Freenom hit by FIFTH ICANN action after litany of screw-ups
Is time up for Freenom? After being sued by Facebook and losing its contracts to operate ccTLDs for at least two countries, now it also has ICANN Compliance to deal with.
Its registrar arm, Netherlands-based OpenTLD, has been hit with a lengthy ICANN breach notice that alleges the company failed to allow its customers to renew and/or transfer their domains, in violation of the registrar contract.
It’s the fifth time OpenTLD has been targeted by Compliance, following breach notices in 2020, 2017 and 2015 and a notice of suspension later in 2015. ICANN says this notice is for the same sorts of failures as in 2020 and 2017.
The latest notice covers a dozen separate cases, probably the largest number in a single breach notice to date. Some of them ICANN has been investigating as far back as January 2022.
The notice says that OpenTLD failed to allow some registrants of expired domains to recover their names under the Expired Registration Recovery Policy and that some registrants were not provided with the AuthInfo codes they need to transfer their domains to other registrars upon request, which registrars have to do under the Transfer Policy.
It goes on to describe a situation where the registrar habitually did not respond to Compliance’s calls, emails or faxes.
OpenTLD apparently has not filed its 2022 Compliance Certificate with ICANN either, which it was supposed to do before January 20 this year.
The company had almost 19,000 gTLD domain names under management at the end of May, down from a 2019 peak of almost 45,000, but it’s probably better known for being Freenom, the registry behind .ml, .ga, .cf, .gq and .tk.
Domains in these five ccTLDs — mostly representing West African nations suffering under military dictatorships or civil war — were offered for free and monetized by the registry upon expiration or suspension.
But Freenom has not offered new regs in these TLD since the start of the year. Its web site blames technical problems, but it’s widely believed to be a result of the cyberquatting lawsuit filed by Facebook owner Meta in late 2022.
Mali and Gabon, of .ml and .ga, have since severed ties with Freenom. It turned out .ga had seven million domains in its zone, most of which presumably belonged to the registry.
OpenTLD has until October 11 to give ICANN evidence that it followed policy with the renewals or transfers of dozens of names domains or risk losing its accreditation.
Freenom is losing another ccTLD after collecting military emails
Controversial free domains provider is reportedly losing its contract to manage Mali’s ccTLD, its second loss in as many months.
The Financial Times quoted Freenom CEO Joost Zuurbier as saying a 10-year-deal with Mali’s government to run .ml was due to expire yesterday. I reported last month that the deal looked like it was ending.
Gabon has also cancelled its contract with Freenom, saying it was bringing the country into disrepute due to the high levels of spam and abuse associated with .ga domains.
And now it seems that along with running a stable of spam-friendly ccTLDs for a decade, Freenom has also vacuumed up over a hundred thousand emails destined for the US military, which uses the highly restricted .mil TLD.
Zuurbier told the FT that he set up email accounts at navy.ml and army.ml domains shortly after taking over .ml in 2013, and quickly started receiving emails intended for American military personnel, before shutting the accounts down.
While he said nothing was marked confidential, the extensive list of documents he reportedly received, according to the FT, appears to frequently include things you wouldn’t want your enemy to read, such as medical data and financial records.
Now that .ml is reverting to Mali government control, there’s a risk this kind of information could fall into enemy hands, the FT reported. Mali is allied to Russia, which at this point in history is no friend of the US.
Zuurbier said he’s been pestering the US government and military for the last 10 years to get them to do something about the problem. The military told the FT it blocks outgoing emails to .ml domains from its own network. There’s presumably little it can do about emails sent from other domains.
Freenom got its ICANN registrar accreditation suspended in 2015 for cybersquatting its competitors. The company is also being sued for cybersquatting by Facebook owner Meta.
It’s not been possible to register new domains in any of the company’s ccTLD since last year.
Millions of domains to be deleted as Freenom loses its first TLD
Controversial free-domains registry Freenom has lost its deal with the government of Gabon after years of abuse. The government has retaken its ccTLD and will delete as many as seven million .ga domains.
That’s according to the French ccTLD registry, AFNIC (pdf), which says it has been helping migrate the TLD from Freenom to Gabonese government entity ANINF for the last year.
The technical handover will begin today and run until June 7, this coming Wednesday, according to ANINF.
AFNIC said the migration is happening due to “the failure of the company Freenom, which has managed the .ga TLD up until now, to provide the Internet community with a satisfactory service.”
ANINF said it wants to: “Put an end to abusive practices, through the will and support of the Gabonese State, which have had a negative impact on the image of the country and its influence on the Internet.”
Freenom’s business model is to allow people to register domains for free, then bring them in-house and monetize them when they expire or are suspended for abuse such as spam and phishing — something that happens rather a lot.
Security blogger Brian Krebs reported last week that abuse levels originating from ccTLD domains have plummeted since Freenom’s troubles began earlier this year.
ANINF reckons there are currently over seven million domains in .ga, and says most of those will be deleted.
That would make .ga the seventh-largest TLD overall and fourth-largest ccTLD after China, Germany and the UK. But Gabon has a population of just 2.3 million with a relatively low internet penetration of 62%.
Could it be the beginning of the end for Freenom?
Presumably most of the domains Gabon will delete are owned and currently monetized by Freenom, so it will be losing a large parking network when ANINF swings the ban hammer.
There’s also reason to believe .ga will not be the last ccTLD it loses. The tech contact in the IANA record for Mali’s .ml switched from Freenom’s Netherlands-based subsidiary to a Mali government agency back in March, suggesting a takeover is also imminent there.
Then of course there’s the lawsuit by Facebook owner Meta, filed earlier this year, which accuses Freenom of cybersquatting and seeks a ruinous amount in damages.
Freenom has not allowed anyone to register domains in any of its managed TLDs — .ml, .ga, .cf, .gq and .tk — since at least January 1 this year.
I asked Freenom to explain this a few weeks ago and the company declined to comment.
ANINF says the migration this week will cause disruptions, but says it’s been reaching out to registrars with legit registrations to minimize the turbulence for their customers.
Google to drop EIGHT new gTLDs
Google Registry has announced launch details for eight new gTLDs that it has been sitting on for almost a decade.
It plans to launch .foo, .zip, .mov, .nexus, .dad, .phd, .prof and .esq over the coming couple of months, with all eight following the same launch schedule.
Sunrise will begin this weekend, April 2, and run for a month. The Early Access Periods will run for a week up until May 10, when they’re all go into general availability.
The .zip and .mov spaces will be worth keeping an eye on, especially for those in the security space.
Both gTLDs match popular file extensions — for compressed data and video respectively — which could present opportunities for innovation among the internet’s more nefarious players, such as phishers and malware distributors.
.zip is for “tying things together or moving really fast”, Google said, while .mov is “for moving pictures and other things that move”.
All of the new spaces appear to be marketed at general audiences, with no registration restrictions.
After a year’s delay, .gay reveals launch dates
Top Level Design has revealed the launch plan for its .gay gTLD, after almost a year of delays.
General availability was originally planned for October last year, but it was pushed out twice, first due to marketing reasons and then because of coronavirus.
The new plan is for GA to begin at 1500 UTC on September 16. Unlike last year’s planned launch, there does not appear to be any special symbolism to the date.
There’s also going to be an early access period first, from September 8 through 15. This is the period where reg prices start high and reduce every day until they settle at regular GA pricing.
As I’ve previously reported, the registry has reserved five tiers of premium names, from $12,500 down to $100, all of which will renew at premium prices to deter domainers.
The base registry fee is $25, but expect to pay more at the checkout.
Most of the large registrars are on board, with half a dozen set to offer pre-regs, but I don’t see any of the big Chinese registrars on the registry’s list.
Coronavirus: more delay and free domains for .gay
Top Level Design is delaying its general-availability launch of .gay domains for an indeterminate period due to the coronavirus pandemic.
The company said that the new gTLD, which had been slated to go GA May 20, will instead carry on in its trademark holders’ sunrise period indefinitely, until it’s figured out a new launch date.
But in the meantime it’s going to offer a “limited” number of .gay domains for free to any “LGBTQ organization, community group, individual, or small business looking for ways to foster digital Pride”.
These will presumably come from the pool of 100 domains that ICANN permits new gTLD registries to allocate prior to launch, so it certainly will not be a free-for-all.
It’s not the first time Top Level Design has rescheduled its launch. It had originally planned to come out to coincide with National Coming Out Day last October, but delayed to give it more time to get its marketing ducks in a row.
It looks like prospective .gay registrants are going to have to wait until the world’s attention is not so obsessively focused on coronavirus and life has somewhat returned to normal before they nab their names.
Emoji domains get a 😟 after broad study
Domain names containing emojis are a security risk and not recommended, according to a pretty comprehensive review by an ICANN study group.
The Country-Code Names Supporting Organization has delivered the results of its 12-person, 18-month Emoji Study Group, which was tasked with looking into the problems emoji domains can cause, review current policy, and talk to ccTLD registries that currently permit emoji domains.
The ESG didn’t have a lot of power, and its recommendations are basically an exercise in can-kicking, but it’s easily the most comprehensive overview of the issues surrounding emoji domains that I’ve ever come across.
It’s 30 pages long, and you can read it here (pdf).
Emojis are currently banned in gTLDs, where ICANN has to approve new Unicode tables before they can be used by registries at the second level, under its internationalized domain name policy, IDNA 2008.
But ccTLDs, which are not contracted with ICANN, have a lot more flexibility. There are 15 ccTLDs — almost all representing small islands or low-penetration African nations — that currently permit emoji domains, the ESG found.
That’s about 6% of Latin-script ccTLDs out there today. These TLDs are .az, .cf, .fm, .je, .ga, .ge, .gg, .gq, .ml, .st, .to, .tk, .uz, .vu, and .ws.
Five of them, including .tk, are run by notorious freebie registry Freenom, but perhaps the best-known is .ws, where major brands such as Budweiser and Coca-Cola have run marketing campaigns in the past.
The main problem with emojis is the potential for confusing similarity, and the ESG report does a pretty good job of enumerating the ways confusability can arise. Take its comparison of multiple applications’ version of the exact same “grinning face” emoji, for example:
If you saw a domain containing one of those in marketing on one platform, would you be able to confidently navigate to the site on another? I doubt I would.
There’s also variations in how registrars handle emojis on their storefronts, the report found. On some you can search with an emoji, on others you’ll need to type out the xn-- prefixed Punycode translation longhand.
In terms of recommendations, the ESG basically just asked ICANN to keep an eye on the situation, to come to a better definition of what an emoji actually is, and to reach out for information to the ccTLDs accepting emojis, which apparently haven’t been keen on opening up so far.
Despite the lack of closure, it’s a pretty good read if you’re interested in this kind of thing.
.bond domains could cost a grand each
Newish registry ShortDot has announced the release details for its recently acquired .bond gTLD, and they ain’t gonna be cheap.
The TLD is set to go to sunrise in a little under a month, October 17, for 33 days.
General availability begins November 19 with a seven day early access period during which the domains will be more expensive than usual but get cheaper each day.
The regular pricing is likely to see registrars sell .bond names for between $800 and $1,000 a pop, according to ShortDot COO Kevin Kopas.
There won’t be any more-expensive premium tiers, he said.
The gTLD was originally owned by Bond University in Australia, but it was acquired unused by ShortDot earlier this year.
The company hopes it will appeal to bail bondsmen, offerers of financial bonds and James Bond fans.
The business model with .bond is diametrically opposed to .icu, where names sell for under $2 a year (and renew for under $8, if indeed any of them renew).
That zone has inexplicably gone from 0 to 1.8 million names in the last 16 months, and ShortDot says it’s just crossed the two-million mark of registered names.
That second million appears to have been added in just the last three months.
.gay picks the absolutely perfect launch date
Top Level Design has announced the launch date for its forthcoming .gay gTLD, and the timing couldn’t be more symbolic.
It’s picked October 11 as the date for general availability, which also happens to be National Coming Out Day in the US.
National Coming Out Day, which has been observed by gay rights organizations since 1987, is meant to celebrate LBGTQ people “coming out of the closet” and publicly acknowledging their sexual identity.
It happens on the same date every year to commemorate a 1987 civil rights march in Washington, DC.
According to Wikipedia, the event is also celebrated in Ireland, Switzerland, the Netherlands and the UK.
Leading up to its GA launch, Top Level Design plans to kick off its sunrise period in August.
Given that .gay has not yet been delegated, and has not filed its startup plan with ICANN, I imagine there’s some flexibility to the launch timetable.
The registry has recently been brainstorming ideas about how to promote positive content and reduce the inevitable abuse in its new TLD.
Over 50,000 names sold as .shop has successful launch day
GMO Registry has recorded one of the most successful new gTLD launch days to date, selling over 45,000 .shop domain names in the first hours.
The company said it sold 45,427 .shop names in the first two hours after general availability started yesterday afternoon at about 1600 UTC.
The total at that point was 51,755, including about 5,000 that were registered during the Early Access Period, during which names carried higher prices.
The latest .shop zone file contains 46,419 domains.
The registry had sold 616 premium-priced names already, GMO said.
The volume is quite impressive given the retail price tags — .shop is not priced for budget Chinese domainers, it’s selling for $20 to $30 at the major Western registrars.
That’s double, triple or even 10 times as much as Minds + Machines’ self-consciously ‘non-freenium’ .vip domains were selling for when it racked up a six-figure volume during its first day of GA earlier this year.
West.cn, the leading Chinese new gTLD registrar, priced .vip at $3 but is selling .shop at $25.
GMO paid a then record-setting $41.5 million for the rights to .shop at an ICANN auction back in January.
Recent Comments