Recent Posts
- Could ICANN’s chair be ousted by NomCom?
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
Schilling laughing as Uniregistry beats Google to .lol
Uniregistry’s portfolio of quirky new gTLDs grew today. The company seems to have beaten Google to .lol in a private deal.
The two companies were the only ones to apply for .lol, and Google’s application was formally withdrawn today.
As usual for private contention set settlements, the winning price has not been disclosed.
Uniregistry has 18 delegated gTLDs in its stable, with five more currently uncontested applications (.lol makes six) waiting in the wings.
I like .lol as a gTLD. It’s a punchy, short, meaningful string that certainly belongs to the right of the dot.
I can see it being deployed in the near term by the incessant sewer of BuzzFeed clones that are increasingly stinking up social media, which could give increased visibility and helpful viral marketing.
Longer term, there may be a worry if in future the kidz stop using “lol” and start viewing it as something their parents say, but we’re probably a ways from that yet.
One company now owns almost a third of all registrars
TurnCommerce acquired another 299 registrar accreditations from ICANN over Christmas week.
The company, which is behind domain properties including DropCatch.com, now has at least 452 registrars in its stable. That’s over 31% of the 1,456 total currently reported by Internic.
Each of the new accreditations is named “DropCatch”, followed by a number from 446 to 751. Each has a matching .com domain as its nominal base of operations and an associated LLC shell company.
At $4,000 a year for the base accreditation fee, TurnCommerce must be spending close to $2 million a year in ICANN fees alone.
Companies in the drop-catching business acquire large numbers of registrars in order to control more batches of connections with which to spam gTLD registries with “add” requests when potentially valuable domains expire and are deleted.
With almost a third of all accredited registrars now operating under the same control, one imagines TurnCommerce’s chances of securing the names it wants have been significantly improved.
As well as DropCatch, TurnCommerce runs retail registrar NameBright and premium sales site HugeDomains. It has plans to launch additional services at Expire.com and PremiumDomains.com shortly.
Its latest crop of registrars means ICANN has accredited over 2,200 companies since the gTLD registrar market was opened for competition 15 year ago, though many have allowed their contracts to lapse or, less frequently, have been terminated by ICANN compliance efforts.
.baby and .mls fetch over $3 million each
ICANN and Power Auctions have completed December’s mini-batch of “last resort” new gTLD auctions, adding a total of $6.4 million to its mysterious auction cash pile.
Johnson & Johnson won .baby, fighting off five portfolio applicants and paying a winning bid of $3,088,888.
Meanwhile, the Canadian Real Estate Association beat Afilias to .mls, paying $3,359,000.
I called it for CREA earlier this week, noting that the organization wanted .mls enough that it filed two applications, a failed Community Priority Evaluation, and an unsuccessful Legal Rights Objection against Afilias.
ICANN has now raised over $34 million selling off 10 strings at last resort auctions, with prices ranging from $600,000 (.信息) to $6.7 million (.tech).
The money has been set aside for purposes currently undecided. At least one applicant wants ICANN to redistribute the cash to losing bidders, which I don’t think is particularly likely.
Human glitch lets hackers into ICANN
It’s 2014. Does anyone in the domain name business still fall for phishing attacks?
Apparently, yes, ICANN staff do.
ICANN has revealed that “several” staff members fell prey to a spear-phishing attack last month, resulting in the theft of potentially hundreds of user credentials and unauthorized access to at least one Governmental Advisory Committee web page.
According to ICANN, the phishers were able to gather the email passwords of staff members, then used them to access the Centralized Zone Data Service.
CZDS is the clearinghouse for all zone files belonging to new gTLD registries. The data it stores isn’t especially sensitive — the files are archives, not live, functional copies — and the barrier to signing up for access legitimately is pretty low.
But CZDS users’ contact information and login credentials — including, as a matter of disclosure, mine — were also accessed.
While the stolen passwords were encrypted, ICANN is still forcing all CZDS users to reset their passwords as a precaution. The organization said in a statement:
The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution. Users may request a new password at czds.icann.org. We suggest that CZDS users take appropriate steps to protect any other online accounts for which they might have used the same username and/or password. ICANN is providing notices to the CZDS users whose personal information may have been compromised.
As a victim, this doesn’t worry me a lot. My contact details are all in the public Whois and published on this very web site, but I can imagine other victims might not want their home address, phone number and the like in the hands of ne’er-do-wells.
It’s the second time CZDS has been compromised this year. Back in April, a coding error led to a privilege escalation vulnerability that was exploited to view requests by users to new gTLD registries.
Also accessed by the phishers this time around were several pages on the GAC wiki, which is about as interesting as it sounds (ie, not very). ICANN said the only non-public information that was viewed was a “members-only index page”.
User accounts on the ICANN blog and its Whois information portal were also accessed, but apparently no damage was caused.
In summary, the hackers seem to have stolen quite a lot of information they could have easily obtained legitimately, along with some passwords that may allow them to cause further mischief if they can be decrypted.
It’s embarrassing for ICANN, of course, especially for the staff members gullible enough to fall for the attack.
While the phishers made their emails appear to come from ICANN’s own domain, presumably their victims would have had to click through to a web page with a non-ICANN domain in the address bar order to hand over their passwords.
That’s not the kind of practice you’d expect from the people tasked with running the domain name industry.
Hotly contested gTLDs up for auction tomorrow
ICANN’s fifth set of last-resort new gTLD auctions is set for tomorrow and it’s another small batch.
Just two contention sets — .baby and .mls — are set to be resolved, with ICANN stashing the winning bids into its special fund.
.baby is hotly contested with no fewer than six applicants — five portfolio applicants and one big brand.
Will Johnson & Johnson get what was once a single-registrant “closed generic”, or will Donuts, Google, Radix, Famous Four or Minds & Machines prevail?
Meanwhile, .mls (for “multiple listing service”, a type of real estate listings aggregation service popular in North America) is a two-horse race between Afilias and the Canadian Real Estate Association.
I’m tempted to call this one for CREA. The organization is so desperate for the .mls gTLD that it filed two applications, one “community” and one vanilla.
The community application was withdrawn earlier this year when CREA scored 11 out of 16 points on its Community Priority Evaluation, failing to pass the 14-point threshold.
The organization even filed a Legal Rights Objection against Afilias in attempt to kill off the competition, which also failed.
Having fought off these challenges, Afilias is either going to get the gTLD or walk away empty-handed. The last resort auction does not compensate unsuccessful bidders for their investments.
As .trust opens for sunrise, Artemis dumps .secure bid
Amazon is now the proud owner of the .secure new gTLD, after much smaller competing applicant Artemis Internet withdrew its bid.
Coincidentally, the settlement of the contention set came just yesterday, the day before Artemis took its .trust — which I’ve described as a “backup plan” — to sunrise.
I assume .secure was settled with a private deal. I’ve long suspected Artemis — affiliated with data escrow provider NCC Group — had its work cut out to win an auction against Amazon.
It’s a shame, in a way. Artemis was one of the few new gTLD applicants that had actually sketched out plans for something quite technologically innovative.
Artemis’ .secure was to be a “trust mark” for a high-priced managed security service. It wasn’t really about selling domain names in volume at all.
The company had done a fair bit of outreach work, too. As long ago as July 2013, around 30 companies had expressed their interest in signing up as anchor tenants.
But, after ICANN gave Amazon a get-out-of-jail-free card by allowing it to amend its “closed generic” gTLD applications, it looked increasingly unlikely Artemis would wind up owning the gTLD it was essentially already pre-selling.
In February this year, it emerged that it had acquired the rights to .trust from Deutsche Post, which had applied for the gTLD unopposed.
This Plan B was realized today when .trust began its contractually mandated sunrise period.
Don’t expect many brands to apply for their names during sunrise, however — .trust’s standard registration policies are going to make cybersquatting non-existent.
Not only will .trust registrants have their identities manually vetted, but there’s also a hefty set of security standards — 123 pages (pdf) of them at the current count — that registrants will have to abide by on an ongoing basis in order to keep their names.
As for Amazon, its .secure application, as amended, is just as vague as all of its other former bids for closed, single-registrant generic strings (to the point where I often wonder if they’re basically still just closed generics).
It’s planning to deploy a small number of names to start with, managed by its own intellectually property department. After that, its application all gets a bit hand-wavey.
Last resort gTLD auction loser wants share of $5m winning bid
An unsuccessful new gTLD applicant wants ICANN to share the proceeds of its “last resort” auction with itself and the other losing applicants.
Aesthetics Practitioners Advisory Network had applied for .salon, but found itself in a contention set with three other applicants and was ultimately beaten at auction by a winning bid of over $5 million from Donuts.
Now, the company has written to ICANN to ask for the money from the ICANN-run auction to be shared out among the losing bidders in much the same way as it is when a contention set goes to private auction.
APAN CEO Tina Viney wrote (pdf):
On the basis that ICANN received such a large amount ($5.175million) for the bidding of this auction it would be fair and equitable for the losing parties to be considered in the distribution of the winning financial bid. We believe that ICANN should review this consideration for losing parties who have had to incur numerous costs, not just the application fee, but also toward the preparation of documents so that we could meet with ICANN’s requirements. These include, but are not limited to registry fees, solicitor’s fees, financial services, not to mention the enormous amount of time that is required of an applicant in preparing for their application.
As a result, we respectfully request ICANN as part of their funds distribution policy to consider the applicants who did not win at the auction, BUT WERE SUCCESSFUL IN PASSING THE EVALUATION PROCESS.
She said that private auctions, which allow losing applicants to recoup some or all of their costs, should be mandatory when a majority of the applicants in a contention set want one.
In .salon’s case, one of the four applicants didn’t agree to a private auction, according to Viney. As Donuts is the enthusiastic pioneer of the private auction concept, that means the holdout was either DaySmart Software or L’Oreal.
New .jobs contract based on new gTLD agreement
ICANN and Employ Media are set to sign a new contract for operation of the .jobs registry which is based heavily on the Registry Agreement signed by all new gTLD registries.
.jobs was delegated in 2005 and its first 10-year RA is due for renewal in May 2015.
Because Employ Media, like all gTLD registries, has a presumption of renewal clause in its contract, ICANN has published the proposed new version of its RA for public comment.
It’s basically the new gTLD RA, albeit substantially modified to reflect the fact that .jobs is a “Sponsored TLD” — slightly different to a “Community” TLD under the current rules — and because .jobs has been around for nine years already.
That means it won’t have to sign a contract forcing it to run Sunrise or Trademark Claims periods, for example. It won’t have to come up with a Continued Operations Instrument — a financial arrangement to cover operating costs should the company go under — either.
Its commitments to its sponsor community remain, however.
ICANN said it conducted a compliance audit on Employ Media before agreeing to the renewal.
Employ Media remains the only gTLD registry to have been hit by a formal breach notice by ICANN Compliance. In 2011, it threatened to terminate its contract over a controversial proposal to all job aggregation sites to run on .jobs domains.
The registry filed an Independent Review Process complaint to challenge the ruling and ICANN eventually backed down in 2012.
The fight came about as a result of complaints from the .JOBS Charter Compliance Coalition, a group of jobs sites including Monster.com.
.health backer has cop-like takedown powers for all gTLDs in Japan
LegitScript, a US company focused on eradicating illegal online pharmacies, which backs the .pharmacy and .health gTLDs, has been given police-like powers to have domain names taken down in Japan.
It has also emerged that when IP Mirror, a brand protection registrar, was hit with an embarrassing ICANN contract-breach notice in November, it was as a result of a LegitScript complaint.
Under section 3.18.2 of ICANN’s 2013 Registrar Accreditation Agreement, registrars must have a 24/7 abuse hotline that can be used by “law enforcement, consumer protection, quasi-governmental or other similar authorities” to report illegal activity.
Registrars must act on complaints made to the hotline within 24 hours, but only authorities designated by national governments get to use it.
Now, it transpires that LegitScript has been formally designated a 3.18.2 authority by the Japanese Ministry of Health, Labor and Welfare.
That means the US company’s complaints about domains hosting potentially illegal pharmacy sites have the same weight as complaints from the Japanese police, when made to registrars that have an office in Japan, even if they’re headquartered elsewhere.
IP Mirror, which was recently acquired by CSC Digital Brand Services, is based in Singapore but has an office in Tokyo.
As far as I can tell, most of the top 10 registrars do not have offices in Japan. KeyDrive (Moniker, Key-Systems etc) may be the exception. GMO is the largest registrar based in Japan.
LegitScript announced its relationship with the Japanese ministry in September (I missed it at the time) and company president John Horton provided some context to the IP Mirror breach notice on CircleID today.
I only report the deal today because it strikes me as noteworthy that a private enterprise has been given the same powers under the 2013 RAA as law enforcement and government consumer protection agencies — and it’s not even in its home territory.
Horton told DI today that while LegitScript is legally based in the US and has offices in the EU, only Japan has so far formally granted it 3.18.2 powers. He said in an email:
We only have formal Section 3.18.2 designation in Japan at present. We have some other endorsements or recommendations by or on behalf of government authorities, although they do not specifically reference Section 3.18.2. We work closely with the Italian Medicines Agency and the Irish Medicines Board, for example, and report rogue Internet pharmacies in consultation with them.
Horton pointed out that anybody is able to to file abuse complaints under the 2013 RAA — and registrars are obliged to “take reasonable and prompt steps to investigate and respond appropriately”.
His CircleID piece cites two instances in which such complaints from LegitScript resulted in ICANN breach notices.
The chief difference is that under 3.18.2 registrars do not have much flexibility in their response times. They have to “take necessary and appropriate actions” within a black-and-white 24-hour deadline.
.love won by class action lawyers
It appears that the contested new gTLD .love has been won by the law firm Merchant Law Group, after an auction.
Minds + Machines, Richemont, Google and Donuts have all officially withdrawn their competing applications. I gather that withdrawals from Uniregistry and Famous Four Media are on their way.
.love would be MLG’s first successful new gTLD application.
The would-be portfolio applicant applied for eight strings, all of which were contested by others. It has withdrawn bids for .news, .club and .law after auctions.
MLG is odd as new gTLD applicants go. It’s a Canadian law firm that offers services across many areas of law but seems to specialize in class action lawsuits.
According to its application, .love will be positioned in the same space as .wed and .wedding:
.LOVE’s target markets are broad enough to maintain a financially viable TLD and distinct enough that the .LOVE TLD will not become ‘just another .info’. A .LOVE TLD will provide a unique space on the Internet for information and services related to the idea of love, engagements, marriage, and family. It will allow anyone to register a domain name and post information about products and services related to the idea of love, an engagement, a marriage, or family.
It is anticipated to be an open, unrestricted gTLD running on a CentralNic back-end.
Recent Comments