Latest news of the domain name industry

Recent Posts

Wanted: a gTLD to ban

Kevin Murphy, January 16, 2023, Domain Policy

ICANN may have failed so far to deliver a way for the world to create any more gTLDs, but it’s about to pick a string that it will resolve to never, ever delegate.

It’s going to designate an official “private use” string, designed for organizations to use behind their own firewalls, and promise that the chosen string will never make it to the DNS root.

IP lawyers and new gTLD consultants might want to keep an eye on this one.

The move comes at the prompting of the Security and Stability Advisory Committee, which called for ICANN to pick a private-use TLD in a September 2020 document (pdf).

ICANN hasn’t picked a string yet, but it has published its criteria for public comment:

1. It is a valid DNS label.
2. It is not already delegated in the root zone.
3. It is not confusingly similar to another TLD in existence.
4. It is relatively short, memorable, and meaningful.

The obvious thing to do would be to pick one of the 42 strings ICANN banned in the 2012 new gTLD round, which includes .example, .test and .invalid, or one of the three strings it subsequently decided were too risky to go in the root due to their extensive use on private networks — .corp, .mail and .home.

The SSAC notes in its document that ICANN’s two root server constellations receive about 854 million requests a day for .home — the most-used invalid TLD — presumably due to leaks from corporate networks and home routers.

But .homes (plural) is currently in use — XYZ.com manages the registry — so would .home fail the “confusingly similar” test? Given that it’s already established ICANN policy that plurals should be banned in the next round, .home could be ruled out.

ICANN’s consultation doesn’t make mention of whether gTLDs applied for in subsequent rounds would be tested for confusing similarity against this currently theoretical private-use string, but it seems likely.

Anyone considering applying for a gTLD in future will want to make sure the string ICANN picks isn’t too close to their brands or gTLD string ideas. Its eventual choice of string will also be open for public comment.

There don’t seem to be a massive amount of real-world benefits to designating a single private-use TLD string.

Nobody would be obliged to use it in their kit or on their networks, even if they know it exists, and ICANN’s track record of reaching out to the broader tech sector isn’t exactly stellar (see: universal acceptance). And even if everyone currently using a different TLD in their products were to switch to ICANN’s choice, it would presumably take many years for currently deployed gear to cycle out of usage.

IRP panel tells ICANN to stop being so secretive, again

Kevin Murphy, January 9, 2023, Domain Policy

ICANN’s dismal record of adverse Independent Review Process decisions continued last week, with a panel of arbitrators telling the Org to shape up its transparency and decision-making processes.

The panel has essentially ruled that ICANN did everything it could to be a secretive as possible when it decided to remove price controls from its .org and .info registry contracts in 2019.

This violated its bylaws commitments to transparency, the IRP panel found, at the end of a legal campaign by Namecheap commenced over three years ago.

Namecheap wanted the agreements with the two registries “annulled”, but the panel did not go that far, instead merely recommending that ICANN review its decision and possibly enter talks to put the price caps back.

But the decision contains some scathing criticisms of ICANN’s practice of operating without sufficient public scrutiny.

Namecheap had argued that ICANN broke its bylaws by not only not applying its policies in a non-discriminatory manner, but also by failing to adequately consult with the community and explain its decision-making.

The registrar failed on the first count, with the IRP panel ruling that ICANN had treated registry contract renegotiations consistently over the last 10 years — basically trying to push legacy gTLDs onto the 2012-round base Registry Agreement.

But Namecheap succeeded on the second count.

The panel ruled that ICANN overused attorney-client privilege to avoid scrutiny, failed to explain why it ignored thousands of negative public comments, and let the Org make the price cap decision to avoid the transparency obligations of a board vote.

Notably, the panel unanimously found that: “ICANN appears to be overusing the attorney-client privilege to shield its internal communications and deliberations.”

As one example, senior staffers would copy in the legal team on internal communications about the price cap decision in order to trigger privilege, meaning the messages could not be disclosed in future, the decision says.

ICANN created “numerous documents” about the thinking that went in to the price cap decision, but disclosed “almost none” of them to the IRP due to its “overly aggressive” assertion of privilege, the panel says.

As another example, staffers discussed cutting back ICANN’s explanation of price caps when it opened the subject to public comment, in order to not give too much attention to what they feared was a “hot” and “sensitive” topic.

ICANN’s failure to provide an open and transparent explanation of its reasons for rejecting public comments opposing the removal of price controls was exacerbated by ICANN’s assertion of attorney-client privilege with respect to most of the documents evidencing ICANN’s deliberations…

ICANN provided a fairly detailed summary of the key concerns about removing price caps, but then failed to explain why ICANN decided to remove price caps despite those concerns. Instead, ICANN essentially repeated the explanation it gave before receiving the public comments.

The panel, which found similar criticisms in the earlier IRP of Dot Registry v ICANN, nevertheless decided against instructing ICANN to check its privilege (to coin a phrase) in future, so the Org will presumably be free to carry on being as secretive as normal in future.

Namecheap also claimed that ICANN deliberately avoided scrutiny by allowing Org to remove the price caps without a formal board of directors resolution, and the panel agreed.

The Panel finds that of the removal of price controls for .ORG, .INFO, and .BIZ was not a routine matter of “day-to-day operations,” as ICANN has asserted. The Price Cap Decision was a policy matter that required Board action.

The panel notes that prior to the renewal of .org, .info and .biz in 2019, all other legacy gTLD contracts that had been renewed — including .pro, which also removed price caps — had been subject to a board vote.

“ICANN’s action transitioning a legacy gTLD, especially one of the three original gTLDs (.ORG), pursuant to staff action without a Board resolution was unprecedented,” the panel writes.

Quite why the board never made a formal resolution on the .org contract is a bit of a mystery, even to the IRP panel, which cites lots of evidence that ICANN Org was expecting the deal to go before the board as late as May 13, 2019, a month before the anticipated board vote.

The .org contract was ultimately signed June 30, without a formal board resolution.

(Probably just a coincidence, but Ethos Capital — which went on unsuccessfully to try to acquire .org registry Public Interest Registry from ISOC later that year — was formed May 14, 2019.)

The IRP panel notes that by avoiding a formal board vote, ICANN avoided the associated transparency requirements such as a published rationale and meeting minutes.

The panel in conclusion issued a series of “recommendations” to ICANN.

It says the ICANN board should “analyze and discuss what steps to take to remedy both the specific violations found by the Panel, and to improve its overall decisionmaking process to ensure that similar violations do not occur in the future”.

The board “should consider creating and implementing a process to conduct further analysis of whether including price caps in the Registry Agreements for .ORG and .INFO is in the global public interest”

Part of that process should involve an independent expert report into whether price caps are appropriate in .info and especially .org.

If it concludes that price controls are good, ICANN should try to amend the two registry agreements to restore the caps. If it does not conduct the study, it should ask the two registries if they want to voluntarily restore them.

Finally, the panel wrote:

the Panel recommends that the Board consider revisions to ICANN’s decision-making process to reduce the risk of similar procedural violations in the future. For example, the Board could adopt guidelines for determining what decisions involve policy matters for the Board to decide, or what are the issues on which public comments should be obtained.

ICANN is on the hook to pay the panel’s fees of $841,894.76.

ICANN said in a statement that it is “is in the process of reviewing and evaluating” the decision and that the board “will consider the final declaration as soon as feasible”.

Namecheap says it won legal fight over .org price caps

Kevin Murphy, January 5, 2023, Domain Registries

Namecheap claims to have won a fight against ICANN over the lifting of contractual price caps in .org and .info back in 2019.

The two parties have been battling it out for almost three years in an Independent Review Process case over ICANN’s decision to allow the .info and .org registries to increase their prices by as much as they want.

Namecheap now claims the decision has been delivered and “the IRP panel decided that ICANN had, indeed, violated its Bylaws and Articles of Incorporation and that ICANN’s decision to remove the price caps was invalid.”

The registrar also says it failed in its attempt to have a similar ruling with regrds the .biz TLD, but it’s not clear why.

Neither party has yet published the decision in full (ICANN is likely redacting it for publication as I type), and ICANN has yet to make a statement, so we only have Namecheap’s interpretation to go on.

It seems the IRP panel disagreed with ICANN that it was within its staff’s delegated powers to renegotiate the price provisions of the contracts without input from the board of directors.

Rather, there should be a open and transparent process, involving other stakeholders, for making such changes, the panel said according to Namecheap.

What the panel does not appear to have said is that the price caps can be unilaterally restored to the contracts. Rather, it seems to suggest a combination of voluntary reinstatements, expert competition reviews, and bilateral renegotiations.

The decision also seems to say that price controls are more important in .org than .info, due to its not-for-profit nature, which flies in the face of ICANN’s long-term push to standardize its contracts to the greatest extent possible.

The row over .org pricing emerged shortly before the ultimately unsuccessful takeover attempt of Public Interest Registry by for-profit private equity firm Ethos Capital was announced. Ethos had planned to raise prices, but PIR, still a non-profit owned by the Internet Society, to date has not.

Namecheap’s IRP claims related to ICANN’s handling of that acquisition attempt were thrown out in 2021.

.info was an Afilias TLD when the IRP was filed but is now Ethos-owned Identity Digital’s biggest gTLD following consolidation.

I’ll have more on this story after the full decision is made public.

More details on ICANN’s CEO handover

Kevin Murphy, December 28, 2022, Domain Policy

ICANN has published more information on its change of CEO, which saw Göran Marby’s shock resignation last week.

Interim CEO Sally Costerton has been employed on an automatically renewing six-month contract that will only end if she quits, is fired, or a permanent replacement is found.

The ICANN board of directors has approved a “monthly stipend”, a bonus payment while she holds the interim position, but the amount, based on advice from compensation consultancy Willis Towers Watson, was not disclosed.

In fact, Costerton’s salary has never been disclosed in the decade she has worked for the Org. It is assumed that she is paid via the UK-based company she set up with her husband around the same time she was hired by ICANN.

That company, Sally Costerton Advisory Ltd, had about £1.3 million ($1.6 million) in net assets as of March, company records, which include no income statement, show. ICANN’s tax returns, which report executive salaries, do not reflect any payments to the company.

The board’s resolutions also confirm that Marby, who will stay as a consultant until May 2024, has will have his contract renegotiated, but the terms were redacted.

Merry Christmas! Marby finally out as ICANN CEO

Kevin Murphy, December 22, 2022, Domain Policy

Göran Marby has “resigned” as the CEO of ICANN.

An unrelated picture of John Travolta

Chair Tripti Sinha informed staff of his departure last night, saying Marby had been working with the board “over the past few days” to ensure a “smooth transition” that will see him stay on the payroll as a consultant until May 23, 2024.

That’s the date his employment contract was due to expire anyway. There’s no word yet on whether his eye-watering salary will be reduced.

Sinha herself is a new installation, taking over after the board ousted Maarten Botterman a few months ago.

Sally Costerton, senior vice president of global stakeholder engagement, has taken over on an interim basis, while ICANN recruits a successor, but she has an added bonus of being likable and one assumes she’s a leading candidate to take over on a permanent basis.

Costerton, a British former PR professional, has been itching for the gig for over a decade, first applying after Rod Beckstrom quit in 2012 and immediately brought into the senior ranks by Fadi Chehadé, who hired both of his unsuccessful fellow short-listers.

A CEO with a background in public relations in theory is good news for ICANN transparency. The Org has been criticized for ignoring the media and other transparency obligations under its current leadership.

Marby’s achievements in his six and a half years as CEO include being the first person to persuade the board to pay him over a million dollars a year and

ICANN loses another dot-brand, this one in use

Kevin Murphy, December 20, 2022, Domain Registries

Linde, a German chemicals company, has asked ICANN to terminate its gTLD registry contract.

Unusually, the dot-brand was actually in use, with many .linde domains still in its zone file, many of which were indexed by search engines.

It seems the company was using two-letter country-specific domains such as cz.linde and feature-oriented names such as socialmedia.linde to redirect to pages on linde.com or even the godawful the-linde-group.com.

But whatever Linde was trying, it didn’t live up to expectations, so .linde is set to be added to the funeral pyre of 100+ dead dot-brands.

Abuse crackdown likely in next gTLD registrar contract

Kevin Murphy, December 20, 2022, Domain Policy

ICANN and its accredited registries and registrars have formally kicked off contract renegotiations designed to better tackle DNS abuse.

The aim is to create a “baseline obligation” for contracted parties to “take reasonable and appropriate action to mitigate or disrupt malicious registrations engaged in DNS Abuse”, according to recent correspondence.

This may close the loophole in the contracts identified this year that hinder ICANN Compliance’s ability to take action against registrars that turn a blind eye to abuse.

The current contracts require registrars to “take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse”, which lacks clarity because there’s no agreement on what an appropriate response is.

The registries and registrars stakeholder groups (RySG and RrSG) note that there won’t be an expansion of the term “DNS abuse” to expand into web site content, nor will the talks cover Whois policy.

As is the norm for contract negotiations, they’ll be bilateral between ICANN and a select group of representative contracted parties, and conducted in private.

Talks are expected to take three to six months and the resulting amendments to the Registrar Accreditation Agreement and base Registry Agreement will be published for 30 days of public comment.

It’s been almost 10 years since the RAA was last updated.

ICANN expects to approve Whois Disclosure System next month

Kevin Murphy, December 20, 2022, Domain Policy

ICANN could be offering a centralized system for requesting private domain registration data as early as a year from now, a mere five and a half years after GDPR ruined the global Whois system for many.

The Org recently alluded to its “board’s anticipated January 2023 vote to move forward in implementing the new system to streamline the intake and routing of requests for access to nonpublic gTLD registration data” in a blog post.

It has previously stated that it will take nine months to develop and roll out the system, along with a three-month “ramp-up period”, but that preparatory work may have already started.

The system will be based on CZDS, the service that currently allows people to request zone file data from registries, and cost $3.3 million to develop and run for its anticipated two-year trial period.

Don’t expect it to be called the Whois Disclosure System though. Community feedback has been pretty clear that “disclosure” is an inappropriate word because the system merely manages requests and does not actually disclose anything.

It’s also going to be voluntary for both requesters and registrars/registries for now.

The system was previously known as SSAD Lite, a cut-down version of the community-recommended System for Standardized Access and Disclosure, which ICANN estimated would have cost infinity dollars and take a century to implement.

Industry outlook gloomy for next year, predicts ICANN

Kevin Murphy, December 16, 2022, Domain Policy

ICANN is forecasting a downturn of the domain industry’s fortunes over the coming year according to its draft fiscal 2024 budget, published today.

The Org’s beancounters are budgeting for slumps in both legacy and new gTLD transactions, along with declines in the number of contracted registries and registrars.

Global economic conditions, such as the post-Covid recessions and high inflation being experienced by many nations, are blamed for the poor outlook.

Overall, ICANN expects to have a couple million bucks less to play with in FY24, which runs from July 2023 to June 2024.

It’s planning to receive $145.3 million, down from the $147.7 million it expects to receive in the current fiscal year, which is only half-way through.

Most of ICANN’s money comes from transaction fees on legacy gTLDs — mainly Verisign’s .com — and that’s where it’s predicting a 1% decline, from $88.3 million to $87.1 million, or 185.8 million transactions compared to 187.9 million.

ICANN receives transaction fees on every domain added, renewed or transferred between registrars.

Verisign has been lowering its financial outlook all year, as .com shrinks. Fewer .com renewals means less money for ICANN.

ICANN also thinks new gTLD sales are going down, from 25.7 transactions in the current year to 24.2 million in FY24, taking about $600,000 from ICANN’s top line.

The number of contracted registries is also predicted to decline by 19, from 1,146 to 1,127 by the end of the year, while the number of registrars is expected to increase from 2,447 to 2,452.

Other funding sources, such as ccTLD contributions and sponsorships, are expected to remain unchanged.

The draft budget is open for public comment and could well change before it is finally approved, which usually comes in May or June.

Content police? ICANN mulls bylaws change

Kevin Murphy, December 14, 2022, Domain Policy

ICANN could change its bylaws to allow it to police internet content to an extent, it emerged this week with the publication of the Operational Design Assessment for the next stage of the new gTLD program.

Currently, ICANN’s bylaws state that the Org may not “regulate (i.e., impose rules and restrictions on) services that use the Internet’s unique identifiers or the content that such services carry or provide”, and it’s been adamant that it is not the “content police”.

But the community has recommended that future new gTLD applicants should be able to agree to so-called Registry Voluntary Commitments, statements of registry policy that ICANN would be able to enforce via contract.

RVCs would be much like the Public Interest Commitments many registries agree to in the 2012 application round, implemented before ICANN’s current bylaws were in effect.

As an example I’ve used before, Vox Populi Registry has PICs that ban cyberbullying and porn in its .sucks gTLD, and in theory could lose its contract if it breaks that rule by allowing .sucks sites to host porn (like this NSFW one, for example).

ICANN’s board of directors expressed concern two years ago that its bylaws may prevent it from approving the RVC recommendation.

But Org staff have now raised, in writing and on a webinar today, the prospect that the board could change the bylaws to permit RVCs to go ahead. The ODA published on Monday states:

The Board may wish to consider how and whether it can accept the recommendations related to PICs and RVCs. One option may be to amend the Bylaws with a narrowly tailored amendment to ensure that there are no ambiguities around ICANN’s ability to agree to and enforce PICs and RVCs as envisioned

How worrying this could be would depend on the wording, of course, but even the chance of ICANN meddling in content is usually enough to raise eyebrows at the likes of the Electronic Frontier Foundation, not to mention supporters of blockchain alt-roots, many of whom seem to think ICANN is already censoring the internet.

It’s not clear whether the change is something the board is actively considering, or just an idea being floated by staff.