Recent Posts
- Domain world growth despite .com slide
- Verisign predicts more gloom as registrars shun .com growth
- Republicans quiz NTIA on Verisign .com renewal
- Smaller, more intense ICANN meetings with no free cocktails?
- Private auctions to be banned in next new gTLD round
- .au prices going up
- Nominet names director hopefuls
- Crowdstrike screw-up took down ICANN’s email
- We grassed up .TOP, says free abuse outfit
- ICANN to earmark $10 million for new gTLD subsidies
- TV network rebrands on single-letter domain
- First registry gets breach notice over new abuse rules
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
First metaverse gTLD is announced
Unstoppable Domains has announced plans to apply for the first gTLD devoted to a metaverse.
The company has partnered with Metropolis, a “a 360° curated universe that blends commerce, gaming, and experiences that span both digital & physical worlds” to launch .metropolis names on Unstoppable’s blockchain.
“Metropolis plans to explore future ICANN gTLD applications in order for .Metropolis to become even more integrated in the digital landscape,” Unstoppable said.
In the meantime, Metropolis expects its users to use the blockchain version of the names to address “virtual real estate within the metaverse”.
I checked out the Metropolis web site, clicked on everything, and have to confess I don’t understand any of it. I feel about a thousand years old.
Alibaba off the naughty step
Chinese registrar Alibaba is no longer at risk of losing one of its ICANN accreditations, according to a notice on the Org’s web site.
Alibaba.com Singapore E-Commerce, one of Alibaba’s four registrars, failed to respond to abuse reports and missed ICANN payments, according to its March breach notice.
But the company has now provided ICANN with documents sufficient to bring it back into compliance with its contract, according to the notice.
Alibaba has over six million domains under management across its three active accreditations, making it one of the largest registrars to come under the scrutiny of ICANN Compliance.
The people have spoken on RDRS and they said “Meh”
Users of ICANN’s new Whois data request service appear to be overwhelmingly apathetic about it, if the results of the first quarterly user survey are to be believed.
ICANN sent surveys to 861 users of the Registration Data Request Service and 29 of the registrars that support it. Only 17 requesters and 15 registrars responded, and not every respondent answered every question.
With such a small sample size, it’s debatable whether the results can tell ICANN or anyone else whether RDRS is any good or not.
Asked whether having RDRS was better or worse than not having RDRS, only seven requester respondents answered. Two thought it was “much worse”, one thought it was “somewhat worse”, two thought it was “about the same” and two thought it was “somewhat better”.
Nobody clicked the button for “much better”, a fact that would be quite easy to seize upon as a headline if not for the fact that this is a survey of seven people and therefore pretty much worthless.
Responses to free-text questions perhaps shed a little light on the user experience: some people think it’s too slow, they’re not happy that they didn’t get the data they wanted, and the level of registrar support is too low.
Asked the same question about whether RDRS has made handling Whois requests better or worse, 11 registrars responded. The mix was heavily towards the “worse” end of the scale, which is probably not what ICANN wanted to hear.
In free-text responses, some registrars said they found the interface and workflow lacking, making the process of handling requests take more time and effort than doing the same outside RDRS. Pretty much the diametrical opposite of RDRS’s raison d’etre.
RDRS is a two-year pilot that has data-gathering as one of its primary purposes, but with such a lackluster response to the first survey ICANN is surely hoping the seven remaining surveys may produce some more meaningful stats.
The full survey results are available to read here (pdf), if you can be bothered.
ICANN restarts work on controversial Whois privacy rules
ICANN is to bring in new rules for Whois privacy and proxy services, the best part of a decade after they were first proposed to massive controversy.
It’s looking for volunteers to work with Org staff on implementing policy recommendations that in 2015 led to tens of thousands of people expressing outrage about the dangers, as they saw it, of their privacy being breached.
ICANN is putting together an Implementation Review Team to help implement the recommendations of the Privacy and Proxy Services Accreditation Issues Policy Development Process, known as PPSAI, which sought to bring privacy/proxy services under ICANN’s regulatory umbrella.
The recommendations were hugely controversial in their first draft, which in a minority statement expressed the view that people should be banned from using their domains commercially if they were using privacy services.
But the IRT will be tasked with implementing the final draft, which expunged the calls for such a ban.
The policy still calls for ICANN to run an accreditation system for privacy/proxy services in much the same way as it accredits registrars. It also lays out rules for how such services should gather registrant data and how to treat customer interactions.
But the recommendations are undeniably from a different era, thunk up before the EU’s General Data Protection Regulation made privacy-by-default essentially the industry standard for Whois records.
The PPSAI recommendations now interact with policies and practices that have been adopted in the intervening years, such as the recent Registration Data Policy and the Registration Data Request Service.
People willing to donate 10 to 20 hours a month to the new IRT can check out more details here.
GNSO mulls lawyering up over auction fund dispute
The GNSO Council has started discussing bringing in the lawyers over ICANN’s recent handling of issues related to its $200+ million auction fund and Grant Program.
The Council today raised the possibility of deploying the never-before-used Community Independent Review Process, which would involve every major community group ganging up on ICANN’s board in a protracted quasi-judicial bunfight.
Ironically, the beef concerns the way ICANN is trying to stop people invoking its accountability mechanisms, including the IRP, to challenge decisions it makes under its Grant Program, which hopes to distribute $10 million to worthy causes this year.
ICANN policy is that nobody should be able to challenge grant decisions, because that would mean funneling the available funds into the pockets of worthless lawyers, rather than worthy causes. But how it proposes to achieve that goal is in dispute.
The original community recommendation was for a bylaws amendment that specified that the Grant Program was out-of-bounds for IRP and Request for Reconsideration claims, and the board initially agreed, before changing its mind and instead plumping for a clause in the program’s terms that prevents grant applicants appealing adverse decisions.
After community pushback, the board said it would also propose a bylaws amendment, but many believe the amendment it came up with goes way too far and risks making it far too easy for ICANN to wriggle out of its accountability obligations in future.
Leading the fight against the board is the GNSO’s Intellectual Property Constituency, which filed a Request for Reconsideration in November, asking ICANN to reverse its decision to “contract around” its accountability promises and scale back its over-broad bylaws amendment.
But the RfR was thrown out, with the Board Accountability Mechanisms Committee ruling that the IPC had failed to say how it had been specifically harmed by the board’s actions, accusing the constituency of merely “speculating” about possible future harms.
GNSO Councillor Susan Payne, today expressed the IPC’s disappointment with BAMC’s decision on the Council’s monthly conference call.
“We think that’s wrong,” she said. “If you purport to change a fundamental bylaw by using a process that cuts out the GNSO and effectively therefore also its constituencies and stakeholder groups then clearly there’s a harm there.”
She also noted the financial expense of challenging the board’s decisions.
“Constituencies or stakeholder groups will have real difficulty in withstanding the ICANN machine,” Payne said. “It’s a really expensive process to to challenge these kind of decisions. We asked if other constituencies and stakeholder groups would be able to join the IPC in bringing that RfR and no one had the finances to do it.”
The IPC has joined ICANN in a Cooperative Engagement Process — a kind of informal discussion that is often a precursor to an IRP filing — but Payne raised the possibility of ICANN’s Empowered Community filing its own IRP.
Under ICANN’s bylaws, the EC has the special ability to bring a Community IRP and ICANN has to pay for it. It’s never been used before, and it doesn’t look to me like the complex conditions required to trigger it are close to having been met.
The IPC had broad support in principle from the other Councillors speaking in today’s meeting, but some urged caution due to ICANN’s past behavior when the lawyers are called in.
“Once you get into the IRP process, ICANN buckles down, hands it off to their outside counsel, and you really get a nasty litigation fight,” said Jeff Neuman, a liaison on the Council. “You’re talking about years of litigation, outside counsel, and no progress”.
Fellow council member Thomas Rickert of the ISPs constituency suggested looking for a law firm that would handle the IRP on a no-win-no-fee basis before committing further.
While it seems a Community IRP may be unrealistic for now, the fact that it’s even being discussed shows how seriously the GNSO is taking this apparent power grab by ICANN’s board and lawyers.
Jury still out on ICANN’s content policing powers
Key ICANN community groups have refused to come down on one side or the other in the debate about proposed content policing powers, leaving the question up in the air as ICANN considers a major bylaws amendment.
As I reported last month, ICANN is thinking about changing its governing bylaws to permit it to enforce Registry Voluntary Commitments — contract clauses that could include rules on the content of web sites — on registries in future new gTLD application rounds.
ICANN’s board is convinced that it needs to amend the Org’s bylaws, which explicitly prevent it policing content, in order to do this. It is concerned that “there are political, practical, and reputational risks associated with ICANN negotiating and entering into contract provisions that have the effect of restricting content in gTLDs”.
Such an amendment would require the consent of the five-member Empowered Community, to which ICANN answers, and so far there’s little indication that it would be able to secure the three votes needed.
The EC is made up of the ASO, the ccNSO, the GNSO, the ALAC and the GAC, and so far only the ALAC has said that it supports a bylaws amendment. The GNSO is split, with contracted parties dead against the amendment, and would be unlikely to vote in favor. The GAC seems to be on the fence.
The ASO and ccNSO both declined to express an opinion, saying matters related to gTLDs are outside of their remit, but ICANN chair Tripti Sinha pressed the groups to reconsider in letters this March.
Now, both groups have responded by digging their heels in — nope, it’s none of our business, they say.
“The topics addressed in the consultation are outside the scope of the ASO, so we respectfully decline the invitation to provide input at this time,” the ASO said.
“After careful consideration, we still do not see conditions which warrant our participation in the implementation of the next round of new gTLDs,” the ccNSO said.
The ccNSO added that it could only comment on a proposed bylaws amendment if it could see the draft text of the amendment, and that is not yet available.
If ICANN leadership was hoping for clarity on whether a content policing bylaws change is even feasible, it looks like it doesn’t have it yet.
It now takes TWO WEEKS to get a Whois record with RDRS
There’s been a shocking increase in the time it takes to get a Whois record disclosed under ICANN’s Registration Data Request Service, according to the latest monthly data.
It took on average 14.09 days to have a request for private Whois data approved using RDRS in April, more than double the previous high, recorded in February, of 6.92 days, the data shows. The average since the system launched at the end of November is 6.73 days.
The average time to have a request denied was 11.26 days, up from 6.17 days in March, the data also shows.
RDRS is a mechanism that allows people — largely intellectual property interests and law enforcement — to request unredacted domain ownership information. ICANN doesn’t handle the requests, it just forwards them to the responsible registrar.
It’s not obvious from the data why requests in April suddenly took so much longer to approve. Any number of reasons, from technical problems to a shift in the mix towards particularly sluggish registrars, could have thrown the average.
The percentage of requests that were approved was down very slightly compared to March, at 19.16% compared to 20.26%. Denied requests were up to 71.26% compared to 69.5% in March. Requests were largely denied because of data protection law or because the requester didn’t provide enough information.
Since RDRS launched five months ago, there have been 1,215 disclosure requests, 210 of which were approved. That works out to about 1.36 approved requests per day.
Registrar coverage improved a little in April, with three registrars newly listed and one (Sweden’s Ilait AB, which has about 6,000 domains) removed. The number of gTLD domains covered as a percentage remained flat at 57%.
ICANN has spent almost $2 million on RDRS to date. It’s a two-year pilot, and at some point it will have to be decided whether the expense is worth it.
Travel expenses push ICANN into the red again
ICANN is spending millions of dollars more than expected in its current financial year, which it blames mainly on inflation pushing up the price of flights and hotels.
The latest quarterly financial report, for the nine months to March 31, shows ICANN operations spent $112 million in the period, which was $6 million more than it had budgeted for. Funding was $113 million, $3 million more than expected, leading to a total deficit of $3 million.
ICANN said the costs were “driven by higher than planned costs for ICANN78, ICANN 79, community programs, and support of meetings other than ICANN Public meetings… primarily due to inflationary increases to travel and venue costs”.
ICANN 79, which took place in Puerto Rico in March, cost $600,000 more than budget. This was due to higher flight and hotel prices and more sessions than had been planned. ICANN said in February that October’s meeting in Hamburg had come in $900,000 over budget.
Funding for the nine months came in ahead of budget largely due to better-than-expected registrar fees, most likely related to drop-catching registrar Gname’s decision to buy 150 more registrar accreditations last December.
The report, which covers the third quarter of ICANN’s fiscal 2024, also breaks out how much some of the Org’s important projects have cost.
The Grant Program, which launched at the end of the quarter, has cost almost $1.4 million in development and operating expenses since July 2022, about $18,000 over budget. That’s obviously a big chunk of the $10 million ICANN intends to hand out this year, but nothing compared to the auction proceeds fund that the grants come from — that was up $9 million to $226 million since last July based on investment gains.
The Registration Data Request Service, which launched last November, has cost just shy of $2 million to develop and run since December 2022. Compare this to the $100 million a year ICANN had predicted before the ambitions of the original proposed project were massively scaled back.
Overall, ICANN’s financial position is still incredibly healthy. Its total funds under management was up $11 million to $529 million over the nine months due to investment gains.
ICANN preparing for ONE HUNDRED registry back-ends
The number of gTLD registry back-end providers could more than double during the next new gTLD application round, ICANN’s board of directors has been told.
There are currently about 40 registry services providers serving the gTLD industry, but ICANN is preparing for this to leap to as many as 100 when it launches its Registry Service Provider Evaluation Program for the 2026 application round.
“We’re preparing, I think, for roughly a hundred or so applications which will include the 40 existing providers that we’re aware of, and another 60 or so is sort of our rough market sizing,” Russ Weinstein, a VP at ICANN’s Global Domains Division, told the board during a meeting in Paris last week.
The number is based on what ICANN is preparing to be able to handle, rather than confirmed applicants to the RSP program, it seems.
“We are hoping to see some diversification and new entrants into the space,” Weinstein said.
Board member Edmon Chung elaborated that he expects most of the new entrants to be ccTLD registries hoping to break into the gTLD market.
“We can expect a few more ccTLD registries that might be be interested,” he said. “We’re probably not expecting a completely new startup that just comes in and becomes a registry, but beyond the 40, probably a few more ccTLDs.”
ccTLD registries already active in the gTLD market following the 2012 application round include Nominet, Nic.at and AFNIC, which tend to serve clients that are based in the same timezone and use the same native language.
A new way to game the new gTLD program
It may not help you win a gTLD, but a new method for screwing over your enemies in ICANN’s new gTLD program has emerged.
As I reported earlier today, it seems quite likely that ICANN is going to add a new step in the new gTLD evaluation process for the next round — testing each applied-for string in the live DNS to see if it causes significant name collision problems, breaking commonly deployed software or leading to data leaks.
The proposed new Technical Review Team would make this assessment based in part on how much query traffic non-existent TLDs receive at various places in the DNS, including the ICANN-managed root. A string with millions of daily queries would be flagged for further review and potentially banned.
The Name Collision Analysis Project Discussion Group, which came up with the new name collisions recommendations, reckons this fact could be used against new gTLD applicants as a form of sabotage, as it might be quite difficult for ICANN to figure out whether the traffic is organic or simulated.
The group wrote in its final report (pdf):
In the 2012 round, the issue of name collisions included an assumption that the existence of any name collision was accidental (e.g., individuals and organizations that made a mistake in configuration). In future rounds, there is a concern on the part of the NCAP DG that name collisions will become purposeful (e.g., individuals and organizations will simulate traffic with an intention to confuse or disrupt the delegation process)…
Determining whether a name collision is accidental or purposeful will be a best-effort determination given the limits of current technologies.
We’re basically talking about a form of denial of service attack, where the DNS is flooded with bogus traffic with the intention of breaking not a server or a router but a new gTLD application filed by a company you don’t like.
It probably wouldn’t even be that difficult or expensive to carry out. A string needs fewer than 10 million queries a day to make it into the top 25 non-existent TLDs to receive traffic.
It would make no sense if the attacker was also applying for the same gTLD — because it’s the string, not the applicant, that gets banned — but if you’re Pepsi and you want to scupper Coca-Cola’s chances of getting .coke, there’s arguably a rationale to launch such an attack.
The NCAP DG noted that such actions “may also impact the timing and quantity of legal objections issued against proposed allocations, how the coordination of the next gTLD round is designed, and contention sets and auctions.”
“Name collisions are now a well-defined and known area of concern for TLD applicants when compared to the 2012 round, which suggests that individuals and organizations looking to ‘game’ the system are potentially more prepared to do so,” the report states.
I’d argue that the potential downside of carrying out such an attack, and getting found out, would be huge. Even if it turns out not to be a criminal act, you’d probably find yourself in court, with all the associated financial and brand damage that would cause, regardless.
Recent Comments