First registry gets breach notice over new abuse rules
.TOP Registry allegedly ignored reports about phishing attacks and has become the first ICANN contracted party to get put on the naughty step over DNS abuse rules that came into effect a few months ago.
ICANN has issued a public breach notice claiming that the registry, which runs .top, has also been ignoring the results of Uniform Rapid Suspension cases, enabling cybersquatting to take place.
The notice says that .TOP breached new rules, which came into effect April 5, that require it to act on reports of DNS abuse (such as malware or phishing attacks) by suspending the domains or referring them to the responsible registrar.
The registry didn’t do this with respect to a report of April 18, concerning “multiple .top domain names allegedly used to conduct phishing attacks”. It didn’t even read the report until contacted by ICANN, according to the notice.
As of yesterday, only 33% of the phishing domains have been suspended by their registrars, some three months after the attacks were reported, ICANN says.
Compliance is also concerned that .TOP seems to be ignoring notices from Forum, the company that processes URS cases, requiring domains to be locked within 24 hours when they’ve been hit with a charge of cybersquatting.
The registry “blatantly and repeatedly violated” these rules, according to ICANN.
.TOP has been given until August 15 to get its act together or risk having its Registry Agreement suspended or terminated.
The registry has about three million .top domains under management, having long been one of the most successful new gTLDs of the 2012 round in volume terms. It typically sells domains very cheaply, which of course attracts bad actors.
.my domains to be sold globally next month
The .my namespace is to be opened up to international registrants next month under a deal between the Malaysian registry and Caymans-based Internet Naming Co, according to INCO’s CEO.
Shayan Rostam said that MYNIC will continue to be the registry for .my, but that INCO will look after it outside Malaysia. The deal will allow non-Malaysians to register .my domains for the first time, he said. Currently, some registrars offer local presence services to get around the rules.
INCO already runs a portfolio of gTLDs, the initial batch acquired from UNR a few years ago, and adding .my should bring the ccTLD to a wider range of registrars. There’s going to be a new Registry-Registrar Agreement that is “less restrictive” than the old one, Rostam said.
.my has been around since 1987 and currently has about 313,000 domains under management, split roughly 50:50 between the second-level under .my and third level under .com.my. There are also lesser-used spaces such as .org.my and .net.my.
Rostam said the third-level spaces will still be reserved for Malaysians, but that no local nexus will be required under the second-level. It’s a similar idea to how Colombia’s .co was operated when it relaunched in 2010.
The TLD is of course potentially attractive because it’s an English word commonly used in domains, albeit usually at the start of the name rather than the end. According to my database, “my” is the most commonly-registered ccTLD-match two-letter domain among dot-brands.
Rostam said that he expects to start the relaunch with an Early Access Period, with prices starting at about $25,000, in late May, with full general availability in June.
Renewal pricing in GA is expected to be around the $30 mark — substantially cheaper than current retail prices — but registrars are expected to run first-year promotions in the sub-$10 area,
There will also be a list of premium-priced domains that could pump the pricing up to between $100 and $10,000 per year.
There’s no formal sunrise period — ccTLDs are not governed by ICANN rules and .my has of course been around for almost 40 years — but brand-protection registrars have been given special early access in case they have clients that want protection, Rostam said.
Under a separate deal, INCO has also taken over management of .forum and .feedback on behalf of two of Jay Westerdahl’s companies, Rostam confirmed.
Uniregistry successor makes big pricing changes on two TLDs
Internet Naming Co is slashing thousands of dollars from the price of one of its TLDs and increasing the price of another by a similar amount.
The company, which took over nine former Uniregistry gTLDs last year, is reducing the wholesale price of .forum domains from $1,000 a year to a retail price of $39 a year, while increasing the wholesale price of .country domains from $20 a year to $2,000 a year.
CEO Shayan Rostam said that in the case of .country, existing registrants (there are fewer than 4,000 domains there today) will be grandfathered in at the old renewal and transfer prices.
He said the TLD will be relaunched with a new business model later in the year — it’s currently marketed as a country music TLD — and that he does not expect to sell many domains at the new higher pricing.
For .forum, which only has a few hundred regs today, a second sunrise period began this week. It will run until May 10 after which there will be a second Early Access Period until prices settle in general availability on May 17.
Rostam said the relaunch will accompany the release of thousands of reserved names, including all one, two and three-character domains, and a tiered pricing system for premium names.
.forum sunrise period will cost less than half the regular reg fee
Trademark owners rejoice! There’s a new gTLD registry seemingly not bent on ripping you off during its sunrise period.
Those defensively registering their marks in .forum, which begins its sunrise period on Monday, in some cases could find themselves paying less than half the regular registration fee.
French registrar Gandi today said that its sunrise retail price is $452.13, versus a genera availability price of $1,042.08, and prices at other participating registrars appear to be roughly in line.
.forum’s is being managed by MMX, though the ICANN gTLD contract appears to still belong to original applicant Fegistry.
The first-come, first-served sunrise period will run until December 16. General availability is due to begin.March 2 next year.
I have to admit to finding the $1,000 base registry fee something of a head-scratcher.
I can just about see why gTLDs such as .cars, representing big-ticket niches, can command four-figure reg fees but, anecdotally, I’ve often heard that web forums can be quite expensive to run and difficult to monetize. Hardly obvious candidates for premium-tier recurring prices.
Failure to launch: 10 years-old gTLDs that are still dormant
Over six years after the last new gTLD application window closed, more than one in 10 new gTLDs have yet to launch, even though some have been delegated for over four years.
Once you filter out duplicates, withdrawals and terminations from the original 1,930 applications, there were a maximum of roughly 1,300 potential new gTLDs from the 2012 round.
But, by my calculations, 144 of those have yet to even get around to their sunrise period. Most of those haven’t even filed their launch plans with ICANN yet.
Here’s 10 from that list I’ve picked based on how interesting they appear to me, in no particular order.
Yes, DI is doing listicles now. Hate-mail to the usual address.
.forum
This one’s owned by Jay Westerdal’s Top Level Spectrum, the same company behind .feedback, .realty and others. I quite like the potential of this string — the internet is chock-full of forums due to the easy availability of open-source forum software — but so far nobody’s gotten to register one. It was delegated back in June 2015 and doesn’t have a published launch plan as yet. An FAQ reading just saying “Jay was here !!!!! Test deploy..delete me later…” has been up on its site since at least last September. TLS is also sitting on .contact and .pid (for “personal ID”) with no launch dates in sight.
.scholarships
Owned by Scholarships.com, there’s a whiff of the defensive about this one. It’s been in the root since March 2015 but its site states the registry “is still finishing launch plans and will provide updates as they become available”. Scholarships.com is a site that connects would-be higher education students to potential sources of funding. It’s difficult to imagine many ways the matching gTLD could possibly help in that mission.
.giving
JustGiving, the UK-based charity campaign aggregator, won this gTLD and had it delegated in August 2015, but seemingly still hasn’t figured out what it wants to do with it. It’s not a dot-brand, so it’s presumably mulling over ways to give .giving domains to fundraisers in a way that does not compromise credibility. Whatever its plans, it’s taking its sweet time over them.
.cancerresearch
This is a weird one. Delegated four years ago, the Australian Cancer Research Foundation rather quickly went live with a bunch of interlinked .cancerresearch web sites, using its contractually permitted allotment of promotional domains. Contractually, it’s not a dot-brand, but it’s basically acting like one, having never actually given ICANN any info about sunrise, eligibility, trademark claims, general availability, etc. Technically, it’s still pre-launch, and I can’t see any reason why it would want to budge from that status. Huge loophole in the ICANN rules?
.beauty
Another whiff of gaming here. International woman-shaming powerhouse L’Oreal still has no announced plans to launch .beauty, .skin or .hair, which it had originally wanted to run as so-called “closed generics” (presumably to keep the keywords out of the hands of competitors). Of its small portfolio of generic gTLDs, delegated in 2016, it has actually launched .makeup already, with a $6,000 retail price and a strategy seemingly based on registry-owned domains matching the names of makeup-focused social media influencers. At least it’s actually selling names, even if nobody’s bought one yet.
.budapest
One of three city TLDs that were delegated back in 2014 but have yet to start selling domains. MMX is to run it in partnership with the local government of the Hungarian city, if it ever gets off the ground. Madrid (.madrid) and Zurich (.zuerich) have both also yet to roll out, although Zurich has settled on early 2019 for its launch.
.fan
Regular DI readers won’t be surprised to see this one on the list. In what may turn out to be a shocking waste of money, .fans registry Asiamix Digital acquired the singular .fan from Donuts back in 2015 and promptly let it sit idle for the next three years. Currently, with .fans turning out to be a flop, Asiamix has money troubles and I wouldn’t be surprised to see it under new ownership before too long. It’s not a terrible string, so there’s some potential there.
.ком, etc
.ком is one of 11 internationalized domain name transliterations of .com — .कॉम, .ком, .点看, .คอม, .नेट, .닷컴, .大拿, .닷넷, .コム, .كوم and .קוֹם — that Verisign had delegated back in 2015. To date, only the Japanese .コム has launched, and the registry reportedly arsed it up quite badly. Records show .コム peaked at over 28,000 names and sits at fewer than 7,000 today. None of the remaining IDNs have launch dates attached.
Anything owned by Google or Amazon
When it comes to sitting on dormant gTLDs, you can’t top Google and Amazon for sheer numbers. Google has 19 strings in pre-launch states right now, while Amazon has a whopping 34. Amazon is letting the likes of .free, .wow, .now, .deal, .save and .secure sit idle, while Google is still stroking its chin on the likes of .eat, .meme, .fly and .channel. At the snail’s pace these companies roll out gTLDs, I wouldn’t be surprised if some of these strings never hit the market.
.bom
Portuguese for “.good”, .bom was delegated to local ccTLD registry Nic.br in 2015 but has no published launch dates and no content on its nic.bom registry web site. I’d say more, but I expect a certain prolific DI commenter could do a better job of it, so I’ll turn it over to him…
The Pirate Bay likely to be sunk as .org adopts “UDRP for copyright”
Controversial piracy site The Pirate Bay is likely to be the first victim of a new industry initiative being described as “UDRP for copyright”.
The Domain Name Association today published a set of voluntary “healthy practices” that domain registries can adopt to help keep their TLDs clean of malware, child abuse material, fake pharmacies and mass piracy.
And Public Interest Registry, the company behind .org, tells DI that it hopes to adopt the UDRP-style anti-piracy measure by the end of the first quarter.
This is likely to lead to thepiratebay.org, the domain where The Pirate Bay has resided for some time, getting seized or deleted not longer after.
Under its Healthy Domains Initiative, the DNA is proposing a Copyright Alternative Dispute Resolution Policy that would enable copyright holders to get piracy web sites shut down.
The version of the policy published (pdf) by the DNA today is worryingly light on details. It does not explain exactly what criteria would have to be met before a registrant could lose their domain name.
But PIR general counsel Liz Finberg, the main architect of the policy, said that these details are currently being finalized in coordination with UDRP arbitration firm Forum (formerly the National Arbitration Forum).
The standard, she said, will be “clear and convincing evidence” of “pervasive and systemic copyright infringement”.
It’s designed to capture sites like The Pirate Bay and major torrent sites than do little but link to pirate content, and is not supposed to extend to sites that may inadvertently infringe or can claim “fair use”.
That said, it’s bound to be controversial. If 17 years of UDRP has taught us anything it’s that panelists, often at Forum, can take a liberal interpretation of policies, usually in favor of rights holders.
But Finberg said that because the system is voluntary for registries — it’s NOT an ICANN policy — registries could simply stop using it if it stops working as intended.
Filing a Copyright ADRP complaint will cost roughly about the same as filing a UDRP, typically under $1,500 in fees, she said.
Penalties could include the suspension or transfer of the domain name, but monetary damages would not be available.
Finberg said PIR chose to create the policy because she wasn’t comfortable with the lack of due process for registrants in alternative methods such as Trusted Notifier.
Trusted Notifier, in place at Donuts and Radix, gives the Motion Picture Association of America a special pass to notify registries about blatant piracy and, if the registry agrees, to have the domains suspended.
While stating that .org is a fairly clean namespace, Finberg acknowledged that there is one big exception.
“The Pirate Bay is on a .org, we’re not happy about that,” she said. “If I were to say what’s the one .org that is the prime candidate for being the very first one out of the gate, I would say it’s The Pirate Bay.”
Other registries have yet to publicly state whether they plan to adopt this leg of the DNA HDI recommendations.
Recent Comments