Latest news of the domain name industry

Recent Posts

Registrars CAN charge for Whois, ICANN grudgingly admits

Kevin Murphy, December 1, 2022, Domain Registrars

ICANN is powerless to prevent registrars from charging for access to non-public Whois data, the Org has reluctantly admitted.

In a recent advisory, ICANN said it is “concerned” that registrars including Tucows have been charging fees to process requests for data that would otherwise be redacted in the free public Whois.

But it said there’s nothing in the Registrar Accreditation Agreement, specifically the Temporary Specification governing Whois in the post-GDPR world, that bans such services:

While the RAA explicitly requires access to public registration data directory services to be provided free of charge, the Temporary Specification does not specifically address the issue of whether or not a registrar may charge a fee for considering requests for access to redacted registration data.

So basic Whois results, with all the juicy info redacted, has to be free, but registrars can bill organizations who ask for the veil to be lifted. ICANN wrote:

ICANN org is concerned that registrars’ imposition of fees for consideration of requests for access to nonpublic gTLD registration data may pose an access barrier. Access to registration data serves the public interest and contributes to the security and stability of the Internet

The advisory calls out Tucows’ Tiered Access Compliance and Operations system, TACO, as the primary example of a registrar charging for data, but notes that others are too.

Not long after the advisory was published, Tucows posted an article in which it explained that the fees are necessary to cover the cost of the “thousands” of automated requests it has received in the last four years.

Charging fees for compliance with other forms of legal process is not uncommon in the industry, and the vast majority of requests for registration data (approximately 90%) continue to come from commercial litigation interests and relate to suspected intellectual property infringement.

Facebook, now Meta, was at first, and may still well be, a frequent bulk filer.

Tucows said that it “frequently” waives its fees upon request for “single-use requestors and private parties”.

Stop me if you’ve heard this…

Kevin Murphy, November 30, 2022, Domain Services

The collective noun for wildebeest is “an implausibility”.

In the incredibly unlikely event that you’re ever confronted by a large group of these majestic bovine quadrupeds, that’s how you should describe what you see.

An implausibility of wildebeest.

I tell you this not because it’s relevant to anything else that appears in this article, but because a series of unfortunate and unavoidable circumstances have kept me offline for the last few weeks, and you may find this round-up piece tells you lots of things you already know.

If that’s the case for you, I can only apologize, with the caveat that you probably didn’t know about the wildebeest thing, so at least this post has provided some value.

Let’s start with ICANN, shall we?

My ICANN announcements feed contains 20 unread articles this morning, and as far as I can tell from a cursory glance over the headlines, the Org has done almost nothing of consequence recently.

It’s mostly outreach-this, engagement-that, review-the-other. If official announcements were any guide, ICANN would look like an entity far more concerned with promoting and promulgating its own increasingly debatable legitimacy, rather than doing the stuff it was originally set up to do.

Like new gTLDs, for example…

While ICANN continues to fart around with its working groups and consultations and Dantean layers of bureaucracy, the blockchain/crypto/web3 crowd are continuing to bolster their efforts to eat the Org’s breakfast, lunch and dinner.

Most notably, blockchain-based alt-root naming services including Unstoppable have launched the Web3 Domain Alliance, which, even if it misses its goals, promises to make the next new gTLD round an even bigger litigation clusterfunge than the last.

The alliance intends to among other things “advocate for the policy position that NFT domain registry owner-operators create trademark rights in their web3 TLDs through first commercial use with market penetration.”

In other words, if some well-financed crypto bro creates .example on some obscure blockchain root and gets a little bit of traction, ICANN shouldn’t be allowed to create .example on the authoritative consensus root.

This has the potential to make Jarndyce and Jarndyce look like a parking ticket hearing and I take some comfort from the fact that I’ll most likely be long dead before the lawsuits from the next new gTLD round have all played out.

The Web3 Domain Alliance is promising imminent pledges of support from “web2” companies, and it will be interesting to see if any company in the conventional domain name industry is ready to break ranks with ICANN and sign up.

In actual gTLDs…

Another thing that will likely post-date my death is the launch of the last gTLD from the 2012 application round. Many still lie dormant, but they do still continue to trickle out of the gates.

While I’ve been offline, we’ve witnessed the general availability launch of Google’s .boo and .rsvp — the former criminally missing the increasingly lengthy and bewildering Halloween season and the latter probably a little late for the Christmas party season — while non-profit .kids went GA a couple of days ago.

In the world of ccTLDs…

GoDaddy is formally relaunching .tv, the rights to operate it won in a bidding process earlier this year after incumbent registry Verisign declined to compete.

It’s talking about a “a complete rebrand and marketing makeover”, with a new, very colorful, destination site at TurnOn.tv.

Many years ago, a senior Verisign exec described .tv to me as “better than .com”, and in a world where any shouty teenage pillock can essentially launch their own TV show for the price of an iPhone and broadband connection, that’s probably never been truer.

Meanwhile, Ukrainian ccTLD registry Hostmaster isn’t going to let the little matter of an ongoing Russian invasion interfere with its 30th birthday celebrations and the 12th annual UADOM conference.

It’s being held remotely for obvious reasons. It starts tomorrow, runs for two days, and more details can be found here and here.

In other conference news, NamesCon has also announced dates for its 2023 NamesCon Global conference. According to Domain Name Journal, it will return to Austin, Texas, from May 31 to June 3 next year.

DomainPulse, the conference serving the Germanophone region of Europe (albeit in English), has set its 2023 event for February 6 and 7 in Winterthur, Switzerland.

Scoop of the month…

By far the most interesting article I’ve read from the last month came from NameBio’s Michael Sumner, a reverse-exposé of the successful .xyz domain investor who goes by the name “Swetha”.

This area of the industry is not something I spend a lot of time tracking, but I’ll admit whenever I’ve read about this mononymed India-based domainer’s extensive, expensive .xyz sales, I’ve had a degree of skepticism.

It turns out that skepticism was shared by some fellow industry dinosaurs, so Sumner did the legwork, amazingly and ballsily obtaining Swetha’s Afternic login credentials (with her consent) and hand-verifying years of sales data.

He concluded that the sales she’s been reporting on Twitter are legit, and that she’s a pretty damn good domainer, but understandably could not fully disprove the hypothesis that some of her buyers are .xyz registry shills.

Elliot Silver later got a comment from the registry in which it denied any kind of collusion and implied skepticism was the result of sexism and/or racism, rather than the sketchiness sometimes displayed by anonymous Twitter accounts and the registry itself.

Earnings, M&A, IPOs…

  • The otherwise-consolidating industry is getting its first IPO in some time, with United-Internet pitching a public markets spin-off of its IONOS group, which includes brands such as Sedo and InternetX, to potential investors. DNW pulled out some of the more interesting facts from its presentation.
  • Industry consolidator CentralNic reported a strong Q3, though its growth is no longer dependent on its domain name business.
  • Tucows reported modest growth (pdf) for Q3, hindered by flat-to-down results in its domain name business.
  • GoDaddy, which no longer breaks out numbers for its domains business, reported a billion-dollar quarter.
  • Smaller, faster-growing registrar NameSilo reported turning a loss into a profit in the quarter.
  • In M&A, Namespace, owner of EuroDNS, announced it has acquired fellow German registrar Moving Internet.

And finally…

The DNS turned 35. So that’s nice.

Now, if you’ll excuse me, I have 600 unread emails to deal with…

Blind auditions underway for ICANN’s supreme court

Kevin Murphy, October 27, 2022, Domain Policy

An ICANN volunteer committee says it is close to picking a slate of judges for what amounts to ICANN’s much-delayed “supreme court”, but it’s doing so without knowing the identities of the candidates.

The Independent Review Process Community Representatives Group said in a blog post that it expects to wrap up its work — picking at least seven members of an IRP Standing Panel — by the end of the year, though it views the deadline as “challenging”.

The group said that it’s currently reviewing applications for the posts, but with the identities of the candidates redacted, and expects to start interviewing shortly. The members wrote:

While we only see information about various applicants’ qualifications, gender and ICANN regional residency, we do not at this point know the identity of the candidates. These are data points to assist our winnowing process and our endeavor to achieve cultural, linguistic, gender and legal diversity. Diversity by geographic region is indicated in ICANN’s Bylaws.

The skill-set mandated for panelists by ICANN’s bylaws is pretty rarefied — requiring knowledge of international law, arbitration, the DNS and ICANN itself — so it seems likely that LinkedIn and Google could be useful to identity candidates, if CRG members were so inclined.

The CRG said it has a wealth of qualified candidates “a sizeable group of individuals with impressive and suitable backgrounds”, making the selection process “difficult”.

The Standing Panel is envisaged as a kind of supreme court for ICANN. Whenever somebody challenges an ICANN decision with an Independent Review Process complaint, three members of the panel would be selected to hear the case.

The idea is that IRP should become more consistent, objective and speedy, retaining more institutional knowledge, with a stable set of rotating panelists. The current system has ICANN and complainants select their panelist.

ICANN’s bylaws have been calling for the creation of a Standing Panel since April 2013, but ICANN is ICANN and the panel has been delayed by years of foot-dragging and red tape. The CRG was only created to audition candidates in February 2022.

Many IRP cases over the last near-decade have been complicated and delayed by the absence of the panel, even resulting in a lawsuit.

This is great for lawyers who bill by the hour, not so great for complainants and ICANN’s credibility as an accountable organization.

The CRG has seven members drawn from the GNSO, ALAC, ccNSO and GAC, including government representatives of Iran and Nigeria. It’s chaired by Verisign’s David McAuley.

You can’t appeal a UDRP appeal, ICANN Ombudsman says

Kevin Murphy, October 24, 2022, Domain Policy

ICANN’s independent Ombudsman has called an Indian vaccine maker’s second Request for Reconsideration over a failed UDRP case a “misuse” of the Org’s appeals process.

Zydus Lifesciences lost its UDRP over the domain zydus.com earlier this year, with a finding of Reverse Domain Name Hijacking, then used the RfR process to try to get ICANN’s board of directors to overturn the WIPO decision.

The Board Accountability Mechanisms Committee dismissed the complaint because Reconsideration is designed for challenging ICANN’s actions and WIPO is not ICANN.

Zydus immediately filed a second RfR, calling WIPO “an extension of ICANN itself” and that BAMC’s inaction on the first RfR meant the case was now subject to the board’s jurisdiction.

In a rare intervention, Ombudsman Herb Waye poo-poos that notion, writing: “Decisions by the WIPO Panel in a domain name dispute are not sufficient basis for an RfR (hence the BAMC had no ‘jurisdiction’ other than the jurisdiction necessary to dismiss the Request).”

I feel that [the second RfR] has placed the BAMC in the awkward position of policing itself; hence perhaps, its hesitancy to summarily dismiss a Request concerning its own actions. A clear attempt by the requestor to appeal the decision in [the first RfR]. An unfortunate situation that, to me, amounts to misuse of this accountability mechanism.

He concluded that for the BAMC to consider the complaint would be a “waste of resources” and that it should be dismissed.

Zydus will still be able to appeal the UDRP in court, but that of course will be much more expensive.

Unstoppable Domains stops over 116,000 domains as alt-root TLD goes dark

Kevin Murphy, October 20, 2022, Domain Registries

Blockchain alt-root provider Unstoppable Domains has taken a huge credibility hit with its decision to essentially turn off one of its TLDs, rendering over 116,000 domains pretty much useless.

Unstoppable said Tuesday that it has stopped selling .coin domains and would immediately stop supporting their resolution. The names would no longer work with the over 500 cryptocurrency wallets, apps and services that integrate with Unstoppable, the company said.

“As of today, we’ve disabled .coin resolution in our libraries and services. Unstoppable domains are self-custodied NFTs, so you still own your .coin domain, but it won’t work with our resolution services or integrations,” Unstoppable said in a blog post.

According to AltRoots.com, there were almost 117,000 .coin domains at the time they were turned off.

That’s about the same size as Identity Digital’s .email gTLD, and the shutdown is the equivalent of ID telling its registrants that they can keep their domains, but it’s deleting the .email zone file.

The decision drew immediate critical reaction on social media, with many users pointing out that the Unstoppable system doesn’t sound particularly “decentralized” or censorship-resistant any more.

“Doesn’t sound too decentralized or empowering. Hopefully this will wake people up,” one Twitter user wrote.

“So many people literally just had to change their identity due to incompetency. Basically like visa saying you can keep the card but it wont work anywhere anymore,” wrote another.

Users also criticized the company’s decision to offer compensation in the form of store credit — three times what they paid for the domains they return — instead of a cash refund.

Unstoppable said the decision was made after it discovered another blockchain project, Emercoin, has been selling .coin domains since 2014, whereas its own .coin was launched in 2021.

“We’re committed to protecting our customers from the risk of functional collision,” Unstoppable said. “The Emercoin team are pioneers in our industry and we regret that we weren’t aware of this naming collision earlier.”

Name collisions are of course a big deal in the regular DNS, but cohesion around a single consensus root allows risk to be managed and mitigated, as we saw in ICANN’s 2012 new gTLD roll-out.

And in the ICANN system, a TLD would not simply be shut off overnight. Rather, it would transition to an emergency back-end operator for three years until it is either taken over by another permanent registry or wound down in an orderly fashion.

As Domain Name Wire notes, Unstoppable is currently trying to get the operator of a competing .wallet blockchain alt-root TLD shut down in court on the basis of the name collision, and it would have been hypocritical to continue offering its own colliding TLD.

[Guest Post] Hey ICANN: Reporters are not the enemy

Kevin Murphy, October 17, 2022, Uncategorized

This is a guest post by Emmy award-winning former reporter Brad White, who, from 2009 until 2021, was ICANN’s director of global media affairs and later director of communications for North America

It seems like ICANN utters the phrase “accountability and transparency” about every third sentence. And with good cause, since it is a vital foundation upon which the organization was built. But there are indications that foundation is severely cracked.

Unfortunately, ICANN’s leadership too often seems to adopt the position that its commitment to accountability and transparency only extends to its interaction with its community. The news media and by extension – the public – are generally not prioritized.

Journalists and bloggers (who also inform the public) who reach out to the org with questions or interview requests are too often viewed in hostile terms.

The default position of ICANN executives generally appears to be to not talk with journalists unless they must. My sense is that they should adopt the opposite attitude. Specifically, that ICANN leadership should almost always speak with journalists.

In my experience, at various points in the past, ICANN execs even forbade anyone on the communications team from talking to select journalists or bloggers. I was reminded of Richard Nixon’s famous “enemy’s list.”

The very first ICANN Board Chair, Esther Dyson had a good grasp on transparency with the news media when she said, “What I’m thinking about more and more these days is simply the importance of transparency, and Jefferson’s saying that he’d rather have a free press without a government than a government without a free press.”

I worked 12 years at ICANN, before leaving in January 2021 to work as an independent communications consultant. A large part of my job during my tenure was to interact with the news media. Having spent most of my career as a journalist, I enjoyed that aspect of my work, and felt it a vital component of the org’s oft-stated commitment to “accountability and transparency.” But over the years, I witnessed a shift in the way the organization wanted me to perform that function.

During my early days, when a news reporter would reach out with a question and/or seek an interview, I would research the issue the journalist was asking about and then after consulting the appropriate people, pass along the answers and perhaps set up an interview with the appropriate ICANN subject matter expert. And, that was the end of it.

By the time I left, with increasing frequency, when a reporter contacted ICANN, the request ended up going to at least two or three senior executives, the legal department and sometimes the CEO. Too often, the collective decision was to say nothing, if at all possible. When answers were afforded to the journalist, they were too often non-responsive or they merely “pointed” the reporter to a previously published blog or announcement. There were of course exceptions to this approach, but they were few.

What is perhaps most troubling, is that the organization doesn’t seem to feel an obligation to speak with journalists as part of its core value of transparency and accountability, instead the determining factor as to whether to grant an interview was too often — “are they going to screw us?” It was not “we have an obligation to be open to talk to all, including reporters and bloggers, because we believe in accountability and transparency.”

Some years ago, I was asked to conduct media training for ICANN’s top executives so they would better understand journalists and also learn how to better interact with them. But in the immediate years preceding my departure, the media training program appears to have been terminated. In fact, word often went out that “no one should talk to the media.”

Shortly before I left, I was asked to write a report on “ICANN’s Media Strategy.” After submitting an initial draft, it seemed to have gone into a black hole. I was never questioned about the report. I never received a red-lined draft, excluding or including elements, nor was I asked to write a subsequent draft.

Given the apparent efforts to curtail interactions with journalists and bloggers, it was difficult to not interpret the shelving of the media strategy paper because of one of its major points was — “Reporters are not the enemy.”

My sincere hope is that the new Board leadership and the community will re-commit the organization towards maximum accountability and transparency, and that includes talking to journalists, bloggers, and anyone else who can help in implementing the vital checks, balances and accountability that are the foundation of ICANN’s work. It is critical in helping the world understand ICANN and its mission.

Is ICANN toothless in the face of DNS abuse?

Kevin Murphy, October 12, 2022, Domain Policy

Concerns have been raised that ICANN may lack the tools to tackle DNS abuse using its contracts with registries and registrars.

The new report from the GNSO’s “small team” on abuse has highlighted two “gaps” in the current Compliance regime that may be allowing registrars to get away with turning a blind eye to abusive customers.

The current version of the standard Registrar Accreditation Agreement calls for registrars to maintain an abuse contact email and to “take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.”

The problem, the small team report finds, is that ICANN Compliance doesn’t seem to have a standard definition of “reasonable”, “prompt”, and “appropriately”. The contract doesn’t require any specific remediations from the registrar.

“Members of the small team are concerned that this interpretation may allow DNS abuse to remain unmitigated, depending upon the registrar’s specific domain name use and abuse policies,” the report states.

Judging by conversations at ICANN 75 last month, it’s apparently the first time Compliance has gone on the record about how it enforces this part of the contract.

It’s quite rare for ICANN to issue a public breach notice to a registrar over its failure to respond to abuse reports and when it does, it tends to relate to the registrar’s failure to keep records showing how it responded.

I can’t find any instances where Compliance has canned a registrar for allowing abusive domains — typically defined as those hosting malware, phishing, botnets, pharming and some spam — to remain active after an abuse report.

The small team’s report also thinks there’s a blind spot in ICANN’s standard Registry Agreement, which in turn requires registries to include, in their Registry-Registrar Agreements, provisions requiring anti-abuse terms in the registrars’ Registration Agreements.

This complex chain of contractual provisions doesn’t seem to be enforced, the small team notes, saying “further consideration may need to be given to what Registries are doing to ensure the text is indeed included in the Registration Agreement (ie Registries enforcing their own Registry-Registrar Agreements”.

The small team recommends that contracted parties talk further with ICANN about possible contract changes or best practices documents before going ahead with policy-making. The GNSO Council will address the recommendations later this month.

ICANN to mull bulk registration ban

Kevin Murphy, October 12, 2022, Domain Policy

ICANN policymakers are to take a look at banning bulk domain registrations in ongoing efforts to combat DNS abuse.

While in the very early stages of discussion, the GNSO Council is being urged to start gathering data “to further explore the role that bulk registrations play in DNS Abuse” and “to consider whether further action on bulk registrations is deemed necessary”

The recommendation is among several in a newly published report of a cross-constituency GNSO “small team”, which may lead to “tightly focused and scoped policy development”.

While acknowledging “there are also examples in which bulk registrations are used for legitimate purposes”, the report states:

The small team recommends that the GNSO Council requests the Registrar Stakeholder Group and others (for example, ICANN org, the RySG and the DNSAI) to further explore the role that bulk registrations play in DNS Abuse as well as measures that Registrars may have already put in place to address this vector. Based on the feedback received, the GNSO Council will consider whether further action on bulk registrations is deemed necessary.

The report is to be considered later this month at the GNSO Council’s monthly meeting. Any actual policy outcome, if any, will be years away.

ICANN dodges bullet as American elected to ITU top job

Kevin Murphy, October 3, 2022, Domain Policy

The International Telecommunications Union has elected Doreen Bogdan-Martin as Secretary-General, comfortably defeating a Russian candidate who could have caused serious problems for ICANN’s legitimacy.

She won 139 votes out of 172 cast at the agency’s plenipotentiary in Bucharest, the ITU said.​​ She only needed 83. Rashid Ismailov of the Russian Federation, the only other candidate, received 25 votes.

A couple of weeks ago, ICANN CEO Göran Marby took a rare political stance against the Russian’s platform, warning that it could lead to a fragmented internet and the death of ICANN.

Ismailov would have pushed for multilateral internet governance, with the ITU absorbing the functions of ICANN and other multistakeholder organizations.

Bogdan-Martin is American and much more amenable to the status quo.

Paraguay to chair the GAC

Kevin Murphy, October 3, 2022, Domain Policy

Paraguayan government official Nicolas Caballero has been elected as the next chair of ICANN’s Governmental Advisory Committee.

He ran unopposed, in an election that had to extend its nomination period because nobody put themselves forward in time for the original August deadline.

He will replace Egypt’s Manal Ismail, who will leave the chair following ICANN’s meeting in Cancun next March.

The role comes with a non-voting liaison position on ICANN’s board of directors.

Caballero, a technical advisor in Paraguay’s Office of the President, has been on the GAC for about 10 years.

He’s the first GAC chair from South America.