ICANN closes GoDaddy Whois probe

ICANN has closed its investigation into GoDaddy’s Whois practices with no action taken.
Senior VP of compliance Jamie Hedlund yesterday wrote to David Redl, head of the US National Telecommunications and Information Administration, to provide an update on the probe, news of which first emerged in April.
The NTIA and members of the intellectual property community had complained that GoDaddy was throttling Whois access over port 43 and that it was masking certain fields in the output.
That was when GoDaddy and the rest of the ICANN-regulated industry was working under the old rules, before the new temporary Whois policy had been introduced to comply with the EU General Data Protection Regulation.
Hedlund told Redl in a letter (pdf):

Based on our review and testing (including outside of ICANN’s network), GoDaddy is not currently masking WHOIS data or otherwise limiting access to its WHOIS services. Consequently, the complaints related to GoDaddy’s masking of certain WHOIS fields, rate limiting, and whitelisting of IP addresses have been addressed and closed.

GoDaddy had said earlier this year that it was throttling access over port 43 in an attempt to reduce the availability of Whois data to the spammers that have been increasingly plaguing its customers with offers of web site development and search engine optimization services.

GoDaddy signs up for basically unrestricted .travel gTLD

Donuts has started to market the now practically prehistoric and newly liberalized gTLD .travel, and it’s signed up GoDaddy to offer domains there.
The registry, which acquired .travel from former owner Tralliance in February, announced a soft relaunch on its blog last week, highlighting that GoDaddy, Name.com and Encirca are now among its registrars.
GoDaddy appears to be only new signing there — Encirca and Name.com have been carrying .travel from long before Donuts got involved and are in fact its two largest registrars.
The big daddy of the registrar space appears to have become interested after Donuts “simplified” the process of registering .travel domains. Donuts said:

Since the acquisition, Donuts has simplified the registration process, enabling registrants to stay on the registrar’s website for the entirety of the registration/checkout process. Donuts believes that this streamlined registration process will increase registrations, as compared to the previous process, which was disjointed and complex for registrants.

What this seems to translate to is: .travel is essentially an unrestricted TLD, despite being applied for in 2003’s round of “sponsored” gTLDs.
If you attempt to register a .travel domain at GoDaddy today, the only additional friction en route to the purchase button is a simple, prominent check-box asking you to confirm you are a member of the travel community.
That’s apparently enough for Donuts to say it has fulfilled the part of its ICANN contract that says it has to carry out a “review of Eligibility prior to completion of all registrations.”
Under its previous ownership, .travel required registrars to bounce their customers to the registry web site to obtain an authentication code during the registration process.
.travel names are still pretty pricey — GoDaddy was going to hit me with a bill of over $110 before I abandoned my cart, and that was just a year-one promotional price.
The gTLD peaked at 215,000 domains 10 years ago but now sits at under 18,000, having seen slight declines every month for the past five years.

Christians rail against GoDaddy’s six-color gay rights flag

GoDaddy changed its social media avatars to a gay rights flag yesterday, incurring the wrath of some self-declared Christians and US right-wingers.

The change was made in recognition of LGBT Pride Month, in which every June gay rights groups hold marches and generally celebrate/call for equal rights for lesbian, gay, bisexual and transgender people.
The most egregious thing about the change is surely that there’s a color missing. For some reason, the world’s largest registrar has decided that rainbows look better with only six colors.
But many customers took to Facebook to decry the change on religious or political grounds.
Here’s a sample of some of the comments on the logo.

Now finding another service !!! I don’t support this crap !! I serve s higher power and I am as a Christian warrior to turn my back on this !!!

Don’t you start making a hard left turn to GoDaddy, are you gonna choose the coastal liberals over the other half of the country? Stay out of politics and picking sides. Your not above Boycott like every other Mega Company that chooses a Globalist agenda…

Keep your sexual or political opinion out of your business or I’ll leave your business son! Weather I agree or disagree Im not doing business with you for you to push your views upon me! Just sell me websites and hosting and keep your mouth shut, thanks!

Not doing business there anymore

To be fair, compared to the size of GoDaddy’s customer base, the number of outraged commenters was vanishingly small. I don’t think anyone at GoDaddy is shaking in their boots over the possible loss of a few hard-core right-wing customers.
But those saying it’s a political statement may have a point.
It might be interesting to note that on GoDaddy’s Facebook page for the UK, where equal rights are far less controversial and barely considered a mainstream political issue, the company has not changed its logo.
There were also lots of comments in favor of the change, of course.

Always been a huge fan of godaddy. Your customer service and products are superior. Now I’m even more of a fan. Thanks for taking a powerful stand, even amidst these trolls. I can’t even believe the hate spewing from them. #teamGoDaddy

Comment section, its not getting political or “imposing views” on others to support & respect gays as human beings. They’re not talking about gun rights or abortion or whatever, its LGBT, thats not a belief, or a view. So if you’re gonna seriously stop using the website over human decency & compassion during pride month, thats on you if ya wanna be a whining mope

The amount of offended people in these comments is killing me 😂 much love, GoDaddy. Happy pride. To all the high- strung offended snowflakes: you and your kind have enjoyed thousands of years without LGBT visibility. One site changes their profile pic and your anger burns for nothing. Suck it.

And there were plenty of ambivalent comments.

I am ok with supporting LGBT rights. I am not ok with my slow as hell server that I paid extra for it to be fast, but I paid up front for 3 years so whatever I guess I am hanging out awhile.

While I generally tend to steer away from stories about bogus, whipped-up, social media controversies (this is maybe the third time DI has posted such an article) I find it interesting as it reflects GoDaddy’s perception shift as a company.
A large reason GoDaddy got into the leading position it is today is due to its unabashedly breast-based advertising and sponsorship of sports only Republicans understand.
Less than a decade ago, it was more common for the company to attract controversy when founding CEO Bob Parsons did something dumb like brag about shooting an elephant.
Now it’s taking flak for making a half-assed nod towards gay rights? How times change.
Disclosure: it’s not lost of me that throughout this article I’ve used the word “gay” interchangeably with “LGBT”.

Can’t get enough GDPR? Come to my NamesCon panel

NamesCon Europe is being held in Valencia, Spain, this week, the first time the NamesCon branding has been applied to the old Domaining Europe show.
Starting Thursday, it’s a two-day conference — or three if you count the social events planned for Saturday — with a varied agenda focused on domain investors.
The keynote will be given by Akram Atallah, president of ICANN’s Global Domains Division, on a so-far unspecified topic.
There will be about 20 sessions in total, organized in a single track and covering topics such as valuation, monetization, drop-catching, web development and legal issues facing domainers.
Expect speakers from the likes of Donuts, Sedo, the new gTLDs .club and .global, and a bunch of companies I’ve never heard of (a fact I hope to rectify).
Staff from NamesCon owner GoDaddy also have a decent presence among the speakers.
Domaining Europe was sold to NamesCon earlier this year and there’s going to be a short “handover ceremony” at the end of the show, followed by a performance by a band whose lineup feature the conference’s new CEO.
I’ll be hosting a panel comprising Blacknight CEO Michele Neylon and German lawyer Thomas Rickert on the General Data Protection Regulation on Thursday just before lunch.
If you no longer wish me to tell you this, please click here. But if, as a domainer, you feel there are important GDPR issues that should be discussed at the session, feel free to leave a comment below or shoot me an email.
As usual with shows like this, a big part of the value is in the networking, and there’s plenty of opportunities for socializing scheduled, including a “Disco Party!” slated to end at 5am.
NamesCon Europe tickets are still available, priced now at €786.50 ($922).
Disclosure: I’m paying my own way to the show but have a complimentary press pass.

I just bought a new gTLD registry’s domain for $10

Are .fan and .fans the latest new gTLDs to go out of business? It certainly looks that way.
ICANN has hit the registry with a breach notice for unpaid dues and stripped it of its registrar accreditation.
In addition, its web sites no longer appear functional and I’ve just bought its official IANA-listed domain name for under $10.
Asiamix Digital is the Hong Kong-based company behind both TLDs, doing business as dotFans.
It launched .fans in September 2015, with retail pricing up around the $100 mark, but never actually got around to launching the singular variant, which it acquired (defensively?) from Rightside (now Donuts) earlier that year.
.fans had fewer than 1,400 domains in its zone file yesterday, down from a peak of around 1,500, while .fan had none.
dotFans in-house accredited registrar, Fan Domains, didn’t seem to actually sell any domains and it got terminated by ICANN (pdf) at the end of March for failing to provide basic registrar services.
And now it seems the registry itself has been labeled as a deadbeat by ICANN Compliance, which has filed a breach notice (pdf) alleging non-payment of registry fees.
While breach notices against TLD registries are not uncommon these days, I think this is the first one I’ve seen alleging non-payment and nothing else.
The notice claims that the registry’s legal contact’s email address is non-functional.
In addition, the domains nic.fans, nic.fan and dotfans.com all currently resolve to dead placeholder pages.
Meanwhile, dotfans.net, the company’s official domain name as listed in the IANA database now belongs to me, kinda.
It expired March 12, after which it was promptly placed into a GoDaddy expired domains auction. Where I just bought it for £6.98 ($9.92).

To be clear, I do not currently control the domain. It’s still in post-expiration limbo and GoDaddy support tells me the original owner still has eight days left to reclaim it.
After that point, maybe I’ll start getting the registry’s hate mail from ICANN. Or perhaps not; it seems to have been using the .com equivalent for its formal communications.
Should .fan and .fans get acquired by another registry soon — which certainly seems possible — rest assured I’ll let the domain go for a modest sum.

ICANN confirms GoDaddy Whois probe

ICANN is looking into claims that GoDaddy is in breach of its registrar accreditation contract.
The organization last week told IP lawyer Brian Winterfeldt that his complaint about the market-leading registrar throttling and censoring Whois queries over port 43 is being looked at by its compliance department.
The brief note (pdf) says that Compliance is “in receipt of the correspondence and will address it under its process”.
Winterfeldt is annoyed that GoDaddy has starting removing contact information from its port 43 Whois responses, in what the company says is an anti-spam measure.
It’s also started throttling port 43 queries, causing no end of problems at companies such as DomainTools.
Winterfeldt wrote last month “nothing in their contract permits GoDaddy to mask data elements, and evidence of illegality must be obtained before GoDaddy is permitted to throttle or deny port 43 Whois access to any particular IP address”.
It’s worth saying that ICANN is not giving any formal credibility to the complaint merely by looking into it.
But while it’s usual for ICANN to publish its responses to correspondence it has received and published, it’s rather less common for it to disclose the existence of a compliance investigation before it has progressed to a formal breach notice.
It could all turn out to be moot anyway, given the damage GDPR is likely to do to Whois across the industry in a matter of weeks.

Lawyer: GoDaddy Whois changes a “critical” contract breach

GoDaddy is in violation of its ICANN registrar contract by throttling access to its Whois database, according to a leading industry lawyer.
Brian Winterfeldt of the Winterfeldt IP Group has written to ICANN to demand its compliance team enforces what he calls a “very serious contractual breach”.
At issue is GoDaddy’s recent practice, introduced in January, of masking key fields of Whois when accessed in an automated fashion over port 43.
The company no longer shows the name, email address or phone number of its registrants over port 43. Web-based Whois, which has CAPTCHA protection, is unaffected.
It’s been presented as an anti-spam measure. In recent years, GoDaddy has been increasingly accused (wrongly) of selling customer details to spammers pitching web hosting and SEO services, whereas in fact those details have been obtained from public Whois.
But many in the industry are livid about the changes.
Back in January, DomainTools CEO Tim Chen told us that, even as a white-listed known quantity, its port 43 access was about 2% of its former levels.
And last week competing registrar Namecheap publicly complained that Whois throttling was hindering inbound transfers from GoDaddy.
Winterfeldt wrote (pdf) that “nothing in their contract permits GoDaddy to mask data elements, and evidence of illegality must be obtained before GoDaddy is permitted to throttle or deny
port 43 Whois access to any particular IP address”, adding:

The GoDaddy whitelist program has created a dire situation where businesses dependent upon unmasked and robust port 43 Whois access are forced to negotiate wholly subjective terms for access, and are fearful of filing complaints with ICANN because they are reticent to publicize any disruption in service, or because they fear retaliation from GoDaddy…
This is a very serious contractual breach, which threatens to undermine the stability and security of the Internet, as well as embolden other registrars to make similar unilateral changes to their own port 43 Whois services. It has persisted for far too long, having been officially implemented on January 25, 2018. The tools our communities use to do our jobs are broken. Cybersecurity teams are flying blind without port 43 Whois data. And illegal activity will proliferate online, all ostensibly in order to protect GoDaddy customers from spam emails. That is completely disproportionate and unacceptable

He did not disclose which client, if any, he was writing on behalf of, presumably due to fear of reprisals.
He added that his initial outreaches to ICANN Compliance have not proved fruitful.
ICANN said last November that it would not prosecute registrar breaches of the Whois provisions of the Registrar Accreditation Agreements, subject to certain limits, as the industry focuses on becoming compliant with the General Data Protection Regulation.
But GoDaddy has told us that the port 43 throttling is unrelated to GDPR and to the compliance waiver.
Masking Whois data, whether over port 43 or not, is likely to soon become a fact of life anyway. ICANN’s current proposal for GDPR compliance would see public Whois records gutted, with only accredited users (such as law enforcement) getting access to full records.

Namecheap’s Move Your Domain Day actually works

Namecheap appears to have done a year’s worth of transfers in a single day, on its annual Move Your Domain Day promotion.
The company said this week that the promotion, which ran on March 6 this year, saw 20,590 domains transferred in from other registrars.
That’s pretty good compared to its usual transfer activity.
Registry report data shows that Namecheap usually gets 1,000 to 1,500 inbound transfers per month, across all gTLDs.
Move Your Domain Day was originally set up to capitalize on protests over GoDaddy’s support for the Stop Online Piracy Act in late 2011.
That year, when it benefited from greater publicity, the company said it saw over 40,000 transfers.
During the promotion, Namecheap discounts transfers and donates $1.50 per domain to the Electronic Frontier Foundation.
This year, the EFF will be getting a check for $30,885.
Namecheap said earlier in the week that it was having problems processing inbounds from GoDaddy, which it claimed was throttling automated Whois queries, but said it would process the transfers regardless.

Namecheap accuses GoDaddy of delaying transfers

GoDaddy broke ICANN rules and US competition law by delaying outbound domain transfers yesterday, and not for the first time, according to angry rival Namecheap.
March 6 was Namecheap’s annual Move Your Domain Day, a promotion under which it donates $1.50 to the Electronic Frontier Foundation for every inbound transfer from another registrar.
It’s a tradition the company opportunistically started back in 2011 specifically targeting GoDaddy’s support, later retracted, for the controversial Stop Online Piracy Act, SOPA.
But yesterday GoDaddy was delivering “incomplete Whois information”, which interrupted the automated transfer process and forced Namecheap to resort to manual verification, delaying transfers, Namecheap claims.
“First and foremost this practice is against ICANN rules and regulations. Secondly, we believe it violates ‘unfair competition’ laws,” the company said in a blog post.
Whois verification is a vital part of the transfer process, which is governed by ICANN’s binding Inter-Registrar Transfer Policy.
GoDaddy changed its Whois practices in January. As an anti-spam measure, it no longer publishes contact information, including email addresses vital to the transfer process, when records are accessed automatically over port 43.
However, GoDaddy VP James Bladel told us in January that this was not supposed to affect competing registrars, which have their IP addresses white-listed for port 43 access via a system coordinated by ICANN.
Did GoDaddy balls up its new restrictive Whois practices? Or can the blame be shared?
Namecheap also ran into problems with GoDaddy throttling port 43 on its first Move Your Domain Day in 2011, but DI published screenshots back then suggesting that the company had failed to white-list its IP addresses with ICANN.
This time, the company insists the white-list was not an issue, writing:

As many customers have recently complained of transfer issues, we suspect that GoDaddy is thwarting/throttling efforts to transfer domains away from them. Whether automated or not, this is unacceptable. In preparation for today, we had previously whitelisted IPs with GoDaddy so there would be no excuse for this poor business practice.

Namecheap concluded by saying that all transfers that have been initiated will eventually go through. It also asked affected would-be customers to complain to GoDaddy.
The number of transfers executed on Move Your Domain Day over the last several years appears to be well into six figures, probably amounting to seven figures of annual revenue.

DomainTools scraps apps and APIs in war on spam

DomainTools is to scrap at least five of its services as it tries to crack down spam.
It’s getting rids of its mobile apps, its APIs, and is to stop showing registrants’ personal information to unauthenticated users.
CEO Tim Chen told us in an email at the weekend:

The Android app is no longer supported.
The iOS app will no longer be supported after February 20th.
The Developer API is no longer supported.
On February 20th, the Bulk Parsed Whois tool available to Personal Members will no longer be supported.
On February 20th, our production Whois API will no longer be available to individual membership levels, an Enterprise relationships will be required.

It’s all part of an effort to make sure DomainTools services are not being abused by spammers, which has lead to a dispute with GoDaddy over bulk access to its registrants’ Whois data.
The longstanding problem of new registrants getting spammed with calls and emails offering web hosting and such has escalated over the last few years. Domain Name Wire detailed the scale of the abuse registrants can experience in a post last week.
While to my knowledge nobody has directly accused DomainTools of facilitating such abuse, the scrapped services are the ones that would be most useful to these spammers.
The company is also going to scale back what guest users can see when they do a Whois lookup, and is to make automated scraping of Whois records more difficult for paying members.
In a blog post, Chen wrote last week:

As of today, unauthenticated users of the DomainTools Whois Lookup tool will not see personally identifiable information for the registrant parsed out in the results, and will be required to submit a CAPTCHA to see the full raw domain name Whois record. Phone numbers in the parsed results have been replaced with image files, much the same way emails have always been rendered

As well as hoping to ease relations with GoDaddy — the source of a very heavy chunk of DomainTools’ data — the moves are also part of the company’s strategy for dealing with the incoming General Data Protection Regulation.
This is the EU law that gives registrants more control over the privacy of their personal data.
Chen told us earlier this month that DomainTools is keen to ensure its enterprise-level suite of security products, which he said are vital for security and intellectual property investigations, continue to operatie under the new regime.
About 80% of DomainTools’ revenue comes from its enterprise-level customers, over 500 companies.