ICANN wins IRP because complainant literally doesn’t exist

An Independent Review Process panel has thrown out a case filed by a failed new gTLD applicant because the applicant was found to have not existed for almost seven years.

A Bahrain-based company called GCCIX had applied to run .gcc, for Gulf Cooperation Council, in 2012. Its bid was rejected by ICANN the following year on the advice of the Governmental Advisory Committee because it had no affiliation with the actual GCC, a political grouping of nations in the Middle East.

GCCIX has been challenging the rejection ever since, filing an IRP against ICANN in 2021.

But it turns out GCCIX, which apparently had only one employee, has not legally existed in Bahrain since 2018, when it lost its corporate registration for reasons that still seem a mystery even to the IRP panelist.

This kinda scuppers the former company’s ability to do stuff like signing a contract to operate a top-level part of the internet’s infrastructure. Dismissing the case, the IRP panelist wrote:

The Tribunal determines that GCCIX’s status as company “deleted by law” precludes it from engaging in commercial activity under Bahrani law. Those commercial activities undoubtedly include entering into a Registry Agreement and providing the technical and other services required to operate a gTLD… GCCIX has not had the legal capacity to operate a gTLD since at least 2018 and has not revived its capacity despite having ample time to do so.

The question now is who has to pay for this debacle, which seems to involve somewhere between four and 12 years worth of legal fees and other costs. ICANN says it wants sanctions against GCCIX, too.

The panelist said that a decision on costs would have to be made by a full IRP panel, and it’s asked both parties to have a chat about whether they want one.

Could Musk’s DOGE kill off D3’s .doge?

The creation of the US Department of Government Efficiency raises the possibility of a government objection to .doge, a gTLD that D3 Global has announced it plans to apply for.

D3, a domain name consultancy that is promising to deliver gTLDs in next year’s application round that connect to identities currently only available on blockchains, has said it it working on a bid for .doge.

But that’s an exact match to DOGE, a not-quite “department” of the US government created by President Trump in the last few weeks and headed by megalomaniac billionaire troll Elon Musk.

DOGE is tasked with cutting government spending, waste and fraud, and the department’s devil-may-care modus operandi seems to spawn fresh controversy on an almost hourly basis.

In the D3 context, the word “doge” rather refers to a social media meme from well over a decade ago — a photo of a dog called Kabosu, now dead, used as the mascot of a cryptocurrency called Dogecoin.

D3’s partner on the bid is Own The Doge, a project of PleasrDAO that says it paid $4,240,000 in 2021 for the non-fungible token (NFT) of the original Kabosu photo.

Own The Doge then broke the NFT up into almost 17 billion pieces, which are traded like other digital assets. It also makes money selling Kabosu merch, licensing the image, and selling ownership of single pixels of the original image.

The silly governmental meaning and the silly crypto meaning are linked. Musk, a known fan of Dogecoin, seems to have first proposed DOGE as the name of the agency he proposed to lead as a kind of in-joke.

His first tweet on that topic came August 20 last year, a few weeks before the .doge bid was announced.

Given the timing, the exact-match spelling, and the crossover in the semantic Venn diagram, it seems a .doge gTLD application could present a pretty big target for a formal objection.

If the US decided to start throwing its weight around on ICANN’s Governmental Advisory Committee, which has substantial powers to scupper gTLD applications, it’s easy to see how it could horse-trade its way to getting a full consensus GAC objection.

But would a Musk-influenced Trump administration choose to object? Or could its mere existence actually prove beneficial to .doge’s future prospects?

We asked D3, and chief marketing officer Mark Trang told us:

While we’re not going to speculate on whether or not the Department of Government Efficiency will affect a future TLD like .doge, anything the current administration does to raise the visibility of domains, cryptocurrencies, and blockchains we view as a positive for our industry.

It almost certainly is far too early to speculate, but that’s never stopped me before.

Quite apart from the .doge issue, the Trump administration has yet to show its hand on how it will interact with internet governance in general and ICANN and the domain name industry in particular.

It looks today, over a year before the next new gTLD application window is scheduled to open, that this kind of thing is pretty far down the Trump administration’s priority list, if it’s even on the radar at all.

The relatively small National Telecommunications and Information Administration, which supplies the US with its civil service GAC representatives, doesn’t even have its politically appointed leadership yet.

The Heritage Foundation’s Project 2025, seen by some as Trump’s playbook for government reform, says nothing about ICANN or domain names in its NTIA section (pdf), and even gets the meaning of the A in the name wrong, calling it the “Agency”.

As for Musk, he’s known to be well across domain names as a concept, though he may be a .com fanboy. When he reacquired x.com from PayPal, before subsequently renaming Twitter around the domain, he said it was for sentimental reasons.

While it was pretty much an open secret that the pre-Musk Twitter planned to apply for a .twitter gTLD, the renaming to X of course means that it cannot be a dot-brand under ICANN rules banning single-character Latin TLDs.

But rules don’t seem to matter too much at this moment in history, when the US seems more than ready to dispose of decades-old conventions and use raw financial power to achieve its goals.

So, yeah, it’s pretty much too early to speculate about what .doge and the domain name universe looks like under the Trump/Musk administration, but it’s probably not too early to be worried, or maybe even a little afraid.

$2 million Christmas bonus for ICANN

The domain industry performed better than expected in the back half of last year — well, better at least than ICANN had predicted.

The Org today said it took in $2 million more in revenue than it expected in the second half of 2024 — ICANN’s fiscal first half — because the gTLD registries and registrars that primarily fund it processed more transactions than it had planned for.

Registry and registrar transaction fees — paid on registrations, renewals and transfers — were both a million bucks ahead of budget at $29 million and $20 million respectively

Its FY25 takings to the end of December totaled $74 million, ahead of its $72 million estimate but flat on its FY24 budget.

Operating costs were in-line with expectations and down on FY24 numbers due to fewer people having their flights and hotels paid for at ICANN 82 in Istanbul last October.

Another VW car dot-brand crashes out

Volkswagen’s patchy commitment to dot-brand gTLDs is in evidence again this week, as the company has told ICANN it no longer wishes to operate .bentley.

Bentley is one of VW’s luxury car brands, based in the UK. It’s exercised its option to unilaterally terminate its gTLD registry agreement, with no explanation given.

The gTLD had a single resolving domain, which redirected to a .com.

It’s the first dot-brand to terminate this year, thought the notice seems to have been filed with ICANN in December.

VW’s attitude to its original portfolio of dot-brands has been all over the place.

Its .volkswagen, which one might expect to be the flagship, was terminated four years ago, along with its Chinese version, but .seat and .audi each have thousands of active registrations.

Yeah, we got phished, ICANN admits after crypto hack

ICANN has confirmed that a phishing attack was responsible for the hacking of its Twitter account last night.

The Org placed this statement, which suggested that the attack may have been more sophisticated than you might have thought, on its home page earlier this evening:

On 11 February 2025, ICANN became aware of a successful phishing attack on our ICANN X [Twitter] account. We are investigating the root cause of the issue and working to resolve it as soon as possible. ICANN uses multi-factor authentication on all social media platforms and has confirmed that none of our other accounts have been impacted.

The hack saw ICANN’s Twitter account tweet several messages promoting a newly created memecoin cryptocurrency called $DNS, presumably to scam would-be investors out of money.

The compromise, which seemed to be timed to close of business in ICANN’s home in California, did not last long and the tweets were swiftly deleted.

Now ICANN seems to have confirmed that one of its staffers was phished to obtain @ICANN’s login credentials, but the fact that the account was protected by multi-factor authentication creates an additional wrinkle.

Twitter offers three MFA methods — codes delivered via SMS, a mobile authenticator app, or a hardware token.

In each case, logging in requires the user to have a physical device in their hand to create the secondary login credential. The victim would have had to provide this time-limited one-time password to the attacker too.

I hope the staffer who got suckered, presumably a member of the comms team, isn’t getting too much of a bollocking today, as these kinds of attacks are increasingly sophisticated and managing online life increasingly complex.

Just a day earlier, the well-known BBC political journalist Nick Robinson, who presents the popular Today show on Radio 4, got phished in what one assumes was a very similar way and for an identical purpose.

This BBC article goes into some detail about the attack on Robinson, including screenshots of the phishing email he fell for, and goes a way to explain how even somebody trained to avoid this kind of stuff can have a moment of vulnerability.

While few of Robinson’s one million Twitter followers could have seriously believed that Today had launched a memecoin, it’s more plausible that somebody familiar with crypto and somewhat aware of ICANN could have believed that ICANN would. The two areas of tech increasingly intersect nowadays.

When the attack proved successful, the bad guy must have thought all of her Christmases had come at once.

ICANN says it is going to post more information to its cybersecurity incident log as its investigation progresses.

If it turns out the phish was successful because somebody didn’t check the domain name of the link they were clicking on, it could be fascinating reading.

ICANN hacked to promote crypto scam

ICANN’s Twitter account appeared to be hacked briefly last night, and was used to promote what looks like a pump-and-dump cryptocurrency scam.

A series of tweets from the official @ICANN account plugged a memecoin named $DNS from around 0200 UTC today, just when ICANN’s California crew would have been clocking off for the day.

“2025: The Internet Gets Its Own Currency. @icann is redefining digital ownership with $DNS – the first memecoin to merge domain governance & Web3 culture,” one of the tweets read, according to a screen capture from domain lawyer John Berryhill.

ICYMI pic.twitter.com/f8R3AzaLaO

— John Berryhill (@Berryhillj) February 12, 2025

The posts linked to dnscoin.org, which at the time was a live web site promoting “$DNS. Own the Internet Again. ICANN’s decentralized memecoin for domain governance”, according to what little remains visible in Google’s index.

The domain, which had been registered for years, has already been deleted entirely. Not suspended. It’s just gone.

ICANN seems to have restored control over its Twitter account fairly quickly, but Berryhill’s caps show the scam tweets were viewed by at least a couple thousand of @ICANN’s 104,000 followers.

The apparent scam appears to be either a modern-day pump-and-dump scheme, where investors hype up a crypto coin only to cash out when its value peaks, or what crypto investors call a “rug pull”, which is more akin to straightforward theft.

Either way, it seems possible that some people may have lost some money, and ICANN’s not-great reputation for security has certainly suffered another embarrassing setback.

It seems likely that @ICANN either had a weak password, or somebody with access to the account got their device compromised in some way.

ICANN, no doubt sifting through the evidence this morning, has yet to publish an official statement.

Did Trump just create the world’s next ccTLD?

Could there be a .gz?

I’m sometimes happy that DI has such a narrow beat. Today, it means I don’t have to discuss the legal, political, moral or ethical implications of US President Donald Trump’s just-announced plan for Gaza.

At a press conference last night, Trump said he wants the Palestinians to leave Gaza, to be resettled elsewhere in the region, and for the US to “take over” the territory and have a “long-term ownership position” on it.

The details of Trump’s aspiration are not immediately clear. Is he talking about a military occupation? Annexation? Does he just want to build another golf course?

It’s almost certainly too early to speculate, so let’s speculate.

With Trump talking about US ownership of Gaza, it is not beyond the bounds of possibility that Gaza’s future, should his plan come to fruition, is as a US territory, or something very much like one.

Populated territories of any nation in general get their own ccTLD. Puerto Rico’s .pr and Guam’s .gu are two examples of US territories with their own ccTLDs.

The US annexation of Gaza would not necessarily even have to be legal under international law or recognized by America’s peers in the United Nations to create the possibility of a new ccTLD.

The path to the root involves a lot of buck-passing and at no point includes a qualitative evaluation of whether a territory is legal or otherwise deserving of recognition.

As you may know, ICANN’s IANA department is responsible for adding and removing ccTLDs from the DNS root, but it takes its cues from the International Organization for Standardization.

Under long-standing IANA convention known as ICP-1, any territory with a two-letter code on the ISO 3166-1 alpha-2 list qualifies for a ccTLD. If a registry can show technical nous and local support, it can claim the TLD.

But the ISO takes its cues in turn from the Statistics Division of the United Nations Secretariat, and its M49 standard, “Standard Country or Area Codes for Statistical Use”.

A territory appears on that list as a matter of “statistical convenience” for the UN, and does not imply that the UN or its member states recognize that territory politically.

Palestine itself was granted its ccTLD, .ps, a quarter-century ago, as “Occupied Palestinian Territory”, despite the legal status of the territory being disputed, because UN Stats and ISO decided to put it on their lists.

So Gaza could possibly get its own ccTLD if the US takes it over and splits it from the West Bank, even if it becomes a contested hell-hole where the luxury beachfront hotels are bombed to rubble faster than Trump can build them.

.gz is available, assuming Gaza is not renamed Trumpland or Disneyworld East or something.

$3,000 to do a Whois lookup?

ICANN’s Registration Data Request Service cost hundreds, maybe even thousands, of dollars every time it was used in its first year, according to an analysis of official stats.

RDRS is the system designed to connect entities such as trademark owners, security researchers, and law enforcement with registrars, allowing them to request private domain registration data that is usually redacted in Whois records.

It’s running as a two-year pilot, in order to gauge demand and effectiveness, and its first full month of operation was December 2023.

ICANN has been publishing monthly transparency reports, including data such as number of requests and outcomes, and we know how much it cost the Org to develop and operate, so it should be possible to make some back-of-the-envelope calculations about how much each request costs the ICANN taxpayer.

The cost could range from about $300 to over $3,000 per request, even using some fairly generous assumptions.

RDRS cost $1,647,000 to develop, which is pretty much a shoestring by ICANN standards. Most of that was internal staffing costs, with some also being spent on external security testing services.

The total operational cost for the first 10 months was $685,000. Before ICANN publishes its calendar Q4 financials later this month, we could extrapolate that the first 12 months of operation was around $800,000, but let’s be generous and stick with $685,000 for this particular envelope’s backside.

While there were 7,871 registered requesters at the end of November 2024, they had collectively only submitted 2,260 requests over the same period.

Only 2,057 of those requests had been closed at the end of the period, and only 23% of closed requests resulted in registrar approval and data being fully handed over to the requester.

That works out to 474 approved requests in the first year.

With the most-generous assumptions, $685,000 of ops costs divided by 2,260 requests equals $303 per request.

If we only count approved requests, we’re talking about $1,445 per successful Whois lookup equivalent.

But we should probably switch to an envelope with a larger rear end and include the $1.6 million development costs in our calculations too.

If we factor in half of those costs (it’s a two-year pilot), we’re looking at about $666 per request or $3,181 per successful request in the first 12 months.

If the system was more widely used, the per-request cost would of course fall under this calculation, but there’s no indication that usage is significantly on the increase just yet.

These are only the costs incurred to ICANN. Registrars on one side of the service and requesters on the other also bear their own costs of working with the service.

Dealing with RDRS is not the same as doing a Whois lookup. You have to deal with a much lengthier form, add attachments, make a reasoned legal case for your request, etc. It eats work-hours and staff need to be trained on the system.

It may seem that $3,181 to do a Whois lookup is too expensive for the ICANN taxpayer.

And maybe it is, if it’s being predominantly used to assist (say) Facebook’s trademark enforcement strategy.

But if those Whois lookups help law enforcement more quickly nail a gang of fentanyl dealers or child sexual abuse material distributors, maybe the costs are more than justified.

At the end of November the number of requests from law enforcement was 15.6% of the total, while IP holders accounted for 29.7%, ICANN stats show.

ICANN’s board of directors will decide towards the end of the year whether the RDRS pilot has been successful and whether it should continue indefinitely.

LA wildfire victims get domain deletes delay

Victims of the recent wildfires in the Los Angeles area have been offered special relief from renewing their expiring domains, according to an ICANN note to registrars.

Registrars were told last week that they “will be permitted to temporarily forebear from canceling domain registrations that are unable to be renewed because of the impact of the fires in Los Angeles, California, on domain name registrants.”

The LA fires reportedly destroyed or damaged 18,000 buildings, killed 29 people, and turned 200,000 into evacuees.

The Registrar Accreditation Agreement gives ICANN the discretion to allow its registrars to keep domains alive beyond their usual lifespan due to “extenuating circumstances”.

That’s been taken to mean natural disasters including hurricanes Maria, Helene and Milton, the earthquakes in Türkiye and Syria in 2023, the Covid-19 pandemic, as well as the Russian invasion of Ukraine.

The idea is to help victims of disasters keep their domains — and therefore often their livelihoods — after the usual renewal date if their credit cards are buried under a pile of rubble and they have more important things on their minds.

Los Angeles is the home of ICANN’s corporate headquarters.

.free domains to finally arrive as Amazon reveals three gTLD launches

Amazon Registry has revealed launch dates for three of its long-dormant gTLDs, and they have the potential to be the most popular of its patchy portfolio.

.free, .hot and .spot are to go to sunrise April 2, according to a notice on Amazon’s web site and paperwork filed with ICANN.

The Trademark Claims period, which pretty much always coincides with the start of general availability, is set for May 12.

Details of pricing and any possible registration restrictions have not been published.

All three gTLDs have been in the root since 2016, just sitting there doing nothing. Amazon has 54 gTLDs in total, 10 of which are dot-brands, but most of the generics remain stubbornly unlaunched.

Its half-dozen Japanese-script domains have been around the longest, but its biggest success to date has been .bot, which has about 14,000 names in its zone file.

Amazon launched .deal and .now last year but the former has yet to hit 10,000 names and the former still hasn’t hit 1,000.

Amazon had to pay off four other applicants for the right to run .free.