly bankrolling its bid.
It was not known until after NDC won, with a $135 million bid, that these suspicions were correct. NDC and Verisign had a “Domain Acquisition Agreement” or DAA that would see NDC transfer its .web contract to Verisign in exchange for the money needed to win the auction (and presumably other considerations, though almost all references to the terms of the DAA have been redacted by ICANN throughout the IRP).
Afilias and fellow .web applicant Donuts both approached ICANN before and after the auction, complaining that the NDC/Verisign bid was bogus, in violation of program rules requiring applicants to notify ICANN if there’s any change of control of their applications, including agreements to transfer the gTLD post-contracting.
ICANN has never decided at the board level whether these claims have merit, the IRP panel found.
The board did hold a secret, off-the-books discussion about the complaints at its retreat November 3, 2016, and concluded, without any type of formal vote, that it should just keep its mouth shut, because Afilias and Donuts had already set the ball rolling on the accountability mechanisms that would ultimately lead to the IRP.
More than half the board was in attendance at this meeting, and discussions were led by ICANN’s top two lawyers, but the fact that it had even taken place was not disclosed until June last year, well over three and a half years after the fact.
Despite the fact that the board had made a conscious, if informal, choice not to decide whether the NDC/Verisign bid was legit, ICANN staff nevertheless went ahead and started contracting with NDC in June 2018, taking the .web contention set off its “on-hold” status.
Talks progressed to the point where, on June 14, ICANN had sent the .web contract to NDC, which immediately returned a signed copy, and all that remained was for ICANN to counter-sign the document for it to become binding.
ICANN VP Christine Willett approved the countersigning, but four days later Afilias initiated the Cooperative Engagement Process accountability mechanism, the contract was ripped up, and the contention set was placed back on hold.
“Thus, clearly, a registry agreement with NDC for .WEB could have been executed by ICANN’s Staff and come into force without the Board having pronounced on the propriety of the DAA under the Guidebook and Auction Rules,” the IRP panel wrote.
This disconnect between the board and the legal staff is at the core of the panel’s criticism of ICANN.
The board had decided that Afilias’ claim that NDC had violated new gTLD program rules was worthy of consideration and had informally agreed to defer making a decision, but the staff had nevertheless gone ahead with contracting with a potentially bogus applicant, the panel found.
In the opinion of the Panel, there is an inherent contradiction between proceeding with the delegation of .WEB to NDC, as the Respondent [ICANN] was prepared to do in June 2018, and recognizing that issues raised in connection with NDC’s arrangements with Verisign are serious, deserving of the Respondent’s consideration, and remain to be addressed by the Respondent and its Board, as was determined by the Board in November 2016. A necessary implication of the Respondent’s decision to proceed with the delegation of .WEB to NDC in June 2018 was some implicit finding that NDC was not in breach of the New gTLD Program Rules and, by way of consequence, the implicit rejection of the Claimant’s [Afilias’] allegations of non-compliance with the Guidebook and Auction Rules. This is difficult to reconcile with the submission that “ICANN has taken no position onw hether NDC violated the Guidebook”.
The upshot of the panel’s ruling is to throw the issue back to ICANN, requiring the board to decide once and for all whether Verisign’s auction gambit was kosher.
If you’ll excuse the crude metaphor, ICANN’s board has been told to shit or get off the pot:
The evidence in the present case shows that the Respondent, to this day, while acknowledging that the questions raised as to the propriety of NDC’s and Verisign’s conduct are legitimate, serious, and deserving of its careful attention, has nevertheless failed to address them. Moreover, the Respondent has adopted contradictory positions, including in these proceedings, that at least in appearance undermine the impartiality of its processes.
…
[The panel r]ecommends that the Respondent stay any and all action or decision that would further the delegation of the .WEB gTLD until such time as the Respondent’s Board has considered the opinion of the Panel in this Final Decision, and, in particular (a) considered and pronounced upon the question of whether the DAA complied with the New gTLD Program Rules following the Claimant’s complaints that it violated the Guidebook and Auction Rules and, as the case may be, (b) determined whether by reason of any violation of the Guidebook and Auction Rules, NDC’s application for .WEB should be rejected and its bids at the auction disqualified;
At the same time as the decision was published last night — shortly after midnight UTC and therefore helpfully too late to make it into today’s edition of ICANN’s godawful new email subscriptions feature — ICANN issued a statement on the outcome.
“In its Final Declaration, the IRP panel ruled that the ICANN Board, and not an IRP panel, should decide which applicant should become the registry operator for .WEB,” CEO Göran Marby said.
“The ICANN Board will consider the Final Declaration as soon as feasible, within the timeframe prescribed in the Bylaws, and remains hopeful that the relevant .WEB applicants will continue to seek alternatives to resolve the dispute between them raised during the IRP,” the statement concludes.
That should be of concern to Verisign, as any non-ICANN resolution of the .web battle is inevitably going to involve Verisign money flowing to its competitors.
But my first instinct strikes me that this a is a low-probability outcome.
It seems to me much more likely at first glance that ICANN will rule the NDC/Verisign ploy legitimate and proceed to contracting again.
For it to declare that using a front organization to bid for a gTLD is against the rules would raise questions about other applications that employed more or less the same tactic, such as Automattic’s successful bid, via an intermediary, for .blog, and possibly the 100-ish applications Donuts and Rightside cooperated on.
The ICANN bylaws say the board has to consider the IRP’s findings at its next meeting, for which there’s currently no published date, where feasible.
I should note that, while Donuts acquired Afilias last December, the deal did not include its .web application, which is why both the panel’s decision and this article refer to “Afilias” throughout.
Donuts offers name spinner to show potential attacks
Donuts has launched a tool to show off its TrueName offering, which blocks potential phishing attacks at the domain registry level.
It’s like a regular name spinner, but instead of showing you available domains it shows you visually confusingly similar domains — homographs — that it will block if you register said name in any of Donuts’ portfolio of 2xx (subs, please check) TLDs.
For example, spinning truename.domains returns results such as trʋenɑme.domains (xn--trenme-exc57b.domains) and trᵫname.domains (xn--trname-xk6b.domains), which could be used in phishing attacks.
How many strings get blocked depends largely on what characters are in your name. The letters I and O have a great many visually confusing variants in other non-Latin scripts, and each instance exponentially increases the potential attack vectors.
For example, if I were to register “domainincite” in one of Donuts’ TLDs, Donuts would block 767 homographs at the registry level, but if I were to register “kevinmurphy”, it would only need to block 119.
It only blocks the homographs in the same TLD as the original name. It’s not a replacement for brand protection in other TLDs.
Donuts doesn’t charge anything extra for this service. It’s included in the price of registration and offered as a unique perk for Donuts’ selection of gTLDs.
I gave TrueName a brief post when it launched last year, but I have to say I really like the idea. It’s a rare example of true innovation, rather than simple money-grubbing, that has come from the new gTLD program.
If Verisign were to roll out something similar in .com, it would eliminate a bunch of phishing and cut down on legal fees for big brands chasing phishers and typosquatters through UDRP or the courts.
It was born out of Donuts’ Domain Protected Marks List product, which allows trademark owners to block their brands and homographs across the whole Donuts stable for less money than defensively registering the names individually.
The downside of the spinner tool is of course that, if you’re a bad guy, it simplifies the process of generating samples of homograph Punycode (the ASCII “xn--” string) that can be used in any non-Donuts TLD that supports internationalized domain names.
The tool is limited to 10 domains per spin, however, which limits the potential harm.
Try it out here.
Recent Comments